qmail
Sifalakis Manolis (WILLY)
msifa at ariadne-t.gr
Fri Dec 12 12:06:42 EET 1997
Koxaras Aris wrote:
>
> > Koxaras Aris wrote:
> > >
> > > AHAHAHA! ma eisai sovaros!?!? h ariadne (pou xrhsimopoiei sendmail
> > > gia logous asfaleias) einai to systhma pou den exei spastei pote ma pote
> >
> > ^^^^^^^^
> > Filarako mou egw den thimame na ypostiri3a pote oti i ariadne einai
> > secure dyktio (xwris ayto na simainei oti den tha mporouse na ginei) ,
> > oute eipa oti emeis xrisimopoioume sendmail gia logous security !!!
>
> Eipa to anti8eto. Oti den exete kai polles gnwseis security (kala,
> den vazw kai to xeri mou sth fwtia) kai gia auto xrhsimopoieite sendmail.
^^^^^^
Gnwseis security yparxoun kai me to parapanw ... oso isws den fadazesai
(oxi apo mena proswpika, i kapoio apo aytous pou asxolountai amesa me
to administration edw). Alla den apotelei stoxo (apo pleyras tis
mexri twra politikis) na eimaste secure. Ayto exei na kanei me kapoia
dika mas eswterika provlimata. Gi ayto kai an ekanes ton kopo kapoia
fora pou mpikes edw , na ri3eis mia matia stin ekdosi tou sendmail
pou xrisimopoioume , tha katalavaines .....
> To na anaba8mizeis ka8e ligo kai ligaki thn ekdosh tou sendmail sou den einai
> lysh sto problhma tou security. Kai auto giati to bug 'h to advisory pou 8a
> diavaseis esy sthn bugtraq to ekmetalleuontai autoi pou einai "mesa" sta kolpa
> 2-3 mhnes pio prin.
^^^^^^
Edw to sendmail den exei ginei patched i upgrade sxedon pote. Sou
3analew oti to na eimaste secure dyktio den einai stoxos. Ayto den
simainei omws oti den asxoloumaste kai me to antikeimeno.
Episis apo ayta pou les kai mono vgainei to syberasma oti kapoios
pou enimerwnetai , diavazei , klp gia security den simainei oti
mporei na efarmosei ena apolita secure perivallon, dioti poly apla
ayto den yfistatai. Ara loipon i asfaleia einai panta sxetiki.
Egw symfwnw kai epay3anw s'ayto , an den ypirxe aytos o agonas dromou
meta3y crackers kai admins , den tha ypirxe i ennoia tou security sta
dyktia, etsi den einai ??? Oi crackers apo fisi exoun rolo epithetiko
, kai oi admins amyntiko. Synepws panta oi crackers tha einai ena
step ahead , giati oi admins apo "default" prospathoun na anaxaitizoun
tous crackers. An enas cracker den vrei mia trypa na eisvalei , enas
admin den tha prospathisei na tin klisei... Kai kathoti o teleytaios
megalos profitis (Nostradamos) , den asxolithikai me to antikeimeno ,
den tha itan pote dinato na deis ena admin na prospathei na kleisei
trypes pou den tha 3erei oti yparxoun !!!
ARA kai telika apo tin fysi tou to provlima security den exei lisi.
Prokeitai gia to provlima tis kotas kai tou avgou.
To mono pou mporei na kanei kapoios admin einai na efarmosei kapoia
sxetiki proliyi ma ton tropo pou anafereis parapanw.
H na afisei to administration kai na ginei kunigos kefalwn . Pragma
pou den tha eline to provlima gia ton idio logo pou i ypar3i tis
astinomias den sinepagetai e3aliyi tis egklimatikotitas (isws malista
to antitheto).
>
> > Otan diatheteis mia ferrari kai odigeis stin ethniki me 50 (gia ton
> > opoidipote logo), ayto den simainei oti to aytokinito einai mapa.
> > Antitheta to aytokinito mporei na paei kai me 250 alla an then
> > opoidipote logo), ayto den simainei oti to aytokinito einai mapa.
> > Antitheta to aytokinito mporei na paei kai me 250 alla an then
> > apofasisei o odigos na to odigisei se tetoies taxytites.....!!! den
> > prokeitai na to kanei to aytokinito apo mono tou. Etsi kai me to
> > sendmail tha mporousa na sou ferw paradeigma ena swro sites pou einai
> > arketa secure kai xrisimopoioun sendmail (p.x. po1.cert.org).
>
> Oxi, omws einai o odhgos mapas :-). Kai oso anafora th CERT, na
> ypo8esw oti anaba8mizei synexws to sendmail tis? Kai pistepse me, apo osa
> exw dei na symvainoun den einai tipota secure. 3erw kati kala paidakia
> (autous pou vgazoun ta exploits) pou aplws mporoun na mpoune opou 8eloun.
