---------- Forwarded message ----------
Date: Mon, 21 Jul 1997 18:49:38 -0400 (EDT)
From: Haxorchick@aol.com
To: dc-stuff@dis.org
Subject: Re: Happy Hacker

In a message dated 97-07-21 15:04:47 EDT, spork@exo.com (A.j. Effin ReznoR)
observed:
 
> maybe its jsut be and my perverted sense of reality, but i find it
> somewhat amusing that a server handling a mailing list for hackers isnt
> secured better.  if it were, majordomo would still be a problem :)
 
OK, folks. Reality check time. Computer Security 101 tells us that ANY
computer connected to the Internet isn^'t secure. No matter how good the
sysadmin. 

If you guys want the FREE service of receiving the DC-stuff list, Happy
Hacker Digest or any hacker list, the least you can do is get sufficiently
educated in computer security to recognize the expense and effort the
managers of these lists must put into keeping them in operation despite
incessant attacks.

For example, I was seriously irritated by Damien Sorder's talk at Def Con
this year where he gloated over the DC-stuff list getting hacked. Of course
it gets hacked. For cripes sake, this list is ON THE INTERNET! Most recently,
for whatever reason, the DC-stuff list was restored from backup last
Wednesday. Even if it was hacked and rmed, so what. It would say nothing
whatsoever about Pete Shipley's skills in administering merde.dis.org. In
fact, if you know how vulnerable majordomo is, the fact that he has kept this
list going for almost a year is a major testimony to Pete's skills and
altruism.

In 1996 the Happy Hacker folks used majordomo, too. But being greedy power
crazy empire builders (just kidding), they have been unwilling to achieve the
still-imperfect level of security of the DC-stuff list by running a dedicated
server on its own T1, well segregated from other boxes that otherwise might
suffer collateral damage. Instead, Happy Hacker uses the ultimate in computer
security -- hiding behind a dynamic IP address! 

This is a KISS defense. So what. It works. It doesn^Òt cost a bazillion
dollars. Labor is minimal, especially when you think about two seconds and
realize that a simple Perl program on a Linux box hiding behind a dynamic IP
address can do everything majordomo does -- yet be as secure as you can get
short of operating inside a Faraday cage with a self-contained power supply.

In the meantime, Matt can keep on laughing off his head at the kewl d00dz who
keep sending commands to majordomo@techbroker.com and
majordomo@happyhacker.org.

PS I'm the dread Meinel. Sorry, Pete, but I couldn't resist pointing out what
so few people recognize -- you are talented and dedicated. All of us who read
this list or attend Def Con (which relies on list) owe you a debt of
gratitude.