×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Duqu Attackers Managed to Wipe C&C Servers

Unknown Lamer posted more than 2 years ago | from the nsa-reads-slashdot dept.

Security 227

Trailrunner7 writes with an update in the saga of Duqu and Stuxnet. From the article: "Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009. An in-depth analysis of the known C&C servers used in the Duqu attacks has found that some of the servers were compromised as far back as 2009, and that the attackers clearly targeted Linux machines. All of the known Duqu C&C servers discovered up to this point have been running CentOS ... There also is some evidence that the attackers may have used a zero-day in OpenSSH 4.3 to compromise the C&C servers initially."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

227 comments

NO! (4, Funny)

masternerdguy (2468142) | more than 2 years ago | (#38215554)

Damn, not the command and conquer servers. My weekend is fried.

I'm Screwed!!! C&C down!??????? (0)

Anonymous Coward | more than 2 years ago | (#38215802)

I was just restarting my Red Alert install into a VM.

I didn't have time to click the links in the summary.

Re:NO! (0)

Anonymous Coward | more than 2 years ago | (#38215848)

I'm relieved. Thought either the "music factory" was screwed or..... I'd have to go back to drinking Shasta cola.

They didn't infect Kippo (1)

Anonymous Coward | more than 2 years ago | (#38215572)

I ran kippo on SSH. Hell of a honeypot, with the ability to replay sessions to watch how hackers think.

Re:They didn't infect Kippo (2)

mzs (595629) | more than 2 years ago | (#38216038)

Kippo will not work for anyone but the kiddies. Did you change the default root passwords even? Those two are a real tip-off to a honeypot. Also there are hardly any commands, ifconfig never changes, and in this case /etc/issue says Debian and these people were after CentOS. If you had been hacked, you would have had the vulnerable sshd and no Kippo logs would have been the least of your worries.

Re:They didn't infect Kippo (3, Interesting)

Anonymous Coward | more than 2 years ago | (#38216550)

Same AC here.

I actually rewrote many of the commands to appear more realistic. You can also change the output of various commands with a simple configuration change.

I also implemented better wget/curl support along with the virtual FS so it appears to be more accurate.

I agree about it being obvious to educated attackers. That's why I modified it. I enjoy watching the sessions on many of the servers I run for a large hosting company.

Umm, how about a little context? (5, Informative)

Evro (18923) | more than 2 years ago | (#38215594)

Editors, your job is not simply to click "post." Read the submission and see if it makes sense. I have no idea what Duqu is or what this is about. I had to dig down 2 links deep to see that this was related to an attack in India. Context: provide it.

Re:Umm, how about a little context? (0)

Anonymous Coward | more than 2 years ago | (#38215874)

What, do you want them to farking start with Adam and Eve???

Re:Umm, how about a little context? (1)

Anonymous Coward | more than 2 years ago | (#38216320)

Who are Adam and Eve and where they came from?

Re:Umm, how about a little context? (0)

Anonymous Coward | more than 2 years ago | (#38216516)

They're white people, I think, and not really relevant in our part of the world.

Re:Umm, how about a little context? (1)

ackthpt (218170) | more than 2 years ago | (#38216886)

Editors, your job is not simply to click "post." Read the submission and see if it makes sense. I have no idea what Duqu is or what this is about. I had to dig down 2 links deep to see that this was related to an attack in India. Context: provide it.

It's about distributing a worm using servers which were largely set up, using default passwords or never updating anything. This is why it's so critical to have good, dedicated system administration, intelligent installation and follow-up support . Honestly. Most of these servers were likely built once and left to run on their own, without a single thought to maintaning or even checking for security updates. Lazy, cheap people never seem to learn. It's like leaving your keys in your car and being utterly stunned when someone actually steals it.

Re:Umm, how about a little context? (2)

forkfail (228161) | more than 2 years ago | (#38217018)

Well, you see, Count Duqu was trying to trap Anakin Skywalker and Senator Padmé Amidala....

Dear Kids... (2, Insightful)

Lumpy (12016) | more than 2 years ago | (#38215600)

You never need your server directly on the internet.
put it behind a firewall with holes poked through. they can't attach a zero day SSH exploit if the only hole is port 80 to Apache.

And if you are one of the incredibly rare cases where you really do need to have the machine on the net directly.. I suggest daily security audits.

Re:Dear Kids... (0)

Anonymous Coward | more than 2 years ago | (#38215666)

You never need your shell server directly on the internet.
put it behind a firewall with holes poked through. they can't attach a zero day Apache exploit if the only hole is port 22 to SSH.

And if you are one of the incredibly rare cases where you really do need to have the machine on the net directly.. I suggest daily security audits.

Re:Dear Kids... (5, Informative)

Em Adespoton (792954) | more than 2 years ago | (#38216224)

The only things you should need open to the internet are SSH ("the attackers may have used a zero-day in OpenSSH 4.3 to compromise the C&C servers initially") and/or IPSec/L2TP. Anything else should redirect to a DMZ that does NOT route to the same subnet as SSH/IPSec/L2TP. The DMZ should not have port access to the regular network (everything should be pushed). The firewall should be set to not allow active connections out from the DMZ to anywhere, and any activity should not just be logged, but flagged and sent to the administrator. All devices in the DMZ should log to a remote (to them) syslog that is polled from outside the DMZ.

There... that's the ideal world. In reality, this doesn't account for people who don't have that much hardware/expertise with VMs, for people who don't keep up with their patches, for those who want to do an end-run around this policy to set up torrents, etc. directly from their working computer, etc.

It also doesn't help that most gateway routers these days have some full-fledged OS inside and as a result often have exploits that can be leveraged directly against them due to inappropriate default configurations.

Re:Dear Kids... (1)

Lumpy (12016) | more than 2 years ago | (#38216294)

You never need SSH open to the internet. VPN in then access the ports.

Re:Dear Kids... (1)

Anonymous Coward | more than 2 years ago | (#38216380)

SSH /is/ VPN. Pick your poison.

Re:Dear Kids... (1)

Anonymous Coward | more than 2 years ago | (#38216544)

1) VPN implementations can have 0-days as well
2) SSH can be used as VPN

Having a single open port with SSH is just as legit as with VPN.
One may argue about VPNs being less of a swiss army knife provide smaller attack surface, but that's theoretical. I'm convinced there are some VPN implementations being much more prone to exploitable flaws than OpenSSH.

Re:Dear Kids... (1)

SharkLaser (2495316) | more than 2 years ago | (#38216358)

You don't need SSH open to the internet, especially if the server is running on internet network. Even then, it's good to assign it to random number and not 22.

Re:Dear Kids... (1)

amicusNYCL (1538833) | more than 2 years ago | (#38215686)

they can't attach a zero day SSH exploit if the only hole is port 80 to Apache.

What about the edge cases where you're running something other than a vanilla web server?

Re:Dear Kids... (1)

RobertLTux (260313) | more than 2 years ago | (#38215764)

"they can't attach a zero day SSH exploit if the only hole is port 80 to Apache.

What about the edge cases where you're running something other than a vanilla web server?"

then its "they can't attach a zero day SSH exploit if the only hole is port(s) N-Z to %service%."

the point is if the only ports open are bound to an active service (and you have stripped the list down to what is absolutely needed)
then its a lot harder to attack that system (bonus points if those services are not on default ports)

Re:Dear Kids... (4, Insightful)

amicusNYCL (1538833) | more than 2 years ago | (#38215884)

My point was that several servers do use SSH. If I rent a dedicated server, SSH is how I get things done. If an exploit is discovered in httpd, the correct solution is not to block port 80.

Re:Dear Kids... (1)

Anonymous Coward | more than 2 years ago | (#38216034)


My point was that several servers do use SSH. If I rent a dedicated server, SSH is how I get things done.

So get a static IP address if you don't already have one, and setup iptables to only allow that IP address access to port 22.

Re:Dear Kids... (1)

morgauxo (974071) | more than 2 years ago | (#38216384)

And is there any security threat to a port being open that does NOT have an active service on it? If so what is the attacker cracking? The TCP/IP stack itself?

Why have an active service on any port if you aren't using it?

As far as I can tell firewalls are useful if you aren't sure what services are running on your network and cannot or do not feel like cleaning them up. Or... as a lazy way to make services accessible only on the LAN. For the former use I can understand on a LAN with many users. It may just be impossible to police. For the latter... that is just lazy. What server worth it's salt can't be configured to only accept connections from the LAN and ignore all others?

On the other hand, all firewalls I have seen are prone to err. Perhaps an update fails leaving it in an unusable state. Or the user tries to configure some fancy rules resulting in this or that internet service not working. As an example I know a guy who works in IT security now. When he was still in school he liked to run his own email server. That was back before all the home ISP IPs were blacklisted by most smtp hosts. Most of the time his email didn't work. Not because of his smtp server but because he was tweaking his firewall rules. Eventually I learned that the only way to reach him was to call him on the phone. I guess he liked learning about that security stuff though and now he loves his job.

I just don't see the point of a firewall unless you are in a situation where you cannot control your own LAN. I do think that services should be limited to what one actually uses and then should be actively updated though.

Re:Dear Kids... (1)

imemyself (757318) | more than 2 years ago | (#38216888)

I for one would much rather control which network can access a service in one place (a centralized firewall), rather than manage it through ten different config files that use different syntaxes on a bunch of servers for every service.

Re:Dear Kids... (1)

KingMotley (944240) | more than 2 years ago | (#38217230)

I've found that firewalls work best when you are trying to protect only one machine. You can put a firewall up front, then run a script to open all 65535 ports and forward the packets to the single machine on the internal network. Whoa-la! You have all the protection of a state of the art firewall AND you have all the transparent configurability of being directly on the internet!

Re:Dear Kids... (0)

Anonymous Coward | more than 2 years ago | (#38215768)

Just open a different port in the firewall?

Re:Dear Kids... (1)

93 Escort Wagon (326346) | more than 2 years ago | (#38216086)

Just open a different port in the firewall?

Security through obscurity, eh?

Re:Dear Kids... (1)

Anonymous Coward | more than 2 years ago | (#38216146)

It actually works pretty damn well to get rid of 99% of bot attacks.

Of course, if you have an actual person who is interested in what's behind your firewall, it's probably not very effective.

Re:Dear Kids... (0)

Anonymous Coward | more than 2 years ago | (#38216260)

Google "port knocking".

Re:Dear Kids... (2)

elsurexiste (1758620) | more than 2 years ago | (#38215934)

they can't attach a zero day SSH exploit if the only hole is port 80 to Apache.

What about the edge cases where you're running something other than a vanilla web server?

As in "any server that can be sysadmin'ed remotely"? :)

About half of the system administrators I know don't work on-site. A few use VPNs + ssh; the rest uses plain ssh. Either way, it's more than a single port 80.

Re:Dear Kids... (0)

Anonymous Coward | more than 2 years ago | (#38215924)

Bull. Shit. I'll exploit your file-upload system to install a root kit. All anyone needs is port 80. You're probably already pwned with that ego-centric attitude.

Re:Dear Kids... (1)

Hatta (162192) | more than 2 years ago | (#38215942)

How do I get remote shell access if the SSH port isn't open? It might be wise to run SSH on a non-standard port, or to use port knocking, but simply blocking SSH entirely is way too far down the security/convenience tradeoff. You might as well unplug the thing entirely.

Re:Dear Kids... (0)

Anonymous Coward | more than 2 years ago | (#38215986)

You insensitive clod; you can do redirects (Pivot attacks) from apache to port 22 as per a few issues it's had in the last 3 years.

Re:Dear Kids... (1)

morgauxo (974071) | more than 2 years ago | (#38216208)

Ha, Typical BOFH statement. What if you don't spend all your time on the LAN? What if you actually USE ssh on a regular basis from outside locations. I guess you run an ethernet cord from home to work to the coffee shop and any other place you go?

Re:Dear Kids... (2)

Lumpy (12016) | more than 2 years ago | (#38216426)

Most people use the secret service called...... VPN. or if you like more secure, you use an out of band initiation that opens a port for a short window.
Example: I simply SMS my server, it get's the SMS message and opens the VPN firewall rule for 3 minutes. I connect and do my work. if my connect did not happen in the 3 minute window it closes down again.

SMS is easy with a cellular rs232 modem, but there are plenty of other ways to do it as well. Email to a specific gmail account can do the same exact thing.

This is Computer security 101 stuff, nothing advanced.

Re:Dear Kids... (1)

DigiShaman (671371) | more than 2 years ago | (#38216506)

But but but, it's Linux! What do those Windowz lamers know anyways? Like, OMG! You're doing it wrong and stuff.

They should have known better. (2)

xeeno (313431) | more than 2 years ago | (#38215618)

The first thing you do in C&C is build walls around your MCV so engineers won't get it. Seriously, guys.

Re:They should have known better. (0)

Anonymous Coward | more than 2 years ago | (#38216796)

The flack cannon that drops them off always shoots through the sand bags.

You need two wallst thick for serious multiplayer.

Duh

CentOS (3, Insightful)

future assassin (639396) | more than 2 years ago | (#38215624)

>All of the known Duqu C&C servers discovered up to this point have been running CentOS

Probably since this is a popular OS for web hosts that resell/sell servers. Who are the people who buy these server? Well anyone and everyone who wants to be another web host yet have no idea on how to secure a server so they hire some $40 per month security company to secure their servers. There must be 1000's of those servers out there ripe for raping.

Re:CentOS (0)

Anonymous Coward | more than 2 years ago | (#38216304)

My money is RedHat is involved in order to convince the server owners that ReHat support is worth the cost.

Re:CentOS (1)

JSBiff (87824) | more than 2 years ago | (#38216672)

"so they hire some $40 per month security company to secure their servers. There must be 1000's of those servers out there ripe for raping."

If each customer is paying $40 per month, and their are thousands of customers, wouldn't that be a $40,000+ per month security company? For that kind of cash, they should be competent. When I buy into a company like that, I figure I'm supposed to be getting more than $40/mo worth of security expertise, because I'm *sharing* the costs with thousands of other customers.

Sadly, however, you're probably right that many hosting companies don't really have sufficient expertise to know how to secure their customers' servers for them. But, it's not because they aren't being paid enough, it's because they aren't spending the money on the right things.

Re:CentOS (0)

Anonymous Coward | more than 2 years ago | (#38216834)

40,000 barely will pay the overhead of 1,000 customers.

Zero day or minus one day ? (0)

Anonymous Coward | more than 2 years ago | (#38215648)

Using complicated combinations of bugs / software features in code submitted to open-source projects by your own team is also an option for hi-tek low-profile teams like this. Especially if you're a secretly-government-sponsored team.

kinda scary (2)

martas (1439879) | more than 2 years ago | (#38215660)

Am I the only one who is kind of worried about the whole stuxnet/duqu thing? We've been hearing/hypothesizing about the dangers of "cyber-warfare" (as much as I hate the term) for a while, pretty much since the beginning of Internet malware, but it seems as though recently shit has finally started to hit the fan, first with increasingly worrying allegations about Chinese hackers and such, and now with this (which seems to be the doing of the US/Israel, at least a lot of people think it is).

If things continue along this trend, one could expect a really bleak future for the Internet where major world governments and other well-financed organizations have virtually unlimited power to do what they like with any computerized system, and continually carry out covert attacks against each other. It seems the only thing that could prevent that from realizing would be some major game-changing advances in computer security, but I'm not seeing any indication that that's likely to happen...

Re:kinda scary (1)

Statecraftsman (718862) | more than 2 years ago | (#38215896)

Even though this story posits a 0-day in OpenSSH as the culprit, I'm of the mind that free software with a strong patch and update system is as good as it gets. If you don't update your systems say because you don't want to break stuff, sorry but even non-0-days will bring you down. So on the sysadmin side, we're moving toward more specialization.

On malware and free software: http://trygnulinux.com/action/?q=node/68 [trygnulinux.com]

Re:kinda scary (1)

Baloroth (2370816) | more than 2 years ago | (#38216238)

That "future" already more or less exists. In fact, it always has. What prevents it from getting bleak is the checks and balances. Governments can screw other governments of course, but being caught really sucks for them diplomatically, so they have to be cautious. Corporations can be caught either by the government (which often seems to do little or nothing) or by the public eye, which can wreck the company. Or by other companies, of course.

This has always been true, and in far more than "cyber"-space. Covert attacks are limited by pressure from various sources. Some of those weaken or grow stronger as public opinion or diplomatic situations change, but it always exists. Except in full-on war (and even some there), and then the attacks stop being covert.

China, for example, could attack the US infrastructure (probably). They don't, because they need our money as much (more, IIRC) as we need their manufacturing. And intelligence agencies have, supposedly, built in backdoors to many systems for decades now. The danger of those being abused is present, but not much greater than the abuse any intelligence agency ever could do. Which is a lot, in theory, but in practice is usually relatively limited (again, by public pressure.)

Re:kinda scary (1)

morgauxo (974071) | more than 2 years ago | (#38216460)

Or.. after a couple high profile attacks they finally disconnect these critical control systems from the internet and we don't hear about it again.

Re:kinda scary (0)

Anonymous Coward | more than 2 years ago | (#38216474)

one could expect a really bleak future for the Internet where major world governments and other well-financed organizations have virtually unlimited power to do what they like with any computerized system, and continually carry out covert attacks against each other.

why do you think this isn't already the case?

Re:kinda scary (1)

Hentes (2461350) | more than 2 years ago | (#38216484)

If things continue along this trend, one could expect a really bleak future for the Internet where major world governments and other well-financed organizations have virtually unlimited power to do what they like with any unsecured computerized system,

FTFY
Also, I don't want to frighten you, but with an unsecured system it's not just incredibly powerful governments, but every 16 year old scriptkiddie can do what they like.

Re:kinda scary (1)

martas (1439879) | more than 2 years ago | (#38216710)

Well, there are certainly degrees to it. A script kiddie probably couldn't have pulled off stuxnet, because he wouldn't have intel about how Iran't enrichment program is run and such.

Re:kinda scary (2)

couchslug (175151) | more than 2 years ago | (#38216798)

"It seems the only thing that could prevent that from realizing would be some major game-changing advances in computer security, but I'm not seeing any indication that that's likely to happen..."

Pre-computer security was an "air gap" (often reinforced with guards and alarms etc) between valuable systems and potential attackers.

The horny craving to have everything connect to the internet and run Windows is to some extent a self-punishing mistake born of extreme hubris.

Points 4. and 5... (5, Insightful)

djsmiley (752149) | more than 2 years ago | (#38215728)

4.The servers appear to have been hacked by bruteforcing the root password. (We do not believe in the OpenSSH 4.3 0-day theory - that would be too scary!)
5.The attackers have a burning desire to update OpenSSH 4.3 to version 5 as soon as they get control of a hacked server.

Ah yes, lets pretend there is no problem because the idea that there is, is too scary. Someone kill me, please. The only other reason I can think of, which also ties in with the fact they were appently checking the man page for sshd_config is that something changes in the default settings between 4.8 and 5 and this they wanted desperately, but even then this would point to some sort of exploit. *(Maybe an exploit in the way the default settings are in centos, rather than in openssh).

Re:Points 4. and 5... (0)

Anonymous Coward | more than 2 years ago | (#38215940)

It suggests to me that the Duqu guys don't want other attackers using the same exploit on a machine they've gone to the trouble to break into and use for their C&C network. I would think this to be a fairly common strategy among blackhats, which is why I am a little surprised that it didn't occur to the Kaspersky analyst. And what's with this pretending not to know who's behind the of development of stuxnet? Ridiculous.

Re:Points 4. and 5... (3, Informative)

Anonymous Coward | more than 2 years ago | (#38216060)

4.The servers appear to have been hacked by bruteforcing the root password. (We do not believe in the OpenSSH 4.3 0-day theory - that would be too scary!)

Why the f**k PermitRootLogin defaults to yes on CentOS's sshd config?
Isn't it supposed to be a enterprise oriented distro?

Re:Points 4. and 5... (1)

knarfling (735361) | more than 2 years ago | (#38216410)

That was my question!! The second one being, "Why wasn't PermitRootLogin turned off?" One of the first things I do when setting up a new server is verify that the root cannot get in remotely. As soon as there is any kind of user authentication set up and a user either set up or can log in, PermitRootLogin is set to no. From then on, admins wanting remote access with root privileges must log in as a user and either use sudo (preferably) or su. I even have the server email a group if someone does an su to root or logs in as root from a console.

I don't expect everyone to be able to set up that kind of monitoring, but allowing remote root logins is just asking for trouble.

Re:Points 4. and 5... (4, Informative)

Pharmboy (216950) | more than 2 years ago | (#38216418)

Why the f**k PermitRootLogin defaults to yes on CentOS's sshd config?
Isn't it supposed to be a enterprise oriented distro?

Most enterprises have IT staff to change that as soon as the OS is installed. The problem with not allowing root to ssh in with a fresh install is that a fresh install only creates the user "root", so you physically have to be at the machine to log in and setup the system if you don't allow root to ssh in. Yes, it is technically safer to disallow root to log in with a vanilla install, but it is inconvenient. On the DESKTOP, it makes sense to disallow root via ssh from a vanilla install, however.

On servers, I usually setup vanilla, then ssh in, add a user, change to disallow root logins, and change the default port, then restart ssh, open a new session to test as that new user on the new port and "su -" to root, then log out of the first root shell, and finally start a new session on the new port and try to root in, to make sure I can't. I can't be that unique in doing it this way.

Serious question to all: Do people still use the default port for SSH anymore? I never have, as once we went from telnet to ssh (over a decade ago...) we just always used a non-standard port. Makes my logs a lot easier to read.

Re:Points 4. and 5... (1)

asdfghjklqwertyuiop (649296) | more than 2 years ago | (#38216754)

Serious question to all: Do people still use the default port for SSH anymore? I never have, as once we went from telnet to ssh (over a decade ago...) we just always used a non-standard port. Makes my logs a lot easier to read.

Yes, I run it on the default port, as does everyone else I personally know. How does running it on a non-standard port make your logs easier to read?

Re:Points 4. and 5... (1)

gatkinso (15975) | more than 2 years ago | (#38216902)

It decreases the number of script based dictionary attacks aimed at port 22, so your logs are not as cluttered. Other than this running on a nonstandard port does nothing to enhance security.

However some fools somehow think it does.

Re:Points 4. and 5... (0)

Anonymous Coward | more than 2 years ago | (#38216986)

Most enterprises have IT staff to change that as soon as the OS is installed. The problem with not allowing root to ssh in with a fresh install is that a fresh install only creates the user "root", so you physically have to be at the machine to log in and setup the system if you don't allow root to ssh in.

Then set PermitRootLogin to without-password and bake the customer's public key into the image before turning it on. This is what the "run your own Linux image in the cloud" services I use do. Anything else is just begging for problems.

Re:Points 4. and 5... (1)

gatkinso (15975) | more than 2 years ago | (#38216988)

The whole nonstandard port thing is silly. It does nothing (yes, nothing) to enhance security but to be fair it doesn't impact security either. Note that some places block outbound connections on nonstandard ports.

Have fun logging into your box from such places.

