Linux Security Compromised
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
I stand to be corrected but its going to be a one-time thing. On Thu, Jun 17, 2010 at 12:08 PM, Roy Michoma <roymichoma@gmail.com> wrote:
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
You can even afford to say that!!!...the question every sys admin should be asking is how many more packages could be having a backdoor? How well do I trust my download sources? and how do I detect a pwned system... On Thu, Jun 17, 2010 at 6:35 PM, Nd'wex Common <flexycat@gmail.com> wrote:
I stand to be corrected but its going to be a one-time thing.
On Thu, Jun 17, 2010 at 12:08 PM, Roy Michoma <roymichoma@gmail.com>wrote:
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- "Change is slow and gradual. It requires hardwork, a bit of luck, a fair amount of self-sacrifice and a lot of patience." Roy.
Because even server administrators believe that open source and Linux software are impregnable by design
Wow. Which server administrators believe that? This article is such a troll looking for page-views. Has the author heard of system-hardening in open-source sysadmin circles? Intrusion-detection systems (e.g. tripwire), root-kit hunters (rkhunter, chkrootkit etc) etc etc? Roy, why would all that be necessary if sysadmins believed Linux was "impregnable by design?" -saidi- On Thu, Jun 17, 2010 at 1:01 PM, Paul Roy <roykoikai@gmail.com> wrote:
You can even afford to say that!!!...the question every sys admin should be asking is how many more packages could be having a backdoor? How well do I trust my download sources? and how do I detect a pwned system...
On Thu, Jun 17, 2010 at 6:35 PM, Nd'wex Common <flexycat@gmail.com> wrote:
I stand to be corrected but its going to be a one-time thing.
On Thu, Jun 17, 2010 at 12:08 PM, Roy Michoma <roymichoma@gmail.com>wrote:
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- "Change is slow and gradual. It requires hardwork, a bit of luck, a fair amount of self-sacrifice and a lot of patience."
Roy.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Fri, Jun 18, 2010 at 12:12 AM, saidimu apale <saidimu@gmail.com> wrote:
Wow. Which server administrators believe that? This article is such a troll looking for page-views. Has the author heard of system-hardening in open-source sysadmin circles? Intrusion-detection systems (e.g. tripwire), root-kit hunters (rkhunter, chkrootkit etc) etc etc?
I totally agree. Author conveniently neglects to mention that though the Windows binaries were clean, Windows users who compiled the compromised source would have the backdoor as well. BR, S -- This message represents the official view of the voices in my head.
I fail to understand why guys claim linux is unhackable. The thing is if it was as popular as windows am certain its vunerabilities would be exploited same as windows. On 17/06/2010, Roy Michoma <roymichoma@gmail.com> wrote:
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
Nothing is un-hackable, but the degrees of difficulty matter. Apache is a far more popular web server than IIS yet we know which one is the easier target for hackers. Popularity isn't *the* determining factor, it's how well-coded the system is. While on this issue, check-out Jarlsberg http://jarlsberg.appspot.com/, an excellent hands-on resource on security on the web for anyone building/hosting/implementing anything on the web: Want to beat the hackers at their own game? - Learn how hackers find security vulnerabilities! - Learn how hackers exploit web applications! - Learn how to stop them! This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following: - How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). - How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution. You will be surprised at how something as "simple" as different unicode encodings (utf-8, utf-7 etc) can be used to hack into web applications. -saidi- On Fri, Jun 18, 2010 at 12:09 PM, Joe Maina <maina307@gmail.com> wrote:
I fail to understand why guys claim linux is unhackable. The thing is if it was as popular as windows am certain its vunerabilities would be exploited same as windows.
On 17/06/2010, Roy Michoma <roymichoma@gmail.com> wrote:
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
This sounds like a resourceful link...cant wait to check it out. Thanks.
Nothing is un-hackable, but the degrees of difficulty matter.
Apache is a far more popular web server than IIS yet we know which one is the easier target for hackers. Popularity isn't *the* determining factor, it's how well-coded the system is.
While on this issue, check-out Jarlsberg http://jarlsberg.appspot.com/, an excellent hands-on resource on security on the web for anyone building/hosting/implementing anything on the web:
Want to beat the hackers at their own game?
- Learn how hackers find security vulnerabilities! - Learn how hackers exploit web applications! - Learn how to stop them!
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:
- How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). - How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.
You will be surprised at how something as "simple" as different unicode encodings (utf-8, utf-7 etc) can be used to hack into web applications.
-saidi-
On Fri, Jun 18, 2010 at 12:09 PM, Joe Maina <maina307@gmail.com> wrote:
I fail to understand why guys claim linux is unhackable. The thing is if it was as popular as windows am certain its vunerabilities would be exploited same as windows.
On 17/06/2010, Roy Michoma <roymichoma@gmail.com> wrote:
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
You are right. i believe knowledge is the beginning of all hacking.
I fail to understand why guys claim linux is unhackable. The thing is if it was as popular as windows am certain its vunerabilities would be exploited same as windows.
On 17/06/2010, Roy Michoma <roymichoma@gmail.com> wrote:
Has the linux malware assault <http://tinyurl.com/24htdnc> just began or is this a one time thing?
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On Fri, Jun 18, 2010 at 7:09 PM, Joe Maina <maina307@gmail.com> wrote:
The thing is if it (Linux) was as popular as windows am certain its vunerabilities would be exploited same as windows.
The basic problem with the above line of thought (popular among Windows apologists) is that Linux along with its other Unix siblings are the main OS internet servers. Also, a lot of the network hardware like routers/switches/firewall devices run embedded linux / freebsd. It may not be as visible like a client OS (like Windows) ... but its huge spread and reach as the backbone of the internet would make it a high value target ? In reality the problem is with certain fundamentally flawed technologies popular on windows .. e.g. MS-Office/Word/Outlook email scripting which are petri-dishes for a majority of the windows viruses. Also in favour of linux is the diversity of distributions ...e.g. email / address-book functionality is not uniform across different linux distributions which makes it un-economical for a malware writer to target a specific linux distro... it is much more worthwhile spending time writing a virus for windows where there is no such diversity of implementations. Epidemics normally target large populations with common genetic weaknesses....
participants (8)
-
Ashok Hariharan -
Joe Maina -
Nd'wex Common -
Paul Roy -
Roy Michoma -
saidimu apale -
sospeter@elimu.co.ke -
Steve Muchai