Path: csiph.com!usenet.pasdenom.info!news.albasani.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Snit Newsgroups: comp.os.linux.advocacy,comp.os.linux.security Subject: Re: Proprietary software vulnerability causes rootkit injection Date: Sat, 23 Feb 2013 15:25:21 -0700 Lines: 52 Message-ID: References: <512936e2$0$12000$6e1ede2f@read.cnntp.org> Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Trace: individual.net hgntf9NYkl7ZeAtmQTSWAASsIQus7XvNtdhY1ge0cgaE1eAkPx4a6DeBfbMW21kV/5 Cancel-Lock: sha1:lpSIM+MOeLFMjIG9OwFP6j5bUqg= User-Agent: Microsoft-Entourage/12.35.0.121009 Thread-Topic: Proprietary software vulnerability causes rootkit injection Thread-Index: Ac4SFKqHgMb2JdpLo0qk3uUD3hzakg== Xref: csiph.com comp.os.linux.advocacy:166209 comp.os.linux.security:258 On 2/23/13 2:39 PM, in article 512936e2$0$12000$6e1ede2f@read.cnntp.org, "Cola Zealot" wrote: > Snit wrote: >> On 2/22/13 8:57 PM, in article m9rlv9-rrv.ln1@sky.matrix, "Homer" >> wrote: >> >>> Verily I say unto thee that Lusotec spake thusly: >>>> >>>> Chris Ahlstrom wrote: >>>> >>>>> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229 >>>>> >>>>> SSHD rootkit in the wild >>>>> Published: 2013-02-21, >>>>> Last Updated: 2013-02-22 09:23:59 UTC >>>>> >>>>> There are a lot of discussions at the moment about a SSHD >>>>> rootkit hitting mainly RPM based Linux distributions. >>>>> Thanks to our reader unSpawn, we received a bunch of samples of >>>>> the rootkit. The rootkit is actually a trojanized library that >>>>> links with SSHD and does *a lot* of nasty things to the system. >>>> >>>> Here are some more interesting information on that. >>>> http://www.webhostingtalk.com/showthread.php?t=1235797 >>> >>> From the available evidence it seems this security breach was cause >>> by a proprietary application called CPanel, a notoriously insecure >>> Web interface for configuring servers. >>> >>> Yet another good reason to choose Free Software. >> >> And yet you choose G+ which is a proprietary solution. > > No problem for Homer. > As long as Microsoft is not involved, proprietary solutions are fine with > him, since he's a raging hypocrite who hoarded money from proprietary > software his entire career. MS of Apple - the two companies who he envies the success of. >> So funny! > > Indeed, this fanatic loon makes you laugh! > -- "I have never, ever cared about really anything but the Linux desktop." -- Linus Torvalds