Security Compromised

What is going through your head? Before you believe your machine was destroyed, stop for a moment and think. What has happened? You hear about hackers on the news, in the papers, and on the Internet. What exactly is a hacker? The term has changed over the past couple of years. It's original and true meaning has been forever lost in cyberspace.

We explore and you call us criminals. We seek after knowledge and you call us criminals. We exist without skin color, without nationality, without religious bias; and you call us criminals. I am a hacker. A criminal if you will. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something you will never forgive me for.

Information is sacred. In such an age where twenty billion dollars can be transferred to Tokyo in a blink of an eye. And in that moment, entire networks are taken down in a constant war of what has now become modern day hacking. After-school teenagers defacing countless web sites in and endless "you suck!" manner boosting their own stupidity. What is gained from this? This server had no web site, nothing was tampered or removed. This http server was installed for the soul purpose of passing this message along. That's all.

I'm sure you are wondering how this happened. A real hacker not only exploits bugs, but explains how. We gain knowledge, not fame. There is no knowledge that's not power. You hear on the news, "Teenage hacker arrested in computer scandal". Web sites defaced like graffiti on a wall from one gang to the next. We use the term "script kiddies" to describe these "hacking" groups. A complete menace to the Internet. They ruin computers and companies for no reason at all.

Security Information: LPRng has a string format bug in the use_syslog function. This function returns user input in a string that is passed to the syslog() function as the format string. It is possible to corrupt the print daemon's execution with unexpected format specifiers, thus gaining root access to the computer. The vulnerability is theoretically exploitable both locally and remotely. In a default full install, this is running and listening on the network. That is how this happened.

By keeping up-to-date with bug fixes from Redhat Software on a daily basis, your machine will never be comprised again. If you don't have the time to do this, an Operating System change to something less used would be ideal. I suggest Debian or Slackware. They are both Linux distributions, free for download under the General Public License.

I hope you, and the administrator of this machine find what I have to say enlightening. If you need more security tips, you can always read up on them from your Operating System's web site. Mailing lists are also very powerful for those up-to-the-minute security patches.

I would like to thank many people who have helped me out over the past five or six years, as I continue to explore the Internet. They go only by nicknames, "hacker handles" if you will. The many faces that make up today's Internet.

dj28, dent, Veovis, CommPort5, skrilla, q[binary], kilrid, mage, tty, mosthated, #bitchx, #god, #freebsdhelp, lucidx.com, neonsky.net, hack-x.org, attrition.org, pdump.org, freshmeat.net, efnet.org, box.sk, freebsd.org, and others.

I am "methamp" -- just another hacker.
mh at makintosh dot com (no flames, thanks.)