Re: File sharing with Bittorrent: what possible security threads?



Alexander Klimov wrote:
On Thu, 27 Mar 2008, Adam Pal wrote:
i see no difference between the usual Windows-user and the
linux-user who stays logged in as root on his KDE and surfs on the
web (yes, such behavioral patterns exists *G* ), so from this point
of view, in certain circumstances linux viruses propagate similar to
windows-viruses.

Probably they can, but do they really?

Consider, for example, an attack described by F-secure
<http://www.f-secure.com/weblog/archives/00001406.html>.

When you open the attached PDF file, you actually get a real
PDF document with a relevant statement. However, this is not
a normal PDF document. It contains a modified version of
a PDF-Encode vulnerability to exploit Adobe Acrobat when the
document is opened. The exploit silently drops and runs a file
called C:\Program Files\Update\winkey.exe. This is a
keylogger that collects and sends everything typed on the
affected machine

Is it possible to write a keylogger for Linux and construct such
an attack? Sure. Are where enough Linux users to justify the cost
of development? No! And, by the way, almost for sure an exploit
against Adobe Acrobat will not work with xpdf, plus there is
a good chance that an attack developed for Red Hat will not work
on Debian (or vice versa).

I don't normally respond to these things but I can't help remember a comment in a file on a Mac server that was compromised a while ago:

"Note: this is effectively security by obscurity and will only serve to deter rank amateurs."

Being different does have its merits in security but does not mean that it won't happen and if you look at the trends of software you can tell that as soon as they are advertised as "secure", everyone starts using it - and someone develops exploits as a result of a larger target base.

Just my two cents...



Relevant Pages

  • Re: File sharing with Bittorrent: what possible security threads?
    ... Consider, for example, an attack described by F-secure ... PDF document with a relevant statement. ... Is it possible to write a keylogger for Linux and construct such ...
    (Security-Basics)
  • Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning
    ... client OS and merely claimed the intended target was not the linux NFS ... actively attacking root process than Windows. ... goal was not to stop an active attack against any OS, ... simplistic of goals that all AV vendors are going to claim to want to ...
    (Linux-Kernel)
  • Re: Cracking WEP and WPA keys
    ... The long and the short of cracking WEP was making ... GB of video files from a Linux server in my house so that IV ... 802.11G PCMCIA card, and the Linux server was running Samba to talk to ... > in 10 minutes using cowpatty and a dictionary attack. ...
    (Pen-Test)
  • RE: Why Would Fedora be Free ? Can it be Trusted?
    ... Why Would Fedora be Free? ... > versions of Redhat Linux because they could make a profit on support. ... If you search through various articles you will find that any attack ... alot of security reports you will find that attackers have major ...
    (Fedora)
  • Re: Get your Mac, its raining Trojans
    ... What is really needed is an entirely new operating system from ... Linux distros have almost daily security updates you need to apply to ... Windoze boxes are attacked because it is so easy and possible to attack ... think any Linux Distro that became the dominate OS would not be the target ...
    (microsoft.public.windowsxp.general)