Interesting but sad - OT

100,000 web sites were destroyed!
http://www.theregister.co.uk/2009/06/08/webhost_attack/

Guess what operating system HyperVM runs on?

Are you getting this Alias?


--

Richard Urban
Microsoft MVP
Windows Desktop Experience

 

That'll take some time to recover

 

From what I have read elsewhere there are no backups. The information is
gone!

When a person obtains root access on a Linux computer they can do whatever
they want. In this case they deleted the information.

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"Dalo Harkin" <Dalo.Harkin.3ti7ic@nntp.nospam.local> wrote in message
newsalo.Harkin.3ti7ic@nntp.nospam.local...
>
> That'll take some time to recover
>
>
> --
> Dalo Harkin
> Posted via http://www.computerhelpforums.net
>

 

Richard Urban wrote:
> 100,000 web sites were destroyed!
> http://www.theregister.co.uk/2009/06/08/webhost_attack/
>
> Guess what operating system HyperVM runs on?

It ain't Ubuntu and which OS it's running on means nothing.

>
> Are you getting this Alias?

A weakness in a *program* is not a weakness in Linux.

Alias
>
>

 

Richard Urban wrote:
> From what I have read elsewhere there are no backups. The information
> is gone!
>
> When a person obtains root access on a Linux computer they can do
> whatever they want. In this case they deleted the information.
>

Obtaining root access on *any* machine ... That said, obtaining root
access on Linux is much more difficult than Windows.

Alias

 

that proves that Search, filecopy of numerous & large files, customization,
etc can be inferior in Vista versus WinXP just because it's securer.

Fix one issue that plagued Windows since 95 thru XP, but open a hos tof
others. This is not a justification.
Vista is securer, OK, fine.

Doesn't mean I will praise its deficciencies versus XP.
It's like saying America is the best country on Earth.
Yes we can buy material goods at higher volumes/capita than in other
countries. But our housing, healthcare/social protections, and racial
tensions are serious problems
SO by being the "best country on Earth" doesn't mean we shoudl relax and
praise it endlessly.

Same with Vista, I know it's secure. Just by the fact I can't accomplish
tasks effciently until disabling UAC, etc annboyances else it was asking me
if I want to move a mouse and whether it's safe to move a mouse or breath a
little air on the screen, I need a permit to shut down, etc nonsense. I
know this "nonsense" was with good intentions to secure the syste, except
that I am alone using it so I ha dto relax security, and maintain a remote
backup in case of an attack.

It's just tha tother issues now appearaed, solved security, added other
propblems.

 

On Tue, 9 Jun 2009 04:36:35 -0400, "Richard Urban"
<richardurbanREMOVETHIS@hotmail.com> wrote:

>From what I have read elsewhere there are no backups. The information is
>gone!

That would be an unrelated business issue with a hosting provider.

>When a person obtains root access on a Linux computer they can do whatever
>they want. In this case they deleted the information.

Something is missing from that story. SQL injection does not give you
root access. You can do lots of nasty things to data with SQL
injection but getting beyond the d/b environment would be unusual.

Regardless, this is a supplemental software specific attack. It has
nothing to do with desktop Linux. And, this still isn't as bad as
when it was discovered that Win 2000 / IIS server allowed unrestricted
access to any program on the root/C: drive simply by calling with http
to the server with a cgi command and a path that worked it's way up
with a couple "../" incorporations.

That bug was the result of MS ignoring the most basic rule of web
server design: an application running on the server should never be
able to access anything above the root of the server. It was there
because MS's basic security architecture is flawed and their solution
to "application integration" in their flawed environment was to allow
any web server application to access anything, anywhere, on the
server.

No OS is perfect; Linux on web servers is not perfect; MS on servers
is even worse.

 

Supplement software attack or not, it is fun to tweak the noses of those
Linsux schmucks (Alias & others) who insist on posting here.

