Word from Acorn User is that the shake-up continues with
Steve Langley's appointment as new Marketing Manager. It seems that the imminent re-launch (January 2002) is being taken seriously - as it should, and about time too etc. etc. Not sure if the free ads will be appearing back on the AU website any time soon, so I've added our own
Free Ads page in the mean time.
ExpLAN have updated their
Solo pages with new piccies of the solar-power RISC OS machine. This depicts the Mk II prototype, which looks more like the final production models. Designed for use in third world countries, these machines are being advertised more to manufacturers and government representatives than us users, so it might not be worth trying to order one or two units for yourself but if you know of any governments that have poor IT infrastructure and are looking for cheap, reliable machines, point them in ExpLAN's direction.
Another diary (or should that be dairy? :) date for you - the RISC OS South West show will take place on Saturday March 2nd 2002 at the Webbington Hotel, North Somerset.
Just popped over to
My RISC OS while checking what the competition are doing with the RiscStation story, and found a defacement page instead. Looks like every webmaster's nightmare just came true for those boys, and we wish them well in recovering from such childish and destructive lameness.
And more upgrades to ArtWorks hit my mailbox this morning, just to make this quick roundup complete.
|
Random bits |
|
(15:57 10/12/2001) Andrew Weston (16:30 10/12/2001) Richard Goodwin (16:39 10/12/2001) Guest (18:44 10/12/2001) Richard Goodwin (09:22 11/12/2001) Guest (10:15 11/12/2001) Guest (10:18 11/12/2001) Andrew Weston (13:31 11/12/2001) Guest (19:42 11/12/2001) Guest (18:35 12/12/2001) Guest (09:52 13/12/2001) Tim Fountain (10:48 13/12/2001) Richard Goodwin (11:20 13/12/2001) Guest (16:44 13/12/2001) Guest (17:25 13/12/2001) Guest (20:41 13/12/2001) Tim Fountain (21:48 15/12/2001) Guest (01:57 17/12/2001) Guest (09:32 17/12/2001) Guest (10:28 17/12/2001) Guest (19:36 17/12/2001) Richard Goodwin (15:53 2/1/2002)
|
|
John Hoare |
Message #89677, posted at 15:57, 10/12/2001 |
Unregistered user
|
You'd think that if people were going to bother cracking something they would pick a worthwhile target... what's My RISC OS done to anyone?
Oh, and the Solo looks excellent. :-) |
|
[ Log in to reply ] |
|
Andrew Weston |
Message #89678, posted at 16:30, 10/12/2001, in reply to message #89677 |
Unregistered user
|
Just popped over to The Icon Bar forum and posted something about My RISC OS :-)
Seems like a waste of time to me. Do these people want fame or something? |
|
[ Log in to reply ] |
|
Richard Goodwin |
Message #89679, posted at 16:39, 10/12/2001, in reply to message #89678 |
Unregistered user
|
More likely it's an automated script that hunts out certain servers with certain vulnerabilities. They probably never heard of the site before today. |
|
[ Log in to reply ] |
|
Guest |
Message #89680, posted at 18:44, 10/12/2001, in reply to message #89679 |
Unregistered user
|
Nah - the defacement archives only have three records of this group (one of which being today's myriscos defacement), and myriscos was the first one to get the funky cow picture.
I guess they're just trying out their techniques on a website that isn't likely to come down too heavy on them. They didn't seem to destroy any files in previous attacks (at least they say they didn't - you can't really tell). |
|
[ Log in to reply ] |
|
Richard Goodwin |
Message #89681, posted at 09:22, 11/12/2001, in reply to message #89680 |
Unregistered user
|
The My RISC OS site can't be the first to feature the cow, as I took a look at the HTML source of the defacement and the image is being loaded /from/ a defacement archive - which makes them about 1% smarter than the average script kiddie because they recycle ;) |
|
[ Log in to reply ] |
|
Guest |
Message #89682, posted at 10:15, 11/12/2001, in reply to message #89681 |
Unregistered user
|
I think it highlights how clueless the ISP and maintainers of myriscos.co.uk are, as well as the annoyingness of the script kiddies. Script kiddies don't always end up being as annoying as this if you know what you're doing, and let's face it, pretty much everybody with something to do with myriscos.co.uk doesn't exactly exude professionalism, or any apparent good grasp on anything their doing.
They asked for it, really. |
|
[ Log in to reply ] |
|
Guest |
Message #89683, posted at 10:18, 11/12/2001, in reply to message #89682 |
Unregistered user
|
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on 212.67.202.146 (212.67.202.146):
(The 1538 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
3000/tcp open ppp
3001/tcp open nessusd
3306/tcp open mysql
27665/tcp filtered Trinoo_Master
31337/tcp filtered Elite
Remote operating system guess: Linux 2.1.19 - 2.2.17
Uptime 137.034 days (since Fri Jul 27 10:22:41 2001)
Nmap run completed -- 1 IP address (1 host up) scanned in 18 seconds
--
I think the above highlights their cluelessness :) Ooooh! I wonder if that nessusd is open :) |
|
[ Log in to reply ] |
|
Andrew Weston |
Message #89684, posted at 13:31, 11/12/2001, in reply to message #89683 |
Unregistered user
|
Gobbledeegook. |
|
[ Log in to reply ] |
|
Guest |
Message #89685, posted at 19:42, 11/12/2001, in reply to message #89684 |
Unregistered user
|
The MyRiscOS.org site was the first defacement by a group using this name featuring the funky cow. A big script culling loads of open boxes would sign them all the same and also probably leave the same cow picture.
