Monday, July 17, 2006
Core Debian server compromised
Pretty straightforward - Debian was broken into (again). Post mortem revealed the compromise was the result of a local kernel exploit and weak user passwords. Without getting into a long winded rant here, but again this is clear example of why in many cases you can spend millions if not billions of dollars on security tools and architectures to mitigate all of your risks but the common compromise is the result of the abstract - you, the average user, developer or administrator. Just like physical security flaws, security begins to dissolve at the abstract human layer when Joe Schmo doesn't adhere to the recommendations or warnings and still plunges away with whatever. Many security researchers continuously focus on the coveted remote exploit for whatever common daemon/service you dare to run. If you talk to anyone who does penetration testing for a living, they'll gladly trade any one of those remote exploits for a solid internal local exploit simply because getting access is pretty trivial. You just have to evaluate all of the links of the chain, take advantage on that single one chain from a distance and then work your way up from there. This will bypass your IPS, Anti-X, HIPS, and Managed Security Operations center 100 out of 100 times.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment