Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
News

Themes.org Cracked 220

sammoth writes: "themes.org was hacked [CT:Cracked] and replaced with a rather vulgar logo. The intruder makes some bold statements about the security, or lack there of, on several sites. " Of course I'm still in Tokyo right now, so your guess about what's happening is just as good as mine. And 5000ms ping times to the U.S. East Coast sure makes posting this story tricky ;) Apparently the cracker managed to get into SourceForge and Apache.org too ... and he posted user accounts and passwords on t.o along with a rant that I haven't seen. Update: 05/31 02:40 PM by T : Here's an informative explanation on apache.org of the break-in on that site.
This discussion has been archived. No new comments can be posted.

Themes.org Cracked

Comments Filter:
  • by Anonymous Coward
    >Attrition is dead. Maybe /. could become the new home for orphaned defacements.

    Slashdot IS an orphaned defacement.
  • by Anonymous Coward
    X is forwarded by default via SSH on several Linux distributions. If this is the case then, once remote server is compomised, any command can be executet on client machine by compromised server.

    If you disable X forwarding by default (edit /etc/ssh/ssh_config ) then if you just login to compromised remote server no command may be executed on your client, but if you want to forward to forward X you will need to use explicit option -X

    ssh -X user@host.name
  • by Anonymous Coward
    I'd like to know why microsoft.com hasn't been cracked or DDoSed yet. After all, its official [satirewire.com] that everyone, especially the geeks capable of such cracks, hate Microsoft. You'd think it would get attacked every day.
  • by Anonymous Coward
    Thats because Microsoft use linux servers.
  • by Anonymous Coward
    fluffy@#blackpanthers

    I know this guy. I remain anonymous to avoid being nailed.

    Do you think this guy has something related to the author of Fluffy the PK Chicken [savagesoftware.com.au]? Well, I didn't say he IS the guy, you choose what to believe.

    The game was distributed with a trojan, and I got a copy from his site and infected - it was a fun game to play anyway.

    It was a shame; it's such a great game...and I think the Digital Tome who hired him may not realize he used the game to distribute trojan.

  • by Anonymous Coward

    The other end is an SSH server, so he replaced that with something very trivial to maybe just log the decrypted passwords to a file. All in all, the weak link here was the stupid ISP. If a hacker compromises SSH then it's a rollercoaster ride since your passwords are out in the open.

    Maybe it's time for tripwire?

  • by Anonymous Coward
    Is there validity to his claim....

    Let's see: Illiterate, anonymous script kiddie who's figured out how to sniff for passwords and how to talk big on Web forums. I know I'd believe him implicitly. Wouldn't you?

    And if you do, I'll be glad to spin for you a few tall tales of my own.

  • by Anonymous Coward
    Funny, According to http://www.netcraft.com/survey/ [wwwnetcraft.com], the sites are listed as follows... Top 50 Most requrested sites in percentages: IIS 20.64% Apache 62.55% Market Share for Top servers all domains: Apache 65% (approx) IIS 25% (approx) Maybe im reading this wrong if so, please let me know. I mean, with the top 50 sites running apache 62% of the time, one would think that apache is the general standard. Thanks
  • by Anonymous Coward
    get a new sig dammit! you're making me waste my mod points.
  • by Anonymous Coward
    the -redundant- was mine. But then I posted without logging out, b/c I felt bad about it (and thus undid the moderation)

    had I read your reply before my last set of points on that account expired, I wouldn't have felt so bad. Anyway I'll probably have some more this week; for some reason I get them almost every friday(?) which means I only have a few hours to use them (I have better things to do on weekends than slashdot)

    Anyway I like sigs, in general, and thus don't want to eliminate all of them. However, your sig and a few others annoy me to no end.

  • by Anonymous Coward
    It looks like they were running 1.3.12 on Linux. I believe that is an old edition.
    link [netcraft.com]
  • these sites were 0wned because of passwords collected by a trojanned ssh client. mandatory access control lists can keep things like that from happening, but then you're dependant on the system you're using to be secure enough to type your password on. once an admin password is found it is often trivial to revert the state of such monitoring applications and control the machine with the full priveledges that the administrator with the stolen password would have.

    monitoring what actually happens on the servers is the only sure way to make sure nothing is misused. real-time tools like cylantsecure that output information based on what actually happens on the machine will let you see whether everything that the administrator does is legit. it's sorta like if you straced all the activity of the system you would actually have the data to know if an administrator logged in and trojanned services, however, there's too much to monitor by hand so i would recommend a tool based on measurement of the system's execution.

    currently, to really go all out monitoring you'd have a team of admins that watch every time a file is modified and every time a process is run or opens a port, or changes permission levels, but there's way too much data to handle and it's far too expensive to have such a trained team. right now you just install the tools you need and pray for the best, and have enough constant data so you can tell when something gets fucked up.
  • So what? People who use binaries get what they deserve. I don't really understand why binaries of Free Software are even offered. When they are, they are generally offered as an unsupported convenience option only for those who might be lacking a compiler or the intelligence to read the README and build the thing.
  • by DaveTerrell ( 923 ) on Wednesday May 30, 2001 @07:27PM (#187741) Homepage
    Rule #1: Unplug the ethernet cable, not the power. It's hard to do a post-mortem if your filesystem is crashed.

    Rule #2: don't give any indication that you're aware the box has been rooted before you engage rule #1.

    Rule #3: Don't trust anything that might have gone through that box for a reasonable period of time. Re-password, check other machines, reinstall software, etc. Good luck.

    Rule #4: Run OpenBSD and don't get rooted. :)
  • Since VALinux is involved, it might also explain why anonymous ftp to ftp.valinux.com isn't working either...
  • by XPulga ( 1242 ) on Wednesday May 30, 2001 @06:38PM (#187743) Homepage
    Whenever a site gets cracked, post an article on slashdot about it (even if you're half globe away with 5000 ms ping delay) so they get slashdotted too.
  • "Four years without a remote hole in the default install"

    What do you think the chances are that what dudle is doing with Debian will work automatically with the default install of OpenBSD? IIRC the default install runs the following list of services: inetd. I think most people probably want more services running on their server than that. Also the problem with sourceforge (and probably t.o too, I haven't looked) was bad password/shared password with another system/password transmitted cleartext, which BSD certainly won't fix.

    The original author was not stating that BSD wasn't more secure out of the box than Debian; he was saying that their security was similar enough that having a competent admin on a Debian server is more secure than an incompetent admin on a BSD server running the same services. OpenBSD well be the most secure Unix on the face of the earth, but no system is so secure that it solves ignorance.

