[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, 21 Feb 2012, Martijn Grooten wrote:
On Sun, Feb 19, 2012 at 7:01 PM, Gordon Henderson wrote:On Sun, 19 Feb 2012, Dava wrote:What are your thoughts on this... http://www.youtube.com/watch?v=n9OXaQxx06EThe patch to fix it was released on the 17th of Jan....I saw some stats about the most frequently abused Windows exploits the other day. One of the top ones was patched in 2006. Just shows how important patching is.
And also working out just how important it is to you too - for a long time I had a few routers that were based on 2.6.18 - complete with the local kernel exploit, however although they were directly connected to the Internet, because there was no user-level access (that I knew about - other than my own) then I considered them "safe" until I had time to fix them.
The same for this recent vulnerability - generally, it's game over if someone has physical access, but even granting people local shell access is considered a risk for some. The bigger issue (from my point of view) is a server that you think is secure (firewalled, ssh from fixed IPs, etc) but is then running a dodgy application written by a naive programmer that allows a remote cracker to upload some executable code to then gain "shell" access to it... Those are hard to track down, especially when you are managing servers for clients who are prone to installing any bit of free software they can get their grubby paws on...
As big system get more and more complex it's almost impossible to manage everything )-:
I have a great example of this - Once upon a time I wrote a MUD.. In this game, there was a safe town where no-one could be killed by another player. You could get yourself killed though by trying to feed the ducks in the local pond some mouldy bread...
Some years later a new system of magic was implemented and a new spell "fumble" was created.. So a wiley player would then summon another player to the duck pond, give them the mouldy bread (which you couldn't refuse), then cast the fumble spell on them, causing them to drop the bread which caused them to be killed by the protector of the ducks...
So even in simple games unexpected consequences can arise from seemingly unrelated actions and once things start to be big and complex, then it starts to get really hard to understand everything...
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq