[ale] so queit :)
Jonathan Meek
jonathan.l.meek at gmail.com
Mon Nov 3 17:26:20 EST 2014
Writing an soap message parser in groovy. Still trying to get my head
around closures & collections.
On Nov 3, 2014 5:18 PM, "JD" <jdp at algoloma.com> wrote:
> Was at PhreakNIC the last few days. Hopped onto a CTF competition
> network, my
> fully patched laptop was hacked.
>
> Fun, fun.
>
> The passwd and group files had been replaced - completely - not just
> slightly
> modified. To be fair, I hadn't hardened the box and wasn't using an IP that
> should have been attacked. Oh - and the / partition was read-only. The
> machine
> had not been rebooted. Couldn't remount read-write with -o remount=rw.
>
> Later that night, booted it up on a different network - 5 miles away -
> different
> hotel and didn't see any issues. The passwd/hosts were back to normal.
> Found a few services running that I should have shut off prior to leaving
> home.
> MiniDLNA, Prodogy, and a few others. It was more than ssh.
>
> Oh - I did use DHCP to get on the network initially, then setup a static
> IP.
> Someone at the CON said that debian/ubuntu bash wasn't 100% completely
> patched.
>
> Compared critical files against a pre-CON backup this morning. Nothing was
> different. Perhaps they used a bind-mount hack?
>
> Rebuilding the machine now.
>
> So - what has everyone else been doing?
>
> On 11/03/2014 02:39 PM, Boris Borisov wrote:
> > Hopefully all Linux boxes are working properly!
> >
> > --
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141103/dbed22a3/attachment.html>
More information about the Ale
mailing list