Skip to comments.
Sun Microsystems Solaris hole opening way for hackers
CNet News.com ^
| January 15, 2002, 5:30 p.m. PT
| Robert Lemos
Posted on 01/15/2002 4:54:37 PM PST by Bush2000
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-64 next last
To: Dominic Harr
I'd say the entire article is a joke. They completely ignore the context. The real story here is that a HoneyPot actually worked, and caught a hacker using a known exploit. But *some* people use FR for Clintonista-style disinformation, as a break from their posting of MS press releases.
Perhaps you ought to tell CERT that their advisories are a joke then because the article is merely repeating what is present in the CERT
advisory. I love how you guys scurry for cover whenever your hypocrisy is laid bare.
41
posted on
01/15/2002 7:15:44 PM PST
by
Bush2000
To: unix
I mean, what *he* posted.
Sorry.
To: go star go
anyone can create sockets with winsock You are dead wrong.
The paragraph included below was pasted from the Microsoft Windows 2000 Platform Software Developers Kit dated February 01, 2001. The MSDN Library is available for reading at the msdn.microsoft.com web site. Anyone who doesnt believe the "tator" is invited to go the the MSN developers website and do a search on raw sockets.
Click here
Microsoft told me that they would either go to a new way to prevent raw sockets or change the documentation in future versions. The final verison of XP server is not finished so I don't know what if anything will be done in XP server.
Here is the paragraph as it appears in the Microsoft documentation.
Note On Windows NT/Windows 2000, raw socket
support requires administrative privileges. Users
running Winsock applications that make use of raw
sockets must have administrative privileges on the
computer, otherwise raw socket calls fail with
an error code of WSAEACCESS.
Microsoft Platform SDK, February 2001 Edition. This
content last built on Thursday, February 01, 2001.
To: Bush2000
Hehehe...After re-reading the article and CERT report; any self respecting sysadmin will laugh at this. And if their not laughing, or scratching their head why some of us are finding this funny, kindly leave their IP addr's on this thread? DDNS name will also do.
Unlike your beloved MS products, we can seperate that "pretty" GUI from the box and let the box do what it was intended to do, work. Must suck when you don't have complete control of your OS...
To: Common Tator
To hear you tell us that M$ used open source software in their product in light of their recent attacks is truely funny :)
To: Common Tator
Question, is BSD GPL'd?
To: All
To: All
As a side-note, what this *does* prove is that there are hackers out there trying to hack Solaris every day.
So the claim that MS has exploits because hackers target them was just completely disproven.
To: Bush2000
I love Bruce Eckel but disagree with this. It appears bruce does not like exceptions as he is forced to deal with them even when he doesn't want to. However, that is the purpose of exceptions and forcing you to take care of them as you write your code. In his empty catch statement he should have obviously used exception.printStackTrace() to at least log the error. I understand that this is a burden on the programmer and does hurt performance and productivity but I have learned that if you put things off for later and you are not careful you tend to forget them until it is too late. Relying on the system to gracefully handle errors is not a good practice by any means.
To: AaronAnderson
In his empty catch statement he should have obviously used exception.printStackTrace() to at least log the error. Yes, yes, yes.
A *minimum*. At least print out errors when they occur, for goodness' sake. Forced, not 'voluntary'.
And there's a bigger problem, I'd say. Part of a good architecture is building a core of classes that can be extended by other programmers.
In C#, without a 'throws', those programmers can forget to handle the exceptions. There is no way to force them to handle the exceptions programatically. This is a serious potential point of failure.
To: unix
Unlike your beloved MS products, we can seperate that "pretty" GUI from the box and let the box do what it was intended to do, work. Must suck when you don't have complete control of your OS...
Dude, don't kid yourself. I can lockdown my Win2K servers just as tight as your pretty little Unix boxes.
51
posted on
01/16/2002 8:00:26 AM PST
by
Bush2000
To: AaronAnderson
I understand that this is a burden on the programmer and does hurt performance and productivity but I have learned that if you put things off for later and you are not careful you tend to forget them until it is too late. Relying on the system to gracefully handle errors is not a good practice by any means.
Eckel is right on target, though: Java forces you to stub out the exception but it certainly doesn't force you to do anything meaningful with it, such as throw again or print a stack trace. That's his point: most developers will simply stub out the exception block and fill it in later. Quite often, they may forget to do so which gives the false sense that the code is safer than it really is. Personally, I don't mind checked exceptions but I also don't mind the flexibility of handling them in a higher location in the stack. After all, exceptions add performance overhead. If all you're going to do is throw again, anyway, you've sacrificed performance for principle.
52
posted on
01/16/2002 8:04:27 AM PST
by
Bush2000
To: SolitaryMan
But goes to prove again that no OS is really secure. This can't be true. I was assured yesterday that MacOSX and Unix were secure due to their basic architecture. Freepers wouldn't lie to me.
53
posted on
01/16/2002 8:06:35 AM PST
by
js1138
To: Common Tator
go star go:
anyone can create sockets with winsock Common Tator: You are dead wrong.
Sorry, I think you are wrong and go star go is right.
Anyone can create sockets - otherwise, you wouldn't be able to use things like, oh, say, a web browser.
The information you responded with had to do with raw sockets. go star go didn't say raw sockets. He said just sockets, which any user can create.
To: Common Tator
anyone can create sockets with winsock You are dead wrong.
i'm not really wrong. i was refering to the simplicity of programming using winsock for socket io not to any rights issues. that's the purpose of winsock.
To: Bush2000
Your #51, doubtfull at best.
To: unix
Your #51, doubtfull at best.
Anytime you want to try to crack my server, you just let me know. My servers laugh in your general direction...
57
posted on
01/16/2002 8:21:58 PM PST
by
Bush2000
To: Bush2000
And how exactly did you turn off ICMP on your servers? (Not echo (port7)). I am willing ot bet it was not natively within the OS.
To: unix
And how exactly did you turn off ICMP on your servers? (Not echo (port7)). I am willing ot bet it was not natively within the OS.
Heh heh. I have a hardware firewall in front of my boxes. Only the traffic that I want to go through gets through... ;-)
59
posted on
01/16/2002 9:28:21 PM PST
by
Bush2000
To: Bush2000
Really? A hardware firewall? Gee, did you make it yourself out of bits of wire and tubes and stuff?
Or do you mean that it's an appliance that runs an OS other than Windows and maybe boots from a EPROM chip instead of a disk?
And to think that I had doubts about how little you know about security. Well, my doubts are removed. You know nothing about security if you think:
1. Any kind of firewall will protect you from all hacks.
2. Any kind of firewall is itself completely secure.
3. Any kind of firewall stops virus or worm-bearing email.
4. Any kind of firewall will stop a man-in-the-middle attack against your data session.
Security is not a device, it's not a piece of code and it's not a machine configuration. It's a process that starts with the developer of every application that is accessible in any way, direct or indirect, to any user down through the installers and configurers all the way to the users.
If you bought a firewall appliance thinking that it will solve all of your security problems, I have some Enron stock to sell you.
And by the way, since have crowed about how you run Windows XP and how secure it is, why do you have a firewall running something other than Windows XP?
What? Even you don't trust Microsoft security? I'm shocked I tell you, shocked.
Knitebane
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-64 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson