OS or app? in http://www.dslreports.com/forum/r22514483 en Wed, 10 Feb 2010 09:03:16 EDT Wed, 10 Feb 2010 09:03:16 EDT Re: OS or app? http://www.dslreports.com/forum/remark,22522443 anon : It is not "Don't trust the network", but "don't trust the users"!]]> http://www.dslreports.com/forum/remark,22522443 Tue, 09 Jun 2009 15:52:48 EDT Re: OS or app? http://www.dslreports.com/forum/remark,22518922 KevNYC : SkyNet anyone?]]> http://www.dslreports.com/forum/remark,22518922 Mon, 08 Jun 2009 22:43:01 EDT Re: OS or app? http://www.dslreports.com/forum/remark,22516173 PapaMidnight :
said by cyclone_z See Profile :

said by KodiacZiller See Profile :

said by PToN See Profile :

Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun...
Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while.
Having worked for one of the companies that sells one of those operating systems, I will tell you that often times big companies are lax on internal security. They have a good firewall, but systems on the other side are unpatched. They make the mistake of trusting the network, but all it takes is one security breach, and then someone is in a wonderland of vulnerable systems. The company I worked for was running a number of unpatched Windows servers, and that got them in trouble when a windows virus got through via email. It then started spreading on the internal network. There were also engineers using Unix workstations running outdated releases of our Unix-based OS for which we were no longer making security patches. They were also using things like rsh, telnet, etc., which don't encrypt anything. Were someone from the outside to get a compromised machine and set ethernet in promiscuous mode -- oh man, a cornucopia of passwords!

T-Mobile may be doing something similar. The lesson is don't trust the network, even if you have a firewall.
Not quite sure the lesson is so much of "Don't trust the network".

More along the lines of as we always say in the security world: "The weakest element in any security system is the human element."]]> http://www.dslreports.com/forum/remark,22516173 Mon, 08 Jun 2009 14:30:36 EDT Re: OS or app? http://www.dslreports.com/forum/remark,22516012 cyclone_z :
said by KodiacZiller See Profile :

said by PToN See Profile :

Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun...
Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while.
Having worked for one of the companies that sells one of those operating systems, I will tell you that often times big companies are lax on internal security. They have a good firewall, but systems on the other side are unpatched. They make the mistake of trusting the network, but all it takes is one security breach, and then someone is in a wonderland of vulnerable systems. The company I worked for was running a number of unpatched Windows servers, and that got them in trouble when a windows virus got through via email. It then started spreading on the internal network. There were also engineers using Unix workstations running outdated releases of our Unix-based OS for which we were no longer making security patches. They were also using things like rsh, telnet, etc., which don't encrypt anything. Were someone from the outside to get a compromised machine and set ethernet in promiscuous mode -- oh man, a cornucopia of passwords!

T-Mobile may be doing something similar. The lesson is don't trust the network, even if you have a firewall. ]]> http://www.dslreports.com/forum/remark,22516012 Mon, 08 Jun 2009 13:59:59 EDT Re: OS or app? http://www.dslreports.com/forum/remark,22515411 KodiacZiller :
said by PToN See Profile :

Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun...
Could just be that the T-mobile admins were lazy about security updates. This is how their systems were breached back in 2005. They failed to patch a security exploit that had been widely known about for a while.]]> http://www.dslreports.com/forum/remark,22515411 Mon, 08 Jun 2009 12:19:03 EDT Re: OS or app? http://www.dslreports.com/forum/remark,22514808 PToN : Well, once he said he got it he close any possible backdoor he/she might have left.

He wanted this for $$$ and not for any other purpose. Any respectable hacker/cracker knows that one of the rules is to never close any doors to a system you might need later, else he would have said nothing and he might have been able to use the servers for much bigger things. However, this is just an extortion case..]]> http://www.dslreports.com/forum/remark,22514808 Mon, 08 Jun 2009 10:30:30 EDT Re: OS or app? http://www.dslreports.com/forum/remark,22514590 bigfitch : If this is true. It just adds more proof that everything is accesable if you have the know how and the time.

Wonder if said hacker left himself a backdoor to get more info for his next auction. Lol]]> http://www.dslreports.com/forum/remark,22514590 Mon, 08 Jun 2009 09:51:24 EDT OS or app? http://www.dslreports.com/forum/remark,22514483 PToN : Is the list on the post made at insecure.org is true, i would wonder if it would be a new vulnerability in *nix..? There is a lot of HP-UX listed there as well as AIX and Sun...]]> http://www.dslreports.com/forum/remark,22514483 Mon, 08 Jun 2009 09:28:33 EDT