[Tutor] hacking 101
kirk Bailey
idiot1@netzero.net
Sun, 31 Mar 2002 16:03:08 -0500
ok, I will imbed answers.
Rob McGee wrote:
>
> On Sat, Mar 30, 2002 at 08:18:47PM -0500, kirk Bailey wrote:
> > OK, comes now before you an unuual question.
>
> Not unusual at all. Quite ordinary. IIRC it's addressed somewhat in the
> FAQ for the Tutor list. ;) :)
>
> > I want to learn about hacking a computer.
>
> I'll split a hair here and point out that the correct term is "cracking"
> (hackers are honourable people who build systems, not destroy them.)
>
Right.
> The answer varies WIDELY depending upon what OS and services are
> running on your server. Common, good advice for Windows systems probably
> doesn't apply to UNIX-like systems. For example, I'm not aware of any
> serious anti-virus software for Linux. (Because of the underlying design
> of UNIX, we're not vulnerable in the same way as Windows systems are.
> No, I'm not a Linux bigot claiming that we're not vulnerable, but the
> fact remains that an attacker has to look for specific holes on a Linux
> box, rather than casting viral spores to the wind.)
>
FreeBSD
> If you're trying to secure a Win9x box, all I can say is "good luck". I
> don't think it is possible. It's based on DOS, and DOS is insecure by
> design. If you're trying to secure a WinNT/2K/XP box, it *may* be
> possible, but you have to keep on top of all known vulnerabilities, and
> apply all the patches as soon as they're announced. (That's pretty much
> the right approach for UNIX systems too.)
>
> There are many excellent sites for security of UNIX systems, and at
> least to some extent those sites also address security concerns of the
> NT family as well. See the "Miscellaneous Resources" links at LWN -- the
> Security page for this week is at:
> http://lwn.net/2002/0328/security.php3
> There are mailing lists which will keep you apprised of every security-
> related development as soon as it is known.
>
> Me, I'm just an amateur. By following the LWN Security news and
> subscribing to the security mailing list for my distro (Slackware) I can
> feel pretty secure. The bottom line is to consider your threat model and
> act accordingly. A backbone server has more exposure than a home machine
> on an intermittent dialup connection. :)
>
24/7 box wired into local network at a cohosting firm. My worry is
feeding input to the script throught he form and taking control, or
disrupting operations, so it screws itself, creates backdoors, or does
other evil.
> HTH,
> Rob - /dev/rob0
>
> _______________________________________________
> Tutor maillist - Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
--
end
Respectfully,
Kirk D Bailey
+---------------------"Thou Art Free." -Eris----------------------+
| http://www.howlermonkey.net mailto:highprimate@howlermonkey.net |
| http://www.tinylist.org +--------+ mailto:grumpy@tinylist.org |
+------------------Thinking| NORMAL |Thinking---------------------+
+--------+
NOTE: By sending SPAM to this address you agree to pay me a service
fee of $100 for the service of receiving, storing, examining, and
deleting your piece of SPAM. I am a postmaster, and take a dim view
of such.