Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.os.linux.security > #251 > unrolled thread

Re: SSHD rootkit heads up

Started byLusotec <nomail@nomail.not>
First post2013-02-22 16:22 +0000
Last post2013-03-07 12:36 -0700
Articles 17 — 11 participants

Back to article view | Back to comp.os.linux.security

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.


Contents

  Re: SSHD rootkit heads up Lusotec <nomail@nomail.not> - 2013-02-22 16:22 +0000
    Re: SSHD rootkit heads up "Cola Zealot" <Cola_Zealot@fuckoff.com> - 2013-02-22 19:27 +0100
      Re: SSHD rootkit heads up JEDIDIAH <jedi@nomad.mishnet> - 2013-02-22 13:50 -0600
        Re: SSHD rootkit heads up Snit <usenet@gallopinginsanity.com> - 2013-02-22 21:11 -0700
    Proprietary software vulnerability causes rootkit injection Homer <usenet@slated.org> - 2013-02-23 03:57 +0000
      Re: Proprietary software vulnerability causes rootkit injection Snit <usenet@gallopinginsanity.com> - 2013-02-23 10:04 -0700
        Re: Proprietary software vulnerability causes rootkit injection "Cola Zealot" <Cola_Zealot@fuckoff.com> - 2013-02-23 22:39 +0100
          Re: Proprietary software vulnerability causes rootkit injection Snit <usenet@gallopinginsanity.com> - 2013-02-23 15:25 -0700
            Re: Proprietary software vulnerability causes rootkit injection "Cola Zealot" <Cola_Zealot@fuckoff.com> - 2013-02-24 11:34 +0100
              Re: Proprietary software vulnerability causes rootkit injection fuyang <cei@mail.huafeng.cma.gov.cn> - 2013-02-24 14:00 +0100
                Re: Linux vulnerability causes rootkit injection "Cola Zealot" <Cola_Zealot@fuckoff.com> - 2013-02-24 16:42 +0100
                  Re: Linux vulnerability causes rootkit injection Hadron<hadronquark@gmail.com> - 2013-02-24 16:48 +0100
                    Re: Linux vulnerability causes rootkit injection "Ezekiel" <zeke@nosuchemail.com> - 2013-02-24 10:55 -0500
                      Re: Linux vulnerability causes rootkit injection GreyCloud <mist@cumulus.com> - 2013-02-24 09:34 -0700
                        Re: Linux vulnerability causes rootkit injection Denis McMahon <denismfmcmahon@gmail.com> - 2013-03-07 05:45 +0000
                          Re: Linux vulnerability causes rootkit injection Jim Beard <jdbeard@patriot.net> - 2013-03-07 10:05 -0500
                          Re: Linux vulnerability causes rootkit injection GreyCloud <mist@cumulus.com> - 2013-03-07 12:36 -0700

#251 — Re: SSHD rootkit heads up

FromLusotec <nomail@nomail.not>
Date2013-02-22 16:22 +0000
SubjectRe: SSHD rootkit heads up
Message-ID<kg85us$t04$1@dont-email.me>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chris Ahlstrom wrote:

>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
> 
>    SSHD rootkit in the wild
>    Published: 2013-02-21,
>    Last Updated: 2013-02-22 09:23:59 UTC
> 
>    There are a lot of discussions at the moment about a SSHD rootkit
>    hitting mainly RPM based Linux distributions.
>    Thanks to our reader unSpawn, we received a bunch of samples of the
>    rootkit. The rootkit is actually a trojanized library that links with
>    SSHD and does *a lot* of nasty things to the system.

Here are some more interesting information on that.
http://www.webhostingtalk.com/showthread.php?t=1235797

Regards.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAlEnm1IACgkQGQjO2ccW76rL6wD/e+qRAoDmQNPCe56mSXDKjlRU
n7cJK7APUrztJX4lbKUA/2Ik111ZBdvWIGeSR12g52W6hFmaZjpS2Fi0qP6ILHKQ
=1zP1
-----END PGP SIGNATURE-----

[toc] | [next] | [standalone]


#252

From"Cola Zealot" <Cola_Zealot@fuckoff.com>
Date2013-02-22 19:27 +0100
Message-ID<5127b82b$0$11997$6e1ede2f@read.cnntp.org>
In reply to#251
Lusotec wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Chris Ahlstrom wrote:
> 
>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>> 
>>    SSHD rootkit in the wild
>>    Published: 2013-02-21,
>>    Last Updated: 2013-02-22 09:23:59 UTC
>> 
>>    There are a lot of discussions at the moment about a SSHD rootkit
>>    hitting mainly RPM based Linux distributions.
>>    Thanks to our reader unSpawn, we received a bunch of samples of
>>    the rootkit. The rootkit is actually a trojanized library that
>>    links with SSHD and does *a lot* of nasty things to the system.
> 
> Here are some more interesting information on that.
> http://www.webhostingtalk.com/showthread.php?t=1235797

Yup, maybe Linux is insecure by design?
Just repeat after me what has often been said in COLA:
"The OS can't be blamed"
"The user has to be blamed"
"There is NO Linux malware"
Are these claims still valid?. Lusrtec!

> 
> Regards.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> 
> iF4EAREIAAYFAlEnm1IACgkQGQjO2ccW76rL6wD/e+qRAoDmQNPCe56mSXDKjlRU
> n7cJK7APUrztJX4lbKUA/2Ik111ZBdvWIGeSR12g52W6hFmaZjpS2Fi0qP6ILHKQ
> =1zP1
> -----END PGP SIGNATURE-----

[toc] | [prev] | [next] | [standalone]


#253

FromJEDIDIAH <jedi@nomad.mishnet>
Date2013-02-22 13:50 -0600
Message-ID<slrnkifj0a.ldk.jedi@nomad.mishnet>
In reply to#252
On 2013-02-22, Cola Zealot <Cola_Zealot@fuckoff.com> wrote:
> Lusotec wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>> 
>> Chris Ahlstrom wrote:
>> 
>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>> 
>>>    SSHD rootkit in the wild
>>>    Published: 2013-02-21,
>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>> 
>>>    There are a lot of discussions at the moment about a SSHD rootkit
>>>    hitting mainly RPM based Linux distributions.
>>>    Thanks to our reader unSpawn, we received a bunch of samples of
>>>    the rootkit. The rootkit is actually a trojanized library that
>>>    links with SSHD and does *a lot* of nasty things to the system.
>> 
>> Here are some more interesting information on that.
>> http://www.webhostingtalk.com/showthread.php?t=1235797
>
> Yup, maybe Linux is insecure by design?

   So that's why we're talking about rootkits here and not
malformed JPEG documents or bad websites...

[deletia]

   You're like Typhoid Mary over there trying to screech that someone
else is some sort of biohazard.

-- 
    "If I give you a pfennig, you will be one pfennig richer and     
    I'll be one pfennig poorer. But if I give you an idea, you will     |||
    have a new idea, but I shall still have it, too."                  / | \
~ Albert Einstein

[toc] | [prev] | [next] | [standalone]


#255

FromSnit <usenet@gallopinginsanity.com>
Date2013-02-22 21:11 -0700
Message-ID<CD4D8F9E.1574A%usenet@gallopinginsanity.com>
In reply to#253
On 2/22/13 12:50 PM, in article slrnkifj0a.ldk.jedi@nomad.mishnet,
"JEDIDIAH" <jedi@nomad.mishnet> wrote:

> On 2013-02-22, Cola Zealot <Cola_Zealot@fuckoff.com> wrote:
>> Lusotec wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>> 
>>> Chris Ahlstrom wrote:
>>> 
>>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>> 
>>>>    SSHD rootkit in the wild
>>>>    Published: 2013-02-21,
>>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>>> 
>>>>    There are a lot of discussions at the moment about a SSHD rootkit
>>>>    hitting mainly RPM based Linux distributions.
>>>>    Thanks to our reader unSpawn, we received a bunch of samples of
>>>>    the rootkit. The rootkit is actually a trojanized library that
>>>>    links with SSHD and does *a lot* of nasty things to the system.
>>> 
>>> Here are some more interesting information on that.
>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>> 
>> Yup, maybe Linux is insecure by design?
> 
>    So that's why we're talking about rootkits here and not
> malformed JPEG documents or bad websites...
> 
> [deletia]
> 
>    You're like Typhoid Mary over there trying to screech that someone
> else is some sort of biohazard.

The point is that if this were on Windows the "advocate" reaction would be
to blame the OS. 

Not that it should be ignored that the only two OSs with *major* malware
concerns are Windows and Android, *any* OS can get malware, even iOS, OS X,
and desktop Linux. 


-- 
"In fact, the main goal of Linux might be called usability... the most
important thing is that it works well and people ... want to use it."
-- Linus Torvalds

[toc] | [prev] | [next] | [standalone]


#254 — Proprietary software vulnerability causes rootkit injection

FromHomer <usenet@slated.org>
Date2013-02-23 03:57 +0000
SubjectProprietary software vulnerability causes rootkit injection
Message-ID<m9rlv9-rrv.ln1@sky.matrix>
In reply to#251
Verily I say unto thee that Lusotec spake thusly:
>
> Chris Ahlstrom wrote:
>
>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>> 
>>    SSHD rootkit in the wild
>>    Published: 2013-02-21,
>>    Last Updated: 2013-02-22 09:23:59 UTC
>> 
>>    There are a lot of discussions at the moment about a SSHD rootkit
>>    hitting mainly RPM based Linux distributions.
>>    Thanks to our reader unSpawn, we received a bunch of samples of the
>>    rootkit. The rootkit is actually a trojanized library that links with
>>    SSHD and does *a lot* of nasty things to the system.
>
> Here are some more interesting information on that.
> http://www.webhostingtalk.com/showthread.php?t=1235797

From the available evidence it seems this security breach was cause by a
proprietary application called CPanel, a notoriously insecure Web
interface for configuring servers.

Yet another good reason to choose Free Software.

(Subject corrected.)

-- 
K.                           | "You see? You cannot kill me. There is no flesh
http://slated.org            |  and blood within this cloak to kill. There is
Fedora 8 (Werewolf) on šky   |  only an idea. And ideas are bulletproof."
kernel 2.6.31.5, up 122 days |    ~ V for Vendetta.

[toc] | [prev] | [next] | [standalone]


#256 — Re: Proprietary software vulnerability causes rootkit injection

FromSnit <usenet@gallopinginsanity.com>
Date2013-02-23 10:04 -0700
SubjectRe: Proprietary software vulnerability causes rootkit injection
Message-ID<CD4E4492.157E6%usenet@gallopinginsanity.com>
In reply to#254
On 2/22/13 8:57 PM, in article m9rlv9-rrv.ln1@sky.matrix, "Homer"
<usenet@slated.org> wrote:

> Verily I say unto thee that Lusotec spake thusly:
>> 
>> Chris Ahlstrom wrote:
>> 
>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>> 
>>>    SSHD rootkit in the wild
>>>    Published: 2013-02-21,
>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>> 
>>>    There are a lot of discussions at the moment about a SSHD rootkit
>>>    hitting mainly RPM based Linux distributions.
>>>    Thanks to our reader unSpawn, we received a bunch of samples of the
>>>    rootkit. The rootkit is actually a trojanized library that links with
>>>    SSHD and does *a lot* of nasty things to the system.
>> 
>> Here are some more interesting information on that.
>> http://www.webhostingtalk.com/showthread.php?t=1235797
> 
> From the available evidence it seems this security breach was cause by a
> proprietary application called CPanel, a notoriously insecure Web
> interface for configuring servers.
> 
> Yet another good reason to choose Free Software.

And yet you choose G+ which is a proprietary solution.

So funny!


-- 
"When making pornography involves real abuse of real children ... that does
not excuse censorship. No matter how disgusting published works might be,
censorship is more disgusting." -- Richard Stallman

[toc] | [prev] | [next] | [standalone]


