Re: brute force ssh attack

From: Matthew Miller (mattdm_at_mattdm.org)
Date: 04/28/05

  • Next message: Marc M: "Re: Shameless give away" 
    Date: Thu, 28 Apr 2005 09:40:17 -0400
To: For users of Fedora Core releases <fedora-list@redhat.com>

    On Thu, Apr 28, 2005 at 09:11:18AM -0400, William Hooper wrote:
    > So it's on the same threat level as a bash script that does "rm -f /*".

    Oh come on. It's somewhat worse than that, since its effects aren't
    immediately obvious. If the original poster had done that, he would have
    realized immediately that Something Bad had happened. In this thread though,
    it was actually a virus scanner that told us -- the original poster realized
    something was wrong because the virus happens to have some flaws (maybe
    exec-shield is offering protection here) and caused some infected programs
    to fail, but didn't know what.

    This particular virus is basically a proof-of-concept -- it's not a stretch
    of the imagination at all to see that there could easily be ones which are
    more clever at hiding themselves. And I guarantee that as Linux becomes more
    popular, there *will* be more, *even* without a better means to spread than
    running in userspace and hoping for a shot at root access.

    > If you can get someone to run an executable as root, then you can do just
    > about anything you want. The only exception would be if they did a good
    > job with SELinux, but if they did a good job with SELinux they wouldn't be
    > running unknown executables as root.

    As Linux becomes more popular, there will be more and more 'inexperienced
    sysadmins' -- that is, people who heard that Linux was better than Windows
    and just want it to go on their system. Unless we start teaching good
    sysadmin practices in grade school (which I'm all for, honestly), this issue
    is going to become more and more of a problem. Education is part of the
    solution, and technical measures like SELinux and better end-user-targetted
    config tools definitely are too. But saying that this is just PBCAK and
    dismissing it as not a real threat is just burying our heads in the sand. 

    -- 
Matthew Miller           mattdm@mattdm.org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 75 degrees Fahrenheit.
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Marc M: "Re: Shameless give away"

    Relevant Pages

    • Re: How NSA access was built into Windows
      ... I didn't want you to jump ship either. ... were more than willing to damn SELinux and search for bogey men in the closet. ... Someone asked me what Linux I ... personalities here and how they problem solve. ...
      (Fedora)
    • Re: Firefox Acroread plugin not working
      ... much committment Adobe has in supporting linux. ... let's give them credit for providing acrobat reader for Linux. ... Linux distributions use SELinux and I think that Fedora is pretty much ... Copyright 2006 by Maurice Eugene Heskett, ...
      (Fedora)
    • Re: user monitoring tools
      ... renames a file, transfers the file to a removable media, what files ... In order to convince my boss to start switching to linux, ... I believe that selinux can do what you want. ... looking for are selinux-* and acct. ...
      (Ubuntu)
    • Re: hardening Linux
      ... Linux administration. ... Hardening LINUX. ... SELINUX is part of Red Hat Enterprise ... Much of it depends on what the system needs ...
      (comp.os.linux.setup)
    • Re: Linux Market share?
      ... just maybe the original poster made a typo. ... :> "In the March issue of Linux Format, they discussed the issue of Linux ... What does that mean, Rick? ... :> There were many instances of towing US Navy warships that had absolutely ...
      (alt.os.linux.suse)