/proc/speakup

Kirk Wood cpt.kirk at 1tree.net
Wed Feb 14 22:11:30 EST 2001


On Wed, 14 Feb 2001, Tyler Spivey wrote:
> /proc/speakup was a bad idea. because:
> 1. if a hacker gained root, you couldn't turn off the net or something without speech. (if
> someone shut it off)

If someone hacks your box, you had best just shut the machine off, or
remove it from the network with the cable. Anything else is asking for
things to get worse. But let me give some more detail here:

1) If they compromise your system how do you know when you have regained
complete control? The wise thing to do is to completely re-install the OS
saving only the home directory.

2) As Bill pointed out haow many will even go for this? Hello?? Unless
they are on the list they will need to go find out how to do all these
evil nasty things. If this is a problem you need to replace your
"friends."

3) Perhaps if this is a serious threat the fact they can shut down the
volume is not good it is great. At least you will know someone is messing
arround. Chances are if it is a real hacker and you notice the first
indication is that you can't log in.

4) Someone messing with your speakup is showing they know something about
the product. Evan as vast a user base as speakup has, this is a limiting
factor. Spend your energy lowering your chances of being hacked. Learn
more about ipchains and other security tools.

=======
Kirk Wood
Cpt.Kirk at 1tree.net

Nothing is hard if you know the answer or are used to doing it.





More information about the Speakup mailing list