Re:Points 4. and 5... (1)

asdfghjklqwertyuiop (649296) | more than 2 years ago | (#38217270)

It does nothing (yes, nothing) to enhance security

It may enhance your luck. Sometimes exploits are found and there's some time between the discovery of the vulnerability and you fixing your system. In that time it could be that the only attack that will be attempted on your system will be an untargeted one by someone who's just quickly sweeping the whole internet on the standard port for as many machines to root as quickly as possible.

Re:Points 4. and 5... (0)

Anonymous Coward | more than 2 years ago | (#38216300)

There doesnt necessarily have to be an exploit in the newer ssh version. It could very well be psychology. If you hear about an exploit, and then check your version and it's not vulnerable, then you probably wont check the security of the rest of your system, allowing the remote attacker to maintain their privileges. leaving the vulnerable sshd on a compromised server would suggest that the server needs some more scrutiny to check and see if it was compromised.

Re:Points 4. and 5... (2)

CyprusBlue113 (1294000) | more than 2 years ago | (#38216374)

Judging by the rest of the article, I strongly suspect it has more to do with enabling their secure hierarchy of kerebos based logins than turning off the exploit they used. You can see some of the other things they do relate to features that require a 5+ openSSH once they're in.

Re:Points 4. and 5... (0)

Anonymous Coward | more than 2 years ago | (#38217244)

If you need to access remote server via SSH do two things VERY early in the process:

1) Convert SSH to use pubkey authentication ONLY and disallow root logins via SSH. SSH with password authentication (especially with root access) is very bad practice.
2) Install denyhosts (denyhosts.sourceforge.net [sourceforge.net] ). This daemon adds anyone trying brute force attacks to hosts.deny file. This also helps keep down the failed login attempts in the security log files because after a couple of attempts, they are blocked by hosts.deny.

Simple solutions that take a couple of minutes to implement.

This says it all for Linux "security" (1, Interesting)

Anonymous Coward | more than 2 years ago | (#38215752)

"An in-depth analysis of the known C&C servers used in the Duqu attacks has found that some of the servers were compromised as far back as 2009, and that the attackers clearly targeted Linux machines" - Posted by Unknown Lamer on Wednesday November 30, @11:46AM
from the nsa-reads-slashdot dept. FROM THE MAIN ARTICLE ITSELF

Current proof that Linux's NOT "invulnerable secure" yet again, & yes, that Linux does get targetted by malwares...

(Despite all the "FUD" you see & have seen for YEARS now on this website from the "Pro-*NIX/Penguinista" around here!)

Linux gets "hit" by the worst kind too, in these "blended-threat tech" types, that use rootkits that employ drivers + bogus bootsectors shown in this article today...

Plus - the entire LAMP stack doesn't do well http://www.theregister.co.uk/2011/06/10/domains_lamped/ [theregister.co.uk]
  (especially Apache lately -> http://apache.slashdot.org/story/11/11/28/0335213/apache-flaw-allows-internal-network-access [slashdot.org] & earlier still here http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/ [theregister.co.uk] ).

* Yes - Any OS' is securable, & far better than they come by default (yes, even SeLinux, but you have to go beyond its mere defaults to make it better, + MacOS X too (Apple produces guides for that in fact)), however/again:

The years of hearing how "secure" OpenSores/LAMP is around here was totally unrealistic & a blatant lie based on the information above, & yes, below next too!

APK

P.S.=> Top that off with this current information from this year 2011 also:

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised [slashdot.org]

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware [slashdot.org]

---

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=GlobalSign.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=Comodo.com [netcraft.com]

http://uptime.netcraft.com/up/graph?site=DigiCert.com [netcraft.com]

The majority (4/5) of what was breached RAN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/ [itproafrica.com]

---

Toss ANDROID (yes, a Linux since it uses a Linux kernel) also, since it's being "shredded" on the mobile phone security-front rampantly for years now? You get the picture...

... apkb

Re:This says it all for Linux "security" (3)

MMAfrk19BB (2029982) | more than 2 years ago | (#38215854)

If I had mod points I would give them to you for actually linking articles that prove your point, but try to be a bit more coherent and maybe don't post as AC next time. Have the balls (or ovaries) to stand up for what you said. That being said, anyone who thinks that FOSS is $DEITY's gift to security by default is mistaken. Nothing is safe until someone competent configures, patches, and hardens it correctly. However, I don't believe that the proprietary corps are any better, and are usually worse, because they rely on security through obscurity (i.e. no one knows our code so we don't have to worry that much about it.)

Thank you & more inside... apk (-1)

Anonymous Coward | more than 2 years ago | (#38216574)

"Have the balls (or ovaries) to stand up for what you said." - by MMAfrk19BB (2029982) on Wednesday November 30, @12:09PM (#38215854)

Oh, I always do (&, lol, it'd be the FORMER here) - & the facts from reputable sites that have them documented I use, do the job for me, the best, in that regard...

Plus, pretty much everyone here knows who I am (been around here since 2003-2004) by this timeframe... many of the "penguins" around here can't stand me because I use documented undeniable current information, like in the 1st post of mine here you replied to!

(However, I imagine the slashdot editors & owners just LOVE me, because controversy generates pageviews, which I pretty much always "generate" here by using facts Penguins can't deny w/out their std. effete retaliatory trolling off topic illogical adhominem based attacks they have to resort to when they cannot disprove the facts I use, does that much, easily!)

Also, as far as registering?

Hey - I honestly don't feel I actually gain anything by having a "registered 'luser'" account here really!

(Other than losing out on granting mod points, which I can merely say "good job" in reply to folks as needed by writing it out, or, even recommending those with mod points mod the poster up).

APK

P.S.=>

"f I had mod points I would give them to you for actually linking articles that prove your point" - by MMAfrk19BB (2029982) on Wednesday November 30, @12:09PM (#38215854)

First of all: Thanks!

I've already seen it go from +1 Interesting, to 0 Interesting, to +2 Interesting (quite the "roller coaster ride" eh?) back down to +1 Interesting ratings!

(So 'feedback' is coming per your point in upward mods - the downmods are doubtless from "the Penguinista" trying to bury the documented current & verifiable facts I posted, most likely).

---

"That being said, anyone who thinks that FOSS is $DEITY's gift to security by default is mistaken. Nothing is safe until someone competent configures, patches, and hardens it correctly." - by MMAfrk19BB (2029982) on Wednesday November 30, @12:09PM (#38215854)

Agreed, 110%, & I've been doing guides for securing Windows since the mid to late 1990's, & they do VERY well online:

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml [archive.org] which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

---

I can produce more like that, if asked for also... & the same can be done, per those guides, for Linux (& other OS' too) via the CIS Tool (it's excellent & multiplatform + based on "best security practices" methods). I've found it GREAT for forming secure AD Group Policies in fact, as well as securing a single "stand-alone" system hooked to the net from home.

---

"I don't believe that the proprietary corps are any better, and are usually worse, because they rely on security through obscurity (i.e. no one knows our code so we don't have to worry that much about it.)" - by MMAfrk19BB (2029982) on Wednesday November 30, @12:09PM (#38215854)

Oh, I disagree - FROM EXPERIENCE: I can tell you, right now/point-blank, this little fact:

t's far, Far, FAR more difficult to disassemble closed source code (or hit it with fuzzers to try to make it screw up on data it can't handle), than it is to "step-trace" any "Open SORES" code in a std. compiler to find errors in it.

Plus, Linux especially (due to low OVERALL marketshare, & on the desktop especially -> http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10 [netmarketshare.com] ) has been able to perpetrate the illusion of its being secure, by using "SECURITY-BY-OBSCURITY" (but as you can see in my 1st post you replied to, http://it.slashdot.org/comments.pl?sid=2551740&cid=38215752 [slashdot.org] that "jig's up" for it on the server, because it's being attacked LIKE MAD lately)...

