[OLPC Security] Security Digest, Vol 23, Issue 2

Greg Smith gregsmitholpc at gmail.com
Wed Sep 17 17:23:41 EDT 2008


Hi Guys,

I replied off list to this one. In short it was not a default XS install 
and where we differed we err'd.

I would really appreciate the help of any security experts one out there 
who wants to help lock down an XS on the Internet. I would even 
appreciate help explaining when and how to communicate security issues 
on public lists.

We can make it a honey pot too if we want to learn more...

Thanks,

Greg S

security-request at lists.laptop.org wrote:
> Send Security mailing list submissions to
> 	security at lists.laptop.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.laptop.org/listinfo/security
> or, via email, send a message with subject or body 'help' to
> 	security-request at lists.laptop.org
> 
> You can reach the person managing the list at
> 	security-owner at lists.laptop.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Security digest..."
> 
> 
> Today's Topics:
> 
>    1. XS Server Security (Greg Smith)
>    2. Re: XS Server Security (Ra?l Guti?rrez S.)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 17 Sep 2008 07:37:22 -0400
> From: Greg Smith <gregsmitholpc at gmail.com>
> Subject: [OLPC Security] XS Server Security
> To: security at lists.laptop.org
> Message-ID: <48D0EBF2.3050406 at laptop.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Hi All,
> 
> I have an XS server on the Internet. It was broken in to via a 
> dictionary style attack in August.
> 
> That style attack is now blocked but we're still being probed and 
> attacked somewhat regularly.
> 
> I have some background on what has been happening. Its under control but 
> I could use a security expert who we know and trust to help analyze the 
> past and investigate possible future vulnerabilities.
> 
> Let me know if there is someone interested in helping with this.
> 
> Thanks,
> 
> Greg S
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 17 Sep 2008 09:06:06 -0400
> From: Ra?l Guti?rrez "S." <rgs at rieder.net.py>
> Subject: Re: [OLPC Security] XS Server Security
> To: greg at laptop.org
> Cc: security at lists.laptop.org
> Message-ID: <1221656766.6403.2.camel at laptop.personal.com.py>
> Content-Type: text/plain; charset=UTF-8
> 
> Greg,
> 
> On Wed, 2008-09-17 at 07:37 -0400, Greg Smith wrote:
>> I have an XS server on the Internet. It was broken in to via a 
>> dictionary style attack in August.
> 
> The dictionary attack was played against the root password via SSH?
> 
>> That style attack is now blocked but we're still being probed and 
>> attacked somewhat regularly.
> 
> How was it blocked?
> 
> Best regards. 
> 


More information about the Security mailing list