[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] Dear USA Today - THE OFFICIAL BLOG OF THE SBS DIVA
Tue, Nov 30 2004 15:38 bradley

Dear USA Today

I'd like to point out some problems with your study you did in particular about the claims on SBS 2003.

In your information you indicate that on a SBS 2003 box you had  "Mitnick and Ryan Russell, an independent security researcher and author of Hack Proofing Your Network, were contracted by Avantgarde to set up and carry out the experiment."

"To hijack the Windows Small Business Server, the attacker finagled his way into a function of the Windows operating system that allows file sharing between computers. He then uploaded a program that gave him full control."

As a person who day in and day out is in the SBS newsgroups, this doesn't happen.  We're road kill out here.  We don't have attackers specifically targeting our boxes so the scenerio you have described doesn't happen.

The reality is we are more hurt by misconfigurations, weak passwords and what not.

You don't give details as to whether this was an attack from the inside or remotely from the outside. Given our file and printer sharing ports are closed from the outside, but obviously open and needed from the inside I'm guessing {I could be wrong} that it appears that the firm has an Human Resource issue [how to fire someone, perhaps?] rather than worrying about outside attackers?  However since the article is unclear as to the technical detail of “finagle“, it's hard to say from what location the attack was launched from.

Could a specifically targeted attack get into our systems?  Ever seen Dr. Jesper Johansson  aka Dr. J, “hack” his way into a fully patched network?  I have no doubt that you can "finagle" yourself into ANY network given enough time, expertise and talent [and a dash of social engineering thrown in if the normal methods don't work].

Reality is folks, that Ryan Russell and Kevin Mitnick would not be wanting to go after SBS boxes.  The reality is that spybots and malware are our issues. Stupid passwords and SMTP auth attacks.

Security is about Risk.  Ryan and Kevin are so NOT my risk factors. 

  • Stupidly misconfiguring my SBS box
  • Weak passwords
  • Not patching
  • No backup
  • Not paying attention to the risks of my desktops

Now “THAT'S“ my risk factors.

{READ THIS FOLLOWUP - it was a stupid password that is our “finagle” vulnerability}

Filed under:

# re: Dear USA Today

Tuesday, November 30, 2004 8:07 PM by bradley

Agreed.

But remember why an article like that was created:
"We need a story on HACKING"
"Ok, lemme call my IT mate"
...
"I've got a haz-been story that someone else ran last year, will that do?"
"Sure. Goto microsoft dot com and grab some of their latest product names. Make sure you put them through the article. Makes it look relevant."

News media isnt about the truth, its about distorting the truth so you'll read it.

How can all those corporations allow the Internet to replace their expensive business models? If the kids in garages get sick of writing viruses, you can be sure corporations will start.

# re: Dear USA Today

Tuesday, November 30, 2004 8:59 PM by bradley

Unfortunetly the article doesnt give details, but what if the way they got in was because of a misconfiguration? Thats something I would like to know.

My thinking though is what magic was done on the SBS box that could not have been done on the XP box, at least from a file sharing perspective?

Tim

# Dear USA Today - followup - what our SBS box got

Wednesday, December 01, 2004 12:21 AM by TrackBack