Security News > 2004 > March > selling root accounts on IRC
Forwarded from: Russell Coker For some time I and several other people have been running SE Linux play machines: http://www.coker.com.au/selinux/play.html One purpose of such machines is to demonstrate the security of SE Linux by giving root access to an SE Linux machine to the world. People can freely login at any time and try "rm -rf /" or other commands and see that no damage is caused. They can run "ps aux" and notice that only their own processes (and those of other users in the same context) can be seen. Commands such as "reboot" don't do anything exciting either. Another purpose of such machines is to serve as a reference to how a SE Linux machine can be run. When a new user starts out with a complex new security feature such as SE Linux it can be difficult for them to work out how to get it going. The play machines serve as examples of how SE Linux works when correctly configured and seem to be helpful when new users have problems getting it going. One disturbing trend recently has been criminals selling "root access" to the play machines for stolen credit card numbers, accounts on other servers, or other things. The people who are selling the accounts surely know what the machines are about, but seem to sell the accounts anyway. People involved in running honeypot's might be interested in doing something similar. Run a machine, tell everyone "this is a honeypot server, the root password is ..." and then wait for people to illegally purchase access to it! Russell Coker - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.