Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Not very security board?

  • 23-02-2001 11:13am
    #1
    Closed Accounts Posts: 3,859 ✭✭✭


    Well guys with the recent UBB board password stealing script I thought this would be the very place people could be educated and learn more about common security. Instead theres not a word mentioned. I know it's very critical to this board as well as hundreds of others and details should not be discussed but at least people should be warned that this is prevalent and happening at the moment. Again this reminds me of the notion of security through obscurity. If this is the case then why the need for a security board?

    .logic.


Comments

  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Hi logic1.

    When I learned of the problems with UBB, I mailed someone who could do something about it straight away (well, in theory I could do something about it, but I don't run boards.ie). I should probably have sent a heads up here also to warn users to be careful once a workaround had been implemented. Security through obscurity is not something I believe in and was not my intent.

    As for learning more about common security, I don't see a problem with this. In fact, it would be a very good thing and should be one of the main uses of this board. I check this board on an almost daily basis, and as a moderator I will try to answer any questions that have not been previously answered if I feel I can give a good answer. If I can't, well I know a lot of very clued in guys who do check this board regularly also smile.gif


  • Closed Accounts Posts: 3,859 ✭✭✭logic1


    Thanks for the reply X_OR.
    I was just unsure as to the position of this board in particular with regard to new holes with various systems.
    It seems that because the boards are constantly so quiet that people refrain from discussing issues which may be "hot" at the time simply because of fear of educating script kiddies. Personally I think this board could be hugely useful in educating most if not all of us to current issues particularly people who may administer or have some critical role in systems and yet not have time to keep fully up to date on issues as they happen.

    .logic.


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    There's no problem with publicising and discussing security issues that are already in the public domain.

    How many people would find it helpful if this were to happen? I'm on about 10 security lists, but I realise that not everyone has the luxury of spending that much time trawling through mails dealing with security every day.

    Doing something like this on boards.ie has the weakness that we can't really post every little thing to the board, or else we'd just be a poor version of packetstorm or securityfocus etc, so we could not offer a complete service to someone who doesn't have other resources for alerting them to this kind of thing. An example would be a frontpage exploit. I might come across that and have no interest in it, as it doesn't affect any systems that I'm involved with, but it might be an issue for many people who would read here.

    I think it could work reasonably well though. If people become aware of issues that concern them then there is a very good chance that they will concern other boards readers. If enough people make a habit of passing on relevant info then it would be useful. (example, I skip a frontpage exploit, but someone else reads it, sees that it's serious and posts it). Basically, people shouldn't be afraid to post (although, the boards' strength is the community and the regular posters, so I don't see a problem here wink.gif )

    If nothing else, it should generate posts and discussion, which is always a good thing smile.gif


  • Registered Users, Registered Users 2 Posts: 2,425 ✭✭✭Fidelis


    Ah, so that's why the code was turned off.
    Nice to know that the boys are 'on their toes' so to speak.
    smile.gif

    Nil Desperandum


  • Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    Only exploit I found was a meta tag exploit in UBB and was found exactly one year ago from yesterday and fixed shortly afterwards.

    But then I didn't really look hard.


  • Advertisement
  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor




  • Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    ooh nasty.


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Depends on what you mean by "hacking" I guess. Not sure what the best advice is, but all I can say is read lots.


  • Closed Accounts Posts: 7,488 ✭✭✭SantaHoe


    Verb, check out:
    http://www.networkmagazine.com/static/tutorial/index.html
    There are some nice intro docs there [networking & security], I'm reading through them at the moment. (A few days worth of reading at least)

    SONIC.gif


  • Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    Whilst on the topic. I am doing a computer course and am interested in learning more of computer security. At the moment, the best way i see of learning this, is obviously to learn how to hack.

    Is this the only way ? Is it the best way ?
    Any opinions in general, I'd appreciate.

    Gav


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    OK, yeah i should have been a bit more specific.

    Security in relation to securing dedicated servers. Specificaly Linux/Unix machines running as webservers and/or running firewalls to secure internal networks. By 'hacking' I mean breaking into/disabling the server/firewall and gaining access to internal network traffic. Most of the information I have found is relating to this sort of attack.

    Gav


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    This is worth a read, Rain Forest Puppy rocks ... <insert rfp hero worship here>.

    http://www.wiretrip.net/rfp/p/doc.asp?id=31&iface=7


  • Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    Thanks for that. quite interesting !

    Gav


    ---

    (screw u ken smile.gif




  • Registered Users, Registered Users 2 Posts: 367 ✭✭Finglas Incubus


    Verb, get yourself a copy of 'Hacking Exposed'; its a good reference for some of the more well known exploits and shows you how to undertake specific hacks, as well as secure your systems against them

    http://www.amazon.com/exec/obidos/ASIN/0072127481/o/qid=983282231/sr=8-1/ref=aps_sr_b_1_1/104-6355912-4872705


  • Registered Users, Registered Users 2 Posts: 1,481 ✭✭✭satchmo


    If you want some hands-on learning, www.pulltheplug.com have a network of a few different types of machines which you can log into and try to root to your hearts content without getting into trouble.


Advertisement