I know about most of this. and i know enough to know how vulnerable a
server on initial setup would be. If i were to build a server i really
intended to expose not only would i hit the list of gotchas i have
seen go by, but i would also have a number of people beat up the
server.
Like i said I'm an inexperienced as a full Linux admin and i know it.
besides if i were to ask you to look id at least offer you a nice meal
for your trouble :-) more than likely you or whomever id ask would get
paid.
but my point being some of their mistakes, even i as inexperienced as
I am I know about
On Fri, Feb 18, 2011 at 5:14 PM, Lisa Kachold <
lisakachold@obnosis.com> wrote:
> Post your URL's and I will prove you wrong Stephen?
>
> Are you an adept Apache/Mysql admin? Do you know the ins and outs of Tomcat
> or Weblogic? Do you understand file security and shell escapes as used for
> low level linux calls? Can you ensure your DocumentRoot is properly
> protected?
>
> Did you install Mysql to be open to your localhost? localhost packet
> spoofing is trivial to Metasploit.....
>
> Are you certain that every single binary on your system has been patched or
> is not vulnerable to buffer overflow, or other types of exploits?
>
> Do you run iptables on each of your systems?
>
> Of course you might just run Nexpose Community Edition on your systems
> yourself?
>
>
> On Fri, Feb 18, 2011 at 4:56 PM, Stephen <cryptworks@gmail.com> wrote:
>>
>>
>> http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
>>
>> I'm not a particularly experienced Linux admin, but most of these
>> would never have happened on my servers. and i know i would have had
>> them tested before i slept well at night. sheesh....
>>
>> maybe if anyone is looking you can submit some resumes? :-)
>>
>> --
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> (503) 754-4452
> (623) 688-3392
>
> Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com
> http://plug.phoenix.az.us
>
>
> http://www.obnosis.com
> Catch My MetaSploit & IP CAM Surveillance
> Presentations @ ABLEConf.com in April!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)