Kelly Martin, 2006-03-08
Colapse all |
Post comment
The CIO ?!?!
2006-03-08
Roger (2 replies)
Roger (2 replies)
Re: The CIO ?!?!
2006-03-09
Anonymous
Anonymous
The threat landscape has changed a bit since DARPA and big universities constituted the lion's share of participants on what we now call the Internet. Your sentiments are dated, but the cultural impetus for the gripe is understood (where would we be today without that mentality?). Nevertheless, th...
[ more ] [ reply ]
[ more ] [ reply ]
Re: The CIO ?!?!
2006-03-09
Roger (2 replies)
Roger (2 replies)
Actually, that didn't quite get it off my chest. I need a bigger rant.
I said: "To make matters worse, people usually apply for a (low paid) CIO role in a university rather than, say, a Fortune 500 company, because they don't have the skills to actually cut it in the corporate world. In other wor...
[ more ] [ reply ]
I said: "To make matters worse, people usually apply for a (low paid) CIO role in a university rather than, say, a Fortune 500 company, because they don't have the skills to actually cut it in the corporate world. In other wor...
[ more ] [ reply ]
Re: Re: The CIO ?!?!
2006-03-10
Anonymous
Anonymous
I agree that the corporate model is inappropriate. The security controls imposed on academic networks should foster sharing of information, not hamper this. On the other hand, a poor student in Romania can earn $1000/month by filling a technical role in an online fraud ring. Whether such an indivi...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: The CIO ?!?!
2006-03-10
Anonymous
Anonymous
Amen. IT at large universities is a tremendous job of work, and far too frequently is it done well. My girlfriend is a librarian at a large state university, and they find themselves constantly butting heads with the IT department over issues like university firewalls and AV blocking inter-library c...
[ more ] [ reply ]
[ more ] [ reply ]
Well that sucks and rocks all at once...
2006-03-08
Penguinisto (1 replies)
Penguinisto (1 replies)
It sucks because some schmuck decided that it was "unauthorized" (hey, whatever happened to research in an academic setting?)
It rocks because it proves that after a sizeable pile of attempts, nada happened.
So much for the big bugaboo about how supposedly easy it was to compromise an OSX box....
[ more ] [ reply ]
It rocks because it proves that after a sizeable pile of attempts, nada happened.
So much for the big bugaboo about how supposedly easy it was to compromise an OSX box....
[ more ] [ reply ]
Re: Well that sucks and rocks all at once...
2006-03-09
Anonymous (1 replies)
Anonymous (1 replies)
As someone mentioned before, nobody is going to waste their zero day on something like this....
[ more ] [ reply ]
[ more ] [ reply ]
Not exactly...
2006-03-09
Penguinisto (1 replies)
Penguinisto (1 replies)
So that stopped "gwerdnaG" from doing it, right? It stopped a couple thousand script kiddies from trying, right?
I'm not buying that excuse as easily as most would, especially given the cred and status that the successful cracker would instantly get for pulling it off on a Mac box.
That asid...
[ more ] [ reply ]
I'm not buying that excuse as easily as most would, especially given the cred and status that the successful cracker would instantly get for pulling it off on a Mac box.
That asid...
[ more ] [ reply ]
Re: Not exactly...
2006-03-15
infamous41md
infamous41md
As I said in the previous thread, and the guy above repeated, nobody is going to waste their 0day on some lame ass contest like this. What service was this box running? ssh and apache? Do you think someone is going to drop some openssl/ssh 0day on this? Get real. Screw the cred and status. You...
[ more ] [ reply ]
[ more ] [ reply ]
pointless OS X security contest ends without incident
2006-03-09
Anonymous (1 replies)
Anonymous (1 replies)
So this guy was only running OpenSSH and Apache. Who in their right mind is going to waste a completely valuable vulnerability in either of these services (which would give them access to much more interesting hosts other then some mac users desktop) just to silence a mac fanboy? No one.
Btw why ...
[ more ] [ reply ]
Btw why ...
[ more ] [ reply ]
Re: pointless OS X security contest ends without incident
2006-03-09
Penguinisto
Penguinisto
"Mac security is easily 10 years behind and easy pickings"
...which explains the huge armies of OSX-based zombies on 'teh Intarweb', all awaiting their IRC commands, right?
Oh, wait... ;)
In all seriousness, given Apple's rather not-so-rapid responses to the few that have surfaced, coupled ...
[ more ] [ reply ]
...which explains the huge armies of OSX-based zombies on 'teh Intarweb', all awaiting their IRC commands, right?
Oh, wait... ;)
In all seriousness, given Apple's rather not-so-rapid responses to the few that have surfaced, coupled ...
[ more ] [ reply ]
OS X security contest ends without incident
2006-03-09
Anonymous
Anonymous
"The contest ended without any compromise of the host's security."
I'm certain that means the OS X must be the most secure OS out there! Hacking contests are only useful for boosting PR; does anyone believe a researcher is going to waste a good local/remote on a hacking contest?...
[ more ] [ reply ]
I'm certain that means the OS X must be the most secure OS out there! Hacking contests are only useful for boosting PR; does anyone believe a researcher is going to waste a good local/remote on a hacking contest?...
[ more ] [ reply ]
OS X security contest ends without incident
2006-03-09
Anonymous (1 replies)
Anonymous (1 replies)
Just because it wasn't hacked doesn't mean it is secure, that is a big falicy that I love. Why would I want to waste my time hacking a system that was being monitored so that they could learn how really easy it is to hack OSX, get real! I would rather sepnd my time hacking the other OSX machines tha...
[ more ] [ reply ]
[ more ] [ reply ]
OS X security contest ends without incident
2006-03-09
Juha-Matti Laurio
Juha-Matti Laurio
>test machine, which had traffic spiking to 30 Mbps, received over half a million web requests,
>4000 attempted logins via SSH, and had six million events logged in less than 38 hours
This is about 13160 HTTP requests, 105 SSH login attempts and 158000 events logged per hour during the contest p...
[ more ] [ reply ]
>4000 attempted logins via SSH, and had six million events logged in less than 38 hours
This is about 13160 HTTP requests, 105 SSH login attempts and 158000 events logged per hour during the contest p...
[ more ] [ reply ]
OS X security contest ends without incident
2006-03-09
Anonymous (1 replies)
Anonymous (1 replies)
Seems to me that we cant simply dismiss the previous test because they users were given a local account unless Apple positions its product such that they are not playing in a server market where such accounts would exist. Im a Mac user, but I have to say that way to many mac 'enthusiast' would rath...
[ more ] [ reply ]
[ more ] [ reply ]
Re: OS X security contest ends without incident
2006-03-13
Anonymous
Anonymous
No one can fully believe the first test either. All anyone has to go one is the 'hackers' word. The person who did the orginal test refuses to provide any proof of the hacking attempt. So believe the first test was complete rigged for the pure purpose of spreading FUD. Until someone shows proof it a...
[ more ] [ reply ]
[ more ] [ reply ]
I have a friend who used to work at a university IT department. He eventually quit because of the (newly established) CI...
[ more ] [ reply ]