OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [discuss] RAID Fail with MDK 9.2

From: Vincent Danen (vdanenmandrakesoft.com)
Date: Sun Apr 04 2004 - 21:56:47 CDT

On Apr 4, 2004, at 5:54 AM, Anton Aylward CISSP CISA wrote:

>> This list was created to discuss topics of
>> security... things such as authentication, vulnerabilities, exploits,
>> secure system configuration, etc. If there is no interest in limiting
>> the scope of the list without someone jumping on their proverbial
>> soapbox to tell me what is and is not security related, I have no
>> problem dissolving the list because then the intent behind the list is
>> no longer important. This becomes just another two-bit discussion
>> list
>> on anything you feel like talking about because somehow, someway, to
>> someone, it pertains to security, to some degree.
>>
>> So rather than arguing semantics, let's keep the list focus to what it
>> should be. It is *not* C-I-A.
>>
>> If you like, I can draw up a better illustrative set as to what should
>> be considered on topic for this list, but I'd rather not. I think it
>> should be clear enough what a list about security should consider on
>> topic.
>
> I think you better had.
> For, what is the difference to the end user or the managerial level
> between network borne DDOS attack and a piece of social engineering
> that
> renders the network unavailable. Its still something tat exploits a
> vulnerability. The vulnerability may be in management's budgeting
> process that they ar too cheap to hire competent sysadmins who know
> better.
>
> Don't laugh. I've had a client whose system was wiped out because a
> manager insisted on full-image backups when the business process
> involved single file restores on a daily basis. A typo by a newly
> hired
> and inexperienced sysadmin restored the whole of last years image.
> Five
> days work was lost. That's a longer outage than I've seen from network
> attacks.
>
> I agree that this isn't a full-spectrum security forum, nor should it
> be. But your "topics of security... things such as authentication,
> vulnerabilities, exploits, secure system configuration, etc" could
> cover a very wide range to those of us who have had to face more tan
> just 'sysadmin' level security. That "etc" is a gaping "backdoor".
>
> If you want to define the bound as things that pertain to a sysadmin or
> netadmin, that's OK, I think that's a great definition, but while
> reading logs to see who has been hammering on the unused ports
> (courtesy
> of the new SENSORS option on Xinetd) you see a large number of reports
> on disk errors. I mean, after all, your job is to keep the system
> functioning -- available -- for the benefit of the users.
>
> But be careful: you could too easily make this into an intellectual
> game
> of "what can we shoe-horn in under Vincent's definition".
>
> And yes, once at a large IBM site, when an alarm went off on one of the
> raid arrays, I - the security guy - was the one the sysadmins called in
> to yank the drive, do the rebuild and ship the failed unit off (after
> scrubbing it) for replacement.

You know what? Whatever. You want to argue, that's fine. You want to
consider a failed RAID array a security issue because you had to clean
the drive, that's fine.

I don't have the time or energy to argue with you.

Do whatever you want with the list. I'm pretty much to the point where
I no longer care... too many vampires sucking my energy. Why fight to
keep things straight for those who originally joined the list to
discuss security topics when the newly subscribed couldn't care less
what the topic is, or even less what list they're on?

Enjoy folks. You think install issues are security-related? Come talk
about it here. You want to talk about failed raid arrays on the list?
Excellent! Lets also talk about some performance bugs in mozilla
because they might be security related... after all, if the browser
takes too long to load the end user may decide to snoop on the system
to relieve boredom and that definitely constitutes a security threat,
right?

Awesome. No more off-topic messages. Let's throw a party and talk
about the weather, shall we? Why not... we all like wasting each
other's time on this list after all.

I shouldn't be surprised... it's the same symptoms on every other
Mandrake list. A little disappointing it showed up on this list, but
not surprising.

If anyone wants me, I'll be doing real work. This list just moved onto
my ever-growing list of time wasters.

--
Mandrakesoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAcMrvIEPQ5f5vKv0RAoQBAJ49bRFon0FBZx3/O5lvaBDaNNc0CwCgm0OC
phG/QO2d1E/UveIhgdpXZ+8=
=KApu
-----END PGP SIGNATURE-----