OBROLAN WARUNG KOPI

AKU YAKIN INDONESIA SAMPAI DI SANA

LEMON MEMBUKA OBROLAN, PENYAIR.

Siang berganti malam, hari demi hari lalu berganti minggu ke minggu dan bulan berganti bulan serta tahun berderet-deret, akhirnya tanpa terasa waktu berlalu. Tanpa kita sadari, perjalanan sepak terjang dan kehidupan Indonesia, penuh dinamika melebihi gelombang laut, bahkan seperti lekukan tanah bagaikan lembah, dataran dan gunung yang menjulang tinggi. Demikianlah perjalanan Indonesia yang menjalani perjuangan sejak dahulu kala maupun sejak kemerdekaan, yang tak habis-habisnya tetapi saat ini memberi keyakinan "aku yakin Indonesia sampai di sana".

MARKUS MENANGGAPI.

Ibarat grafik satistik atau diumpamakan lagi mendaki gunung, kita pada saat ini lagi proses menaik ke arah yang tinggi. Banyak yang tidak tahu atau lupa untuk mensyukuri bahwa pada waktu krisis keuangan global yang terjadi mulai tahun 2008, Indonesia adalah salah satu negara yang mengalami pertumbuhan ekonomi yang tinggi sebesar 4,5% pada tahun 2009, di bawah Tiongkok dan India. Kita masih ingat krisis ekonomi yang dialami Indonesia sejak tahun 1998, yang membuat perekonomian Indonesia menurun sehingga pendapatan perkapita drastis rendah yakni sekitar US$600,-. Secara perlahan kita benahi da lambat laun membuahkan hasil dengan hasil pendapatan perkapita saat ini sekitar US$ 3000,-. Hal ini meningkat sekitar 200% dibanding dengan pendapatan perkapita pada tahun 2004 sekitar US$1100,-. Perlu juga diketahui oleh rakyat, bahwa kekayaan menyeluruh Indonesia atau bahasa kerennya GDP saat ini telah mencapai Rp. 7000,- triliun lho, katanya masuk 19 terbesar di dunia.

LALU POLAN MENYATAKAN PENGAKUANNYA.

Saya bicara sejujur-jujurnya, adanya kemajuan yang dicapai terutama sejak kepemimpinan Presiden SBY. Saya juga malu, karena banyak merasakan kemajuan, tetapi suka demo dengan berbagai tuntutan yang kadang-kadang tidak berasalan bahkan mengarah ke fitnah. Sadar atas kesalahan masih lebih baik daripada tidak sama sekali, dengan tekad kedepan aktif berpartisipasi untuk memajukan bangsa dan negara menuju kesejahteraan rakyat yang lebih baik. Betapa tidak harus mengakui kenyataan yang ada, bahwa saya sekarang ini sudah naik motor dan punya telepon seluler di pinggang atau kantong, sehingga mobilitas lincah serta dapat berhubungan dengan cepat, yang membuat dunia ini terasa sempit.

IHIN MENIMPALI.

Baguslah ada pengakuan. Terlepas dari berbagai kekurangan yang masih ada, telah dicapai berbagai kemajuan. Sejak tahun 2004, pertumbuhan ekonomi kecuali tahun 2009 rata-rata 6%. Pemberantasan korupsi digalakkan dan ditempatkan sebagai prioritas utama, sehingga sekitar 150 lebih pejabat negara yang diduga korupsi telah diberi ijin oleh Presiden untuk diperiksa. Memang bagi kelompok yang kecewa, Century digunakan sebagai masalah untuk menyerang Pemerintahan bahwa pemberantasan korupsi mendek, yang sebenarnya mereka pura-pura tidak tahu bahwa proses hukum harus didasari fakta bukan kepentingan politik.   Sejauh ada bukti dan fakta, semua harus diproses, termasuk Century alias tidak ada deskriminasi. Mari kerja keras demi kebaikan sesuai hukum yang berlaku, jangan didasari kepentingan sendiri atau kelompok dengan berusaha mencari-cari kekurangan. Bila ada kekurangan adalah untuk diatasi bukan untuk dibuat jadi bahan polemik, itu artinya "kurang kerjaan".

KUSNO MENUTUP OBROLAN.

Terlambat tahu, adalah lebih baek, daripada tidak sama sekali. Nenek saya pada awal tahun 2004 mengeluh karena hutang kita besar sekali yakni sekitar 54% dar GDP. Beliau mengakui bahwa menumpuknya hutang tersebut merupakan kesalahan untuk keturunan atau generasi berikutnya. Untunglah dapat dikurangi sehingga telah berada sekitar 28% dari GDP. Tapi orang masih juga salah mengartikan, karena selalu melihat jumlah nomilanya bukan prosentase dar GDP dan besarnya APBN kita. Saat ini APBN kita sudah di atas Rp. 1000 triliun dan anggaran pendidikan telah berkisar 20% dari APBN. Untuk kesejahteraan diterapkan gratis dengan sistem Jamkesmas dan bagi pengusaha diberikan KUR, bagi kredit yang jumlahnya Rp. 20juta diberikan tanpa anggunan. Ini adalah sekelumit kemajuan-kemajuan yang dicapai, yang artinya "Aku Yakin Indonesia Sampai Disana", untuk menuju negara maju dan sejahtera dan pada tahun 2014 InsyaAllah kemiskinan menurun pada tingkat 8-10% dan pengangguran 5-6% di tahun 2014.

Cerita mahasiswa Indonesia di Ausie:

Nyataa. Suatu pagi, kami menjemput seseorg klien di bandara. Org itu sdh tua, kisaran 60 thn. Si Bpk adl pengusaha asal Singapura, dgn logat bicara gaya melayu&english, beliau menceritakan pengalaman2 hidupnya kpd kami yg msh muda. Beliau berkata, "Ur country is so rich!" Ah biasa banget denger kata2 itu. Tapi tunggu dulu."Indonesia doesn't need ... the world,but the world needs Indonesia,"lanjutnya. "Everything can be found here in Indonesia,U don't need the world." "Mudah saja,Indonesia paru2 dunia.Tebang saja hutan di kalimantan,dunia pasti kiamat. Dunia yg butuh Indonesia! Singapura is nothing, we can't be rich without Indonesia 500.000 org Indonesia berlibur ke Singapura tiap bulan. Bisa terbayang uang yg masuk ke kami,apartemen2 terbaru kami yg beli org2 Indonesia, ga peduli harga selangit, laku keras. Lihatlah RS kami, org Indonesia semua yg berobat. Trus, kalian tau bgmna kalapnya pemerintah kami ketika asap hutan Indonesia masuk? Ya, bener2 panik. Sangat terasa, we are nothing. Kalian tau kan kalo Agustus kmrn dunia krisis beras.Termasuk di Singapura dan Malaysia?Kalian di Indonesia dgn mudah dpt beras. Liatlah negara kalian, air bersih di mana2,liatlah negara kami, air bersih pun kami beli dari Malaysia. Saya ke Kalimantan pun dlm rangka bisnis, krn pasirnya mengandung permata.Terliat glitter kalo ada matahari bersinar. Penambang jual cuma Rp 3rb/ kg ke pabrik china,si pabrik jual kembali seharga Rp 30rb/ kg. Saya liat ini sbg peluang.Kalian sadar tidak kalo negara2 lain selalu takut meng-embargo Indonesia! Ya, karena negara kalian memiliki segalanya. Mereka takut kalau kalian mnjadi mandiri, makanya tidak di embargo. Harusnya KALIANLAH YG MENG- EMBARGO DIRI KALIAN SENDIRI. Belilah pangan dr petani2 kita sendiri, belilah tekstil garmen dr pabrik2 sendiri. Tak perlu impor klo bs produk sendiri. Jika kalian bs mandiri, bisa MENG-EMBARGO DIRI SENDIRI, INDONESIA WILL RULE THE WORLD!!!!!

A Guide to Internet Security: Becoming an Uebercracker and Becoming an UeberAdmin to stop Uebercrackers.

Author: Christopher Klaus <cklaus@shadow.net>

Date: December 5th, 1993.

Version: 1.1

  This is a paper will be broken into two parts, one showing 15 easy steps

to becoming a uebercracker and the next part showing how to become a

ueberadmin and how to stop a uebercracker.  A uebercracker is a term phrased

by Dan Farmer to refer to some elite (cr/h)acker that is practically

impossible to keep out of the networks. 

Here's the steps to becoming a uebercracker.

Step 1. Relax and remain calm. Remember YOU are a Uebercracker. 

Step 2. If you know a little Unix, you are way ahead of the crowd and skip

past step 3.

Step 3. You may want to buy Unix manual or book to let you know what

ls,cd,cat does.

Step 4. Read Usenet for the following groups: alt.irc, alt.security, 

comp.security.unix.  Subscribe to Phrack@well.sf.ca.us to get a background

in uebercracker culture. 

Step 5. Ask on alt.irc how to get and compile the latest IRC client and

connect to IRC.

Step 6. Once on IRC, join the #hack channel. (Whew, you are half-way

there!)

Step 7. Now, sit on #hack and send messages to everyone in the channel

saying "Hi, Whats up?". Be obnoxious to anyone else that joins and asks 

questions like "Why cant I join #warez?"

Step 8. (Important Step) Send private messages to everyone asking for new

bugs or holes. Here's a good pointer, look around your system for binary

programs suid root (look in Unix manual from step 3 if confused). After

finding a suid root binary, (ie. su, chfn, syslog), tell people you have a

new bug in that program and you wrote a script for it.  If they ask how it

works, tell them they are "layme". Remember, YOU are a UeberCracker. Ask

them to trade for their get-root scripts.

Step 9. Make them send you some scripts before you send some garbage file

(ie. a big core file). Tell them it is encrypted or it was messed up and

you need to upload your script again.

Step 10. Spend a week grabbing all the scripts you can. (Dont forget to be

obnoxious on #hack otherwise people will look down on you and not give you

anything.)

Step 11. Hopefully you will now have atleast one or two scripts that get

you root on most Unixes. Grab root on your local machines, read your

admin's mail, or even other user's mail, even rm log files and whatever

temps you. (look in Unix manual from step 3 if confused).

Step 12. A good test for true uebercrackerness is to be able to fake mail.

Ask other uebercrackers how to fake mail (because they have had to pass the

same test). Email your admin how "layme" he is and how you got root and how

you erased his files, and have it appear coming from satan@evil.com. 

Step 13. Now, to pass into supreme eliteness of uebercrackerness, you brag

about your exploits on #hack to everyone. (Make up stuff, Remember, YOU are

a uebercracker.) 

Step 14. Wait a few months and have all your notes, etc ready in your room

for when the FBI, Secret Service, and other law enforcement agencies

confinscate your equipment. Call eff.org to complain how you were innocent

and how you accidently gotten someone else's account and only looked

because you were curious. (Whatever else that may help, throw at them.) 

Step 15. Now for the true final supreme eliteness of all uebercrackers, you

go back to #hack and brag about how you were busted.  YOU are finally a

true Uebercracker.

Now the next part of the paper is top secret.  Please only pass to trusted

administrators and friends and even some trusted mailing lists, Usenet

groups, etc. (Make sure no one who is NOT in the inner circle of security

gets this.) 

This is broken down on How to Become an UeberAdmin (otherwise know as a

security expert) and How to stop Uebercrackers.

Step 1. Read Unix manual ( a good idea for admins ).

Step 2. Very Important.  chmod 700 rdist; chmod 644 /etc/utmp. Install 

sendmail 8.6.4.  You have probably stopped 60 percent of all Uebercrackers

now.  Rdist scripts is among the favorites for getting root by

uebercrackers.

Step 3. Okay, maybe you want to actually secure your machine from the 

elite Uebercrackers who can break into any site on Internet.  

Step 4. Set up your firewall to block rpc/nfs/ip-forwarding/src routing

packets. (This only applies to advanced admins who have control of the

router, but this will stop 90% of all uebercrackers from attempting your

site.)

Step 5. Apply all CERT and vendor patches to all of your machines. You have

just now killed 95% of all uebercrackers. 

Step 6. Run a good password cracker to find open accounts and close them.

Run tripwire after making sure your binaries are untouched. Run tcp_wrapper

to find if a uebercracker is knocking on your machines.  Run ISS to make

sure that all your machines are reasonably secure as far as remote

configuration (ie. your NFS exports and anon FTP site.) 

Step 7. If you have done all of the following, you will have stopped 99%

of all uebercrackers. Congrads! (Remember, You are the admin.)  

Step 8. Now there is one percent of uebercrackers that have gained

knowledge from reading some security expert's mail (probably gained access

to his mail via NFS exports or the guest account.  You know how it is, like

the mechanic that always has a broken car, or the plumber that has the

broken sink, the security expert usually has an open machine.)  

Step 9. Here is the hard part is to try to convince these security experts

that they are not so above the average citizen and that by now giving out

their unknown (except for the uebercrackers) security bugs, it would be a

service to Internet.  They do not have to post it on Usenet, but share

among many other trusted people and hopefully fixes will come about and

new pressure will be applied to vendors to come out with patches. 

Step 10.  If you have gained the confidence of enough security experts,

you will know be a looked upto as an elite security administrator that is

able to stop most uebercrackers.  The final true test for being a ueberadmin

is to compile a IRC client, go onto #hack and log all the bragging and

help catch the uebercrackers. If a uebercracker does get into your system,

and he has used a new method you have never seen, you can probably tell

your other security admins and get half of the replies like - "That bug

been known for years, there just isn't any patches for it yet. Here's my

fix." and the other half of the replies will be like - "Wow.  That is very

impressive. You have just moved up a big notch in my security circle."

VERY IMPORTANT HERE:  If you see anyone in Usenet's security newsgroups

mention anything about that security hole, Flame him for discussing it

since it could bring down Internet and all Uebercrackers will now have it

and the million other reasons to keep everything secret about security.

Well, this paper has shown the finer details of security on Internet. It has

shown both sides of the coin.  Three points I would like to make that would

probably clean up most of the security problems on Internet are as the

following:

1.  Vendors need to make security a little higher than zero in priority. 

If most vendors shipped their Unixes already secure with most known bugs

that have been floating around since the Internet Worm (6 years ago) fixed

and patched, then most uebercrackers would be stuck as new machines get

added to Internet.  (I believe Uebercracker is german for "lame copy-cat

that can get root with 3 year old bugs.") An interesting note is that

if you probably check the mail alias for "security@vendor.com", you will

find it points to /dev/null.  Maybe with enough mail, it will overfill

/dev/null.  (Look in manual if confused.)

2.  Security experts giving up the attitude that they are above the normal

Internet user and try to give out information that could lead to pressure

by other admins to vendors to come out with fixes and patches.  Most

security experts probably don't realize how far their information has

already  spread.

3.  And probably one of the more important points is just following the

steps I have outlined for Stopping a Uebercracker.

Resources for Security:

   Many security advisories are available from anonymous ftp cert.org.

Ask archie to find tcp_wrapper, security programs.  For more information

about ISS (Internet Security Scanner), email cklaus@shadow.net.

Acknowledgements:  

   Thanks to the crew on IRC, Dan Farmer, Wietse Venema, Alec Muffet, Scott

Miles, Scott Yelich, and Henri De Valois.

Copyright:

This paper is Copyright 1993, 1994.  Please distribute to only trusted

people.  If you modify, alter, disassemble, reassemble, re-engineer or have

any suggestions or comments, please send them to:

cklaus@shadow.net