Log in

No account? Create an account

Previous Entry | Next Entry


So i noticed that I have been unreasonably quiet of late.
This is not a byproduct of not having anything to say, it is because I am horribly busy.

Work has been a downright pressure cooker. I had my Google appliance kick on me, had my applications server crash - had to deal with an open SSH vulnerability on two of my DB boxes, and had a project that should have had an 8 month lead dumped in my lap for a three week development window.

Yeah, busy.

I am trying to balance my 9-5 with a hopeful wave of upcoming side jobs with which I hope to finance my wedding.

So even when I am not working, I am working, to some extent or another.

I finally got my cable issues sorted out (I hope).

My second monitor finally gave up the ghost. Circut board looks like a carbon snake. So now I am working inefficently until I can get another box. Hopefully a xmas present for meself.

Richelle and I finally got our bed - it is nice, despite my misgivings about it pre-purchase.

I need to learn a whole lot more about setting up and securing enterprise relational databases than I currently do, in order to meet some upcoming projects, so I will be worming my way into that field even deeper than I already am.

I need to update my comics cache, I am horribly behind.

Carnivale has become a new obsession.

Recent books:
Scotland: The History of a Nation
Wind Walker
Centuries of Darkness: A Challenge to the Conventional Chronology of Old World Archaeology

I need to collate some reasearch - badly. A lunchtime conversation last week launched this realization with a certain sense of hope and dread, all mixed with a twist.


Oct. 7th, 2003 01:38 am (UTC)
tell me about the ssh problem?
Oct. 7th, 2003 07:39 am (UTC)
its an old hole, but they still haven't dealt with it properly
basically, since v. 3.2 of openssh, there has been a nown vulnerability which could allow for a root hack (this was bak in june). July 1 was supposed to hold more detials, but it came and went with no solutions, oter than to impliment ver 3.3, and use privilage spereation to prevent the root exploit (but it still left the hole, you just couldn't do anything with it).

since july, the issue STILL has not been addressed properly - using the pirv seperation rule when implimenting openssh causes our PAM moduels to crash and burn in solaris, we upgraded to new rev of solaris o/s, and then couldn't get openssh to work at all.

NOW we are running linux, and the problem still exists. We locked down the subnet the public-exposed boxes are on so that ssh can't get to that network on those ports.

however, last week we got hit with a new irc spambot/dos maker, and one of the things it did was portscanned to shit. IDS log appraisal has shown that it was specifically looking for that vulnerability.

because the comprimised box was inside our network, the ports were not blocked - furthermore, it is confirmed that at least a portion of the data collected by the ircbot made it out of ou network (to somewhere).

that means that what, up to no, has bene a bandiad on an artery is now a serious freaking problem - network access restricitons are not enough, and ssh either needs to be shut off, or configged until it CAN work right.

however, we are without a unix administrator atm, and have a farm of 60+ machines to deal with, so this is getting bounced back whenever possible to person(s) responsible for server content.

namely me, for 6 boxes - 3 were easy to fix, but when you have DB's synching through ssh cron jobs, and you turn off ssh because you can't get everything to work copasetically without being vulnerable - things go BOOM.

i have dealt with a large amount of this problem already, but, basically, there is no hard and clean fix, still, after months, just workarounds, or moving to another ssh server (which we are looking into VERY aggressively).
Oct. 8th, 2003 04:24 am (UTC)
Re: its an old hole, but they still haven't dealt with it properly
is there a white paper or a CPAN module or something you could link me to on that vulnerability?

did you determine what they took?

who besides the IT staff needs to use SSH?
Oct. 13th, 2003 07:49 am (UTC)
Re: its an old hole, but they still haven't dealt with it properly
http://www.cert.org/advisories/CA-2003-24.html is the cert advisory - we didn't have a breakin - it was pre-emptive, but if we had had a serious outside audit or situation it would have been bad news.


Steam Escaping!
The Son of the last of a long line of thinkers.

Latest Month

February 2017


Powered by LiveJournal.com
Designed by Tiffany Chow