#257 — Re: Proprietary software vulnerability causes rootkit injection

From"Cola Zealot" <Cola_Zealot@fuckoff.com>
Date2013-02-23 22:39 +0100
SubjectRe: Proprietary software vulnerability causes rootkit injection
Message-ID<512936e2$0$12000$6e1ede2f@read.cnntp.org>
In reply to#256
Snit wrote:
> On 2/22/13 8:57 PM, in article m9rlv9-rrv.ln1@sky.matrix, "Homer"
> <usenet@slated.org> wrote:
>
>> Verily I say unto thee that Lusotec spake thusly:
>>>
>>> Chris Ahlstrom wrote:
>>>
>>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>>
>>>>    SSHD rootkit in the wild
>>>>    Published: 2013-02-21,
>>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>>>
>>>>    There are a lot of discussions at the moment about a SSHD
>>>>    rootkit hitting mainly RPM based Linux distributions.
>>>>    Thanks to our reader unSpawn, we received a bunch of samples of
>>>>    the rootkit. The rootkit is actually a trojanized library that
>>>>    links with SSHD and does *a lot* of nasty things to the system.
>>>
>>> Here are some more interesting information on that.
>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>>
>> From the available evidence it seems this security breach was cause
>> by a proprietary application called CPanel, a notoriously insecure
>> Web interface for configuring servers.
>>
>> Yet another good reason to choose Free Software.
>
> And yet you choose G+ which is a proprietary solution.

No problem for Homer.
As long as Microsoft is not involved, proprietary solutions are fine with 
him, since he's a raging hypocrite who hoarded money from proprietary 
software his entire career.

>
> So funny!

Indeed, this fanatic loon makes you laugh! 

[toc] | [prev] | [next] | [standalone]


#258 — Re: Proprietary software vulnerability causes rootkit injection

FromSnit <usenet@gallopinginsanity.com>
Date2013-02-23 15:25 -0700
SubjectRe: Proprietary software vulnerability causes rootkit injection
Message-ID<CD4E8FE1.15865%usenet@gallopinginsanity.com>
In reply to#257
On 2/23/13 2:39 PM, in article 512936e2$0$12000$6e1ede2f@read.cnntp.org,
"Cola Zealot" <Cola_Zealot@fuckoff.com> wrote:

> Snit wrote:
>> On 2/22/13 8:57 PM, in article m9rlv9-rrv.ln1@sky.matrix, "Homer"
>> <usenet@slated.org> wrote:
>> 
>>> Verily I say unto thee that Lusotec spake thusly:
>>>> 
>>>> Chris Ahlstrom wrote:
>>>> 
>>>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>>> 
>>>>>    SSHD rootkit in the wild
>>>>>    Published: 2013-02-21,
>>>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>>>> 
>>>>>    There are a lot of discussions at the moment about a SSHD
>>>>>    rootkit hitting mainly RPM based Linux distributions.
>>>>>    Thanks to our reader unSpawn, we received a bunch of samples of
>>>>>    the rootkit. The rootkit is actually a trojanized library that
>>>>>    links with SSHD and does *a lot* of nasty things to the system.
>>>> 
>>>> Here are some more interesting information on that.
>>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>>> 
>>> From the available evidence it seems this security breach was cause
>>> by a proprietary application called CPanel, a notoriously insecure
>>> Web interface for configuring servers.
>>> 
>>> Yet another good reason to choose Free Software.
>> 
>> And yet you choose G+ which is a proprietary solution.
> 
> No problem for Homer.
> As long as Microsoft is not involved, proprietary solutions are fine with
> him, since he's a raging hypocrite who hoarded money from proprietary
> software his entire career.

MS of Apple - the two companies who he envies the success of.
 
>> So funny!
> 
> Indeed, this fanatic loon makes you laugh!
> 



-- 
"I have never, ever cared about really anything but the Linux desktop."
-- Linus Torvalds

[toc] | [prev] | [next] | [standalone]