... apk

APK's idea of a rollercoaster ride -- (-1)

Anonymous Coward | more than 2 years ago | (#38216824)

-- spending his morning refreshing his dopey anonymous comments and gleefully watching the moderation jump around; thrilling!

I've already seen it go from +1 Interesting, to 0 Interesting, to +2 Interesting (quite the "roller coaster ride" eh?)

I bet you host one hell of a party, Alex.

Re:This says it all for Linux "security" (1)

Anonymous Coward | more than 2 years ago | (#38216686)

The guy is a common troll around here and will link pages and pages of articles in incoherent rants whenever OS security is mentioned (you can see his joke of a thread about locking down Windows, it's just as badly written as every single one of his posts here, with a lot of bolds, caps, and dotted lines)

UR offtopic & use illogical adhominem attacks (-1)

Anonymous Coward | more than 2 years ago | (#38216998)

Funny how others feel differently (my init. post here's up to +2 Interesting @ this point in upwards moderation for example).

Others here tend to disagree with you over time as well as to the quality of my postings on /. here:

Roughly 75++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):

+5 'modded up' posts by "yours truly" (4):

HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190 [slashdot.org]
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976 [slashdot.org]
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147 [slashdot.org]

----

+4 'modded up' posts by "yours truly" (3):

INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817 [slashdot.org]
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315 [slashdot.org]
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://science.slashdot.org/comments.pl?sid=158310&cid=13263898 [slashdot.org]

----

+3 'modded up' posts by "yours truly" (6):

APK MICROSOFT INTERVIEW:2005 -> http://developers.slashdot.org/comments.pl?sid=155172&cid=13007974 [slashdot.org]
APK MS SYMBOLIC DIRECTORY LINKS:2005 -> http://it.slashdot.org/comments.pl?sid=166850&cid=13914137 [slashdot.org]
APK FOOLS IE7 INSTALL IN BETA HOW TO:2006 -> http://slashdot.org/comments.pl?sid=175857&cid=14615222 [slashdot.org]
PROOFS ON OPERA SPEED & SECURITY:2007 -> http://slashdot.org/comments.pl?sid=273931&threshold=1&commentsort=0&mode=thread&cid=20291847 [slashdot.org]
HBGary POST in Fake Names On Social Networks, a Fake Problem:2011 -> http://tech.slashdot.org/comments.pl?sid=2375110&cid=37056304 [slashdot.org]
APK RC STOP ROOKIT TECHNIQUES:2008 -> http://it.slashdot.org/comments.pl?sid=1021873&cid=25681261 [slashdot.org]

----

+2 'modded up' posts by "yours truly" (10):

HOW DLL API CALL LOADS WORK:2008 -> http://tech.slashdot.org/comments.pl?sid=1001489&cid=25441395 [slashdot.org]
APK TRICK TO STOP A MALWARE:2008 -> http://tech.slashdot.org/comments.pl?sid=1010923&cid=25549351 [slashdot.org]
DOING SHAREWARE 1995-2004:2007 -> http://it.slashdot.org/comments.pl?sid=233779&cid=19020329 [slashdot.org]
MHTML SECURITY BUG FIX IE:2011 -> http://tech.slashdot.org/comments.pl?sid=1973914&cid=35056454 [slashdot.org]
EXCEL SECURITY FIX:2009 -> http://it.slashdot.org/comments.pl?sid=1139485&cid=26974507 [slashdot.org]
CODING JOBS OFFSHORING:2007 -> http://slashdot.org/comments.pl?sid=245971&cid=19760473 [slashdot.org]
MS PUTS YOU TO WORK:2006 -> http://it.slashdot.org/comments.pl?sid=174759&cid=14538593 [slashdot.org]
ARSTECHNICA LOL:2008 -> http://it.slashdot.org/comments.pl?sid=1021733&cid=25675515 [slashdot.org]
CYBERSECURITY LEGISLATIONS:2011 -> http://yro.slashdot.org/comments.pl?sid=2222868&cid=36379698 [slashdot.org]

----

+1 'modded up' posts by "yours truly" (55) & we AC's start at ZERO, not 1 or 2 like registered users on /. do:

