Malware for Linux
Tom Buskey
tom at buskey.name
Mon Jul 23 11:02:01 EDT 2012
On Thu, Jul 19, 2012 at 7:17 PM, Joshua Judson Rosen
<rozzin at geekspace.com>wrote:
> Tom Buskey <tom at buskey.name> writes:
> >
> > On Thu, Jul 19, 2012 at 12:25 PM, Michael ODonnell <
> > michael.odonnell at comcast.net> wrote:
> >
> > Since it's likely (inevitable?) that compromised Linux systems
> > will someday be involved in sensational headlines, I'd think
> > it would be even more humiliating if somebody can dig up claims
> > that Linux is "virus-proof" or "immune" or "uncrackable" or...
> >
> > FWIW if you have a PS3 and used Sony's online gaming system, you were
> already
> > the victim of a compromised Linux system. The credit card numbers of
> all the
> > users were stored on a Linux server (that hadn't been patched) and they
> got
> > stolen.
>
> I don't, and I didn't, but now I'm curious: which package was compromised?
>
http://en.wikipedia.org/wiki/PlayStation_Network_outage
http://www.veracode.com/blog/2011/05/possible-playstation-network-attack-vectors/
They were running unpached, outdated versions of Apache on unpatched Red
Hat.
> > The general public doesn't make much distinction between virus, trojan,
> spam
> > or even over loaded network connection.
>
> FWIW, the only distributions with a worthwhile sense of security
> are Red Hat and Debian. A lot of people (myself included) have
> soft spots in our hearts for various other distros, but I wouldn't
> necessarily trust them to keep me safe on the Internet.
>
> The general public doesn't make much distinction between `Linux',
> but there you go.
>
> Welcome to the general public ;)
>
> Of course, my previous point still stands. It could be worse.
>
> > Apple has recently removed their security type claims from their web
> pages.
> > Probably due to the recent trojan affecting MacOSX
>
> I still don't understand how Mac OS users were ever much better off
> than the Windows users--Mac OS doesn't come with much useful stuff
>
MacOS X is based on BSD unix and has at its core unix security (root is
everything) vs. windows style (acls, etc). In OSX, the root account is
locked. The initial user is given full rights via sudo. When rights are
needed, a gui pops up for sudo. Most linuxen run that way too. With
Windows, the initial user is given admin rights and never drops them. It's
just like you're always root in windows.
If you break into a linux/OSX account, you usually do not have root. You
have to do a privilege escalation after that. With the typical Windows
account, you already have full privileges. So that's a layer of security
Windows doesn't have by default.
> out of the box, either; and they've got mostly the same `download
> and execute random crap from random sites on the Internet' culture
> at the Windows people do. They well may be surviving without much
> hassle from the bad guys just due to the `smaller, less-worthwhile
> target' factor--there are even fewer Mac OS users than there are
> Linux users.
>
I've never bought the smaller target thing. All systems can be
compromised. The capture the flag competitions usually break all the
systems.
If you go by value, what do the attackers get from a compromised system?
Another node in the botnet? As a sysadmin, it's easier to admin a large
number of similar systems. Having all one OS makes it easier. Windows has
volume and most PCs have a faster node. Android or iOS probably have more
nodes but less bandwidth/power.
Another value is what's contained. Lots of vendors run LAMP and keep
accounts, credit card, etc. I'd imagine there's more gain in breaching
that then adding a botnet node.
The NYSE or NASDAQ runs on Linux. What can someone get from breaking into
that? "The Taking of Pelham 323(?)" movie make a case for manipulating the
market.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20120723/f1bd6c08/attachment.html
More information about the gnhlug-discuss
mailing list