On the other hand, someone seems to have installed a dDOS tool or two on that machine, so maybe they're not going after fame and fortune and spreading their name. Doesn't look like it though. |
|
[ Log in to reply ] |
|
Guest |
Message #89686, posted at 18:35, 12/12/2001, in reply to message #89685 |
Unregistered user
|
And I quote:
pretty much everybody with something to do with myriscos.co.uk doesn't exactly exude professionalism, or any apparent good grasp on anything their doing.
If you're going to slander me, then at least have the decency to put a name to your comments.
Oh, and it's "they're".
ajv |
|
[ Log in to reply ] |
|
Guest |
Message #89687, posted at 09:52, 13/12/2001, in reply to message #89686 |
Unregistered user
|
Excuse me for butting in, but: Guest - you should know better, and ajv - 'ajv' is hardly a name either, and just for the sake of being pedantic, your quoted section isn't quoted ;-)
Although, from the looks of it, drobe is wide open in even more interesting ways. |
|
[ Log in to reply ] |
|
Tim Fountain |
Message #89688, posted at 10:48, 13/12/2001, in reply to message #89687 |
Unregistered user
|
Like? (Curiousity from someone who knows next to nothing about server administration) |
|
[ Log in to reply ] |
|
Richard Goodwin |
Message #89689, posted at 11:20, 13/12/2001, in reply to message #89688 |
Unregistered user
|
Maybe I should point out that Tim does the PHP, I do the server admin, so just because Tim says he doesn't know much about it doesn't mean our box is wide open :) |
|
[ Log in to reply ] |
|
Guest |
Message #89690, posted at 16:44, 13/12/2001, in reply to message #89689 |
Unregistered user
|
Your box is wide open... |
|
[ Log in to reply ] |
|
Guest |
Message #89691, posted at 17:25, 13/12/2001, in reply to message #89690 |
Unregistered user
|
I hope that as well as posting that rather unhelpful comment you mailed the admins and pointed out what they've left open. Noone's perfect, you know. |
|
[ Log in to reply ] |
|
Guest |
Message #89692, posted at 20:41, 13/12/2001, in reply to message #89691 |
Unregistered user
|
Nothing was hurt, and im sure Hoepelkoe Inc. have not installed any DDoS tool, since we don't use them.
So, this mean that you was allready compromised by somebody else, who did not leave a sign.
eSDee |
|
[ Log in to reply ] |
|
Tim Fountain |
Message #89693, posted at 21:48, 15/12/2001, in reply to message #89692 |
Unregistered user
|
Assuming you're the same 'Guest', you haven't answered my question. |
|
[ Log in to reply ] |
|
Guest |
Message #89694, posted at 01:57, 17/12/2001, in reply to message #89693 |
Unregistered user
|
This 'Guest' business is silly. At least put an IP and/or domain so we have a clue as to who they are. (Yer yer, dynamic ip blah)
I can see how myriscos were hacked. They've got no firewall and have all their ports open and have FP extensions installed. A very easy target.
I too would like to know what is insecure about TIB.
Daniel Barron |
|
[ Log in to reply ] |
|
Guest |
Message #89695, posted at 09:32, 17/12/2001, in reply to message #89694 |
Unregistered user
|
Daniel: I don't think anybody has said that the Icon Bar is insecure, just Drobe. Drobe has the problem, of course, that it's a FreeVSD virtual server - many people share the same box with root privileges, and it's surprisingly simple to escape the sandbox. |
|
[ Log in to reply ] |
|
Guest |
Message #89696, posted at 10:28, 17/12/2001, in reply to message #89695 |
Unregistered user
|
Daniel - given the number of ports open on MyRISCOS, it's possible this is some portscan detection software. Also, if there were a firewall in place you wouldn't necessarily be able to detect it easily.
Guest[09:52,13/12] - you might not class 'ajv' as a name, but addition of the myriscos.co.uk domain can generate a contact email address.
ajv
(who doesn't have anything to do with the admin of the MRO server, but does have something to do with the secure admin of a number of fairly high profile publically accessible servers) |
|
[ Log in to reply ] |
|
Guest |
Message #89697, posted at 19:36, 17/12/2001, in reply to message #89696 |
Unregistered user
|
Yes sorry, I meant Drobe not TIB.
Daniel Barron |
|
[ Log in to reply ] |
|
Richard Goodwin |
Message #89698, posted at 15:53, 2/1/2002, in reply to message #89697 |
Unregistered user
|
Well, someone was running some script kiddie hacks on the TIB box just before I left for Christmas and the site doesn't appear to have been taken down in my absence, so fingers crossed... |
|
[ Log in to reply ] |
|
|