DISASSEMBLY & PROTECTING CODE:2010 -> http://news.slashdot.org/comments.pl?sid=1719570&cid=32907418 [slashdot.org]
SECURITY BUGS LINUX vs. WINDOWS:2011 -> http://news.slashdot.org/comments.pl?sid=2247480&cid=36485068 [slashdot.org]
NORTON DNS & DNSBL:2011 -> http://yro.slashdot.org/comments.pl?sid=2311948&cid=36708742 [slashdot.org]
APK ROOTKIT KILLING TECHNIQUE USING RC:2011 -> http://tech.slashdot.org/comments.pl?sid=2428486&cid=37405530 [slashdot.org]
DISK DEFRAG STRATEGY OPTIONS:2011 -> http://it.slashdot.org/comments.pl?sid=2435272&cid=37443738 [slashdot.org]
APK PART OF ULTRADEFRAG64 PROOF:2011 -> http://it.slashdot.org/comments.pl?sid=2435272&cid=37443252 [slashdot.org]
DATASTRUCTURES & SQL:2011 -> http://news.slashdot.org/comments.pl?sid=2080454&cid=35794668 [slashdot.org]
BINARY HEAPS:2010 -> http://developers.slashdot.org/comments.pl?sid=1686094&cid=32581292 [slashdot.org]
CACHE COHERENCY:2005 -> http://hardware.slashdot.org/comments.pl?sid=168793&cid=14070783 [slashdot.org]
DELPHI ROCKS VB/VC++:2007 -> http://it.slashdot.org/comments.pl?sid=236049&cid=19261269 [slashdot.org]
MEMORY FRAGMENTATION IN FF:2007 -> http://slashdot.org/comments.pl?sid=367219&threshold=-1&commentsort=0&mode=thread&cid=21434061 [slashdot.org]
CODING PROFESSIONALLY:2005 -> http://developers.slashdot.org/comments.pl?sid=170925&cid=14238424 [slashdot.org]
MULTIPLE MESSAGE QUEUES:2010 -> http://linux.slashdot.org/comments.pl?sid=1618508&cid=31847246 [slashdot.org]
APK ROOTKIT.COM ON WINDOWS VISTA IPSTACK SECURITY:2009 -> http://tech.slashdot.org/comments.pl?sid=1339085&cid=29106629 [slashdot.org]
USING CSC & SCIENCE TOGETHER IN ACADEMIA:2010 -> http://ask.slashdot.org/comments.pl?sid=1531366&cid=30971224 [slashdot.org]
PROGRAMMING CONCEPTS MORE IMPORTANT THAN SYNTAX:2009 -> http://tech.slashdot.org/comments.pl?sid=1314993&cid=28827429 [slashdot.org]
SSD DECADES OF USAGE:2009 -> http://hardware.slashdot.org/comments.pl?sid=1273501&cid=28375697 [slashdot.org]
CODING .NET FROM VB:2006 -> http://developers.slashdot.org/comments.pl?sid=176229&cid=14641701 [slashdot.org]
LAMP SECURITY:2011 -> http://it.slashdot.org/comments.pl?sid=2243006&cid=36462748 [slashdot.org]
SLASHDOT "Pro-*NIX" SLANT CONTROVERSY = GOOD:2005 -> http://slashdot.org/comments.pl?sid=154725&cid=12974078 [slashdot.org]
NYSE+LINUX STOCK EXCHANGE LIE BY PENGUINS:2010 -> http://linux.slashdot.org/comments.pl?sid=1842764&cid=34046376 [slashdot.org]
WINDOWS vs. IBM vs. LINUX ARCHITECTURE STEALING:2005 -> http://linux.slashdot.org/comments.pl?sid=160244&cid=13414756 [slashdot.org]
LINUX IMITATING WINDOWS:2005 -> http://linux.slashdot.org/comments.pl?sid=170126&cid=14177851 [slashdot.org]
PROOF MS HAD LESS BUGS THAN LINUX/MACOS X:2005 -> http://it.slashdot.org/comments.pl?sid=173564&cid=14442403 [slashdot.org]
PROOF MS HAD LESS BUGS THAN LINUX/MACOS X:2006 -> http://it.slashdot.org/comments.pl?sid=173016&cid=14398069 [slashdot.org]
APK USING KDE & LINUX:2010 -> http://linux.slashdot.org/comments.pl?sid=1750240&cid=33214838 [slashdot.org]
APK CONGRATS TO LINUX:2005 -> http://linux.slashdot.org/comments.pl?sid=170296&cid=14192885 [slashdot.org]
APK KUDOS TO LINUX:2005 -> http://slashdot.org/comments.pl?sid=162921&cid=13614370 [slashdot.org]
1 GOOD THING ABOUT HACKER/CRACKERS:2011 -> http://yro.slashdot.org/comments.pl?sid=1982796&cid=35119212 [slashdot.org]
MINIMUM WINDOWS SERVICES:2005 -> http://slashdot.org/comments.pl?sid=157321&cid=13190570 [slashdot.org]
HIDDEN SECURITY BUGS:2005 -> http://linux.slashdot.org/comments.pl?sid=164039&cid=13698742 [slashdot.org]
APK & FIREFOX BUGFIX TEAM:2005 -> http://it.slashdot.org/comments.pl?sid=161697&cid=13526010 [slashdot.org]
WHY OPERA ROCKS:2005 -> http://slashdot.org/comments.pl?sid=170983&cid=14242283 [slashdot.org]
OPERA "SUPERIOR WARRIOR":2009 -> http://developers.slashdot.org/comments.pl?sid=1309763&threshold=-1&commentsort=0&mode=thread&pid=28768721 [slashdot.org]
OPERA=FASTER & MORE SECURE:2005 -> http://it.slashdot.org/comments.pl?sid=157615&cid=13208800 [slashdot.org]
OPERA vs. FIREFOX:2007 -> http://slashdot.org/comments.pl?sid=286721&cid=20452183 [slashdot.org]
APK SANDBOXING IE:2007 -> http://it.slashdot.org/comments.pl?sid=236547&cid=19310513 [slashdot.org]
APK ON SANDBOXIE:2010 -> http://it.slashdot.org/comments.pl?sid=1875754&cid=34281930 [slashdot.org]
CHROME NEEDS BY SITE PREFS TO SANITYINANARCHY:2011 -> http://slashdot.org/comments.pl?sid=2358734&cid=36946676 [slashdot.org]
DO YOUR BEST WORK OUR YOUNG MENS LIVES RIDE ON IT:2010 -> http://developers.slashdot.org/comments.pl?sid=1898806&cid=34472826 [slashdot.org]
STAT I/II SKEWING:2010 -> http://slashdot.org/comments.pl?sid=1504756&cid=30711074 [slashdot.org]
SEARCH ENGINES:2005 -> http://science.slashdot.org/comments.pl?sid=162717&cid=13598832 [slashdot.org]
PORTING CODE:2007 -> http://linux.slashdot.org/comments.pl?sid=236367&cid=19291677 [slashdot.org]
POLITICALS:2007 -> http://yro.slashdot.org/comments.pl?sid=237091&cid=19362755 [slashdot.org]
WINDOWS EMPLOYS YOU BETTER:2006 -> http://linux.slashdot.org/comments.pl?sid=174277&cid=14498965 [slashdot.org]
MS PUTS YOU TO WORK:2005 -> http://books.slashdot.org/comments.pl?sid=169549&threshold=-1&commentsort=0&tid=109&mode=thread&cid=14132540 [slashdot.org]
"666":2008 -> http://news.slashdot.org/comments.pl?sid=548476&cid=23353722 [slashdot.org]
APK ON HARDCODES & SHELLOPEN ASSOCIATION:2010 -> http://tech.slashdot.org/comments.pl?sid=1519842&cid=30854906 [slashdot.org]
DR. DEMENTO SHOW:2010 -> http://news.slashdot.org/comments.pl?sid=1678308&cid=32494990 [slashdot.org]
CA DISREPUTABLE #2 of 2:2010 -> http://news.slashdot.org/comments.pl?sid=1884922&cid=34351020 [slashdot.org]
NO PROOF USED BY LOB:2010 -> http://tech.slashdot.org/comments.pl?sid=1907190&cid=34529734 [slashdot.org]
ON KIDS CODING & ARMCHAIR QB's:2011 -> http://science.slashdot.org/comments.pl?sid=2040490&cid=35508400 [slashdot.org]
FPGA & TERMINATORS:2011 -> http://it.slashdot.org/comments.pl?sid=2341586&cid=36842168 [slashdot.org]
APK ON CHESS:2010 -> http://ask.slashdot.org/comments.pl?sid=1877160&cid=34293988 [slashdot.org]

---

* THE HOSTS FILE GROUP 23++ THUSFAR (from +5 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]

* THE APK SECURITY GUIDE GROUP 10++ THUSFAR (from +5 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

APK SECURITY GUIDE:2005 -> http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198 [slashdot.org]
APK SECURITY GUIDE:2009 -> http://it.slashdot.org/comments.pl?sid=1361585&cid=29360367 [slashdot.org]
APK SECURITY GUIDE:2009 -> http://yro.slashdot.org/comments.pl?sid=1218837&cid=27787281 [slashdot.org]
APK SECURITY GUIDE:2008 -> http://ask.slashdot.org/comments.pl?sid=970939&cid=25093275 [slashdot.org]
APK SECURITY GUIDE:2010 -> http://tech.slashdot.org/comments.pl?sid=1885890&cid=34358316 [slashdot.org]
APK SECURITY GUIDE (old one):2005 -> http://it.slashdot.org/comments.pl?sid=154868&cid=12988150 [slashdot.org]
APK SECURITY GUIDE:2008 -> http://ask.slashdot.org/comments.pl?sid=970939&threshold=-1&commentsort=0&mode=thread&no_d2=1&cid=25092677 [slashdot.org]
APK SECURITY GUIDE:2008 -> http://tech.slashdot.org/comments.pl?sid=1027095&cid=25747655 [slashdot.org]
APK SECURITY TEST CHALLENGE LINUX vs. WINDOWS:2007 -> http://it.slashdot.org/comments.pl?sid=267599&threshold=1&commentsort=0&mode=thread&cid=20203061 [slashdot.org]

---

* So, as the saying goes? "Argue with the numbers", & good luck - you'll NEED it, as you're outnumbered rougly 75:1 above... lol!

APK

P.S.=> The thing I love about off topic illogical adhominem attack utilizing trolls such as yourself? Well, ok:

Facts (especially documented ones from reputable sources) always BLOW YOU AWAY, easily... & I've got loads of those to work with as you can see above, or in my 1st post here, vs. your trolling b.s., everytime!

... apk
  http://science.slashdot.org/comments.pl?sid=158310 [slashdot.org]

It's cute when dogs walk on their hindlegs (0)

Anonymous Coward | more than 2 years ago | (#38217124)

and pretend that they're people; it's cuter when apk reveals that he keeps track of his comment moderations and pretends that they're Academy Awards.

Alex is a performance artist, right? I mean c'mon, what kind of sad fuck would keep an actual log of his anonymous comments?

Re:This says it all for Linux "security" (5, Insightful)

americamatrix (658742) | more than 2 years ago | (#38215878)

It's just like any other OS. You need to know what your doing.

A poorly setup Linux box will be worse than a locked down Windows install. Everyone knows this.

To say Linux itself is inherently vulnerable is an ignorant statement.


-americamatrix

Agreed, 110%... apk (-1)

Anonymous Coward | more than 2 years ago | (#38216734)

You won't hear an argument/debate from me on what you said, because I am in utter full agreement with it.

APK

P.S.=> Been "locking them all down" since the mid 90's in fact, per guides like these I have offered for Windows 2000/XP/Server 2003/7/Server 2008 users:

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml [archive.org] which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

---

It just works, per some results above for a fellow over the course of 2-3 yrs time on Windows as an example thereof, when FOLLOWED-TO-THE-LETTER (takes about 1-2 hours time & less with .reg file + logon script policy merges you can easily "preset" into a system).

Which said "layered-security"/"defense-in-depth" guide heavily uses a highly esteemed security tool called CIS Tool to do so, to not only secure "stand-alone" single home systems connected to the internet, but is also INCREDIBLY USEFUL for making a "security-hardened" group policy setup in Windows variants also!

CIS Tool IS also "multi-platform" in nature (uses JAVA is why), AND, also can be used to secure other OS' such as Linux variants, Solaris, NetWare, & more based on industry "best security practices")

... apk

Re:This says it all for Linux "security" (1)

c0d3g33k (102699) | more than 2 years ago | (#38215916)

1. Please try again with a coherent critique of Linux security rather than a spittle spraying rant. I might read it and take it seriously.
2. You seem to have an agenda here, and have convinced yourself that it is validated. Good for you (pat on head).
3. Schadenfreude is bad for your health.
4. So ... what's your point exactly, and what do you expect people to do exactly if they happen to agree with whatever your point is?

Re:This says it all for Linux "security" (2, Interesting)

jellomizer (103300) | more than 2 years ago | (#38216022)

Oh come on!
If someone did a rant like this for Windows it would be moderated +5 Insightful.

The Agenda here is to point out that Linux isn't the God of OS. It has its problems just like Windows and the others. As we giggle and glee when there is a Major Windows Issue, we like to discredit any Linux problem.

It isn't that Windows is More Secure then Linux but there are too many people running Linux feeling invincible from all the world has to attack them.
The biggest problem in IT Security isn't the OS it is the Dumb Ass who runs the systems.

You can have a Windows Network running for years without a security issue. You can Have a Linux network that is attacked daily. It determine the skill of the System Administrator.
 

Trolls like U? Please... lol! apk (-1)

Anonymous Coward | more than 2 years ago | (#38216934)

U use off topic illogical adhominem attacks, vs. facts I use http://it.slashdot.org/comments.pl?sid=2551740&cid=38215752 [slashdot.org] which are documented, current, & undeniable.

(Gosh: I wonder who wins? NOT!)

---

"1. Please try again with a coherent critique of Linux security rather than a spittle spraying rant. I might read it and take it seriously." - by c0d3g33k (102699) on Wednesday November 30, @12:15PM (#38215916)

Funny, but I used nothing but documented facts on Linux security from this year (with ANDROID even more), vs. your off topic illogical adhominem attack attempt on myself...

---

"2. You seem to have an agenda here, and have convinced yourself that it is validated. Good for you (pat on head)." - by c0d3g33k (102699) on Wednesday November 30, @12:15PM (#38215916)

Your off topic illogical adhominem attack actually does that for me, & validates my 1st posts' documented current undeniable facts (that Linux security is being torn to shreds lately & the illusion of "security-by-obscurity" (lack of widespread overall usage on PC's & Servers combined)), which you apparently CANNOT DISPROVE...

LMAO, & you're left with attempting to attack myself (adhominem attack, very illogical), rather than the documented current facts I used to make that point (Linux != secure, despite years of FUD being spread here to mislead others it is).

---

"3. Schadenfreude is bad for your health." - by c0d3g33k (102699) on Wednesday November 30, @12:15PM (#38215916)

Trolling on your part, off topic illogical adhominem attacks & all, isn't helping yours (or your reputation I imagine).

---

"4. So ... what's your point exactly, and what do you expect people to do exactly if they happen to agree with whatever your point is?" - by c0d3g33k (102699) on Wednesday November 30, @12:15PM (#38215916)

Well, ok: Exactly what I've stated in my 1st post others have agreed & modded me up for: Linux is as vulnerable security-wise as ANY OS OUT THERE, unless you take active measures to secure it better (and it can be better, even SeLinux bearing Linux distros).

You've helped prove another point of mine though!

That point? Heh - that when Penguins are confronted by facts they cannot disprove? They become the trolls they TRULY are, as you have now!

(Trolling FUD spreaders that misled others for decades no less that "Linux = Secure")

Man... trolls always reveal themselves that way, as you have...

APK

P.S.=> So, that all "said & aside"? Well - If the "best you've got" is your off-topic illogical adhominem attacks, vs. very current documented + verifiable facts I use from reputable sources? You've proved another point for me!

Yes - that point being that when "penguins" are confronted by facts they cannot disprove? They become the trolls they TRULY reveal themselves to be (such as yourself & your reply does)...

Thank you for helping me make yet another point on that very note!

... apk

Re:This says it all for Linux "security" (1)

sandytaru (1158959) | more than 2 years ago | (#38215948)

I'd argue that they're targeting Linux precisely because everyone assumes their Linux servers are invulnerable.

Re:This says it all for Linux "security" (1)

dclozier (1002772) | more than 2 years ago | (#38216098)

Yes I think it does say it all for Linux "security".

I'd argue that this was because after taking control the attackers could easily secure/defend the machine and prevent others from taking it over. A C&C machine is a valuable asset for any organization.

Re:This says it all for Linux "security" (3, Interesting)

Anonymous Coward | more than 2 years ago | (#38216232)

Current proof that Linux's NOT "invulnerable secure" yet again, & yes, that Linux does get targetted by malwares...

Yeah, go for it! You keep at it, pal! You're beating your opponent so hard that the straw is leaking out!

Seriously, nobody with any credibility has ever claimed that Linux is "invulnerable secure". The strongest argument usually made is that Linux is more secure than Windows, which was absolutely true when it was commonly being made 10 years ago. The debate has moved on. The claims you should be arguing against today are that Linux is better value-for-money on servers, and more secure than Windows specifically on the desktop.

As for malware - well, a targeted attack probably by a nation-state is hardly the scenario people are thinking of when they say "Linux doesn't get viruses". The claim you should be fighting here is that Linux is less likely to be hit by drive-by malware or compromised at random by malicious websites. These claims are absolutely true; even if Linux is no more secure than Windows, it is still a much smaller and less attractive target, and therefore safer.

But, hey, I'm getting in the way of you beating on your strawman, so I'll shut up now and let you keep on with your regularly scheduled trolling!

Re:This says it all for Linux "security" (1)

magamiako1 (1026318) | more than 2 years ago | (#38216690)

As far as desktop is concerned I don't consider linux to be any different than Windows. While it is true that by default Windows XP and previous permitted Administrative privileges, UAC in Vista and 7 go a step above to prevent "drive by" system-level malware infections.

Local root escalation exploits exist, but they exist in Linux, too. This goes for a very wide range of applications.

Both Windows and Linux have gone through great lengths for local security though, and I'd suggest looking at the Microsoft Enhanced Mitigation Experience Toolkit utility that is available.

You can harden individual processes from common exploit techniques (heap spray, null page, structured exception handling, etc)

Re:This says it all for Linux "security" (0)

Anonymous Coward | more than 2 years ago | (#38216768)

You are absolutely right... A Windows machine with the default install and an easily guessable password would never have been compromised.

Perhaps you should start taking your medications more regularly.

New News/NewsFlash/Clue: (-1)

Anonymous Coward | more than 2 years ago | (#38217132)

1st: Topic here's not about Windows, it's about Linux having hosted Duqu's C&C Servers!

2nd: Said article (& my 1st post here ) use current undeniable documented information showing Linux's not as "secure" as was trumpeted about misleading others here for more than a decade now by many penguins (because security-by-obscurity was what made Linux perpetrate an illusion, of being 'so secure')... period.

3rd: Current history & documented facts I used from reputable sources in my intial post here:

http://it.slashdot.org/comments.pl?sid=2551740&cid=38215752 [slashdot.org]

EASILY show that much... easily.

APK

P.S.=>

"You are absolutely right... A Windows machine with the default install and an easily guessable password would never have been compromised." - by Anonymous Coward on Wednesday November 30, @01:17PM (#38216768)

You might want to read my initial post here then & this "salient quote" here from myself:

"Yes - Any OS' is securable, & far better than they come by default (yes, even SeLinux, but you have to go beyond its mere defaults to make it better, + MacOS X too (Apple produces guides for that in fact)) - by Anonymous Coward on Wednesday November 30, @12:01PM (#38215752) FROM http://it.slashdot.org/comments.pl?sid=2551740&cid=38215752 [slashdot.org]

That was from myself - ALL OS' out there in the "mainstream" can be security-hardened above their defaults OR vs. user/administrator screwups.

In other posts here:

http://it.slashdot.org/comments.pl?sid=2551740&cid=38216734 [slashdot.org]

I merely "2nd that motion", that ALL OS' can be further "security-hardened"... & I even show guides I've been doing since 1997 online that help users do so!

(Not only on Windows mind you due to CIS Tool usage, a multiplatform highly esteemed tool for securing OS & more)

Those guides show how to security-harden Windows NT-based OS of "modern variety" (for decades now no less & yes, the guides work), & utilize a multi-platform JAVA driven security tool that's QUITE highly regarded/esteemed, that will do the same for other OS' too...

... apk

CentOS?! (-1)

Anonymous Coward | more than 2 years ago | (#38215900)

Dude... you got a dell...

Noooo!! (0)

Anonymous Coward | more than 2 years ago | (#38215938)

Not the Music Factory! How will we know when to dance now?

All CentOS, but no RHEL (2)

gatkinso (15975) | more than 2 years ago | (#38216190)

That makes me think twice about skipping on that Redhat license.

Perhaps the folks at Cent should be checking their logs.

Sleep well at night. (1)

bmo (77928) | more than 2 years ago | (#38216244)

1. Don't run services you don't need. This goes for all systems, including Windows.
2. If you do need sshd running, install denyhosts.
3. If at all possible, run sshd on a nonstandard port.

#3 keeps the logs quiet from bots trying to jiggle a door handle that isn't there on 22.

--
BMO

Re:Sleep well at night. (2)

knarfling (735361) | more than 2 years ago | (#38216504)

4. Change PermitRootLogin to no. If you must have remote root access, make them log in as a normal user and su to root. (Better yet, set up sudo and control who can do what.)

Re:Sleep well at night. (1)

bmo (77928) | more than 2 years ago | (#38216648)

Yeah, that too.

It's just that I've been running Ubuntu so long and got so used to sudo and no root logins and all that I entirely forgot about it.

Because any other way is madness.

Speaking of no-root-login, there is a certain kind of user or admin who will fight to the death against removing the login for root and say how sudo is a security hole. I just don't get it.

Someone else also mentioned fail2ban. I endorse that too.

--
BMO

Re:Sleep well at night. (1)

magamiako1 (1026318) | more than 2 years ago | (#38216752)

From the article it appears it had nothing to do with whether or not root login is turned on.

Remember, OpenSSH runs as the root user even if root logins are not accepted. Exploiting a vulnerability in OpenSSH isn't entirely out of the picture.

A more proper way to do things is to force a VPN scenario to manage your servers. Try to run known proven VPN hardware from major vendors (such as Juniper and Cisco) where the hardware they use is special purpose (and not running a lot of extra fluff), which limits your attack surface. Then you enable management of your machines via the VPN.

FYI: I have seen video proof of a current version of OpenSSH with a remote escalation exploit that has yet to be acknowledged or patched. The exploit code was supposedly purchased by Apple. The demonstration was run on Ubuntu 11.10.

Re:Sleep well at night. (1)

knarfling (735361) | more than 2 years ago | (#38217138)

From the article it appears it had nothing to do with whether or not root login is turned on.

Sorry, but the logs from both servers in the article (second link) do show that they both accepted a password for user=root from a remote IP address. That doesn't happen when sshd_config is set to prevent remote root logins. The sshd logs should show a normal user logging in. The secure logs should then show the su or sudo with privilege escalation.

Even though OpenSSH runs as root, that does not mean that anyone who connects in has root privileges. If the exploit allowed someone to connect in as root when PermitRootLogin is set to no, that would be very, very scary.

BTW, I am not claiming that there is no exploit or that they did not use one. It seems very possible that they could have used the exploit to gain access the first time, changed or found a way to guess the root password and then logged in as root from then on. On server from 2009, it appears that they did not do that since there were several bad password attempts for user=root before they got in. But they could have done it on the other server.

A more proper way to do things is to force a VPN scenario to manage your servers. Try to run known proven VPN hardware from major vendors (such as Juniper and Cisco) where the hardware they use is special purpose (and not running a lot of extra fluff), which limits your attack surface. Then you enable management of your machines via the VPN.

A good VPN is definitely a good idea for the first line of defence. But that should not be all. Some people cannot afford the VPN hardware, and have to make do without it. Even with it, you should still limit remote root access. That makes a breach that much harder to accomplish. At my company, we happen to use both. In addition, we have monitoring set up so that even if someone does access the root user, we get alerts.

A CentOS user responds (0)

Anonymous Coward | more than 2 years ago | (#38216354)

Here's the post I just made to Kaspersky labs:
I found this very interesting, having followed the link from slashdot. Two details stand out, esp. after speaking to my manager about the sshd business: first, why would they yum update openssh, since you report they installed 5.8 from an ubuntu/debian source package. CentOS 6, like RHEL 6, is running 5.3p1 (with all known security fixes backported by upstream)?

Secondly, my manager agrees with the previous poster: you update to prevent other attackers' access. After all, their attacks might break your attack.

Finally, this indicates very, very bad password policy on the part of the compromised servers. If these belong to corporations, management should be looking very hard at why they were so easily broken... and why they're not running brute-force resistance, such as fail2ban.

                  mark

WTF is "Duqu", and why should I care? (-1)

Anonymous Coward | more than 2 years ago | (#38216490)

N/T

(INB4 "lmgtfy": The question was rhetorical. I don't care.)

They got it backwards (1)

David Frankenstein (21337) | more than 2 years ago | (#38216728)

I would think this points to an exploit in SSHD 5.x, not 4.3. Once I brute-forced into a system, I would think the first order of business is to ensure I can get back in if the password is changed, not to patch the little-known exploit I used to get in in the first place.

Re:They got it backwards (2)

gatkinso (15975) | more than 2 years ago | (#38216858)

Patch the hole because you don't want someone else (say a pron spammer) to come in behind you and end up getting caught (or screwing up your server). But yes there could be an exploit they are using in 5.x as well.

I suspect it was not a brute force attack, they simply disguised the exploit as one so that it falls into the noise of the hundreds of brute force attacks each day.

broken forever (0)

Anonymous Coward | more than 2 years ago | (#38217006)

there are three things the "government" will never allow to function properly:
1. BIND
2. OpenSSH
3. the linux dekstop
by any means, even "under-cover" government spies posing as open-source programmers.
it's kind-of-like a missile defense shield but of cyberspace, isn't it obvious?

Not bruteforce but dictionary attack (0)

Anonymous Coward | more than 2 years ago | (#38217128)

The compromised Linux servers were not attacked by bruteforce, but by a dictionary attack. Get a dictionary of say 10,000 common English words, and in automated succession try every one of them for the password. If its a common word, then you don't have to try millions or billions of unlikely words or jumble of letters that aren't normally a word, a mere 10,000 will do the trick. This is why security people insist on using passwords that aren't common words (or even uncommon words), but rather a mix of letters, numbers and punctuation: it defeats dictionary and ribbon table attacks.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...