Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause
From: Tobias Weisserth (tobias_at_weisserth.de)
Date: 01/16/04
- Previous message: Tobias Weisserth: "Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause"
- In reply to: David F. Skoll: "Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause"
- Next in thread: Chris Harrington: "RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Fri, 16 Jan 2004 21:34:54 +0100
Hi David,
Am Fre, den 16.01.2004 schrieb David F. Skoll um 19:58:
...
> There are no self-propagating Linux e-mail viruses. The only Linux
> e-mail viruses are proof-of-concept programs that have never actually
> infected machines other than lab machines designed to test the
> proof-of-concept.
Sorry, David. But Ramen did score quite well when it was active and
there were many infected Unix/Linux machines with Ramen.
Though I have to agree with you that there probably aren't any viruses
in the wild at the moment that could infect and compromise a patched
Linux system if it's properly setup.
It's different with Linux machines running lousy software such as
PHPNuke or PostNuke or something like that, which frequently is subject
to PHP/SQL injection exploits. When the system features an unpatched or
even uncharted local exploit such as the do_brk() bug which has been in
the kernel since the 2.2 series(!!!!! That's a damn long time !!!!!!) in
addition to such lousy software then the first system compromise with
some rootkit is unavoidable.
But of course I am comparing squares to circles here since no sane MS
Windows end user would run a webserver on his home machine.
When running Linux you seriously should consider to run chkrootkir from
a safe location (like a CD) and use file integrity checking of some
sort. Anything else is just asking for trouble the hard way. I only have
to remind you of the Debian hack. Hadn't Debian used AIDE to detect the
modifications in their systems, we'd never had known about that do_brk()
vulnerability until major damage occurred.
kind regards,
Tobias W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Tobias Weisserth: "Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause"
- In reply to: David F. Skoll: "Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause"
- Next in thread: Chris Harrington: "RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
