The biggest security hole ever!!

[THEJRC]

Whew... been a long time since I've even had time to read the threads, let alone post one... Nowadays with the market fall everybody is doing more with less.. (cant complain, I'm still quite gainfully employed!!)

Anyhow, a reminder for those who are new, and even those of us who are a bit experienced in this fast moving field they call IT. Last week my daily routines (routine in IT.. yeah) were interrupted by everybody complaining about the company website being down. I also watched as the dates on our mail received changed to a year back... interesting.

After much hubub, all the execs called me into a meeting... seems our webserver was hacked. I was informed that it was now my job to move mail and our web services "in-house" as the administrators at our ISP couldnt seem to keep it locked down. I managed to talk them into allowing me access to the hacked box (beleive me this was a task, I'll tell you why they were reluctant) After much log viewing, and poking around, I noticed the box hadnt been patched since its setup over a year and a half ago. The hacker was a "script kiddie" who used an ssh exploit patched over 9 months ago.

uhm... duh... Most of you who will read this thread are quite active in keeping up to date, this is one of the best forums for that purpose!! I use it constantly, I usually spend a half hour each morning looking for any new bugs, fixes, updates, or potential risks. I have done this for five years now, since I had my "lesson", I was lucky, my lesson didnt cost my company anything, and I retained what I learned the first time. Unfortunately for our ISP (and the administrator) I was suprised to find out that this is not the first, nor the fifth time a system under his control has been exploited due to lack of patching. I have since moved our services in house, and the old web/mail server was burned down....

Whats this mean?? Well... anyone experienced in any type of security will tell you that the most important thing to do is stay informed. The largest security hole I have ever seen (and seen all to often) is poor administration. It takes a large amount of knowledge to manage groups, users, resources, applications and so forth.... and I suppose I can see how it is easy to forget updates and keeping abreast of new holes..... But it's part of the job! More often than not, a system is hacked with an old exploit that has been patched long ago. Yes, new exploits do cause trouble... but it is the administrators job to be ready to jump at any moment, this is where we earn our pay. This isnt a rant (ok well it is...) but its more of a reminder to those who may be new. Learn this lesson the easy way, and remember it!!

Oh yeah, the server was running RedHat.... For all you who think one O/S is more secure than the rest.... (this is an age old argument that is pointless to waste time on here...) And I do have NT machines more secure... I also have more secure Solaris, BSD, and SuSe boxes... not because of the O/S... but simply because I wont let a day go by without checking for patches.. let alone a year and a half. (sidenote, its handy to keep a test machine so you can test the patch before deploying... remember NT service pack 2??).

Anywhoo, just a rant... I cant say any of the new machines I now run will never get hacked... but I can say it wont be an old exploit that brings me down! It's just unfortunate to see a company lose a large amount of money due to downtime because another "experienced" administrator didnt learn his lesson the first time.

~THEJRC~

[zepherin]

Someone once said the biggest computer security risk sits between the moniter and the chair.

[Wizeman]

THEJRC:

That was most eloquently put! I totally agree that it is most certainly the way in which the O/S is secured which exemplifies its security, not the O/S itself. I also totally agree about testing patches on test machines prior to using them on production machines (especially if it is a large corporation that can afford a couple of extra workstations). The consulting firm I work for was doing a new server install, which includes applying all service packs and hotfixes (yes, this was an NT/2k environment), but when we attempted to use Microsoft's Security Rollup Pack (it contains all the security hotfixes), it bonked the whole server! Thankfully it was a new install and not an existing one, or else we would have had a lot of tape restores to do. I should also mention that Microsoft unofficially knew about the problem in the rollup pack, though they never mentioned anything (I find this to be a significant problem with Microsoft, just as in the same way they never officially recognized a problem between Outlook XP and Exchange 5.5), but the point is that you should test patches! Sorry about that mini-rant about Microsoft, that just bothers me sometimes.

Regards,
Wizeman

[VanEck]

Very well said man. Bravo!

[THEJRC]

thank god for the techno geeks!!

since we seem to be on the subject.... anyone tested the euro conversion tool??

