I know about most of this. and i know enough to know how vulnerable a server on initial setup would be. If i were to build a server i really intended to expose not only would i hit the list of gotchas i have seen go by, but i would also have a number of people beat up the server. Like i said I'm an inexperienced as a full Linux admin and i know it. besides if i were to ask you to look id at least offer you a nice meal for your trouble :-) more than likely you or whomever id ask would get paid. but my point being some of their mistakes, even i as inexperienced as I am I know about On Fri, Feb 18, 2011 at 5:14 PM, Lisa Kachold wrote: > Post your URL's and I will prove you wrong Stephen? > > Are you an adept Apache/Mysql admin? Do you know the ins and outs of Tomcat > or Weblogic?  Do you understand file security and shell escapes as used for > low level linux calls?  Can you ensure your DocumentRoot is properly > protected? > > Did you install Mysql to be open to your localhost?  localhost packet > spoofing is trivial to Metasploit..... > > Are you certain that every single binary on your system has been patched or > is not vulnerable to buffer overflow, or other types of exploits? > > Do you run iptables on each of your systems? > > Of course you might just run Nexpose Community Edition on your systems > yourself? > > > On Fri, Feb 18, 2011 at 4:56 PM, Stephen wrote: >> >> >> http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars >> >> I'm not a particularly experienced Linux admin, but most of these >> would never have happened on my servers. and i know i would have had >> them tested before i slept well at night. sheesh.... >> >> maybe if anyone is looking you can submit some resumes? :-) >> >> -- >> A mouse trap, placed on top of your alarm clock, will prevent you from >> rolling over and going back to sleep after you hit the snooze button. >> >> Stephen >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -- > (503) 754-4452 > (623) 688-3392 > > Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com > http://plug.phoenix.az.us > > >  http://www.obnosis.com > Catch My MetaSploit & IP CAM Surveillance > Presentations @ ABLEConf.com in April! > > > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss