On Fri, May 30, 2008 at 7:27 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Justin Mattock wrote: > | On Fri, May 30, 2008 at 5:51 PM, Matthew Hammer > | <matthewhammer89@xxxxxxxxx> wrote: > |> On Fri, 30 May 2008 17:04:41 +0000 > |> "Justin Mattock" <justinmattock@xxxxxxxxx> wrote: > |> > |>> Hello; First I need to start with a status: SELinux seems to be > |>> handling nicely with the latest git, and refpolicy. You guys really do > |>> a good job. > |>> Now for the question: I noticed reading the New York Times that > |>> Comcast was hacked into, after reading the article I couldn't help but > |>> ask the question > |>> of "If comcast was using Linux with SELinux would this have happened". > |>> So the question to SELinux is: If Comcast was using Linux, with > |>> SELinux on there servers > |>> would this attack have been prevented? What should Comcast have had > |>> with there set up to better protect them from this type of > |>> attack?(even though they probably use windows) > |>> How would regular users and small businesses protect themselves from > |>> this type of terrorism? > |>> regards; > |> My understanding of the comcast hack was that the hackers altered > |> Comcast's registration information with the vendor that registers their > |> domain. So no, the problem wasn't anything internal with comcast's own > |> system. > |> > |> -- > |> Matthew Hammer > |> > | > | AAhh I see, the vendor that registers their domain. > | > Of course the next question is whether the vendor who registers their > doimains had been running SELinux, could it be stopped, and there is a > good possibility. > > Depending on the Version, SELinux prevents most buffer overflow attacks > on confined domains. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkhAVPQACgkQrlYvE4MpobPWSwCfQnk59XT5A7vZ/hL8JtHJGBj5 > 9fkAoJ+RKyeW/Vcd86U7syYUK9T17zwR > =tzTL > -----END PGP SIGNATURE----- > So if the vendor was protected with SELinux, the hacker would have had to really work hard at trying to tweak the numbers inside the vendors computer to cause this(edit a file), or is it a wire tap scenario i.g. similar to arp spoofing. -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