~THEJRC~

[Ratman2]

Originally posted by THEJRC
Whew... been a long time since I've even had time to read the threads, let alone post one... Nowadays with the market fall everybody is doing more with less.. (cant complain, I'm still quite gainfully employed!!)

Anyhow, a reminder for those who are new, and even those of us who are a bit experienced in this fast moving field they call IT. Last week my daily routines (routine in IT.. yeah) were interrupted by everybody complaining about the company website being down. I also watched as the dates on our mail received changed to a year back... interesting.

After much hubub, all the execs called me into a meeting... seems our webserver was hacked. I was informed that it was now my job to move mail and our web services "in-house" as the administrators at our ISP couldnt seem to keep it locked down. I managed to talk them into allowing me access to the hacked box (beleive me this was a task, I'll tell you why they were reluctant) After much log viewing, and poking around, I noticed the box hadnt been patched since its setup over a year and a half ago. The hacker was a "script kiddie" who used an ssh exploit patched over 9 months ago.

uhm... duh... Most of you who will read this thread are quite active in keeping up to date, this is one of the best forums for that purpose!! I use it constantly, I usually spend a half hour each morning looking for any new bugs, fixes, updates, or potential risks. I have done this for five years now, since I had my "lesson", I was lucky, my lesson didnt cost my company anything, and I retained what I learned the first time. Unfortunately for our ISP (and the administrator) I was suprised to find out that this is not the first, nor the fifth time a system under his control has been exploited due to lack of patching. I have since moved our services in house, and the old web/mail server was burned down....

Whats this mean?? Well... anyone experienced in any type of security will tell you that the most important thing to do is stay informed. The largest security hole I have ever seen (and seen all to often) is poor administration. It takes a large amount of knowledge to manage groups, users, resources, applications and so forth.... and I suppose I can see how it is easy to forget updates and keeping abreast of new holes..... But it's part of the job! More often than not, a system is hacked with an old exploit that has been patched long ago. Yes, new exploits do cause trouble... but it is the administrators job to be ready to jump at any moment, this is where we earn our pay. This isnt a rant (ok well it is...) but its more of a reminder to those who may be new. Learn this lesson the easy way, and remember it!!

Oh yeah, the server was running RedHat.... For all you who think one O/S is more secure than the rest.... (this is an age old argument that is pointless to waste time on here...) And I do have NT machines more secure... I also have more secure Solaris, BSD, and SuSe boxes... not because of the O/S... but simply because I wont let a day go by without checking for patches.. let alone a year and a half. (sidenote, its handy to keep a test machine so you can test the patch before deploying... remember NT service pack 2??).

Anywhoo, just a rant... I cant say any of the new machines I now run will never get hacked... but I can say it wont be an old exploit that brings me down! It's just unfortunate to see a company lose a large amount of money due to downtime because another "experienced" administrator didnt learn his lesson the first time.

~THEJRC~

How so very true

[dcongram]

Bravo and 3 cheers.

I have been called 'paranoid' and 'overly dramatic' because I insist on maintaining secure systems. (But guess who would get the crap if there was a breach ?)

Good on ya

[deByte]

keeping up todate is very important, esp abt the upgrades and patches. but do think abt this, timing for applying them is critical. if u apply them too early without knowing the side effects u may end up having more problems. if u apply them too late, ur box is a sitting duck. it wld be good if u happen to hv another box which u can test them upgrades and patches out first.

rgds
de

[TheCorinthian]

jrc, if you are referring to microsofts euro currency patch, yes it works free of pain Now I only need my country, Denmark, along with Britain and Sweeden, to switch to the new currency along with the rest of EU €€€€€€
(alt+0128)

[NetSyn]

Someone once said the biggest computer security risk sits between the moniter and the chair.

Heh this is gettin on my nervous ... i started this quote here damn it so give me the credit!!! : P


i said it in a post about DDoS or smthin under the user AcidPhreak

So grrr ... the history of that line is a co-worked said it a long time ago and i never heard it again so i figured he created that little line like many other he has done with his sense of computer humor... But people keep changing it

it started out as The biggest hardware problems with computers these days are between the keyboard and the chair... so quit changing it around and give credit where its due!

~~~~~~
-NetBioM-
~~~~~~