July 24th, 2001, 09:42 PM
I was watching a TV program here in England the other month on computer security where your company was interviewed as a part of the program. I was very impressed with what you had to say and the advice on your web site is very clear and sound.
This is why i am asking your opinion. I do a computer science degree and one of the modules is on cryptography and security. As part of the module we split into 7 groups and are each given a computer that is on a LAN that has been cut off from the real world. We then have to set-up services on this machine for the other groups to access, while making it secure from hacking attempts.
I would like to ask your advice on how to make our computer hack-proof. Each group has a group user id with root access to its own host machine. Each machine is a "dual boot" machine and will boot up either under Windows NT or Linux. NT has a Web server called PeerWeb and Linux has Apache. We can decide which platform and software combination we wish to use and can change our mind through the project.
The services we must provide are:
A Web server, providing plain HTML pages to any clients at all
password-protected Web pages, available only to authorised users
the Web server must provide simple CGI scripts
an ftp server, for anonymous and authorised users
telnet for authorised users only .
BUT there is no email facility on these machines ( thankfully!). We must create new users, at least one user for each of the other groups, and then inform them what their passwords are. These other users should be able to access our machine as authorised users of ftp and telnet. Authorised users should also be able to access the password-protected Web pages and anyone at all should be able to access the plain HTML pages, the CGI scripts and anonymous ftp.
We must tightening all security in every way we think necessary to prevent all the other groups from limiting our services. We are at allowed to install any licensed or public domain software we like, from any source.
Do you think running under Linux or NT will give us the most security?
Can you reccommend any useful freeware or shareware programs that can help beef up our security?
Do you have any advice to what kind of attacks we should be looking out for?
Any advice and help you could give me would be greatly appriciated.
University Of Nottingham
Ah, the wonderful world of wargaming! I suggest you get a copy of Carolyn Meinel's new book, "Uberhacker" (haha). The whole thing is dedicated to the subject.
just a quick note to say I saw a little article in Maxim magazine this month which has quotes by you! Congrats on your fame and mebbe you should try and talk those good old boys into sending you a subscription and a girl or two.
Once again, well done.
Okanagan Internet Junction Inc.
Yes, my mission to educate the general public about security related issues continues! Those interested can always find out about our latest appearances by visiting our Press Page.
Subject: Re. Israeli Citizens Attack Hezbollah Sites
Please explain your motives for publishing this article. I find it incredible
that a site that promotes security issues would entertain disclosing the content
of the mail you received.
You are fully aware of the fact that many people who don't have the emotional
power to understand this message will go ahead and launch there own attack.
I do not wish to enter into a political fight over this issue. I find your
actions grossly irresponsible.
It's my job to help educate and inform people about security related issues. It is NOT my job to protect the planet from emotionally unstable religious radicals. I'll leave that task to the Catholics.
Ok you finally frosted my ass, usually I just laugh at what you say in your
mailbag. While everyone is entitled to their opinion, and you definitely
have one, I can't believe that you would be so complacent about your
privacy. I would think with that kind of attitude you would allow anybody to
just roam through your servers with read access, but you don't. Since your
not that concerned with your privacy why don't you let someone tag you with
one of these gps locators so they know where your at all time. Maybe you
should also let them put cameras all through your house, because the
government might be looking for drug dealers smuggle balloons with cocaine
up their ass, and they need to check everyone, or better yet submit to a
cavity check just because you "look" suspicious. I'm not doing anything
wrong but dammit its nobody's business what I am doing. It funny how
paranoid you are about your network privacy but you don't seem that paranoid
about your own privacy. Maybe you should spend more time with yourself than
P.S. I can't wait to see your witty comebacks
This is for the mail bag, right?
Okay. John, for a while I really did have respect for you as you could
stand up for what you believe in even after so many people were
harrasing you. What shocked me today is that I cannot believe that think
that carnivore is "okay". I forget who said this, but I'm sure someone
"A society that gives up privacy for security will receive neither and
That's what we are doing, don't you see? I can't believe that you are
too blind to see that. Just because they are not going to be reading
what we are saying, it doesn't mean that they should have the right to
if they wanted to. Our rights and freedoms our going down the toilet,
and because of the pure ignorance of people like you, it will continue
to do so.
P.S: Respond to this e-mail seriously, not with one of your sarcastic
The FBI does not have the right to read someone's e-mail without a subpeona, just like they don't have the right to tap your phone lines without a subpoena. Just because an agency, like the FBI, has the ABILITY to do something, doesn't mean that they will DO IT unless it is done legally, with subpoena, as part of an active investigation. Carnivore is a tool that the FBI has to use when it's appropriate, just like the guns that they carry are tools to be used when appropriate, so on and so forth....
I don't know if you know of the difference between a "hacker" and a
"cracker", but in your articles, you only mention "hacker", hence this
Now, I am not either one, however, I do not agree with the media
representation that anyone curious enough to look is a bad guy.
Those that hack to destroy are bad and are labeled "crackers". Those that
hack to dicovery are curious and should NEVER be stopped or held back as
they are the inquisitive ones who will create the new technologies and are
labeled "hackers". Please note that the main difference in INTENTION.
Major, major difference...
R&B Computerhelp, Inc.
Well, as far as I'm concerned, and as far as the laws are currently concerned, it's illegal to break into a server that's not your's regardless of motivation. Period.
Just wondered if could help out in the underground if that is possible please.
I was wondering the other day how stupid someone would have to be to actually vote for George W. Bush in this election. I think I found my answer....
I just recently found this website and I love it...I'm 17 years old and love reading as much information I can about computers/security/hacking...etc...however considering that I won't be able to take any computer classes until my college years, I need sites like this to learn as much as possible. This site has tons of information that I can read, and links to other sites with even more information. I just wanted to thank you and anyone else that helps make this website. Keep up the good work!
I figure that since I got blasted so much in this week's mailbag, that I'd end things on a happy note =)