>
^^^^^
O odigos tha einai mapas an mporei na odigisei grigora kai den to kanei
an omws yparxei kapoios logos pou ton periorizei tote den tha einai
mapas oute o odigos (mporei i gineka tou pou einai mesa na tou griniazei
...:-)...i na exei ladia o dromos...!!! ). Opws antilamvanesai loipon
den einai ola black-white, alla kathe pragma mporei na exei panw apo
mia synistwses , kai oxi oles emfaneis. Akoma kai egw pou sto lew polles
fores kanw ti malakia na krinw me ayton ton lathos tropo.
Oso gia ta paidakia pou les pisteyw oti kai me to IPv6 to idio tha
kanoun gia to aplo logo pou sou anefera parapanw.... (After all nobody
is perfect....kai i douleia tous einai na vriskoun tis ateleies kai
tis adynamies twn allwn).
> > Episeis opws isws antilamvanesai , an "spasei" kaneis mia mixani se ena
> > site ayto den simainei oti i "hack-ia" egine apo to sendmail (akoma kai
> > an i hack-ia egine mesw mail), oute oti i sygkekrimeni mixani mporei na
> > eixe ena secure sendmail settarismeno.
>
> Edw tairiazei h paroimia "Fylage ta rouxa sou gia na exeis ta misa".
> ektos kai an de se noiazei h prolhpsh tou hacking (=asfaleia) ka8olou.
>
^^^^
As min epanalamvanw ta idia , nomizw oti idi exw apantisei sto thema.
Kai sto telos-telos admin != cop.
> > Epipleon epeidi to thema ariadne xwraei poli syzitisi kai den nomizw
> > oti tha eixan ore3i na to akousoun oloi sti lista , den tha epektathw
> > kai tha sou pw mono 2-3 pragmatakia...
> > 1- Apo olous tou providers i ariadne einai i moni pou den isxiristikai
> > pote oti einai secure kai oute thelise pote mexri twra na efarmosei
> > kapoia sovari security politiki. Ayto gia diaforous logous enas ek
> > twn opoiwn einai i mexri twra politiki kai diaxeirisi tis. Epipleon
> > an eisai ligo palios sto kourbeti tha exeis isws akousei tin frasi
> > "emeis goustaroume tous hackers , den tous kynigame" , apo atoma
> > e3' aitias twn opoiwn exeis isws simera esy idea apo diktya.
>
> 3erw oti den tous kynhgate! :-p Vasika apo osa exw akousei orismenoi
> admins sas einai strimmenoi (tou typou "auto pou kaneis einai paranomo, se
> parakalw vges e3w apo to systhma twra"), enw oi alloi oi pio e3ypnoi vazoun
> sniffers gia na kanoun monitor paketa (kai me megalo capture length) kai pws
> pernoun root kapoioi alloi.. swsta? (na 3erw kai an exw a3iopistes phges
> dhladh!).
^^^^^^^^
Piges exeis poly a3iopistes alla to thema einai oti den 3ereis oute esy
oute
i pigi sou tin istoria apo tin arxi. Se periptwsi pou isws se endiaferei
tha
sou pw merika pragmata me ton opoio kindyno (kathoti den se 3erw..) apla
gia na stamatiseis na mou tin mpaineis nomizwntas oti exeis apantiseis
gia ola,
enw ousiastika to thema einai oti den dikaioumai na milaw gia ayta, oute
na
ekthetw kapoious (oso kako kai an kanane sto xwro).
Loipon o strimenos pou anafereis einai i mallon itan enas o opoios
kathierwthikai edw me ton tsabouka (you know opoios exei ta megala mesa
sto
dimosio), xalase, kataxrastikai, tsakwthikai, apo oti mou lene eixe
merikes
kaloutsikes idees alla stin kakia kai tin asxetosyni tou ekane vlakeies,
efyge pige allou pou den itan dimosio, kai apo kei ton kinigane akoma
nomizw.
Oso gia ton sniffer den ton stisame emeis , ton eixe valei kapoios
"dikos"
sas alla sta logs pou eixe mazeyei eixe katagrafei kai o idios , malista
mas voithise toso i anakaliyi twn logs tou pou mporousame na kseroume
pote & pia
stigmi ebene sto dialup (kathoti ekei pou eixe to sniffer mono diko mas
internal traffic kategrafe kai diko tou - synepws itan eykolo na 3eroume
pote
syndeotan) kai an thelame me ena tilefwno ston ote vriskame kai apo pou
ebene.
> (pali kaneis to la8os pou epishmane se prohgoumeno mail to 3ana
> diavase to mail tou kai isws kapote to dior8wseis.. who knows? :-) )
^^^^^^^
An ennoeis to yfos mou den nomizw oti epanelava to idio lathos kathoti
ayti ti fora
egw imouna sti thesi tou christofer kai esy sti dikia mou , kathoti esy
3ekinises to thema.
>
> > 2- An thes na ertheis kamia fora apo edw , na sou dei3w sto arxeio
> > posoi crackers "mpikan" edw , kai posoi apo aytous kataferan na
> > perasoun xwris xwris na katagrafoun .