If Linsux was as strong and bullet proof as those people say (switch to
Linsux and you won't have any security problems) this could not happen. I'm
lovin it!

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"+Bob+" <nomailplease@example.com> wrote in message
news:fjbt255ns14qra2l02h6ehk63s5nog9b37@4ax.com...
> On Tue, 9 Jun 2009 04:36:35 -0400, "Richard Urban"
> <richardurbanREMOVETHIS@hotmail.com> wrote:
>
>>From what I have read elsewhere there are no backups. The information is
>>gone!
>
> That would be an unrelated business issue with a hosting provider.
>
>>When a person obtains root access on a Linux computer they can do whatever
>>they want. In this case they deleted the information.
>
> Something is missing from that story. SQL injection does not give you
> root access. You can do lots of nasty things to data with SQL
> injection but getting beyond the d/b environment would be unusual.
>
> Regardless, this is a supplemental software specific attack. It has
> nothing to do with desktop Linux. And, this still isn't as bad as
> when it was discovered that Win 2000 / IIS server allowed unrestricted
> access to any program on the root/C: drive simply by calling with http
> to the server with a cgi command and a path that worked it's way up
> with a couple "../" incorporations.
>
> That bug was the result of MS ignoring the most basic rule of web
> server design: an application running on the server should never be
> able to access anything above the root of the server. It was there
> because MS's basic security architecture is flawed and their solution
> to "application integration" in their flawed environment was to allow
> any web server application to access anything, anywhere, on the
> server.
>
> No OS is perfect; Linux on web servers is not perfect; MS on servers
> is even worse.

 

On Tue, 9 Jun 2009 15:30:09 -0400, "Richard Urban"
<richardurbanREMOVETHIS@hotmail.com> wrote:

>Supplement software attack or not, it is fun to tweak the noses of those
>Linsux schmucks (Alias & others) who insist on posting here.
>
>If Linsux was as strong and bullet proof as those people say (switch to
>Linsux and you won't have any security problems) this could not happen. I'm
>lovin it!
>


No OS is invulnerable to attack. Some are just more open than others.
What bothers me about MS is that they are still refusing to
acknowledge their underlying structural problems and instead give us
band-aids like UAC. The issue for them is that real change would
impact their business model and that's out of the question for them.
It's business before security, profit before customers.

 

No one is going to gain the equivalent of root privileges from the internet
when you are using Vista or Windows 7 with UAC enabled. Yet apparently it is
easy to do in Linsux.

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"+Bob+" <nomailplease@example.com> wrote in message
news:6vft259d6gqs8obf0vbkdne45aq9hgtukr@4ax.com...
> On Tue, 9 Jun 2009 15:30:09 -0400, "Richard Urban"
> <richardurbanREMOVETHIS@hotmail.com> wrote:
>
>>Supplement software attack or not, it is fun to tweak the noses of those
>>Linsux schmucks (Alias & others) who insist on posting here.
>>
>>If Linsux was as strong and bullet proof as those people say (switch to
>>Linsux and you won't have any security problems) this could not happen.
>>I'm
>>lovin it!
>>
>
>
> No OS is invulnerable to attack. Some are just more open than others.
> What bothers me about MS is that they are still refusing to
> acknowledge their underlying structural problems and instead give us
> band-aids like UAC. The issue for them is that real change would
> impact their business model and that's out of the question for them.
> It's business before security, profit before customers.
>

 

Richard Urban wrote:
> No one is going to gain the equivalent of root privileges from the
> internet when you are using Vista or Windows 7 with UAC enabled.

No need. There are at least 50,000 users A DAY who are allowing
Conficker to infect their Windows computers.

> Yet
> apparently it is easy to do in Linsux.

Not nearly as easy as it is with Windows.

Alias
>

 

On Wed, 10 Jun 2009 01:39:24 +0200, Alias <iamaliasNUK3@THISgmail.com>
wrote:

>Richard Urban wrote:
>> No one is going to gain the equivalent of root privileges from the
>> internet when you are using Vista or Windows 7 with UAC enabled.
>
>No need. There are at least 50,000 users A DAY who are allowing
>Conficker to infect their Windows computers.

