log in | register | forums
Show:
Go:
Forums
Username:

Password:

User accounts
Register new account
Forgot password
Forum stats
List of members
Search the forums

Advanced search
Recent discussions
- General discussion at Rougol May meeting (News:)
- Wakefield Super Prize Draw (News:)
- Certificate error (Gen:2)
- Wakefield-in-Bradford Show 2022 takes place this month (News:1)
- AMCS free versions are live! (Gen:29)
- Archive gets a new edition and a new website (News:)
- RISC OS Developments releases their new TCP/IP stack (News:5)
- April 2022 News Summary (News:)
- March 2022 News Summary (News:2)
- Rougol April meeting report (News:)
Related articles
- Wakefield Show 2009
- Wakey Wakey, it's show time again!
- Show! There's a show! Show happening! [updated^2]
- eBay watch: Risc PC upgrades and Vintage Acorn
- Wakefield 2001 show report
- SIMON's HeadTurner
- A9home watch
- R-Comp prepare for Wakefield [updated]
- R-Comp Interactive go to Extremes
- Omega LegPuller at ROUGOL meeting
Latest postings RSS Feeds
RSS 2.0 | 1.0 | 0.9
Atom 0.3
Misc RDF | CDF
Site Search
 
Article archives
The Icon Bar: News and features: Random bits
 

Random bits

Posted by Richard Goodwin on 15:48, 10/12/2001 | , , ,
 
Word from Acorn User is that the shake-up continues with Steve Langley's appointment as new Marketing Manager. It seems that the imminent re-launch (January 2002) is being taken seriously - as it should, and about time too etc. etc. Not sure if the free ads will be appearing back on the AU website any time soon, so I've added our own Free Ads page in the mean time.

ExpLAN have updated their Solo pages with new piccies of the solar-power RISC OS machine. This depicts the Mk II prototype, which looks more like the final production models. Designed for use in third world countries, these machines are being advertised more to manufacturers and government representatives than us users, so it might not be worth trying to order one or two units for yourself but if you know of any governments that have poor IT infrastructure and are looking for cheap, reliable machines, point them in ExpLAN's direction.

Another diary (or should that be dairy? :) date for you - the RISC OS South West show will take place on Saturday March 2nd 2002 at the Webbington Hotel, North Somerset.

Just popped over to My RISC OS while checking what the competition are doing with the RiscStation story, and found a defacement page instead. Looks like every webmaster's nightmare just came true for those boys, and we wish them well in recovering from such childish and destructive lameness.

And more upgrades to ArtWorks hit my mailbox this morning, just to make this quick roundup complete.
 
  Random bits
  (15:57 10/12/2001)
  Andrew Weston (16:30 10/12/2001)
    Richard Goodwin (16:39 10/12/2001)
      Guest (18:44 10/12/2001)
        Richard Goodwin (09:22 11/12/2001)
          Guest (10:15 11/12/2001)
            Guest (10:18 11/12/2001)
              Andrew Weston (13:31 11/12/2001)
                Guest (19:42 11/12/2001)
                  Guest (18:35 12/12/2001)
                    Guest (09:52 13/12/2001)
                      Tim Fountain (10:48 13/12/2001)
                        Richard Goodwin (11:20 13/12/2001)
                          Guest (16:44 13/12/2001)
                            Guest (17:25 13/12/2001)
                              Guest (20:41 13/12/2001)
                                Tim Fountain (21:48 15/12/2001)
                                  Guest (01:57 17/12/2001)
                                    Guest (09:32 17/12/2001)
                                      Guest (10:28 17/12/2001)
                                        Guest (19:36 17/12/2001)
                                          Richard Goodwin (15:53 2/1/2002)
 
John Hoare Message #89677, posted at 15:57, 10/12/2001
Unregistered user You'd think that if people were going to bother cracking something they would pick a worthwhile target... what's My RISC OS done to anyone?
Oh, and the Solo looks excellent. :-)
  ^[ Log in to reply ]
 
Andrew Weston Message #89678, posted at 16:30, 10/12/2001, in reply to message #89677
Unregistered user Just popped over to The Icon Bar forum and posted something about My RISC OS :-)

Seems like a waste of time to me. Do these people want fame or something?
  ^[ Log in to reply ]
 
Richard Goodwin Message #89679, posted at 16:39, 10/12/2001, in reply to message #89678
Unregistered user More likely it's an automated script that hunts out certain servers with certain vulnerabilities. They probably never heard of the site before today.
  ^[ Log in to reply ]
 
Guest Message #89680, posted at 18:44, 10/12/2001, in reply to message #89679
Unregistered user Nah - the defacement archives only have three records of this group (one of which being today's myriscos defacement), and myriscos was the first one to get the funky cow picture.

I guess they're just trying out their techniques on a website that isn't likely to come down too heavy on them. They didn't seem to destroy any files in previous attacks (at least they say they didn't - you can't really tell).
  ^[ Log in to reply ]
 
Richard Goodwin Message #89681, posted at 09:22, 11/12/2001, in reply to message #89680
Unregistered user The My RISC OS site can't be the first to feature the cow, as I took a look at the HTML source of the defacement and the image is being loaded /from/ a defacement archive - which makes them about 1% smarter than the average script kiddie because they recycle ;)
  ^[ Log in to reply ]
 
Guest Message #89682, posted at 10:15, 11/12/2001, in reply to message #89681
Unregistered user I think it highlights how clueless the ISP and maintainers of myriscos.co.uk are, as well as the annoyingness of the script kiddies. Script kiddies don't always end up being as annoying as this if you know what you're doing, and let's face it, pretty much everybody with something to do with myriscos.co.uk doesn't exactly exude professionalism, or any apparent good grasp on anything their doing.