  • Hi, any pointers to this "forensic analysis floppy"? I happen to have a recently hacked drive... :-( And it's not a very cool coaster.
  • "While it is nice to know that the site got hacked, aren't we rewarding the hacked by posting all to info in a public forum?"

    YES!

    By rewarding the hacker and putting a little more egg on the faces of both the site owners and the authors of the software (I'm generalizing here) you are essentially forcing them to fix it.

    This is what makes the software world go round. Both MS type monopolies and the 'little' guys like VA, apache and Themes.org

    We as users and them as providers are better off in the long run because of it.



    - Xabbu - Sysop: clockworkorangebbs.org
    - Tradewars - LoRD - FidoNet and much more!

  • Well, at least someone is doing their job properly

    Yes, but someone else clearly wasn't. What on earth was anyone doing running OpenSSH 2.2 in the middle of May? Were they doing something else so as to eliminate the known remote root exploit prior to OpenSSH 2.3.0? (said exploit having been discovered in February) If not, then they were almost asking for trouble.

    This is the part that puzzles me. I'm having trouble reconciling the use of such good security practices (nightly audits that are more than just window dressing) with making the almost newbie mistake of not updating known vulnerable software. What happened here?
  • I don't know what is the best answer to this.

    I kind of wondered if this wasn't in part why attrition.org finally shut down. While they were helping to publicize problems, they also sort of encouraged the problems by giving them publicity.

  • I doubt Microsoft even cares...

    But on a positive note, at least it will keep the Linux zealots quiet for a week or two about how superior they think Open Source is.

  • Well of course you choose the statistics to fit the argument.

    My point was essentionally, what offers a juicier target to most hackers? Little known "Hi my name is Joe" sites, or various commercial ops?

    As such in the grand scheme of things, there are far more IIS websites running commercial ops than there are Apache, so it makes since they would be a more likely target.

    It all depends on so many factors. I also suspect the script kiddies tend to be more familiar with Windows.

  • Yes it is interesting...

    Notice how I said SSL survey?

    You missed that part, didn't you?
  • You don't think Microsoft performs offsite backups?
  • The point I made was that the higher percentage of SSL enabled IIS sites provided a much more attractive attack target.

    Calling the point irrelevant has no bearing on the discussion. It may be irrelevant to you but that is only because you are either incapable or unwilling to understand the point.
  • Yes a large number of sites have been defaced in the past couple of months do the the worms on Linux and Solaris.

    Honestly I think this discussion is rather pointless in this forum. We're not talking about the quality of software, but rather sociological issues. The typical /. geek seems to be incapable of understanding such issues.

  • As I pointed out numerous posts ago, financial motivation is only one small part of it.

    The primary goal to defacements is to have it noticed. Clearly "Hi my name is Bob" website which is likely unvisited and unmaintained is not going to get much notice.

    Defacing a commercial website which obtains many hits does get noticed. The vast majority of these use SSL.

    In the past several months there have been a number of worms in the Linux and Solaris worlds which have gone through and defaced probably thousands of websites. Now in these cases, the worm is non-discrimanatory and attacks whatever it finds is open. In this situation, your understanding is correct.

    As far as implying your stupid, I have no need to do that. You keep responding.
  • by sheldon ( 2322 ) on Wednesday May 30, 2001 @06:52PM (#187757)
    Well I'm not sure what you mean by small percentage.

    Microsoft has around 50% of the commercial web server space according to the Netcraft SSL survey. That's a fairly large chunk considering the next competitor is Apache with 30%.

    Apache is certainly used for a lot of hosted web sites... you know the routine "Hi my name is Joe and this is my website!"

    Now one could probably argue that it's easier to knock off the small websites. After all they probably aren't maintained frequently.

    But on the other hand, they also aren't accessed frequently so who would notice?

    Much more fun to hit the high profile sites. Especially if there are some juicy credit card numbers to be had because of poor site design.

  • Bill Gates arrested? [attaway.org] Never...
  • The difference is that on the Internet people seem to be much more willing to do bad things. Therefore, you have to be totally up on security. Let's look at it from this perspective:

    In other areas of life, security isn't that big of a deal. It's easy to break into cars, it's easy to break into stores. I can deface just about any building in town if I wanted to. However, fewer people consider this allowable behavior, so you don't need the same kind of security to prevent this.

    In the same way, you could probably murder entire buildings worth of people simply by putting dangerous chemicals in their air-conditioning system, because most air-conditioning systems aren't well-guarded at all. However, most people have more of a respect for life than that. On the internet, there isn't much respect for anything. So, you can either accept that you're going to get hacked, or spend all day keeping up with updates.

  • by devin ( 8554 ) on Wednesday May 30, 2001 @06:20PM (#187760)
    This [66.92.75.28] might be it.
  • by PD ( 9577 ) <slashdotlinux@pdrap.org> on Wednesday May 30, 2001 @06:03PM (#187762) Homepage Journal
    Attrition is dead. Maybe /. could become the new home for orphaned defacements.
  • Check out how I "secure" my network, Its not perfect but its relatively easy to implement. http://while1.org/security.shtml [while1.org] and now I post the whole thing to karma whore! :)

