-----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote:
snow wrote:
On Sat, 31 Aug 1996, Joel McNamara wrote:
Not really crypto, but related to the DOJ hack in a way.
Moscow Channel is a pretty slick, Russian news/commentary page. Their Web site was hacked and altered by someone who didn't seem to like Russians all Just a matter of time before some builds a dedicated Satan type tool that scans for HTTP server holes or messed up file permissions to make locating potential victims easy. Write your web site to a CD-ROM and hard-code the base directory into the webserver.
A hacker who has root can forcibly unmount the cdrom and mount another directory on that node. Not a good solution.
As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM device can be remounted. Besides, if someone manages to get root access on any machine, the sysadmin of that machine is basically screwed anyway. It's much better than having to back up the web page on a tape and having to restore the data when it is altered. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMinT7yzIPc7jvyFpAQHe7AgAuRNtTXZeLkuXo0CFoJOgrI+EEfHOKUsI 9KoRm+aesqNOvFpxPcHiE2QypMDjgjFqGozsT+Qb48W82Yt0p10PdqGtq1Ais+M0 b8gwLbnUPY8tnRFL49TqZIvAHl2kyo/7pxViTrXfNtBe+rSA+9FZHPBJgtHzWy2X LIOQ9P6NPMmdlKuaeZQ3oF1esbvlHInsYOgGTJN0DZQR8ivFyXZ3MA0XjXvnF2pl 4lUDfgUN+BAQzhW56o0cgBnGYetujNJYVAQkzUwCIs2sfxS1Sex305vqfmFHUVkY HACMhuoVXYZXuF+5NCjfhHsnjEiYgeMczGTZDlwOCbIFTxCc8/t6tQ== =oxki -----END PGP SIGNATURE-----