#259 — Re: Proprietary software vulnerability causes rootkit injection

From"Cola Zealot" <Cola_Zealot@fuckoff.com>
Date2013-02-24 11:34 +0100
SubjectRe: Proprietary software vulnerability causes rootkit injection
Message-ID<5129ec84$0$11996$6e1ede2f@read.cnntp.org>
In reply to#258
Snit wrote:
> On 2/23/13 2:39 PM, in article
> 512936e2$0$12000$6e1ede2f@read.cnntp.org, "Cola Zealot"
> <Cola_Zealot@fuckoff.com> wrote:
>
>> Snit wrote:
>>> On 2/22/13 8:57 PM, in article m9rlv9-rrv.ln1@sky.matrix, "Homer"
>>> <usenet@slated.org> wrote:
>>>
>>>> Verily I say unto thee that Lusotec spake thusly:
>>>>>
>>>>> Chris Ahlstrom wrote:
>>>>>
>>>>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>>>>
>>>>>>    SSHD rootkit in the wild
>>>>>>    Published: 2013-02-21,
>>>>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>>>>>
>>>>>>    There are a lot of discussions at the moment about a SSHD
>>>>>>    rootkit hitting mainly RPM based Linux distributions.
>>>>>>    Thanks to our reader unSpawn, we received a bunch of samples
>>>>>>    of the rootkit. The rootkit is actually a trojanized library
>>>>>>    that links with SSHD and does *a lot* of nasty things to the
>>>>>> system.
>>>>>
>>>>> Here are some more interesting information on that.
>>>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>>>>
>>>> From the available evidence it seems this security breach was cause
>>>> by a proprietary application called CPanel, a notoriously insecure
>>>> Web interface for configuring servers.
>>>>
>>>> Yet another good reason to choose Free Software.
>>>
>>> And yet you choose G+ which is a proprietary solution.
>>
>> No problem for Homer.
>> As long as Microsoft is not involved, proprietary solutions are fine
>> with him, since he's a raging hypocrite who hoarded money from
>> proprietary software his entire career.
>
> MS of Apple - the two companies who he envies the success of.

Creepy Ahlstrom, Homer, Rexford kingmaker and Peter Kohlmann have many 
things in common.
They envy the success of (former) CEO's and huge innovators like Ballmer, 
Jobs, Cook, Gates because these linturds have never achieved anything even a 
tiny bit similar in life and never will.
This has turned them in angry old men and raving anti-corporate trolls.
Poor  Linturds with their failed crap careers! 

[toc] | [prev] | [next] | [standalone]


#260 — Re: Proprietary software vulnerability causes rootkit injection

Fromfuyang <cei@mail.huafeng.cma.gov.cn>
Date2013-02-24 14:00 +0100
SubjectRe: Proprietary software vulnerability causes rootkit injection
Message-ID<afydnQ0wadgXkrfMnZ2dnUVZ8oidnZ2d@supernews.com>
In reply to#259
On 24.02.2013 11:34, Cola Zealot wrote:
> Snit wrote:
>> On 2/23/13 2:39 PM, in article
>> 512936e2$0$12000$6e1ede2f@read.cnntp.org, "Cola Zealot"
>> <Cola_Zealot@fuckoff.com> wrote:
>>
>>> Snit wrote:
>>>> On 2/22/13 8:57 PM, in article m9rlv9-rrv.ln1@sky.matrix, "Homer"
>>>> <usenet@slated.org> wrote:
>>>>
>>>>> Verily I say unto thee that Lusotec spake thusly:
>>>>>>
>>>>>> Chris Ahlstrom wrote:
>>>>>>
>>>>>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>>>>>
>>>>>>>    SSHD rootkit in the wild
>>>>>>>    Published: 2013-02-21,
>>>>>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>>>>>>
>>>>>>>    There are a lot of discussions at the moment about a SSHD
>>>>>>>    rootkit hitting mainly RPM based Linux distributions.
>>>>>>>    Thanks to our reader unSpawn, we received a bunch of samples
>>>>>>>    of the rootkit. The rootkit is actually a trojanized library
>>>>>>>    that links with SSHD and does *a lot* of nasty things to the
>>>>>>> system.
>>>>>>
>>>>>> Here are some more interesting information on that.
>>>>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>>>>>
>>>>> From the available evidence it seems this security breach was cause
>>>>> by a proprietary application called CPanel, a notoriously insecure
>>>>> Web interface for configuring servers.
>>>>>
>>>>> Yet another good reason to choose Free Software.
>>>>
>>>> And yet you choose G+ which is a proprietary solution.
>>>
>>> No problem for Homer.
>>> As long as Microsoft is not involved, proprietary solutions are fine
>>> with him, since he's a raging hypocrite who hoarded money from
>>> proprietary software his entire career.
>>
>> MS of Apple - the two companies who he envies the success of.
> 
> Creepy Ahlstrom, Homer, Rexford kingmaker and Peter Kohlmann have many
> things in common.
> They envy the success of (former) CEO's and huge innovators like
> Ballmer, Jobs, Cook, Gates because these linturds have never achieved
> anything even a tiny bit similar in life and never will.
> This has turned them in angry old men and raving anti-corporate trolls.
> Poor  Linturds with their failed crap careers!

