<p dir="ltr">Writing an soap message parser in groovy. Still trying to get my head around closures & collections. <br>
</p>
<div class="gmail_quote">On Nov 3, 2014 5:18 PM, "JD" <<a href="mailto:jdp@algoloma.com">jdp@algoloma.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Was at PhreakNIC the last few days. Hopped onto a CTF competition network, my<br>
fully patched laptop was hacked.<br>
<br>
Fun, fun.<br>
<br>
The passwd and group files had been replaced - completely - not just slightly<br>
modified. To be fair, I hadn't hardened the box and wasn't using an IP that<br>
should have been attacked. Oh - and the / partition was read-only. The machine<br>
had not been rebooted. Couldn't remount read-write with -o remount=rw.<br>
<br>
Later that night, booted it up on a different network - 5 miles away - different<br>
hotel and didn't see any issues. The passwd/hosts were back to normal.<br>
Found a few services running that I should have shut off prior to leaving home.<br>
MiniDLNA, Prodogy, and a few others. It was more than ssh.<br>
<br>
Oh - I did use DHCP to get on the network initially, then setup a static IP.<br>
Someone at the CON said that debian/ubuntu bash wasn't 100% completely patched.<br>
<br>
Compared critical files against a pre-CON backup this morning. Nothing was<br>
different. Perhaps they used a bind-mount hack?<br>
<br>
Rebuilding the machine now.<br>
<br>
So - what has everyone else been doing?<br>
<br>
On 11/03/2014 02:39 PM, Boris Borisov wrote:<br>
> Hopefully all Linux boxes are working properly!<br>
><br>
> --<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>