Security Issues with UNIX
Thurber Mingus
I am writing a paper for my UNIX class on the role of hackers in exposing
security problems in UNIX systems as would like to get opinions from
experienced UNIX users on a few things.
Do you consider hackers to have a role in exposing security problems?
If yes, then what is that role?
How do hackers fill this role?
Is this a positive role or negative?
Any other advice, opinions, links to good websites, etc. would be greatly
appreciated. Thank you in advance!
Markus Kliegl
> To all:
>
> I am writing a paper for my UNIX class on the role of hackers in exposing
> security problems in UNIX systems as would like to get opinions from
> experienced UNIX users on a few things.
>
> Do you consider hackers to have a role in exposing security problems?
First of all, it should be clarified what a "hacker" is. A hack, in its
true sense, is an unalgorithmic, quick, (un)elegant solution to a
problem and a "hacker" is a good programmer, or someone who is generally
very skilled with computers. People seem to be really upset about the
misuse of this word and prefer the term "cracker" when related to
security.
Crackers are responsible for descovering security problems that otherwise
nobody would have to care about :-)
Yes, I would say hackers have a role in not only exposing security
problems, but also improving software that has these problems. If an
issue becomes a security problem, it will immediately be fixed and prevent
other possible errors that might occur as well.
I believe their role is besides discovering security problems, to also
make people aware of security and make people think about privacy, rather
than just ignoring security.
>
> If yes, then what is that role?
>
The role is improving software and letting people know about the problem,
and possibly offering a suggestion or patch.
> How do hackers fill this role?
>
By finding security problems (and sometimes taking advantage of them) and
reporting them.
> Is this a positive role or negative?
>
It can be both, on the one hand system administrators become aware of the
problem and can upgrade to a newer version of the software. On the other
hand, people might take advantage of this problem before people get around
to fixing it.
> Any other advice, opinions, links to good websites, etc. would be greatly
> appreciated. Thank you in advance!
In my opinion, the world would still be a lot nicer place of we wouldn't
have to worry about security, but that's just me :-)
--
Markus Kliegl
pe...@icke-reklam.ipsec.nu.invalid
> To all:
> I am writing a paper for my UNIX class on the role of hackers in exposing
> security problems in UNIX systems as would like to get opinions from
> experienced UNIX users on a few things.
> Do you consider hackers to have a role in exposing security problems?
No.
> If yes, then what is that role?
> How do hackers fill this role?
About the same impact as car theafts contribute to traffic
safety.
> Is this a positive role or negative?
Negative.
> Any other advice, opinions, links to good websites, etc. would be greatly
> appreciated. Thank you in advance!
--
Peter Håkanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam"and "invalid" and it works.
Dave Hinz
: To all:
: I am writing a paper for my UNIX class on the role of hackers in exposing
: security problems in UNIX systems as would like to get opinions from
: experienced UNIX users on a few things.
OK, I'll byte.
: Do you consider hackers to have a role in exposing security problems?
No.
: If yes, then what is that role?
: How do hackers fill this role?
In much the same way that sewage fills a septic system.
: Is this a positive role or negative?
Depends on how you regard sewage, I suppose.
: Any other advice, opinions, links to good websites, etc. would be greatly
: appreciated. Thank you in advance!
I wonder if you couldn't find a site which talks about how many millions
(billions) are lost in productivity per year, due to malicious incidents.
Might as well put virus-writers in the same category.
By the way, you would probably get a lot more responses in a
windows-oriented newsgroup, as they have more problems with these
sorts of folks, all things considered.
Dave Hinz
Jefferson Ogata
> To all:
>
> I am writing a paper for my UNIX class on the role of hackers in exposing
> security problems in UNIX systems as would like to get opinions from
> experienced UNIX users on a few things.
>
> Do you consider hackers to have a role in exposing security problems?
You are lumping everyone into one loony bin. Let's at least recognize the
traditional divisions of labor:
Black hats compromise systems to stroke their bruised egos, for financial gain,
to insult their enemies, to take over IRC channels, and as a futile attempt to
impress girls. They do not make it their priority to reveal compromise
techniques for the betterment of security as a whole, though the few that are
actually capable of finding new vulnerabilities might post to Bugtraq once in a
while to pet their egos. But these are probably gray hats (q.v.).
White hats compromise systems to assess the quality of implementations, so that
they and others may use software that has been reasonably audited and tested.
This is mainly to keep the black hats out, since white hats don't
(theoretically) seek illicit gain, and usually already have girlfriends.
Gray hats do a little of both.
So, yes: the world would be a better place without black hats. It would also be
better without murderers, thieves, and gangsters. It would also be better if
desperate people weren't driven into criminal lifestyles, and if people didn't
suffer from pathologically low self-esteem. And so on. Insert problem-of-evil
argument here.
Clearly, the answer to the question you ask is yes: crackers/hackers of any
hatshade have a role in exposing vulnerabilities. We might wish they would
leave that role unfilled, but unfortunately, shit flows downstream, through
poverty, bad parenting, school bullying, lousy hygiene, mediocre leadership,
and, most of all, pop sociology.
> If yes, then what is that role?
Black hats have the role of demonstrating that a vulnerability exists through
defacing otherwise useless U.S. Army web sites with aimless graffiti, amateur
computer graphics, and poorly spelled love notes to their purported
girlfriends.
White hats have the role of dissecting the vulnerabilities used in the process
and pressuring vendors to fix them. The white hat role is much more difficult
and rewarding, unless the site you are defending really is completely useless,
in which case it is lucrative, but apathy-inducing.
Gray hats have the role of helping the whole process along. Look at
attrition.org for a very interesting example of a gray-hat organization. The
black hat gets credit, the Army guys get notified -- everyone's happy, although
the black hat is a wee bit happier than the Army guy.
> How do hackers fill this role?
Black hats fill it by finding as many ways as possible to hide their
originating IPs, collecting and employing "sploits", hanging out on IRC, and by
scanning the entire Internet address space on a weekly basis -- you know, just
to see if anything changed. There are also the virus-writing black hats, who
basically just have it in for Microsoft.
White hats fill it by receiving large, frequent paychecks, writing boring
reports, harassing vendors, reading a lot of email, staring at log files,
learning Perl, studying OS design, auditing CGIs, reading slashdot, and
occasionally getting laid.
Gray hats presumably fill it by breaking into web sites at night, while
repairing them by day and, coincidentally, receiving large, frequent paychecks.
They probably get laid also (how would I know?).
> Is this a positive role or negative?
Just like evil, it's negative on the surface, but its existence is positive
because it is part of the whole free-will thing -- at least, that is, if you
think free will is a good thing.
> Any other advice, opinions, links to good websites, etc. would be greatly
> appreciated. Thank you in advance!
Websites:
securityfocus.com
attrition.org
packetstorm (I suppose, haven't looked in a while)
l0pht
insecure.org
phrack
google (quaerendo invenietis)
...to name a few.
Advice:
Just say no.
Watch "The Matrix".
Be good, go to school, work hard.
Don't get a job working for an ISP. It's like a halfway house.
Don't count your boobies until they are hatched (you may thank your namesake
for that tidbit).
--
Jefferson Ogata : Internetworker, Antibozo
<og...@antibozo-u-spam-u-die.net> http://www.antibozo.net/ogata/
whois: jo...@whois.networksolutions.com
Thurber Mingus
ECStahl
>> To all:
>>
>> I am writing a paper for my UNIX class on the role of hackers in exposing
>> security problems in UNIX systems as would like to get opinions from
>> experienced UNIX users on a few things.
>>
>> Do you consider hackers to have a role in exposing security problems?
You need to define your terms. Sounds like you are defining hacker to be
someone who makes a point of attempting forced or cajoled entry into other
peoples property.
As with any uncaught criminal - such a person has made everyones life a little
more difficult with their trespass.
>> If yes, then what is that role?
Within your apparent context, certainly not an honorable role.
It sometimes deserves Imprisonment, or at the least some mandated community
service. Oops. There's the sysadmin in me showing through. :-)
>> How do hackers fill this role?
Once they're arrested, quite easily.
>> Is this a positive role or negative?
Is imprisonment or community service positive or negative? I suppose that
depends upon the individual.
>> Any other advice, opinions, links to good websites, etc. would be greatly
>> appreciated. Thank you in advance!
Don't feed the ego's of criminals. And don't overlook the hard work and
creative efforts of sysadmins.
Eric Stahl
jes...@hexdump.org
: Do you consider hackers to have a role in exposing security problems?
: How do hackers fill this role?
Depends, do you mean hackers or crackers - or even script kiddies?
--
Jeff Gentry jes...@hexdump.org gen...@hexdump.org
SEX DRUGS UNIX