    We try to keep While(1).org fairly secure. Here is a general overview of our security process. It should be helpful for many novice UNIX admins.
    • Operating System: Although OpenBSD [openbsd.org] is generally regarded as the best Freenix in terms of security, GNU [gnu.org]/Linux [linux.com] is under more active development, faster, more user friendly and supports far more software packages and types of hardware than OpenBSD (sorry Theo [theos.com], much respect...). I [slashdot.org], along with most of the other admins and users are more familiar with a GNU environment. The distribution we use is Debian [debian.org]. I chose Debian for several reasons: free (libre and gratis), strong package system and reliability. It hasn't let me down. I do prefer Slackware [slackware.com] on my personal box, since the -current tree is more stable than Debian's unstable. However, Debian's package system is nicer and provides many things that Slackware lacks (I may abandon Slackware as soon as Debian supports XF4 and kernel 2.4 by default in stable). Debian also keeps up to date on security issues [debian.org].
    • Kernel: We now run a Linux 2.4 kernel. Although most security tools/patches are 2.2 only, the mature (READ: usable) ones have been ported to kernel 2.4. I'm confident that more will follow. 2.2 is dead. We have disabled modules entirely in our kernel to prevent hax0ring and to avoid using modules (does anyone else hate them?). We only have a few drivers enabled. Besides helping performance, this protects against hostile code injection into the kernel. It is possible for a clever coder to inject code into a non-modular kernel, but most rootkits [frameloss.org] use kernel modules. Not allowing kernel modules and using 2.4, prevents us from using some really cool security tools like LOMAC [pgp.com]. However, I found that LOMAC did not play nicely with OpenWall [openwall.com]'s Secure Linux [openwall.com] patch (or cron, or init or getty ...). When Lomac behaves nicer, it will be added (I'd also like to see it as a patch rather than a module). Currently, we are using the GetRewted.net [getrewted.net] patch which provides lots of security enhancements. We may be adding more secure kernel additions such as the NSA [nsa.gov]'s Security Enhanced Linux [nsa.gov]. However, at this time, we feel that the current kernel security model is both secure and usable. If you have any neat kernel goodies we might like, tell us [mailto].
    • Firewall: Note that we are NOT running any sort of real firewall. We feel that the extra kernel overhead of the firewall hurts performance and adds needless complexity to the server. Since we are NOT trusting local (ie: users with shell access) anyway, we feel that a firewall is basically useless since Linux's TCP/IP stack is already fault-tolerant, mature and robust. We augmented the TCP/IP stack with this shell script [securify.com] to limit our vulnerability to DoS attacks. Firewalling services should not be needed if your services are secure (run with minimal priviliges and SECURE by design and condiguration). Eventually we may drop an OpenBSD or Linux 2.4 firewall in front of the server as a measure for restricting local users ability to portscan, DoS and exploit remote hosts.
    • Authentication / Login: Remote interactive sessions are only supported over ssh (and we run OpenSSH [openssh.com]). Telnet is not allowed. Rhosts authentication is not allowed. I've looked at forcing people to use S/Keys, but it is a real pain in the ass on both ends. We are currently allowing FTP in. When I'm confident that all the users can get a good graphical scp/sftp client for their platform, I'll kill FTP. Since I'm not relying on trusting local users anyway, this is more a security concern for individual users. I'm considering locking some users who don't use their shells out of real shell access.
    • Users: I only make accounts for people I know personally. I also monitor user login s and their activity using whowatch and process accounting. I'm suspicious of logins from weird hosts. I also use PAM to set resource limits.
    • Monitoring: We watch out for network nastiness with Snort [snort.org] which is an AWESOME IDS. We monitor its logs and other system activity with Psionic [psionic.com]'s LogCheck [psionic.com]. Occasionally, I'll audit the machines for weird ports using nmap [insecure.org] and Nessus [nessus.org], both of which are REALLY nice. I'll also routinely verify system integrity using a combination of Tripwire [tripwire.org] and chkrootkit [chkrootkit.org], on a system booted from a known CLEAN floppy containing the tools.

  • by jonbrewer ( 11894 ) on Wednesday May 30, 2001 @06:13PM (#187765) Homepage
    Good lord, why not? Themes.org and Sourceforge aren't exactly conveying information of vital importance to anyone. Their cracking isn't going to affect the markets, political battles, holy wars, sickness, or starvation anywhere in the world.

    Why not reward the hacker by posting their conquest on Slashdot? Especially since they've proved their talent in such a benign way. And, of course, they've done the community a service by exposing vunerable security holes... which will hopefully be patched before some site of actual significance is hacked, sending the world into economic depression.

    (I sure wish someone had cracked the Florida electoral system beforehand...)
  • I have to agree with you there. My background is in biometric authentication (of the non-weak variety).

    Cryptograph authentication does indeed improove security vastly. As long as the password / private key is SAFE then you will have no problems. The use of smart cards that include their own host processor is the way to go.

    Eliminating passwords would save the world a whole lot of grief, IMHO.

    Pan
  • Amazon being 0wned?

    Thats news to me, and I am in a group that would know.


    --
  • Do you believe him? Somebody cracked it, but why believe that it was this guy?
    Caution: Now approaching the (technological) singularity.
  • Me too.

    Consider this to be an official offer of bounty. Hack goatse.cx, post fluffy bunnies and a public key. I, for one, will contribute to whoever pulls it off. GO FOR IT!

    -- Michael Chermside

    PS: This offer is not actually intended to violate any laws.

  • Breakins like this are why the immutable bit was introduced in 4.4BSD. If you set your important executables immutable (ls, ps, ssh, etc) then even if someone does root your box, they can't change those without taking the machine down to single-user mode and changing it there, which in most cases can't be done without physical console access. This trick works for logfiles too; an immutable logfile can be appended to but not deleted or rewritten.

    ---
  • This guy seems to have a little chip on his shoulder .... seems that he wants to get a little more notice than he got from the previous slashdot story on the exploits to the source forge networks. See for yourself

    The site's "shell server" was compromised May 22 after a SourceForge employee logged on to an outside Internet service provider that had already been taken over by the intruder, said Pat McGovern, site director of SourceForge.net. When the staff member logged on to SourceForge remotely, the intruder captured the password.

    Well some of that is true, I mean I did trojan ssh but I did it about 5 months a go, so kudos to the admin you sir are awesome..

    "What happened was the (ISP) was compromised and had not known it," McGovern said, adding that the site's administrator quickly noticed the intruder and shut systems down. "Basically we had to go through and rebuild the machine, and then we checked the log file of everyone who used the machine."

    hrm I guess that could also be considered true, if by true you mean, finding out every box on your network is owned 5 months after the fact and only due to my own boredom that consisted of me ircing it infront of the admin, by the way good job of auditing your network, wait thats just too much sarcasm for one sentence..

    After the attack, VA removed the shell service until workers could reinstall the software and data on the server.The shell server allowed SourceForge members to type commands into the system remotely. On Thursday, the company posted an alert that the shell server couldn't be used because of an "unscheduled maintenance event."

    It also allowed me to sniff my way onto apache.org and sourceforge webserver and leave all sorts of goodies in the code..

    In this case, they only got into a shell server," McGovern said.

    Hey, theres no disputing that, I mean.. wait.. Whats this I'm defacing ?

    The company also decided to shut down its "compile farm," a collection of computers running different operating systems on which SourceForge developers can test their software.

    Why would they shut down other boxes, if only the shell server was hacked ?

    Although illicit modifications to the programming projects are a concern, McGovern said the intruder didn't get that far.
    oh come now, you're just being silly..

    Its ok thought I dont blame you guys, I mean atleast you admited to being schooled, thats more then I can say for akamai, but thats a different story all together.. But never the less, I'd like to thank valinux.. apache.. akamai and ofcourse exodus without their poor security and refusal to make security breaches known to the public I wouldnt be sitting atop a mountain of roots and oodles of proprietary software.. This is the fluffy bunny signing of.. beep..

