02/01/2004: "The Hack and Superbowl Sunday"

Linux kernels before version 2.4.23 had a security hole that would allow a non-privileged user to gain administrative privileges on any Linux system. Version 2.4.23 was released on November 28, 2003. had been running with no significant changes to its setup since May, 2003. The kernel hole, along with a security hole in the gallery software I use on this site, PHPix, allowed attackers to gain privileged access to the machine. Apparently, one succeeded. But whoever it was, the attacker must have been disappointed at the level of machine he or she gained access to. A Pentium Pro 180 with a nice but unremarkable Internet uplink isn’t exactly a conquest worth bragging about. Furthermore, nothing even remotely commercial happens on the machine, and all of my email is boring. Besides, something seems to have gone wrong: with the privileged status, the attacker seems to have replaced my INIT – the program that starts up before all other programs and guides the system though its startup routine – a common first step once a root kit (the tools used to crack open a system once administrator privileges have been gained) has been installed. However, this seems to have made my system quite unstable, and with several convenient power outages (thanks Amy, and Puget Power), the problem soon manifest itself with becoming unstable and generating all sorts of errors. In due time, after I got around to reading the logs, and reading security news bulletins, I was able to piece the story together. Of course, I am dumb, and I haven’t updated my (extremely changed by me) version of PHPix yet, but I figure as long as users can’t gain root with a kernel exploit, I’ll let them run strange commands on my system until I get around to getting the real replacement server working (probally FreeBSD or OpenBSD on the dual Pentium II). But at this point, that is a ways off.

After watching the movie last night, I stayed up even later to, among other things, update this site. The result is that I slept in until 1:00pm today, just long enough to completely miss church. That wasn’t planned, mind you. I had breakfast, read some, and then watched the New England Patriots narrowly defeat the Carolina Panthers in Superbowl XXXVIII. I was cheering for the Panthers simply because they were the underdogs; things looked grim in the first quarter for them, but both teams picked up the offensive pace towards halftime…

Another aside: At BYU, I took an introduction to economics course that covered basic micro- and macroeconomic theory. One of the books I read for the class was called “Hard Heads, Soft Hearts.” Written by Alan Blinder, a liberal economist from the Clinton administration, the book is about how liberal fiscal policies could also be economically grounded. I hope that all politicians in this country, both “conservative” and “liberal” (although the differences these days are slight) would read the book and follow the advice. The reason I think of this now is that in the introduction to the book, Blinder declares that you can tell if someone is liberal if they root for the underdog team in a sports contest when they have no personal loyalties to either team. But he is wrong. I am one of the least liberal people I know (not necessarily to be confused with classic conservatism), and I enthusiastically root for the underdogs, as long as the one projected to win is not the UW, BYU, or a Seattle team. Take that, Mr. Blinder! But seriously, especially if you are liberal, read the book, then we can have a decent conversation about our politics.

…And back to the main story: despite the slow start, the game turned out to be quite good, except for the fact that we had the same ending that we had two years ago (although I did not watch that game, to be honest) and the fact that the Panther’s should have tried something really wild on that last play. Getting tackled should’ve been the last thing they let happened – I mean, seriously, who cares if you let the Patriots score again, you still loose, but try some laterals and pull your entire team back for some voodoo magic and at least make the final moments an exciting bang instead of a lackluster whimper. Oh well, I guess that’s what we have college football for.

