[ale] hackers and thier methods

Tue Feb 19 19:50:12 EST 2002

This is
starting to sound like real IT work.Â Â 
My brother-in-law an System Admin guy had to remove IE from a co-work
cause she surfed the net to much.Â Â 
About 4 days later she figured out that she could surf with Microsoft
Office stuff.Â  I think it was Word.Â  So the he had to just deny her a gateway.

<span
style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'>Â 

<span
style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'>Â 

<span
style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'>Â 

<font size=2 color=black
face=Tahoma>-----Original
Message-----
From: Chris Fowler
[mailto:cfowler at outpostsentinel.com]
Sent: Tuesday, February 19, 2002
7:37 PM
To: Stephen Turner; ale at ale.org
Subject: RE: [ale] hackers and
thier methods

<span
style='font-size:12.0pt'>Â 

<span
style='font-size:10.0pt;font-family:Arial;color:blue'>,If I am correct.Â 
VI allows shell execution.Â  For instance.Â  Lets assume ythat bob is
only allow<span
style='font-size:10.0pt;font-family:Tahoma;color:black'>ed to run vi and edit a
file.Â  That is all.<span style='color:
black;mso-color-alt:windowtext'>

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<font size=2 color=black
face=Tahoma>In
his shell script or in the passwd file you would have something like this<font
color=black>

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<font size=2 color=black
face=Tahoma>exec
/bin/vi /usr/data/daily_report<span
style='color:black;mso-color-alt:windowtext'>

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<font size=2 color=black
face=Tahoma>Bob
will login every day edit the daily report and cron will send it out to
everyone.<span style='color:black;mso-color-alt:
windowtext'>

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<font size=2 color=black
face=Tahoma>Bob
gets crafty.Â  In viÂ  he does :!/bin/ksh.Â  Now bob has a
shell.Â  Ouch.Â  What more can bob do?Â  Little things like that
can cause problems.<span style='color:black;
mso-color-alt:windowtext'>

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<font size=3 color=black
face=Tahoma>
Â <span style='font-family:
Tahoma;color:black;mso-color-alt:windowtext'>

<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><span
style='font-size:10.0pt;font-family:Tahoma;color:black'>Â -----Original
Message-----
From: Stephen Turner
[mailto:artic_knight at yahoo.com]
Sent: Tuesday, February 19, 2002
5:43 PM
To: ale at ale.org
Subject: [ale] hackers and thier
methods<span
style='font-size:10.0pt;font-family:Tahoma;color:black;mso-color-alt:windowtext'>

so i remove all these packages from my
box, should i bother removing vi? it offers no hacks as i see it butÂ i
suppose my REAL question is, can a linux hacker or someone hacking linux run
programs outside of your box that will configure, alter the box? or do you have
to add programs such as a text editor in order to alter text? and what stops
them from installing or "planting" them on my server?

<font size=3 color=black
face="Times New Roman">Â <font
color=black>

<div class=MsoNormal align=center style='margin-right:.5in;mso-margin-top-alt:
auto;mso-margin-bottom-alt:auto;margin-left:1.0in;text-align:center'><font
size=3 color=black face="Times New Roman"><span style='font-size:12.0pt;
color:black'>

Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002
Olympic Games