    -fluffy@#blackpanthers on efnet(the scourge of efnet)

  • But if the cracker replaced the colors on /. with ones that DON'T hurt a human's eyes, who's to say that it would be a totally bad thing?

    --
  • Gods! The only thing worse than a troll who finds a thesaurus, is an argument with nothing to back it up.

  • shit man, you haven't been on the microsoft campus lately have you???

    or do you not ever step outside M$'s marketing department?
  • I think you're misreading the letter. My interpretation is that it was the admin's ISP who had been owned for five months, not SourceForge.

    MS can "prove" their code internally when hacked (back ups/ownership/check digits) and is liable if they produce rooted code.

    That's classic Microsoft FUD. It has taken the US federal and state governments years and millions of dollars to take Microsoft to court, and they still don't have a decisive result. What chance does anyone else have of proving them "liable", even leaving aside the EULA's exclusion of liability?

    Personally, I can run a diff of my Apache and other source checkouts against what's currently in the tree, and know for sure what's changed. I find that much more reassuring that you handwaving about "check digits".

  • And, of course, they've done the community a service by exposing vunerable security holes... which will hopefully be patched before some site of actual significance is hacked, sending the world into economic depression.

    When it was announced that Sourceforge had been hacked, I was the only one that ventured the idea [slashdot.org] that it wasn't a technical hack, but a social one (okay, that sounds like I've got a swollen head, but the point is, most people lept to the conclusion that it was a technical hole, rather than a social one).

    Most likely, this will not be the only other OSDN and related sites that is defaced - if they got into Sourceforge and Themes.org on stolen passwords, they are probably collecting passwords, looking through history files, hammering through, searching for passwords to other sites. Since it's a fairly small pool of admins that all work together, it is likely that there are some overlap between admins. Plus the odd (and stupid) admin that uses the same passwords at multiple sites.

    Social engineering, stealing a password or swiping a laptop does not beneficially expose security holes unless the password was negligently left out, or the social engineering targeted somebody who shouldn't have had the password anyway. I know a large ISP (one of the, oh, say, top two) where most of the sales force knows the NT Admin password for all machines on the network. That's negligence.

    Having a laptop in session get swiped at Comdex means you better know what's on that laptop (and deal with it quickly), but at that point, can just be a race. And if you leave it at a restaurant, come back the next day to pick it up, unaware that the busboy is a 133t d00d, is that negligence (in a perfect world, yes. In reality, it's a bit more fuzzy).

    And of course, the tendancy towards smart cards (which aren't) will only make this problem worse. A bit of biometrics might help: a thumbpad on the side of the card, maybe.

    --
    Evan

  • by Chuck Chunder ( 21021 ) on Wednesday May 30, 2001 @09:27PM (#187786) Journal
    From the announce@apache.org mailing list:
    ====

    Earlier this month, a public server of the Apache Software Foundation (ASF) was illegally accessed by unknown crackers. The intrusion into this server, which handles the public mail lists, web services, and the source code repositories of all ASF projects was quickly discovered, and the server immediately taken offline. Security specialists and administrators determined the extent of the intrusion, repaired the damage, and brought the server back into public service.

    The public server that was affected by the incident serves as a source code repository as well as the main distribution server for binary release of ASF software. There is no evidence that any source or binary code was affected by the intrusion, and the integrity of all binary versions of ASF software has been explicitly verified. This includes the industry-leading Apache web server.

    Specifically: on May 17th, an Apache developer with a sourceforge.net account logged into a shell account at SourceForge, and then logged from there into his account at apache.org. The ssh client at SourceForge had been compromised to log outgoing names and passwords, so the cracker was thus able get a shell on apache.org. After unsuccessfully attempting to get elevated privileges using an old installation of Bugzilla on apache.org, the cracker used a weakness in the ssh daemon (OpenSSH 2.2) to gain root privileges. Once root, s/he replaced our ssh client and server with versions designed to log names and passwords. When they did this replacement, the nightly automated security audits caught the change, as well as a few other trojaned executables the cracker had left behind. Once we discovered the compromise, we shut down ssh entirely, and through the serial console performed an exhaustive audit of the system. Once a fresh copy of the operating system was installed, backdoors removed, and passwords zeroed out, ssh and commit access was re-enabled. After this, an exhaustive audit of all Apache source code and binary distributions was performed.

    The ASF is working closely with other organizations as the investigation continues, specifically examining the link to other intrusion(s), such as that at SourceForge (http://sourceforge.net/) [ and php.net (http://www.php.net/). ]

    Through an extra verification step available to the ASF, the integrity of all source code repositories is being individually verified by developers. This is possible because ASF source code is distributed under an open-source license, and the source code is publicly and freely available. Therefore, the ASF repositories are being compared against the thousands of copies that have been distributed around the globe. While it was quickly determined that the source code repositories on the ASF server were untouched by the intruders, this extra verification step provides additional assurance that no damage was done.

    As of Tuesday, May 29, most of the repository has been checked, and as expected, no problems have been found. A list of verified modules will be maintained, and is available here: http://www.apache.org/info/hack-20010519.html

    Because of the possible link of the ASF server intrusion to other computer security incidents, the investigation is ongoing. When complete, the ASF will offer a complete and public report.

    The Apache Software Foundation strongly condemns this illegal intrusion, and is evaluating all options, including prosecution of the individual(s) responsible to the fullest extent of the law. Anyone with pertinent information relating to this or other related events should contact root@apache.org. Anyone from the media with further interest should contact press@apache.org.

    Thanks.

    Brian Behlendorf
    President, Apache Software Foundation
    ====
  • by Xofer D ( 29055 ) on Wednesday May 30, 2001 @09:03PM (#187789) Homepage Journal
    I think this would be a good time to link to The Linux Security HOWTO: What to Do During and After a Breakin [linuxdoc.org] , as well as of course the Linux Security HOWTO itself [linuxdoc.org] . Don't just read it. Implement it.
  • by Polo ( 30659 ) on Wednesday May 30, 2001 @06:36PM (#187790) Homepage
    A better hack would to be crack slashdot, (possibly from Japan), then post a very subtle and believable story telling of other sites being compromised with "vulgar pictures"...

    and then chuckle in a maniacal way as the slashdot effect works as a DOS attack on those sites...

  • You should of course also change passwords for any account you might have ssh'd to from one of the compromised servers...