Not to mention, UAC is a worthless POS band-aid on a seriously flawed
architecture - and most users shut it off anyway because it's a PITA
POS band aid.

>> Yet
>> apparently it is easy to do in Linsux.

Really? Please explain how.

FYI - The article in question is about a server version of Linux. Last
I checked Vista and Win7 were desktop products.

 

Did anyone notice this:
http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/
"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
news:uoWO0IM6JHA.6136@TK2MSFTNGP03.phx.gbl...
> 100,000 web sites were destroyed!
> http://www.theregister.co.uk/2009/06/08/webhost_attack/
>
> Guess what operating system HyperVM runs on?
>
> Are you getting this Alias?
>
>
> --
>
> Richard Urban
> Microsoft MVP
> Windows Desktop Experience
>
>

 

In article <uoWO0IM6JHA.6136@TK2MSFTNGP03.phx.gbl>,
Richard Urban <richardurbanREMOVETHIS@hotmail.com> wrote:
>
>Guess what operating system HyperVM runs on?

Ummm, dude? A sql injection flaw in the control console of a third
party application is not an operating system issue.

 

In article <e5C514U6JHA.4116@TK2MSFTNGP04.phx.gbl>,
Richard Urban <richardurbanREMOVETHIS@hotmail.com> wrote:
>No one is going to gain the equivalent of root privileges from the internet
>when you are using Vista or Windows 7 with UAC enabled. Yet apparently it is
>easy to do in Linsux.

They didn't gain root access to the OS. They were able to inject
arbitrary commands into the console application that managed installed
virtual machines.

 

From the article:

"Rus Foster, the company's director told The Register. He said the attackers
were able to penetrate his servers by exploiting a critical vulnerability in
HyperVM, a virtualization application made by a company called LXLabs."

"According to Foster, data for about half of the websites hosted on Vaserv
was destroyed all at once sometime Sunday evening, shortly after
administrators noticed "strangeness" on the system. The attackers had the
ability to execute sensitive Unix commands on the system, including
"rm -rf," which forces a recursive delete of all files."


It sure looks to me like the perps went "through" a vulnerable application
to get at the servers themselves - where they deleted all files. Vista and
Windows 7 would NOT allow this to happen unless a person was foolish enough
to run these systems with UAC disabled. The first couple of UAC file
deletion warnings would have been a dead give away that something was going
on.

Say what you will - Linux failed miserably!

--

Richard Urban
Microsoft MVP
Windows Desktop Experience


"the wharf rat" <wrat@panix.com> wrote in message
news:h0nhgs$bn4$4@reader1.panix.com...
> In article <e5C514U6JHA.4116@TK2MSFTNGP04.phx.gbl>,
> Richard Urban <richardurbanREMOVETHIS@hotmail.com> wrote:
>>No one is going to gain the equivalent of root privileges from the
>>internet
>>when you are using Vista or Windows 7 with UAC enabled. Yet apparently it
>>is
>>easy to do in Linsux.
>
> They didn't gain root access to the OS. They were able to inject
> arbitrary commands into the console application that managed installed
> virtual machines.
>

 

Richard Urban wrote:
> From the article:
>
> "Rus Foster, the company's director told The Register. He said the
> attackers were able to penetrate his servers by exploiting a critical
> vulnerability in HyperVM, a virtualization application made by a company
> called LXLabs."
>
> "According to Foster, data for about half of the websites hosted on
> Vaserv was destroyed all at once sometime Sunday evening, shortly after
> administrators noticed "strangeness" on the system. The attackers had
> the ability to execute sensitive Unix commands on the system, including
> "rm -rf," which forces a recursive delete of all files."
>
>
> It sure looks to me like the perps went "through" a vulnerable
> application to get at the servers themselves - where they deleted all
> files. Vista and Windows 7 would NOT allow this to happen unless a
> person was foolish enough to run these systems with UAC disabled. The
> first couple of UAC file deletion warnings would have been a dead give
> away that something was going on.
>
> Say what you will - Linux failed miserably!
>

Gosh one exploit that's been patched. Yesterday, MS spewed out 30
patches and that's only for this month. Fact: compared to Windows, Linux
is bulletproof.

Alias

 

Alias wrote:
> Richard Urban wrote:
>> From the article:
>>
>> "Rus Foster, the company's director told The Register. He said the
>> attackers were able to penetrate his servers by exploiting a critical
>> vulnerability in HyperVM, a virtualization application made by a
>> company called LXLabs."
>>
>> "According to Foster, data for about half of the websites hosted on
>> Vaserv was destroyed all at once sometime Sunday evening, shortly
>> after administrators noticed "strangeness" on the system. The
>> attackers had the ability to execute sensitive Unix commands on the
>> system, including "rm -rf," which forces a recursive delete of all
>> files."
>>
>>
>> It sure looks to me like the perps went "through" a vulnerable
>> application to get at the servers themselves - where they deleted all
>> files. Vista and Windows 7 would NOT allow this to happen unless a
>> person was foolish enough to run these systems with UAC disabled. The
>> first couple of UAC file deletion warnings would have been a dead give
>> away that something was going on.
>>
>> Say what you will - Linux failed miserably!
>>
>
> Gosh one exploit that's been patched. Yesterday, MS spewed out 30
> patches and that's only for this month. Fact: compared to Windows, Linux
> is bulletproof.
>
> Alias

hehehe...you proly have an infected box and are so stupid you don't even
know it.

 

Frank wrote:
> Alias wrote:
>> Richard Urban wrote:
>>> From the article:
>>>
>>> "Rus Foster, the company's director told The Register. He said the
>>> attackers were able to penetrate his servers by exploiting a critical
>>> vulnerability in HyperVM, a virtualization application made by a
>>> company called LXLabs."
>>>
>>> "According to Foster, data for about half of the websites hosted on
>>> Vaserv was destroyed all at once sometime Sunday evening, shortly
>>> after administrators noticed "strangeness" on the system. The
>>> attackers had the ability to execute sensitive Unix commands on the
>>> system, including "rm -rf," which forces a recursive delete of all
>>> files."
>>>
>>>
>>> It sure looks to me like the perps went "through" a vulnerable
>>> application to get at the servers themselves - where they deleted all
>>> files. Vista and Windows 7 would NOT allow this to happen unless a
>>> person was foolish enough to run these systems with UAC disabled. The
>>> first couple of UAC file deletion warnings would have been a dead
>>> give away that something was going on.
>>>
>>> Say what you will - Linux failed miserably!
>>>
>>
>> Gosh one exploit that's been patched. Yesterday, MS spewed out 30
>> patches and that's only for this month. Fact: compared to Windows,
>> Linux is bulletproof.
>>
>> Alias
>
> hehehe...you proly have an infected box and are so stupid you don't even
> know it.

And your proof of this is? Oh, you're making it up as you go along again.

Alias

 

On Wed, 10 Jun 2009 11:19:57 -0400, "Richard Urban"
<richardurbanREMOVETHIS@hotmail.com> wrote:

>
>It sure looks to me like the perps went "through" a vulnerable application
>to get at the servers themselves - where they deleted all files. Vista and
>Windows 7 would NOT allow this to happen unless a person was foolish enough
>to run these systems with UAC disabled. The first couple of UAC file
>deletion warnings would have been a dead give away that something was going
>on.

You still seem to have a major disconnect understanding the difference
between a desktop operating system and a server operating system.

As for what the windows desktop OS's would allow - don't bet any money
on your supposition that they would not allow access to areas of the
OS via the application. Your suggestions are simplistic at best.