13 Jul 2012 15:24
Malware for Linux
/cue the little girl from Poltergeist: "They're here..." "Multi-platform backdoor malware targets Windows, Mac and Linux users" http://nakedsecurity.sophos.com/2012/07/11/backdoor-malware/ -- Ben
13 Jul 2012 15:59
Re: Malware for Linux
On Fri, Jul 13, 2012 at 9:24 AM, Ben Scott <dragonhawk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
/cue the little girl from Poltergeist: "They're here..."
"Multi-platform backdoor malware targets Windows, Mac and Linux users"
http://nakedsecurity.sophos.com/2012/07/11/backdoor-malware/
-- Ben
Sounds like Java is finally living up to its slogan, "Write once, infect everywhere."
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@... http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
13 Jul 2012 16:03
Re: Malware for Linux
On Fri, Jul 13, 2012 at 9:24 AM, Ben Scott <dragonhawk@...> wrote: > /cue the little girl from Poltergeist: "They're here..." > > "Multi-platform backdoor malware targets Windows, Mac and Linux users" > http://nakedsecurity.sophos.com/2012/07/11/backdoor-malware/ > Gist of the story, you need to use anti-virus because you could visit a compromised/intentionally nefarious website that asks your permission to execute a Java program that *if you give it permission*, will download malware onto your computer. I think simple education (don't download or execute programs when you don't trust the authenticity or origin) works better than anti-virus. I also marvel at how Microsoft has CONTINUOUSLY trained their user base to click furiously at any given opportunity in order to "get things done". So, I still believe the best thing for security conscious people to do is to use GNU/Linux exclusively. Greg Rundlett
13 Jul 2012 16:04
Re: Malware for Linux
Those who use terms like "immune" or "virus-proof" when discussing Linux do everybody a disservice since neither is true. We are, for now, statistically less likely to be compromised because there aren't as many of us and because privilege separation has been more the custom with us than with Windows users. Those factors are changing, though... > Once it has found out which operating system you are running, > the Java class file will download the appropriate flavour of > malware, with the intention of opening a backdoor that will > give hackers remote access to your computer. Do we know the nature of the compromise when the "flavour" is Linux? Is the JVM itself vulnerable or are additional non-Java scripts/binaries brought onboard?
14 Jul 2012 08:34
Re: Malware for Linux
"Michael ODonnell" <michael.odonnell <at> comcast.net> writes: > > Those who use terms like "immune" or "virus-proof" when > discussing Linux do everybody a disservice since neither > is true. We are, for now, statistically less likely to be > compromised because there aren't as many of us and because > privilege separation has been more the custom with us than > with Windows users. Those factors are changing, though... I guess it's been a while since the last time we talked about this: http://article.gmane.org/gmane.org.user-groups.linux.gnhlug/19300/match=culture Note the highlighted parts. It's not obvious to me that anything's changed since then. -- -- "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))." _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss <at> mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
14 Jul 2012 15:45
Re: Malware for Linux
On Sat, 2012-07-14 at 02:34 -0400, Joshua Judson Rosen wrote: > "Michael ODonnell" <michael.odonnell@...> writes: > > > > Those who use terms like "immune" or "virus-proof" when > > discussing Linux do everybody a disservice since neither > > is true. We are, for now, statistically less likely to be > > compromised because there aren't as many of us and because > > privilege separation has been more the custom with us than > > with Windows users. Those factors are changing, though... > > I guess it's been a while since the last time we talked about this: > > http://article.gmane.org/gmane.org.user-groups.linux.gnhlug/19300/match=culture > > Note the highlighted parts. It's not obvious to me that anything's > changed since then. Thanks for the link and reminder. Using Linux is a lot more than executing a different collection of bits on a computer. Much of the improved security is in the culture, not just in the executables. -- -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://dlslug.org/library.html http://www.librarything.com/catalog/dlslug http://www.librarything.com/catalog/dlslug&sort=stamp http://www.librarything.com/rss/recent/dlslug
16 Jul 2012 22:26
Re: Malware for Linux
On Sat, Jul 14, 2012 at 2:34 AM, Joshua Judson Rosen <rozzin@...> wrote: > http://article.gmane.org/gmane.org.user-groups.linux.gnhlug/19300/match=culture > > It's not obvious to me that anything's changed since then. Your idea that FOSS is inherently trustworthy is amusing. :) You may want to read Ken Thompson's 1984 paper on "Trusting Trust": http://cm.bell-labs.com/who/ken/trust.html -- Ben
16 Jul 2012 22:48
Re: Malware for Linux
On Mon, Jul 16, 2012 at 4:26 PM, Ben Scott <dragonhawk@...> wrote: > On Sat, Jul 14, 2012 at 2:34 AM, Joshua Judson Rosen > <rozzin@...> wrote: >> http://article.gmane.org/gmane.org.user-groups.linux.gnhlug/19300/match=culture >> >> It's not obvious to me that anything's changed since then. > > Your idea that FOSS is inherently trustworthy is amusing. :) You > may want to read Ken Thompson's 1984 paper on "Trusting Trust": That conversation is awesome... I suppose it'd be great to mention how many times Linux boxes have been compromised *BEFORE* a stable fix was released. After a package has been upgraded, you still have to deal with the compromise. At least the Windows malware developers are *mostly* idiots who can be easily detected. I haven't seen too many 'obvious' infections. Many are hijacking the box and running something under a chroot environment. -- -- -- Thomas
19 Jul 2012 04:21
Re: Malware for Linux
On Fri, 13 Jul 2012 10:04:44 -0400 "Michael ODonnell" <michael.odonnell@...> wrote: > Those who use terms like "immune" or "virus-proof" when > discussing Linux do everybody a disservice since neither > is true. Ouch. I gave careful consideration to adopting my current signature line, for exactly the reason of the problems of conveying an inference of "immune" -- when that is not, and cannot possibly be, the case. I only wanted to convey that it IS POSSIBLE to take security seriously, and to do a great deal to close the horrendous (and well-known, and obvious) holes which seem to be taken-for-granted-as-intevitable with PCs, and with personal computing and the Internet, and that I had (and have) spent a LOT of time and energy anaylzing those holes, and refusing to put up with the exposure they represent, and NOT allowing phone-home, invasion by Java, reading of my e-mail by cross-site scripting, and indeed anything else of which I'm aware. NO, I'm not aware of everything. But yes, it IS possible to make things better. A LOT better. What did surprise me was how many hundreds of hours it's taken to get this far. (And it still takes far more manual work to "live safely". Smoothing the UI is STILL a work in progress. Hey, just a few weekends more... still. So it's not for everyone.) To return to English, you might termiteproof your house -- and still get termites. Or fireproof it, and still have it burn down. We could, and probably will :( get a flamewar on whether you can say things like "I paid to have my house termiteproofed". On whether "virusproofed" is less overreaching than "virusproof". I just wanted to remind myself (daily) that it IS possible to take action, and (daily) that it's worth looking for yet another step to make the virusproofing better. VirusPROOF? No, never. Virusproofed? Oh, man, what a struggle, and never "done" ...but YES. And very different from just hoping, *again*, that Adobe will get Reader fixed. Or Oracle, Java. It says "I have closed those well-known holes". It says "I've stopped having my online fate in the hands of Adobe and Oracle". I've DONE SOMETHING. (And yes, this work was possible because of Linux's design, and would not be possible on [certain] other OSes.) -Bill _______ Sent from my virusproofed Linux PC
19 Jul 2012 18:25
Re: Malware for Linux
>> Those who use terms like "immune" or "virus-proof" when >> discussing Linux do everybody a disservice since neither >> is true. > >Ouch. Ooops. I forgot about your signature line. ;-> > I gave careful consideration to adopting my current signature > line, for exactly the reason of the problems of conveying an > inference of "immune" -- when that is not, and cannot possibly > be, the case. Ah. I'll probably concede any point you want to make about the dictionary definition of "-proof" as a modifier not meaning "perfect", but definitions and proper usage often seem to matter less than we'd like. (And, yes - I *could* care less! >-/ ) The security-is-a-process-not-a-product dictum reminds us of our burden; the "process" of security costs vigilance and resources. So, given any problem P, calling a thing "P-proof" makes it tempting to tick the SOLVED box and move on; vigilance wanes or vanishes, dictionaries remain safely undisturbed on the shelf. News-beings reporting on high profile penetrations or malware infestations these days don't even bother to mention a specific OS or vendor; the generic term "computer" is sufficient and, statistically, it's likely that the reporter and most of the audience all conjure the same image when that term is used. It's to the point where the only reason it's newsworthy to mention the OS in question is when it's *not* Windows or Mac. Since it's likely (inevitable?) that compromised Linux systems will someday be involved in sensational headlines, I'd think it would be even more humiliating if somebody can dig up claims that Linux is "virus-proof" or "immune" or "uncrackable" or... FWIW, some term that conveys the "process" idea, or the notion that "perfect-security-is-impossible-but-we're-better-than-most" would be preferable. I sorta like "hardened". --M (Bill, I didn't mean to single you out, and if my life depended on cracking your machine I'd be damned sure my will was up to date.)
19 Jul 2012 21:05
Re: Malware for Linux
"Michael ODonnell" <michael.odonnell <at> comcast.net> writes:
>
> >> Those who use terms like "immune" or "virus-proof" when
> >> discussing Linux do everybody a disservice since neither
> >> is true.
> >
> >Ouch.
>
> Ooops. I forgot about your signature line. ;->
>
> > I gave careful consideration to adopting my current signature
> > line, for exactly the reason of the problems of conveying an
> > inference of "immune" -- when that is not, and cannot possibly
> > be, the case.
>
> Ah. I'll probably concede any point you want to make about
> the dictionary definition of "-proof" as a modifier
[...]
I believe his signature actually uses "-proofed", not "-proof";
so the relevant dictionary-entry might be...:
$ dict -- -ed
1 definition found
From The Collaborative International Dictionary of English v.0.48
[gcide]:
-ed \-ed\
The termination of the past participle of regular, or weak,
verbs; also, of analogous participial adjectives from nouns;
as, pigmented; talented.
[1913 Webster]
... which indicates that "virus-proofed" is a conjugated verb,
not an adjective like "virus-proof". i.e.: he's telling us that
his PC has *gone through some sort of process* ("suffered an action",
as my copy of GCIDE puts it...).
In other words...:
> The security-is-a-process-not-a-product dictum
So...:
> FWIW, some term that conveys the "process" idea, or the notion
> that "perfect-security-is-impossible-but-we're-better-than-most"
> would be preferable. I sorta like "hardened".
Not to be confused with "hard"? ;)
--
--
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss <at> mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
19 Jul 2012 22:24
Re: Malware for Linux
On Thu, Jul 19, 2012 at 12:25 PM, Michael ODonnell <michael.odonnell-Wuw85uim5zDR7s880joybQ@public.gmane.org> wrote:
FWIW if you have a PS3 and used Sony's online gaming system, you were already the victim of a compromised Linux system. The credit card numbers of all the users were stored on a Linux server (that hadn't been patched) and they got stolen.
The general public doesn't make much distinction between virus, trojan, spam or even over loaded network connection.
Apple has recently removed their security type claims from their web pages. Probably due to the recent trojan affecting MacOSX
will someday be involved in sensational headlines, I'd think
Since it's likely (inevitable?) that compromised Linux systems
it would be even more humiliating if somebody can dig up claims
that Linux is "virus-proof" or "immune" or "uncrackable" or...
FWIW if you have a PS3 and used Sony's online gaming system, you were already the victim of a compromised Linux system. The credit card numbers of all the users were stored on a Linux server (that hadn't been patched) and they got stolen.
The general public doesn't make much distinction between virus, trojan, spam or even over loaded network connection.
Apple has recently removed their security type claims from their web pages. Probably due to the recent trojan affecting MacOSX
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@... http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
20 Jul 2012 01:17
Re: Malware for Linux
Tom Buskey <tom <at> buskey.name> writes: > > On Thu, Jul 19, 2012 at 12:25 PM, Michael ODonnell < > michael.odonnell <at> comcast.net> wrote: > > Since it's likely (inevitable?) that compromised Linux systems > will someday be involved in sensational headlines, I'd think > it would be even more humiliating if somebody can dig up claims > that Linux is "virus-proof" or "immune" or "uncrackable" or... > > FWIW if you have a PS3 and used Sony's online gaming system, you were already > the victim of a compromised Linux system. The credit card numbers of all the > users were stored on a Linux server (that hadn't been patched) and they got > stolen. I don't, and I didn't, but now I'm curious: which package was compromised? > The general public doesn't make much distinction between virus, trojan, spam > or even over loaded network connection. FWIW, the only distributions with a worthwhile sense of security are Red Hat and Debian. A lot of people (myself included) have soft spots in our hearts for various other distros, but I wouldn't necessarily trust them to keep me safe on the Internet. The general public doesn't make much distinction between `Linux', but there you go. Welcome to the general public ;) Of course, my previous point still stands. It could be worse. > Apple has recently removed their security type claims from their web pages. > Probably due to the recent trojan affecting MacOSX I still don't understand how Mac OS users were ever much better off than the Windows users--Mac OS doesn't come with much useful stuff out of the box, either; and they've got mostly the same `download and execute random crap from random sites on the Internet' culture at the Windows people do. They well may be surviving without much hassle from the bad guys just due to the `smaller, less-worthwhile target' factor--there are even fewer Mac OS users than there are Linux users. -- -- "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))." _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss <at> mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
23 Jul 2012 17:02
Re: Malware for Linux
On Thu, Jul 19, 2012 at 7:17 PM, Joshua Judson Rosen <rozzin-p88Y1Plo3o1l57MIdRCFDg@public.gmane.org> wrote:
http://en.wikipedia.org/wiki/PlayStation_Network_outage
http://www.veracode.com/blog/2011/05/possible-playstation-network-attack-vectors/
They were running unpached, outdated versions of Apache on unpatched Red Hat.
MacOS X is based on BSD unix and has at its core unix security (root is everything) vs. windows style (acls, etc). In OSX, the root account is locked. The initial user is given full rights via sudo. When rights are needed, a gui pops up for sudo. Most linuxen run that way too. With Windows, the initial user is given admin rights and never drops them. It's just like you're always root in windows.
If you break into a linux/OSX account, you usually do not have root. You have to do a privilege escalation after that. With the typical Windows account, you already have full privileges. So that's a layer of security Windows doesn't have by default.
I've never bought the smaller target thing. All systems can be compromised. The capture the flag competitions usually break all the systems.
If you go by value, what do the attackers get from a compromised system? Another node in the botnet? As a sysadmin, it's easier to admin a large number of similar systems. Having all one OS makes it easier. Windows has volume and most PCs have a faster node. Android or iOS probably have more nodes but less bandwidth/power.
Another value is what's contained. Lots of vendors run LAMP and keep accounts, credit card, etc. I'd imagine there's more gain in breaching that then adding a botnet node.
The NYSE or NASDAQ runs on Linux. What can someone get from breaking into that? "The Taking of Pelham 323(?)" movie make a case for manipulating the market.
Tom Buskey <tom <at> buskey.name> writes:I don't, and I didn't, but now I'm curious: which package was compromised?
>
> On Thu, Jul 19, 2012 at 12:25 PM, Michael ODonnell <
> michael.odonnell <at> comcast.net> wrote:
>
> Since it's likely (inevitable?) that compromised Linux systems
> will someday be involved in sensational headlines, I'd think
> it would be even more humiliating if somebody can dig up claims
> that Linux is "virus-proof" or "immune" or "uncrackable" or...
>
> FWIW if you have a PS3 and used Sony's online gaming system, you were already
> the victim of a compromised Linux system. The credit card numbers of all the
> users were stored on a Linux server (that hadn't been patched) and they got
> stolen.
http://en.wikipedia.org/wiki/PlayStation_Network_outage
http://www.veracode.com/blog/2011/05/possible-playstation-network-attack-vectors/
They were running unpached, outdated versions of Apache on unpatched Red Hat.
FWIW, the only distributions with a worthwhile sense of security
> The general public doesn't make much distinction between virus, trojan, spam
> or even over loaded network connection.
are Red Hat and Debian. A lot of people (myself included) have
soft spots in our hearts for various other distros, but I wouldn't
necessarily trust them to keep me safe on the Internet.
The general public doesn't make much distinction between `Linux',
but there you go.
Welcome to the general public ;)
Of course, my previous point still stands. It could be worse.I still don't understand how Mac OS users were ever much better off
> Apple has recently removed their security type claims from their web pages.
> Probably due to the recent trojan affecting MacOSX
than the Windows users--Mac OS doesn't come with much useful stuff
MacOS X is based on BSD unix and has at its core unix security (root is everything) vs. windows style (acls, etc). In OSX, the root account is locked. The initial user is given full rights via sudo. When rights are needed, a gui pops up for sudo. Most linuxen run that way too. With Windows, the initial user is given admin rights and never drops them. It's just like you're always root in windows.
If you break into a linux/OSX account, you usually do not have root. You have to do a privilege escalation after that. With the typical Windows account, you already have full privileges. So that's a layer of security Windows doesn't have by default.
out of the box, either; and they've got mostly the same `download
and execute random crap from random sites on the Internet' culture
at the Windows people do. They well may be surviving without much
hassle from the bad guys just due to the `smaller, less-worthwhile
target' factor--there are even fewer Mac OS users than there are
Linux users.
I've never bought the smaller target thing. All systems can be compromised. The capture the flag competitions usually break all the systems.
If you go by value, what do the attackers get from a compromised system? Another node in the botnet? As a sysadmin, it's easier to admin a large number of similar systems. Having all one OS makes it easier. Windows has volume and most PCs have a faster node. Android or iOS probably have more nodes but less bandwidth/power.
Another value is what's contained. Lots of vendors run LAMP and keep accounts, credit card, etc. I'd imagine there's more gain in breaching that then adding a botnet node.
The NYSE or NASDAQ runs on Linux. What can someone get from breaking into that? "The Taking of Pelham 323(?)" movie make a case for manipulating the market.
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@... http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
20 Jul 2012 23:30
Re: Malware for Linux
On Thu, 19 Jul 2012 12:25:44 -0400 "Michael ODonnell" <michael.odonnell@...> wrote: > >> Those who use terms like "immune" or "virus-proof" when > >> discussing Linux do everybody a disservice since neither > >> is true. > > > >Ouch. > > Ooops. I forgot about your signature line. ;-> Heh. No problem. It does sound kinda snooty. :) [... insightful commentary here from MoD ...] > FWIW, some term that conveys the "process" idea, or the notion > that "perfect-security-is-impossible-but-we're-better-than-most" > would be preferable. Indeed. I agree. A connotation of "Recovering", perhaps? It's never "done", that's for sure. -Bill _______ Sent from my once_vulnerable_but_now_much_better_and_although_already_provably_immune_to_whole_classes_of_the_worst_threats_still_getting_incrementally_better_week_by_week_and_oh_by_the_way_running_Linux PC
13 Jul 2012 16:31
Re: Malware for Linux
On Fri, Jul 13, 2012 at 9:24 AM, Ben Scott <dragonhawk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
I've found the only thing I need a java app for is for internal Sysadmin stuff. Like IPMI & remote access to systems, network switches, raid boxes, etc. I've also seen it for VPN and VDI (Citrix).
For those, I download the .jnlp and run java on that. Once I get the applet on a local disk, I don't need to get it off the web site.
FWIW, Sun used to have a browser called HotJava (HotSpot?) that worked well for java applets. A purpose built web browser for java applets would be a good thing for VPN/VDI support.
/cue the little girl from Poltergeist: "They're here..."
"Multi-platform backdoor malware targets Windows, Mac and Linux users"
http://nakedsecurity.sophos.com/2012/07/11/backdoor-malware/
I've found the only thing I need a java app for is for internal Sysadmin stuff. Like IPMI & remote access to systems, network switches, raid boxes, etc. I've also seen it for VPN and VDI (Citrix).
For those, I download the .jnlp and run java on that. Once I get the applet on a local disk, I don't need to get it off the web site.
FWIW, Sun used to have a browser called HotJava (HotSpot?) that worked well for java applets. A purpose built web browser for java applets would be a good thing for VPN/VDI support.
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@... http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
13 Jul 2012 19:09
Re: Malware for Linux
Any recommended solutions for risk reduction?
0. How about running your browser as a different user? That way it does not have root nor the ability to access your home directory. I have done this when traveling. It may be better to make it a SOP.
- I could also use a custom theme for one of the two accounts. This way I know which I am using visually. Maybe a red or black theme depending on privilege.
- I wonder if using xmarks reduces security if both browsers log in to the same xmark account? Now that I consider this, they should have very little overlap if done correctly and therefore do not need the same account.
- Maybe I should use two unprivileged browser accounts. One for sensitive things, one for everything else and neither with access to my ~/. I wish rsync had an interactive option for copying downloads to ~/Downloads. It does not seem to.
- An expect script should help automate executing these browsers with a click.
1. Turn off icetea? Will I miss it?
I am experimenting with both of these.
This is a good thread to consider Ben. Thanks for bringing it to our attention!!!
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@... http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
19 Jul 2012 03:23
Re: Malware for Linux
On Fri, 13 Jul 2012 13:09:42 -0400 David Ohlemacher <ohlemacher@...> wrote: > Any recommended solutions for risk reduction? > > 0. How about running your browser as a different user? That's one of the things. (One of the things you *have* to do.(*)) Also a different user for your e-mail client. "Users" are cheap.(**) That's what I've been doing, for the last few years, anyway.(***) YMMV, Bill _______ Sent from my virusproofed Linux PC (*) I used to think a browser could be made "safe" with NoScript, whitelists, and so on. I was forced to give up on that, finally discovering that the problem becomes easier to solve if you just assume the browser is poisoned code/TRYING to do its worst, and throw away everything it had write access to after each use. (E.g., its home directory; OF COURSE it doesn't have write access to "your" home directory, or to any other users's stuff, including root's.) (**) Almost forgot: your PDF reader. (Especially if it's the Adobe one.) And Java, yet another case -- if there ever turns out to be a reason to have Java installed. Basically, any executable which doesn't come from Debian and/or any executable which pulls things from the Internet. Or which "phones home". (Other users don't have READ access to your home directory either.) (***) I suppose I ought to give a talk on it someday. Kinda got discouraged, though, back when I started, after observing on this list that other *cough* operating systems don't help with security techiques in some of the ways which Linux makes easy, such as separate user accounts for separate applications. Got yelled at... :)
19 Jul 2012 03:39
Re: Malware for Linux
On Wed, 18 Jul 2012 21:23:45 -0400 Bill Sconce <sconce@...> wrote: > And Java, yet another case -- if there ever turns out to be a reason to > have Java installed. There seems never to have been a reason. Not on any Linux system I've been responsible for, my own or clients'. What's more surprising, over the past few weeks I've been removing Java from all my clients' Windows PCs. At first I was afraid something would break, but itt seems THEY'VE never really needed Java either. (I'm sure that others' mileage will vary on this. But the easiest way to secure a piece of software IS to remove it.) On a related note, when reading/researching this thread I came across an article describing a *PYTHON* vulnerability. That got my attention, for sure. Turns out ^U ...no, wait, you'll probably get a chuckle reading it for yourself: Python-based malware attack targets Macs. Windows PCs also under fire http://nakedsecurity.sophos.com/2012/04/27/python-malware-mac/ -Bill _______ Sent from my virusproofed Linux PC
19 Jul 2012 13:36
Re: Malware for Linux
On 07/18/2012 09:39 PM, Bill Sconce wrote: > On Wed, 18 Jul 2012 21:23:45 -0400 > Bill Sconce <sconce@...> wrote: > >> And Java, yet another case -- if there ever turns out to be a reason to >> have Java installed. > There seems never to have been a reason. Not on any Linux system I've > been responsible for, my own or clients'. > > What's more surprising, over the past few weeks I've been removing Java > from all my clients' Windows PCs. At first I was afraid something would > break, but itt seems THEY'VE never really needed Java either. (I'm sure > that others' mileage will vary on this. But the easiest way to secure a > piece of software IS to remove it.) > > On a related note, when reading/researching this thread I came across > an article describing a *PYTHON* vulnerability. That got my attention, > for sure. Turns out ^U ...no, wait, you'll probably get a chuckle > reading it for yourself: > > Python-based malware attack targets Macs. > Windows PCs also under fire > > http://nakedsecurity.sophos.com/2012/04/27/python-malware-mac/ > Bill wouldn't they have been better off if you removed Windows too?? -- -- Jerry Feldman <gaf@...> Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@... http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
19 Jul 2012 15:18
Re: Malware for Linux
On Thu, Jul 19, 2012 at 7:36 AM, Jerry Feldman <gaf-mNDKBlG2WHs@public.gmane.org> wrote:
Java really failed in the client dept. And Flash really succeeded, but we're seeing the end days of it.
The most secure router I saw had was running 2-3 major revisions behind of Cisco ios. Web access was removed. Telnet. SSH. Everything was removed except the routing tables. All it could do was route. In order to configure it, you needed to hook up a serial console, which was normally disconnected. When vulnerabilities came out, they were on ssh or the web server, etc.
Monitoring the router was a different issue. If it had issues, we didn't have much to go on. But we "knew" it wasn't a vulnerability.
On 07/18/2012 09:39 PM, Bill Sconce wrote:
> On Wed, 18 Jul 2012 21:23:45 -0400
> Bill Sconce <sconce <at> in-spec-inc.com> wrote:
>
>> And Java, yet another case -- if there ever turns out to be a reason to
>> have Java installed.
Java really failed in the client dept. And Flash really succeeded, but we're seeing the end days of it.
> There seems never to have been a reason. Not on any Linux system I've
> been responsible for, my own or clients'.
>
> What's more surprising, over the past few weeks I've been removing Java
> from all my clients' Windows PCs. At first I was afraid something would
> break, but itt seems THEY'VE never really needed Java either. (I'm sure
> that others' mileage will vary on this. But the easiest way to secure a
> piece of software IS to remove it.)
>
The most secure router I saw had was running 2-3 major revisions behind of Cisco ios. Web access was removed. Telnet. SSH. Everything was removed except the routing tables. All it could do was route. In order to configure it, you needed to hook up a serial console, which was normally disconnected. When vulnerabilities came out, they were on ssh or the web server, etc.
Monitoring the router was a different issue. If it had issues, we didn't have much to go on. But we "knew" it wasn't a vulnerability.
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@... http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
20 Jul 2012 01:19
Re: Malware for Linux
Tom Buskey <tom <at> buskey.name> writes: > On 07/18/2012 09:39 PM, Bill Sconce wrote: > > > > What's more surprising, over the past few weeks I've been removing Java > > from all my clients' Windows PCs. At first I was afraid something would > > break, but itt seems THEY'VE never really needed Java either. (I'm sure > > that others' mileage will vary on this. But the easiest way to secure a > > piece of software IS to remove it.) > > The most secure router I saw had was running 2-3 major revisions behind of > Cisco ios. Web access was removed. Telnet. SSH. Everything was removed > except the routing tables. All it could do was route. In order to configure > it, you needed to hook up a serial console, which was normally disconnected. > When vulnerabilities came out, they were on ssh or the web server, etc. > > Monitoring the router was a different issue. If it had issues, we didn't have > much to go on. But we "knew" it wasn't a vulnerability. The only thing in my house using java is a coffee-maker. But what was the moral to the story? Or is this one of those `morally ambiguous' stories? -- -- "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))." _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss <at> mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
19 Jul 2012 04:13
Re: Malware for Linux
On Wed, Jul 18, 2012 at 9:23 PM, Bill Sconce <sconce@...> wrote: > (***) I suppose I ought to give a talk on it someday. Kinda got > discouraged, though, back when I started, after observing on this list > that other *cough* operating systems don't help with security techiques > in some of the ways which Linux makes easy, such as separate user > accounts for separate applications. Got yelled at... :) I merely corrected some inaccuracies in your statements about the capabilities of Microsoft Windows. If that upset you, I'm genuinely sorry to have upset you, but I'm not going to apologize for providing accurate information. -- Ben
RSS Feed