They asked for it, really.
  ^[ Log in to reply ]
 
Guest Message #89683, posted at 10:18, 11/12/2001, in reply to message #89682
Unregistered user Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on 212.67.202.146 (212.67.202.146):
(The 1538 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
3000/tcp open ppp
3001/tcp open nessusd
3306/tcp open mysql
27665/tcp filtered Trinoo_Master
31337/tcp filtered Elite

Remote operating system guess: Linux 2.1.19 - 2.2.17
Uptime 137.034 days (since Fri Jul 27 10:22:41 2001)

Nmap run completed -- 1 IP address (1 host up) scanned in 18 seconds

--

I think the above highlights their cluelessness :) Ooooh! I wonder if that nessusd is open :)
  ^[ Log in to reply ]
 
Andrew Weston Message #89684, posted at 13:31, 11/12/2001, in reply to message #89683
Unregistered user Gobbledeegook.
  ^[ Log in to reply ]
 
Guest Message #89685, posted at 19:42, 11/12/2001, in reply to message #89684
Unregistered user The MyRiscOS.org site was the first defacement by a group using this name featuring the funky cow. A big script culling loads of open boxes would sign them all the same and also probably leave the same cow picture.

On the other hand, someone seems to have installed a dDOS tool or two on that machine, so maybe they're not going after fame and fortune and spreading their name. Doesn't look like it though.
  ^[ Log in to reply ]
 
Guest Message #89686, posted at 18:35, 12/12/2001, in reply to message #89685
Unregistered user And I quote:
pretty much everybody with something to do with myriscos.co.uk doesn't exactly exude professionalism, or any apparent good grasp on anything their doing.

If you're going to slander me, then at least have the decency to put a name to your comments.

Oh, and it's "they're".

ajv
  ^[ Log in to reply ]
 
Guest Message #89687, posted at 09:52, 13/12/2001, in reply to message #89686
Unregistered user Excuse me for butting in, but: Guest - you should know better, and ajv - 'ajv' is hardly a name either, and just for the sake of being pedantic, your quoted section isn't quoted ;-)

Although, from the looks of it, drobe is wide open in even more interesting ways.
  ^[ Log in to reply ]
 
Tim Fountain Message #89688, posted at 10:48, 13/12/2001, in reply to message #89687
Unregistered user Like? (Curiousity from someone who knows next to nothing about server administration)
  ^[ Log in to reply ]
 
Richard Goodwin Message #89689, posted at 11:20, 13/12/2001, in reply to message #89688
Unregistered user Maybe I should point out that Tim does the PHP, I do the server admin, so just because Tim says he doesn't know much about it doesn't mean our box is wide open :)
  ^[ Log in to reply ]
 
Guest Message #89690, posted at 16:44, 13/12/2001, in reply to message #89689
Unregistered user Your box is wide open...
  ^[ Log in to reply ]
 
Guest Message #89691, posted at 17:25, 13/12/2001, in reply to message #89690
Unregistered user I hope that as well as posting that rather unhelpful comment you mailed the admins and pointed out what they've left open. Noone's perfect, you know.
  ^[ Log in to reply ]
 
Guest Message #89692, posted at 20:41, 13/12/2001, in reply to message #89691
Unregistered user Nothing was hurt, and im sure Hoepelkoe Inc. have not installed any DDoS tool, since we don't use them.
So, this mean that you was allready compromised by somebody else, who did not leave a sign.

eSDee
  ^[ Log in to reply ]
 
Tim Fountain Message #89693, posted at 21:48, 15/12/2001, in reply to message #89692
Unregistered user Assuming you're the same 'Guest', you haven't answered my question.
  ^[ Log in to reply ]
 
Guest Message #89694, posted at 01:57, 17/12/2001, in reply to message #89693
Unregistered user This 'Guest' business is silly. At least put an IP and/or domain so we have a clue as to who they are. (Yer yer, dynamic ip blah)

I can see how myriscos were hacked. They've got no firewall and have all their ports open and have FP extensions installed. A very easy target.

I too would like to know what is insecure about TIB.

Daniel Barron
  ^[ Log in to reply ]
 
Guest Message #89695, posted at 09:32, 17/12/2001, in reply to message #89694
Unregistered user Daniel: I don't think anybody has said that the Icon Bar is insecure, just Drobe. Drobe has the problem, of course, that it's a FreeVSD virtual server - many people share the same box with root privileges, and it's surprisingly simple to escape the sandbox.
  ^[ Log in to reply ]
 
Guest Message #89696, posted at 10:28, 17/12/2001, in reply to message #89695
Unregistered user Daniel - given the number of ports open on MyRISCOS, it's possible this is some portscan detection software. Also, if there were a firewall in place you wouldn't necessarily be able to detect it easily.

Guest[09:52,13/12] - you might not class 'ajv' as a name, but addition of the myriscos.co.uk domain can generate a contact email address.

ajv
(who doesn't have anything to do with the admin of the MRO server, but does have something to do with the secure admin of a number of fairly high profile publically accessible servers)
  ^[ Log in to reply ]
 
Guest Message #89697, posted at 19:36, 17/12/2001, in reply to message #89696
Unregistered user Yes sorry, I meant Drobe not TIB.
Daniel Barron
  ^[ Log in to reply ]
 
Richard Goodwin Message #89698, posted at 15:53, 2/1/2002, in reply to message #89697
Unregistered user Well, someone was running some script kiddie hacks on the TIB box just before I left for Christmas and the site doesn't appear to have been taken down in my absence, so fingers crossed...
  ^[ Log in to reply ]
 

The Icon Bar: News and features: Random bits