[vox] cal.net rant

Ryan Castellucci vox@lists.lugod.org
Sun, 21 Sep 2003 22:58:52 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 21 September 2003 07:40 pm, Jeff Newmiller wrote:
> On Sat, 20 Sep 2003, Ryan Castellucci wrote:
> > I would like to see an article published in the enterprise about this=
, as
> > I am VERY annoyed that they are partly to blame for two of my systems
> > being cracked, and that they are allowing this intruder have free rei=
gn
> > on thier system, however, I doubt the entrprise would make a store ou=
t of
> > this. If anyone knows of anywhere I can complain to that will bring t=
his
> > to the attention of the public, I would be appreciative.
>
> I am interested to see your analysis of the problem.  Definitely not fu=
n.
>
> However, I am not really sure why this situation is pushing you to swit=
ch
> to Omsoft.  They are linux-friendly, but not necessarily
> linux-advocates... they depend heavily on Windows NT.  Davis Community
> Network (which is sort of related to Omsoft) has two (or more?) sun box=
en.
> I have an account on one of these, and while I have no information lead=
ing
> me to suspect that they are or ever have been 0wned, I would simply nev=
er
> make a backward connection into my home box from that shell account, so
> the worst that can happen through that account is defacement of my webs=
ite
> or perusal of my email.  I would not be particularly happy to encounter
> defacement of my website, but I would most likely simply request the
> sysadmin to review the security of their box and change my password. (I=
 do
> think DCN is competent to do that... you may not have even that level o=
f
> confidence in cal.net anymore.)

Yes, I was foolish to make an outgoing connection from my shell. I should=
 not=20
have been doing that from an untrusted system. It was also a bad idea to =
give=20
my personal account unfettered sudo access.

As to why I am planning to switch to omsoft, most people I talk to say th=
ey=20
are a good ISP, and their static IP DSL pricing is attractive.

> I like Omsoft as an ISP, but I don't have any reason to think they have
> any special claim to better security than cal.net... and I don't hold t=
hem
> even partly responsible for the integrity of my LAN.  There are too man=
y
> ways a random computer can be doctored to make remote shell connections=
 to
> my home box permissible to more than my laptop.

Well, my irritation stems mostly from the fact that they seem to be simpl=
y=20
ignoring the problem, and that they don't seem to be installing patches.

- --=20
PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90  34E7 11DF 44F3 7217 7BC7
On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177=
BC7`
Also available at http://www.cal.net/~ryan/ryan_at_mother_dot_com.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/bo+cEd9E83IXe8cRAvjfAJ0QX8N3XoQissGREE0UbBpEgdqvagCgqRbb
99Dcoiqd3JYiRtt8WCijxfo=3D
=3DmXvv
-----END PGP SIGNATURE-----