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.
  • oh yer, he was wrong. Dont misunderstand me, I dont condone his actions. But I dont condone VA Linux failing to notice backdoors for 5 months when they are supposed to have an expert security team.
  • re-installing is *not* the solution. Checksum your binaries when you first install (and dont have the network plugged in when you do it ok?) and if/when you get owned, take the box offline, pull out the harddrive, put it into a machine with no harddrives, boot off your forensic analysis floppy and check it. Hopefully, the security team at VA Linux knows this.
  • Norton protects you against known viruses. Virus writers check their virus before releasing it (and yes, they still release it, no matter how much we tried to tell them that wasn't what it was all about) so they know the AV dont detect it. It is only after it has been discovered "in the wild" that the virus signatures are determined and the checker updated.
  • by QuantumG ( 50515 ) <qg@biodome.org> on Wednesday May 30, 2001 @06:51PM (#187806) Homepage Journal
    sigh [biodome.org].
  • by solios ( 53048 ) on Wednesday May 30, 2001 @06:21PM (#187807) Homepage
    First the DDOS attacks- and probably other sorts of similar high-profile hits before then. Then the discovery that M$'s internal network had been compromised; and now in the past week, Themes.org was cracked and Sourceforge was messed with. Slashdot was compromised a few months ago as well (and the staff was very open about what went down and how it had been possible), and I'm sure there are many others that are escaping my attention at the moment.

    Is it just me, or are these sorts of things on the rise- not only the frequency, but the profile of the target? How long until a *really* high profile, high volume portal or site such as Amazon, Ebay, or Yahoo gets 0wn3d?

    It's geurilla warfare- a war without soldiers, ammunition or human casualties. The attackers cannot be easily found, and even when they are, prosecuting them is difficult, if not impossible (extradition treaties, diplomatics, etceteras). From what I've seen, all of the major targets have been hosted on US soil- I wouldn't be surprised if many of the attackers were overseas. Firewalls don't seem up to the task, and neither do many sysadmins.

    What sort of tools exist to prevent this sort of thing (aside from simply using OpenBSD)? Any Gibsonian Black Ice? The TCP/IP equivalents of radar and surface-to-air missiles? Are any of them open sourced, and what is the state of their development?
  • by chris88 ( 62904 ) on Wednesday May 30, 2001 @06:52PM (#187808)
    This [upnix.com] is what I took from here [66.92.75.28]. Which says it's a mirror.
  • I would like a copy of this list, do you know where I can find one? I'm a user (bugg@users.sourceforge.net) at SF and have SSH'd places from their shell before; but I don't know if that was before or after the comprimise.
  • I for one will offer many-a-virtual beers to the one 1337 d00d doing that !
    --
  • While it is nice to know that the site got hacked, aren't we rewarding the hacked by posting all to info in a public forum?

    This is the problem that was faced with the airline hijackings a decade ago. Eventually, the major news organizations agreed to report only that a plane had been hijacked: they refused to disclose by whom or their demands. Of course, with a more distributed news apparatus in the internet, this sort of thing might be more difficult today (especially considering responses like comment #33 [slashdot.org]). I suppose the only option available to us is increased airport security, so to speak.

  • These hax0rs don't seem to realize that it's many orders of magnitude more difficult (since it's impossible) to prevent a box from being compromised. To detect a successful breakin is also FAR FAR FAR more difficult than breaking into a system. I'd would love to see this guy try to secure/admin sourceforge/apache/themes.org - he'd probably fail miserably and maybe see things from another point of view.
  • But apache itself was never exploited. It was all done using ssh. The Secure Shell is to blame here. I wonder if it was the commercial SSH or OpenSSH?

    -------------
  • I understood the rant to mean that the ISP had been hacked for 5 months and someone logged in from that trojaned ssh client on the ISP to get the passwds for SF. Maybe I misread it, but I would tend to think that it would go un-noticed in an ISP way longer than it would go un-noticed at VA. Maybe I give VA too much credit
  • by dudle ( 93939 ) on Wednesday May 30, 2001 @07:03PM (#187828) Homepage
    What sort of tools exist to prevent this sort of thing (aside from simply using OpenBSD)?

    That's not right! You don't get protected from viruses just by installing Norton Antivirus, you have to constently update it, make sure you run the newest version, etc.

    Securing a system requires deep knowledge about that said system. I don't know shit about OpenBSD. Do you really think I will be more secure if I were to use OpenBSD tomorrow rather than Debian that I know pretty well? I don't think so either.

    Any Gibsonian Black Ice? The TCP/IP equivalents of radar and surface-to-air missiles? Are any of them open sourced, and what is the state of their development?

    Snort, logcheck and the like do help, as long as you stay up to date with BugTraq and you keep you head cold. The minute you think you are secure, you get screwed. All the tools in the world won't help you if you don't know how to use them.

    So what can we do? Well here is my humble opinion:
    Before you get owned

    • Knowledge is gold but documentation is golden.
    • Get a working backup solution in place

    Once you realize you're owned
    1. Unplug the box
    2. Get the hot spare and restore the data on it (you do have a hot spare I hope)
    3. Analyse the system in a post-mortem mode
    4. Reinstall the compromised system from scratch
    Good Luck.

  • by zimbu ( 99236 ) on Wednesday May 30, 2001 @07:28PM (#187832)
    ....I wouldnt be sitting atop a mountain of roots and oodles of proprietary software..

    apache.org and sourceforge.com those are the first places I go to get my proprietary software.
  • What sort of tools exist to prevent this sort of thing

    [Insert security-is-a-process-not-a-product rant here.]

    Properly engineer the interface to everything an outsider can get their hands on (parameters to cgi scripts, random services that shouldn't be running or exposed to the outside world at all, physical security, etc) and make sure you can trust your insiders.

    Unfortunately it's very difficult to turn 100000 lines of crap thrown together over six weeks of all-nighters (or 1000000 lines of crap thrown together over six years) into a properly engineered system. In fact it's usually significantly easier to throw it out and start over.

  • Say what ? You are totally wrong. OpenBSD DOES need patches (at least if you are installing off the paid-for CD). http://www.openbsd.org/errata.html
  • by mini me ( 132455 ) on Wednesday May 30, 2001 @06:12PM (#187845)
    Actaully http://defaced.alldas.de/ [alldas.de] has already taken over this role. Mind you themes.org doesn't seem to be on there yet!? They do however provide all the info on operating systems and multiple attacks, etc.
  • "the nightly automated security audits"

    Well, at least someone is doing their job properly, but why are people sshing to other machines only to ssh into another machine from there? Where's the point in such stupidity?