> Afou kataferan na perasoun xwris na katagrafoun tote eseis pws tous
> vrhkate? :)
^^^^^^^
Kamia fora i plaka einai kali , alla otan o allos to paizei vlakas kai
kanei oti
den katalavainei tote den exei kai poly noima na synexizeis ti syzitisi
mazi tou.
Thewrw oti anikeis stin prwti periptwsi.
>
> > 3- Yparxoun atoma stin ariadne pou mathane e3aitias aytis tis politikis
> > pou proanefera , kai sti synexeia douleyane stin KYP sto strato !!!!
> > Esy mou 3ereis apo security me ti asxoleisai ??? .Arkeisai mipws
> > me to na spas mixanes sto ariadne ? :-)
> Mpa, den to vriskw kai toso endiaferon.
^^^^^^^
Den exei kai tosi simasia an to vriskeis endiaferon . Simasia nomizw oti
exei to
gegonos oti tin idia douleia allou tin kaneis sovara kai me megaliteres
antikeimenika dyskolies kai allou tin kaneis gia plaka kai einai
paixnidaki.
>
> > > sthn istoria tou ellhnikou internet :)))))))))))))
> > ^^^^^^
> > Mallon gia ayti tin istoria esy exeis mesanyxta :-).
>
> Dhladh den alh8euei oti h ariadne einai to pio xiliospasmeno systhma?
> Hmmm, isws 8a mporouses na grapseis ena vivlio ("10 xronia kai 54 meres
> ellhnikou internet") gia authn thn istoria gia na ta ma8oume kai emeis oi
> adaeis.. :)
^^^^^^
Exw tin entipwsi apo ayta pou les oti gia sena dyktia einai mono to
security
kai to cracking . Egw proswpika den to vlepw etsi . Gia na ftasoun
kqapoioi
na asxolithoun me cracking , hacking , kai security tha prepei na exei
proigithei ena synolo apo e3eli3eis kai mia entoni roi apo gnwsi ston
tomea
twn dyktiwn , gia na erthei meta to "kerasaki" me to opoio eseis
asxoleiste
kai na kathierwthei. Den nomizw oti to cracking se x28-pad tha sou
kinouse
kai toso poly to endiaferon e ??? An den to vlepeis toso
stena to thema kai theleis isws na matheis ontws ligo istoria , mporw
na se parapemyw sta katallila atoma (vasika apo to ariadne kai to
forth).
Nai to ariadne einai isws to pio xiliospasmeno systima alla an mporeis
na deis ligo parapera, tha deis oti ayti i xalarotita kai i elleiyi
prospathias gia na alla3ei ayto to status, ofeleise pollous apo esas.
> > > Tespa, otan vlepei admins apo providers mh tous dineis kai poly
> > > megalh shmasia, oi perisoteroi den exoun idea apo security..
> > ^^^^^^^
> > Isws giati enw kapoioi malakizontai kathimerinws prospathontas na
> > spasoun mixanes , kapoioi alloi , prospathoun na parexoun dyktiakes
> > ypiresies , kai isws na sprw3oun tin texnologia ligo pio mprosta ...!!!
> > Alla ti na ginei etsi einai i zwi ...:-).
>
> Mesa stis diktyakes yphresies den symperilamvanetai kai to privacy
> twn xrhstwn? (vasika, to la8os einai twn providers pou den skeftontai na
> proslavoun kai admins me arketes gnwseis security)
^^^^^
Symfwnw mazi sou alla , opws proeipes oso gnwstis se themata security
kai
na einai enas admin , panta tha einai pisw apo tous crackers. Isws to
thema
security na min einai to pio simantiko sta dyktia , to skeftikes pote
ayto ?
Oso gia to privacy twn xristwn , sou apantisa eidi , ayti ti stigmi den
katapateitai... toulaxiston oxi apo tous admins edw...:-). Sto
telos-telos
opoudipote tha mporouse na min yparxei privacy kai esy na min to 3ereis
san
xristis etsi den einai ???. Oute simainei oti i elleiyi privacy einai
panta
thema tou admin...
> > > Seeya,
> > > mastoras at hack.gr
> > "Filika " Manolis
>
> "Filika"? Malwnoume 'h syzhtoume?
^^^^^^
Toulaxiston mexri twra gia na eimai eilikrineis den sou milaga filika
asxeta
an syzitousame i oxi.... :-). To ekanes mipws esy ????
>
> Filika,
> Aris
>
Filika (oxi "Filika") Manolis
--
Sifalakis Manolis (WILLY)
e-mail: msifa at ariadne-t.gr
tel: +030 01 6544279
** ARIADNE-T NOC **
NCSR DEMOKRITOS
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at argos.hol.gr
Ta archives tis listas einai sto http://www.argos.hol.gr/lists :
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users
====================================================================
More information about the Linux-greek-users
mailing list