You defend companies, that let things like this happen?

http://www.theregister.co.uk/2013/02/23/microsoft_azure_back_online/

You obey "huge innovators" that sell stolen ideas? You prefer to use
software that keeps users imprisonated?

-- 
fuyang

[toc] | [prev] | [next] | [standalone]


#261 — Re: Linux vulnerability causes rootkit injection

From"Cola Zealot" <Cola_Zealot@fuckoff.com>
Date2013-02-24 16:42 +0100
SubjectRe: Linux vulnerability causes rootkit injection
Message-ID<512a34df$0$12000$6e1ede2f@read.cnntp.org>
In reply to#260
An idiot who calls himself fuyang wrote:
> On 24.02.2013 11:34, Cola Zealot wrote:
>> Snit wrote:
>>> On 2/23/13 2:39 PM, in article
>>> 512936e2$0$12000$6e1ede2f@read.cnntp.org, "Cola Zealot"
>>> <Cola_Zealot@fuckoff.com> wrote:
>>>
>>>> Snit wrote:
>>>>> On 2/22/13 8:57 PM, in article m9rlv9-rrv.ln1@sky.matrix, "Homer"
>>>>> <usenet@slated.org> wrote:
>>>>>
>>>>>> Verily I say unto thee that Lusotec spake thusly:
>>>>>>>
>>>>>>> Chris Ahlstrom wrote:
>>>>>>>
>>>>>>>>    https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>>>>>>
>>>>>>>>    SSHD rootkit in the wild
>>>>>>>>    Published: 2013-02-21,
>>>>>>>>    Last Updated: 2013-02-22 09:23:59 UTC
>>>>>>>>
>>>>>>>>    There are a lot of discussions at the moment about a SSHD
>>>>>>>>    rootkit hitting mainly RPM based Linux distributions.
>>>>>>>>    Thanks to our reader unSpawn, we received a bunch of samples
>>>>>>>>    of the rootkit. The rootkit is actually a trojanized library
>>>>>>>>    that links with SSHD and does *a lot* of nasty things to the
>>>>>>>> system.
>>>>>>>
>>>>>>> Here are some more interesting information on that.
>>>>>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>>>>>>
>>>>>> From the available evidence it seems this security breach was
>>>>>> cause by a proprietary application called CPanel, a notoriously
>>>>>> insecure Web interface for configuring servers.
>>>>>>
>>>>>> Yet another good reason to choose Free Software.
>>>>>
>>>>> And yet you choose G+ which is a proprietary solution.
>>>>
>>>> No problem for Homer.
>>>> As long as Microsoft is not involved, proprietary solutions are
>>>> fine with him, since he's a raging hypocrite who hoarded money from
>>>> proprietary software his entire career.
>>>
>>> MS of Apple - the two companies who he envies the success of.
>>
>> Creepy Ahlstrom, Homer, Rexford kingmaker and Peter Kohlmann have
>> many things in common.
>> They envy the success of (former) CEO's and huge innovators like
>> Ballmer, Jobs, Cook, Gates because these linturds have never achieved
>> anything even a tiny bit similar in life and never will.
>> This has turned them in angry old men and raving anti-corporate
>> trolls. Poor  Linturds with their failed crap careers!
>
> You defend companies, that let things like this happen?
>
> http://www.theregister.co.uk/2013/02/23/microsoft_azure_back_online/
>
> You obey "huge innovators" that sell stolen ideas? You prefer to use
> software that keeps users imprisonated?

And of course you obey your masters at Google "a Linux Company" who sells a 
crappy £1049 / $1604 / € 1216 laptop like this!
<quote>
Google is offering Pixel buyers an unprecedented 1 terabyte of cloud storage 
for three years. The catch - and it's a big one - is that after those three 
years, you're paying $50 per month to keep photos, GIFs, or whatever else 
you right-click on stored in Google's cloud. That's a lot of money if you 
don't plan on buying a replacement within that three-year window.
</quote> 

[toc] | [prev] | [next] | [standalone]


#262 — Re: Linux vulnerability causes rootkit injection

FromHadron<hadronquark@gmail.com>
Date2013-02-24 16:48 +0100
SubjectRe: Linux vulnerability causes rootkit injection
Message-ID<qvy5edd87j.fsf@news.eternal-september.org>
In reply to#261
"Cola Zealot" <Cola_Zealot@fuckoff.com> writes:

