/proc/speakup

Kerry Hoath kerry at gotss.eu.org
Wed Feb 14 22:33:20 EST 2001 

Most hackers will have obtained root access to your system rather
quickly, so although making the /proc filesystem permitions setable is a good idea,
the average hacker with root access can circumvent this.
Also, how many hackers will know to look for a /proc/speakup directory? From a remote point
of view you can't see that speakup is running on a box unless you know what you
are looking for, config files in /etc; /proc etc.
A hacker can just as easily trash your sound volumes or file systems if they have root.
Once a user is in the system; security is questionable at best.
Keep hackers out of the system by preventing them from getting past the login prompt.
/bin/login is your first line of defence; use it.
Bad passwords will let more script kiddies into your system faster than the
esoteric buffer overflow only exploitable on the night of a fullmoon
whilst the wolves are howling at the back (not the front) door :-)
Keep passwords in the clear off the network. Regular pop3 is a bad thing, unless you
use md5 authentication; if you must telnet, use ssltelnet on
both ends. If you must ssh, keep it up to date.
A recent buffer overflow in openssh was fixed that could allow root access.

If you want total security, unplug your computer and turn it off.
If you want excellent security; don't connect it to the internet :-)

Regards, Kerry.
On Wed, Feb 14, 2001 at 04:30:44PM -0800, Tyler Spivey wrote:
> immagin tis: a hacker is threating your system, and ou ar running speakup.
> though theirs no way ot shut it off, with /proc/speakup you can mess it up. sinceany ser cn write t it (i think),
> people could adjust your rat and stuff while they do their work, and by the time you had it running, you'd be dead.
> i'm lucky i'm behind some kind of firewall myself, for when i get better internet i'll be faced with maybe a hacker or 2.
> and i fi bring my braille lite home, i'll probably plug it in again with speakup.
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
--
Kerry Hoath: kerry at gotss.eu.org
Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
ICQ UIN: 8226547

More information about the Speakup mailing list