Its an interesting read: Anonymous speaks: the inside story of the HBGary hack

Stephen cryptworks at gmail.com
Fri Feb 18 18:31:44 MST 2011


I know about most of this. and i know enough to know how vulnerable a
server on initial setup would be. If i were to build a server i really
intended to expose not only would i hit the list of gotchas i have
seen go by, but i would also have a number of people beat up the
server.

Like i said I'm an inexperienced as a full Linux admin and i know it.

besides if i were to ask you to look id at least offer you a nice meal
for your trouble :-) more than likely you or whomever id ask would get
paid.

but my point being some of their mistakes, even i as inexperienced as
I am I know about

On Fri, Feb 18, 2011 at 5:14 PM, Lisa Kachold <lisakachold at obnosis.com> wrote:
> Post your URL's and I will prove you wrong Stephen?
>
> Are you an adept Apache/Mysql admin? Do you know the ins and outs of Tomcat
> or Weblogic?  Do you understand file security and shell escapes as used for
> low level linux calls?  Can you ensure your DocumentRoot is properly
> protected?
>
> Did you install Mysql to be open to your localhost?  localhost packet
> spoofing is trivial to Metasploit.....
>
> Are you certain that every single binary on your system has been patched or
> is not vulnerable to buffer overflow, or other types of exploits?
>
> Do you run iptables on each of your systems?
>
> Of course you might just run Nexpose Community Edition on your systems
> yourself?
>
>
> On Fri, Feb 18, 2011 at 4:56 PM, Stephen <cryptworks at gmail.com> wrote:
>>
>>
>> http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
>>
>> I'm not a particularly experienced Linux admin, but most of these
>> would never have happened on my servers. and i know i would have had
>> them tested before i slept well at night. sheesh....
>>
>> maybe if anyone is looking you can submit some resumes? :-)
>>
>> --
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> (503) 754-4452
> (623) 688-3392
>
> Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com
> http://plug.phoenix.az.us
>
>
>  http://www.obnosis.com
> Catch My MetaSploit & IP CAM Surveillance
> Presentations @ ABLEConf.com in April!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen


More information about the PLUG-discuss mailing list