  • OK... I'm confused by the term "remote server" in this context. Just to be sure we're on the same page, I'll say that the X client is remote, the X server is local, the sshd server is remote, the ssh client is local.

    You're saying that if I use a local ssh client, with X forwarding turned on, to connect to an untrusted remote sshd server, then that untrusted remote server can connect an X client back to my X server, and through that X client can run arbitrary code on my X server?

    Damn. That sucks.

    Is this a theoretical attack, or is this real?
  • other than letting admins SSH in from shell accounts on other systems that they didn't control

    I must say this is somewhat understated. Dude, I'm not trying to flame you here, I am way more upset with by the stupidity of the Apache developer that gave up his password. So I am apologizing in advance, this is just the "right" place for my comment.

    Guys with access to ASF machines should never under any circumstance feed their password into an untrusted system. With Apache running on 60%+ of the WWW it is way too fucking big of a risk. Since fluffy bunny claims s/he rooted machines at Exodus 5 months ago, the question now exists, um geez, are all my Apache boxes trojaned?.

    The ASF is right to verify the integrity of their source by going back to the many many distributed copies of the source they have, however, I believe this might be an insufficient effort because the source could have been trojaned way in the past.

  • Dude, I agree the FMII facelift totally blows and has caused fewer page views from my IP. I would like to gently point out that the themes.org break-in is not the real news here...The news is the hax0r who did it claims to have rooted admin machines at Exodus some 5 months ago. Exodus hosts a lot of big sites, this could be a really big deal if the claims are true.
  • Thats the problem. The hacker trojaned the ssh binary on a *shell* server that the ISP was providing. So, some admin jumped onto the shell server and ssh'ed from that to the OSDN boxes.

    SealBeater
  • But on a positive note, at least it will keep the Linux zealots quiet for a week or two about how superior they think Open Source is.

    When has it ever in the past? No, this will be spun into being "proof" as to how much better Open Source is when it comes to security than Closed Source software.
  • by quickquack ( 152245 ) on Wednesday May 30, 2001 @06:29PM (#187859) Homepage
    Here's what the cracker posted:

    The site's "shell server" was compromised May 22 after a SourceForge employee logged on to an outside Internet service provider that had already been taken over by the intruder, said Pat McGovern, site director of SourceForge.net. When the staff member logged on to SourceForge remotely, the intruder captured the password.

    Well some of that is true, I mean I did trojan ssh but I did it about 5 months ago, so kudos to the admin you sir are awesome..

    "What happened was the (ISP) was compromised and had not known it," McGovern said, adding that the site's administrator quickly noticed the intruder and shut systems down. "Basically we had to go through and rebuild the machine, and then we checked the log file of everyone who used the machine."

    hrm I guess that could also be considered true, if by true you mean, finding out every box on your network is owned 5 months after the fact and only due to my own boredom that consisted of me ircing it infront of the admin, by the way good job of auditing your network, wait thats just too much sarcasm for one sentence..

    After the attack, VA removed the shell service until workers could reinstall the software and data on the server. The shell server allowed SourceForge members to type commands into the system remotely. On Thursday, the company posted an alert that the shell server couldn't be used because of an "unscheduled maintenance event."

    It also allowed me to sniff my way onto apache.org and sourceforge webserver and leave all sorts of goodies in the code..

    In this case, they only got into a shell server," McGovern said.

    Hey, theres no disputing that, I mean.. wait.. Whats this I'm defacing ?

    The company also decided to shut down its "compile farm," a collection of computers running different operating systems on which SourceForge developers can test their software.

    Why would they shut down other boxes, if only the shell server was hacked ?

    Although illicit modifications to the programming projects are a concern, McGovern said the intruder didn't get that far.
    oh come now, you're just being silly..

    Its ok thought I dont blame you guys, I mean atleast you admited to being schooled, thats more then I can say for akamai, but thats a different story all together.. But never the less, I'd like to thank valinux.. apache.. akamai and ofcourse exodus without their poor security and refusal to make security breaches known to the public I wouldnt be sitting atop a mountain of roots and oodles of proprietary software.. This is the fluffy bunny signing of.. beep..

    -fluffy@#blackpanthers on efnet (the scourge of efnet)

    Greets to: dianora.. tsk.. squrl.. cumstud.. glitch.. snow.. dwalrus.. cotton butt.. JAIL MITNICK! / FREE THE SHDWKNGHT!!!!!

    Note: I removed the /etc/passwd file at the end of this. Thought it would be nicer that way.

    ------------

  • by hyoo ( 155460 ) on Wednesday May 30, 2001 @07:12PM (#187861)
    ...hack goatse.cx and put up a non-vulgar picture.
  • It's a *very* real attack.

    That's why there's a provision for disabling X forwarding. Other things to do to help close down the hole are having your 'ssh' X NOT connect back to your real X server, but to an XNest or mxconns [home.cern.ch] instead.

  • I used to hate seeing "everyone's vulnerable" and "its only a matter of time" messages, and typically passed them off as paranoia, this, though, is scary. Apache.org got broken into as well? Damn...

    I'd like to know what's broken, I wonder who else is vulnerable.

  • > And of course, the tendancy towards smart cards (which aren't) will only make this problem worse. A bit of biometrics might help: a thumbpad on the side of the card, maybe.

    Well, exactly are you going to send a thumbprint when you're logging on remotely ? As a binary stream... ? (then it too can of course be exploited in the same way as the password).
    Bioinformatics may work fine when you're at the fysical location, but remotely.. hardly.

  • by Alien54 ( 180860 ) on Wednesday May 30, 2001 @06:06PM (#187869) Journal
    While it is nice to know that the site got hacked, aren't we rewarding the hacked by posting all to info in a public forum?

    Sort of between a rock and a hard place here. we need to inform the affected users, but we do not want to reward the hacker with the notoriety they crave.

    Check out the Vinny the Vampire [eplugz.com] comic strip

  • well some system admins are damn busy with meetings, assisting users, setting up phone lines, buying hardware and software, administrative tasks, etc.
    So instead of saying that they're incompetent, consider the fact that they may be busy doing other unrelated tasks.
  • by swillden ( 191260 ) <shawn-ds@willden.org> on Wednesday May 30, 2001 @09:42PM (#187874) Journal

    And of course, the tendancy towards smart cards (which aren't) will only make this problem worse. A bit of biometrics might help: a thumbpad on the side of the card, maybe.

