Re: Exploit or trojan

From: Konrad Rieck (kr_at_roqe.org)
Date: 12/17/03

Next message: Felipe Franciosi: "Re: Exploit or trojan"

Previous message: Felipe Franciosi: "Re: Exploit or trojan"
In reply to: Felipe Franciosi: "Re: Exploit or trojan"
Next in thread: Felipe Franciosi: "Re: Exploit or trojan"
Reply: Felipe Franciosi: "Re: Exploit or trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Focus Sun <focus-sun@securityfocus.com>
Date: Wed, 17 Dec 2003 20:32:02 +0100

On Tue, 2003-12-16 at 01:33, Felipe Franciosi wrote:
> I guess that in Solaris systems you can just reach for a new copy
> of 'ps' and use the 'clean' one to check everything out.
> [...]
> Doing so on Linux systems doesn't help much, since recently there
> have been several kernel backdoors
> [...]

Oops.

Such kind of kernel backdoors (e.g. loadable kernel modules) are also
present for Solaris, *BSD and Windows systems. If you are unsure whether
someone has compromised your system, don't trust the system's kernel!

Regards,
Konrad

-- 
Konrad Rieck <kr@roqe.org> ------------ http://people.roqe.org/kr
Fingerprint - 5803 E58E D1BF 9A29 AFCA - 51B3 A725 EA18 ABA7 A6A3

application/pgp-signature attachment: This is a digitally signed message part

Next message: Felipe Franciosi: "Re: Exploit or trojan"

Previous message: Felipe Franciosi: "Re: Exploit or trojan"
In reply to: Felipe Franciosi: "Re: Exploit or trojan"
Next in thread: Felipe Franciosi: "Re: Exploit or trojan"
Reply: Felipe Franciosi: "Re: Exploit or trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]