Holiday cracking - Lars Strand
A friend of mine asked me to have a look at his Linux-server. "It behaves strangely" he said, most notably the web-server apache refused to start. It turned out to be more than just a problem with apache.Holiday cracking - redux - Lars Strand
I already had an account, so I started to poke around. The first thing I noticed was some strange ls behavior:
lars@server1:~$ ls
ls: invalid option -- h
Try `ls --help' for more information.
That's odd.. Why don't "ls" take "-h" all of a sudden?? I had aliased "ls, so I unaliased it and it worked fine:
lars@server1:~$ alias ls
alias ls='ls -sh --color=auto'
lars@server1:~$ unalias ls
lars@server1:~$ ls
backup
lars@server1:~$
Update 3. Nov 2007: Dug up some more interesting stuff.
The "holiday cracking" story got far more attention than I ever would have imagined. If I had known it would get so massive attention, I sure would have done a more throughly job. Interestingly, after the posting I have received some pretty interesting feedback - even an email from the cracker himself! It sure helps getting on Slashdot and posted on Bruce Schneier's blog!
In fact, when the story hit /., I first thought that I was finally being DoS'ed by an angry exposed cracker. But I quickly found out that it was the "normal" slashdot effect. You can see the traffic increase from the graph: The first traffic increase is from Schneier (week 33), the second is slashdot (week 34).
沒有留言:
張貼留言