    As someone who designs and implements high-security access control systems for a living, I disagree that smart cards make the problem worse (and they are actually pretty smart). Yes, cards can be stolen, but in any reasonable implementation the cards perform access control on the usage of their stored secrets, requiring password or biometric authentication (actually, I'm not aware of any real-world, secure implementations that use biometrics because unless the matching is done either on the card or in another secure device that shares keys with the card, then biometric authentication is extremely weak).

    Even without a second authentication factor, and even without a secure token, the use of a cryptographic authentication mechanism does vastly improve security over weak, reused and occasionally even sniffable passwords. Applying two-factor authentication, with a secure token as one factor essentially eliminates a whole class of attacks. Use of a host security module on the server is also of great benefit, making it impossible for the attacker to get at the most valuable secrets in the event they manage to compromise the server.

    The tendency towards smart cards does in fact go a very long way towards solving this problem.

  • by phaze3000 ( 204500 ) on Wednesday May 30, 2001 @10:25PM (#187877) Homepage
    I think you're getting confused here..

    X server - what actually displays stuff, runs on your local machine
    X client - program that runs on remote machine
    SSH daemon - program that runs on remote machine giving you shell access
    SSH client - program that runs on your local machine that allows you to connect to SSH daemon on remote machine.

    Right, now we've got that clear, let's see what these programs actually allow us to do in terms of potential exploits.
    SSH - allows us to run (gasp!) ARBITARY CODE on the remote machine. Except that it runs as the user we're logged in as, which presumably will be a low enough level only to cause problems to ourself (unless there are unpatched programs). This is really only a problem if we've already got root, in which case there are already plenty of naughty things we can do.
    Running an X client when logged in via SSH allows one to run X clients (ie X applications) on the remote server, but have them display on our local X server. The code is still running on the remote server, just like it is when we execute a program via SSH. Just like when we use SSH, the output from the program is sent to our screen rather than the machine it's actually running on.

    So, to conclude - there is no extra security risk from running X apps remotely. The programs are still running on the remote machine, they're just displaying on your local X server.

    The security vulnerability here came about because there was a cracked SSH executable on a machine which one of the Sourceforge guys then used to log in to Sourceforge. The cracker didn't go into details, but I'm willing to bet it's some ancient vulnerability that was expolited - like the portmapper one that a couple of worms have used, or a wu-ftpd issue. Or maybe something bind-related.

    Hope this stops anyone from panicing unnecessarily.



    --
  • I disagree. A couple days ago, my fiance and I were watching TV, and someone was incorrectly dubbed a "hacker". I tried to explain the difference, but she cut me off and told me that noone cares about the correct semantics, it's only popular perception that matters. In other words, the term has taken on a new meaning because of a widespread perception. I never got to finish my sentance...

    Well, your fingers weave quick minarets; Speak in secret alphabets;
  • And, of course, they've done the community a service by exposing vunerable security holes...

    Likewise I'm very appreciative of the local youngsters, who rattle my doorknob, checking to see if there is a security hole with my house.

    Or the time they jimmied the lock, showing its vulnerability to common tools, and helpfully left a note, spray-painted on my wall.

    Yes indeed, where would I be without all this wonderful community service?
    -----
    D. Fischer
  • Even if X is tunnelled but the sshd is compromized, you are screwed, because sshd knows what you are typing in xterm.

    Actually, everything you are doing on a remote compromized machine can be monitored by the attacher.

  • by Cardhore ( 216574 ) on Wednesday May 30, 2001 @07:15PM (#187888) Homepage Journal
    I agree.

    Remember when the word hacker used to mean someone who breaks into networks or writes code? And crackers were the ones who cracked the copy protection on software and had the "s3r1a1 #'s". They were always grouped with anarchy, virii, and wares all over the net.

    Who cares if "good" and "bad" hackers are called hackers? Most people can understand who you are if you take two minutes to explain which type you are . . . people are surprisingly able to understand these things if someone explains them to them. Most people are willing to listen; just talk to them.

  • Honestly, themes.org (especially wm.themes.org) is so unusable nowadays the defacement would have to be pretty outrageous before I'd notice something is wrong.

    I find that every change in a familiar site rubs me the wrong way, for a week or so. I try to give it a couple of months before complaining. But themes.org has been getting less usable with each update, and a couple of years later I continue to miss OctoberX's original design.

    It's a shame - I used to check it out at least once a week, I downloaded a lot and contributed quite a few. But it's been months since I last looked at the site.

    As long as I'm bitching, the Freshmeat facelift has been a step back for me, too. I hope the VA folks don't decide Slashdot neds improving. Better hosting (especially during the EST late afternoon/early evening) will be fine, thanks.

    Unsettling MOTD at my ISP.

  • by Lyrrad ( 219543 ) on Wednesday May 30, 2001 @06:09PM (#187890) Homepage
    Well, I'd assume that themes.org will come out with a theme about this.

    But, http://defaced.alldas.de/ [alldas.de] should have it soon.

  • by KMitchell ( 223623 ) on Wednesday May 30, 2001 @07:01PM (#187891)
    If the "rant" is to be believed, SourceForge missed a trojan when they recovered their server... I was thinking when reading the original story that I wouldn't feel comfortable just going through the logs and trusting that I caught everything... I guess re-installing from source media *IS* the only way to go...

    The big remaining questions are how many sysadmins at sites "trusted" by a compromised box should be looking for rootkits and dusting off backup CDs... and how many man-hours will it take to audit the hosted code to regain confidence that there ISN'T a backdoor somewhere...

    --Ken

  • by diamondc ( 241058 ) <gabrielfm&yahoo,com> on Wednesday May 30, 2001 @06:58PM (#187895) Homepage
    what the hell... peopl are mirroring deleting th passwords sugarkane.rgv.net/~diamondc/themesownage.html
  • by iCharles ( 242580 ) on Thursday May 31, 2001 @03:11AM (#187896) Homepage
    Boy, the security on IIS/NT really sucks to allow such a hack to happen.

    Oh, yeah...

  • Microsoft has around 50% of the commercial web server space according to the Netcraft SSL survey. That's a fairly large chunk considering the next competitor is Apache with 30%.

    That may be true when you're looking at the SSL survey, but overall Apache is far and away ahead of NT/IIS. Not everybody is running an e-commerce site off their web servers.

    Much more fun to hit the high profile sites. Especially if there are some juicy credit card numbers to be had because of poor site design.

    That might be true for a small number of crackers, but the overwhelming majority of sites that get cracked are victims of simple exploit-and-deface maneuvers.
  • Please reread the original post. In SSL sites Apache is NOT king at this point -- it is a distant second to IIS.

