Re: debian and the malware problem

From: Michelle Konzack (linux4michelle_at_freenet.de)
Date: 11/30/05

Next message: Michelle Konzack: "Re: [root user] How to disable root account?"

Previous message: Michelle Konzack: "Re: Request to remove Information"
In reply to: Ron Johnson: "Re: debian and the malware problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 30 Nov 2005 16:09:04 +0100
To: debian-user@lists.debian.org

Am 2005-11-27 15:56:27, schrieb Ron Johnson:

> Rootkits and worms come immediately to mind.

:-)

If you leave ports openund use insecure CGI's
on your server or weak passwords or ...

> What's to stop such malware (which, if it exploits the "right" bug),
> from installing a keylogger (since, remember it's a *root* kit),

How can they install keylogger ?
If you have not configured your system to allow such

> and sending everything someone types thru port 80 to some site in
> Romania?
^^^^^^^

I call this discrimination.

> Or grabbing your /etc/shadow, and doing a dictionary attack to get
> root and user passwords so as to log in via ssh, and do mischief?

Dictionary attacks? Are you dreaming?
I have currently 28 Server online and all Server
running the OpenSSH daemon. The daily (!!!) logs
are realy huge, exactly around 1-5 MByte per server.

Guess why!

In 6 years no one break in!

> Daemon minimalism, firewall maximalism & strong passwords are the
> sine qua non of security, but you're still vulnerable, especially
> if you then do something stupid like turn around and run old, buggy
> versions of PHP, libc6, etc, etc.

:-)

> Ron Johnson, Jr.
> Jefferson, LA USA

Michelle Konzack
Teheran, IRAN
Capital of the american dream of terrorism.

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Next message: Michelle Konzack: "Re: [root user] How to disable root account?"

Previous message: Michelle Konzack: "Re: Request to remove Information"
In reply to: Ron Johnson: "Re: debian and the malware problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: email fowarding
... > "inherently insecure" and may be intercepted and so on and so forth. ... and much more secure than forwarding e-mails to some insecure server out ... Do they have to use remote service when ...
(Security-Basics)
Re: rhosts authentication
... > I know that it is insecure, so plese don't rant about it. ... > (on the server) fine. ... > can anyone point me in the direction of the client side setting to ...
(Debian-User)
Re: [Full-disclosure] Database servers on XP and the curious flaw
... David Litchfield wrote: ... >>Usually if millions of users are insecure because they don't know ... personal information stored in the server, ... The fault is certainly distributed, and it's not all on MS's ...
(Full-Disclosure)
Re: Extending a secure zone to an insecure zone
... Customer has an SSL connection to both secure and insecure ... The first operation takes his data, encrypts and stores it ... That encryption is going to happen on the insecure server that might ...
(sci.crypt)
Re: Remote GUI Login between Solaris machines?
... > X11 forwarding is insecure if the host running the X server is not ... which the X traffic is tunneled) if the host running the X server is not ... Is there some other special requirement of the ssh connection? ...
(comp.unix.solaris)