[PLUG-TALK] Server Security and Cracking
Rich Shepard
rshepard at appl-ecosys.com
Mon Mar 4 15:32:16 UTC 2013
The news of servers in banks, businesses, and governments around the world
being cracked has been fairly constant over the past few months. I would
have thought that by now most installations would be well secured, but
obviously they are still vulnerable. I'm curious why ... from a
non-professionals perspective.
In the early 1970s those of us in the sciences at the University of
Illinois had to put up with the CS101 students showing off their skills
(computer, not social) by crashing the IBM mainframes (S/360s in those days)
by manipulating the Job Control Language. Since the turn of the century I
assumed that most enterprise backends ran some flavor of UNIX or work-alikes
such as linux and the *BSDs and the admins kept up with security patches.
I can easily understand how individual personal users, particularly
running the ubiquitous Windows, have their machines taken over by those will
less-than-honorable intentions. But, are the enterprise/government servers
actually being taken over or are they used as conduits to individual
workstations by social engineering and use of weak passwords obtained by
dictionary or other brute-force attacks?
This is only a matter of curiosity for me since I keep our systems up to
date with patches issued to fix identified vulnerabilities but I am
concerned about any data about me on someone else's system.
Pointers to something I can read, or elucidation by those of you
intimately involved in network security, will be nice.
TIA,
Rich
More information about the PLUG-talk
mailing list