    But that is irrelevant to this discussion. We are talking about number of overall exploits/cracks/defacement incidents as a percentage relative to overall marketshare. In that arena, MS definitely scores the highest. Period. There is no wiggling out of it by citing SSL surveys instead of overall. SSL-enabled sites are not the only ones that get exploited! Your statement regarding Microsoft's marketshare according to the Netcraft SSL survey is about as relevant here as me pointing out that the average human head weighs 8 pounds.
  • The point I made was that the higher percentage of SSL enabled IIS sites provided a much more attractive attack target.

    Calling the point irrelevant has no bearing on the discussion. It may be irrelevant to you but that is only because you are either incapable or unwilling to understand the point.


    I explained this to you once before but you didn't get it, so I will explain this to you yet again...in detail:

    It may be true that SSL protected/e-commerce sites provide a more attractive target for some crackers (those who are financially motivated), but the vast majority of servers that are being cracked are not targeted for financial gain. They are simple exploit and deface tricks. They are script kiddies who want to show someone that they can exploit a well-publiscized security hole and see their name up in lights.

    If the majority of security breaches were in fact finanically motivated or had some sort of financial component, then your excuse about MS having a hgiher marketshare among SSL enabled sites might be relevant. But since the overwhelming majority of security breaches are not financially motivated and are simple site defacements then obviously the "financial motivation" theory that you posit is not applicable to those cases.

    Trying to insult me by implying that I'm stupid won't change that.
  • My point was essentionally, what offers a juicier target to most hackers? Little known "Hi my name is Joe" sites, or various commercial ops?

    Blah blah blah...yeah, we know. But your argument that only "hit my name is Joe sites" are the ones running Apache is somewhat flawed. Lots of commercial sites run Apache. Beyond that, there are a large number of business-oriented web sites that are not e-commerce sites. They may simply be online brochures for companies or a places to find more news and information about a company (like McDonald's and Burger King, two sites that were relatively recently cracked and defaced).

    It all depends on so many factors. I also suspect the script kiddies tend to be more familiar with Windows.

    And now you contradict yourself by implying that script kiddies are going out to hack commercial sites. They're not. Script kiddies are out to see their name in lights. If it's by defacing Burger King's online brochure, so be it. If it's by defacing Amazon.com and disrupting that days transactions, so be it. The business (or non-business) purpose of the site is irrelevant.

    Go research the kinds of sites that have been breached over the past year. Start at attrition.org or alldas.de and keep going. I think that you'll find that very few of them are actually big "commercial operations" (or e-commerce sites). Most of them will be companies or organizations that you're probably never even heard of.
  • by ocbwilg ( 259828 ) on Wednesday May 30, 2001 @06:19PM (#187905)
    I can see it now... PR folks from Microsoft, and other closed-source businesses are going to jump all over this (or related matters):

    Please...the absolute last thing MS wants to do is to actually get people started comparing the number of cracked web servers between NT/IIS and anything else. Even their corporate PR droids know that NT/IIS is by far the most exploited/cracked web server combination in the world (and disproportionately so when you consider that they have such a small percentage of the web server marketshare).
  • by Scoria ( 264473 ) <slashmail&initialized,org> on Wednesday May 30, 2001 @08:04PM (#187908) Homepage
    ... and it should worry you as well, if you use any of OSDN's services.

    That's right, any of them. After all, they're keeping very quiet about it and just about everything of OSDN's is getting cracked lately.

    Whoever this is, they must have root or access to sniff network traffic. It seems like whatever they don't already have access to, they can get it.

    Should you be worried? Yes. Is it overreacting? No.

    We rely on these people to keep our source (relatively) secure and disclose the problems that may be occuring...br>
    Will I be using SourceForge to store my code? No. I'll use a local box behind a firewall with no services, except a secure FTP daemon, allowed.

    If nothing else, at least keep a local backup, as many people don't seem to be doing this. They may have even installed a trojan into the box to insert code into the applications.

    Or maybe even a trojaned build of 'make.'

    You never know...

  • I tried to explain the difference, but she cut me off

    That's when you slap the bitch and tell her to shut the fuck up,
    and that if she fucking listened she might fucking learn something once in a while.

    She sounds like a great catch, someone you can really talk to about anything...

    Me? I occasionally call myself a hacker, and if someone doesn't 'get it',
    I explain to them the difference between white hats and black hats,
    and that hackers are like Jedi.
    I am, however, a cracker(as in chickenshit whiteboy) hacker.

    Cracker? Fuck no. Sites do get cracked, but the act is still hacking.
    "ScriptKiddie" is appropriate for a lot of defacements tho, as many of the people that
    deface sites just use r00t kits and never actually do any work or have any real knowledge.

    Mr. P3n1z.
  • Everytime I read another one of these releases about yet another site being defaced by yet another cracker with a sniffer. Two things come to mind. The first one is where the heck was this kid's parents when being taught the diference between right and wrong. The other thing is why attack a community that for all intent and purposes is attempting to build something for the greater good of all mankind? The act of breaking and entering, which is what happened, is a terribly deplorable act. I do understand that the sysadmins at the site were crushed under the ball instead of being on the ball, but that does not give everyone the right to go cracking away. Personally, I would have had more respect for this low-life scum, if he/she/it had decided to simply patch up the holes and then announce it in some other fashion. At this point nobody should trust any of the software off of Sourceforge until the developers of said software are able to claim that it is indeed safe from backdoors. I know some of you are against strengthening the laws regarding cracking systems, but I am all for it. I would much rather see some script kiddie, or someone that knows what they are doing, go to prison for 10 to 15 years for breaking and entering into computer systems. Of course the sysadmins at the site that was originally hacked should carry most of the blame on this. I do also understand that it is terribly dificult to know what software is installed on every PC in every office. It still does not excuse the fact that a schmuck in an office somewhere can slap together a giant security hole machine. The originally affected machine should have been screened by the real sysadmins prior to going live. If we could get sysadmins to start pre-screening machines before they go live, it would be possible to grealy cutdown on the number of cracks. That should almost be a law, especially since there are so many hacks (Meaning Dumbass) that pretend to be sysadmins out there.
  • http://66.92.75.28/~vladimir/themes-org.html
    a lot of info there...
    31337= Alienated, anger teenager who compensates voids in his/her life by making him/herself believe that s/he is 'elite' ( a good way to fight an inferiority complex, and an obious lack of ablity to commit her/himself to meaningful relationships ). In other words: a boring pissed off teenager who craves attention because nobody listens to him/her.

One picture is worth 128K words.

Working...