>
> And of course you obey your masters at Google "a Linux Company" who sells a
> crappy £1049 / $1604 / € 1216 laptop like this!
> <quote>
> Google is offering Pixel buyers an unprecedented 1 terabyte of cloud storage for
> three years. The catch - and it's a big one - is that after those three years,
> you're paying $50 per month to keep photos, GIFs, or whatever else you
> right-click on stored in Google's cloud. That's a lot of money if you don't plan
> on buying a replacement within that three-year window.
> </quote> 
>
>

50 a MONTH!?!?!??!?!? Holy shit.


-- 
A certain COLA "advocate" faking his user-agent in order to pretend to be a Linux 
user: User-Agent: Outlook 5.5 (WinNT 5.0), User-Agent: slrn/0.9.8.0
(Linux), Message-ID: <wPGdnd3NnOM0ACfdRVn-hw@comcast.com>

[toc] | [prev] | [next] | [standalone]


#263 — Re: Linux vulnerability causes rootkit injection

From"Ezekiel" <zeke@nosuchemail.com>
Date2013-02-24 10:55 -0500
SubjectRe: Linux vulnerability causes rootkit injection
Message-ID<kgdd30$1jf$1@dont-email.me>
In reply to#262
"Hadron" <hadronquark@gmail.com> wrote in message 
news:qvy5edd87j.fsf@news.eternal-september.org...
> "Cola Zealot" <Cola_Zealot@fuckoff.com> writes:
>
>>
>> And of course you obey your masters at Google "a Linux Company" who sells 
>> a
>> crappy Ł1049 / $1604 / ? 1216 laptop like this!
>> <quote>
>> Google is offering Pixel buyers an unprecedented 1 terabyte of cloud 
>> storage for
>> three years. The catch - and it's a big one - is that after those three 
>> years,
>> you're paying $50 per month to keep photos, GIFs, or whatever else you
>> right-click on stored in Google's cloud. That's a lot of money if you 
>> don't plan
>> on buying a replacement within that three-year window.
>> </quote>
>>
>>
>
> 50 a MONTH!?!?!??!?!? Holy shit.
>

Here's a comment from a article about this lower laptop:

<quote>
"I'm staggered at the depths of stupid Google displays with this thing.
Basically, you pay Google a snazzy premium for a snazzy dumb terminal to
suck up personal data so Google can mine it and make more money off you."
</quote>

In other words, you get to pay Google $50 a month for the privilege of them 
sucking in every bit of personal data you have and then using your data to 
make them money.

-- 
> Just picked up the 8-gig model (iPhone)

Yeah, fine, cute toy and all, but some gimboid up there is trying to fob it 
off as a "wowee" when in fact, it's more of a "gee whiz" - as in "Gee whiz, 
now I can store phone numbers for 180 million people... and the two friends 
I actually have."

Kelsey Bjarnason - Failing to understand smartphone basics
<dn0pn4-8vs.ln1@spanky.localhost.net>


[toc] | [prev] | [next] | [standalone]


#264 — Re: Linux vulnerability causes rootkit injection

FromGreyCloud <mist@cumulus.com>
Date2013-02-24 09:34 -0700
SubjectRe: Linux vulnerability causes rootkit injection
Message-ID<Bpudnc0OZsOK3LfMnZ2dnUVZ_jCdnZ2d@bresnan.com>
In reply to#263
On 2/24/2013 8:55 AM, Ezekiel wrote:
> "Hadron" <hadronquark@gmail.com> wrote in message
> news:qvy5edd87j.fsf@news.eternal-september.org...
>> "Cola Zealot" <Cola_Zealot@fuckoff.com> writes:
>>
>>>
>>> And of course you obey your masters at Google "a Linux Company" who sells
>>> a
>>> crappy £1049 / $1604 / ? 1216 laptop like this!
>>> <quote>
>>> Google is offering Pixel buyers an unprecedented 1 terabyte of cloud
>>> storage for
>>> three years. The catch - and it's a big one - is that after those three
>>> years,
>>> you're paying $50 per month to keep photos, GIFs, or whatever else you
>>> right-click on stored in Google's cloud. That's a lot of money if you
>>> don't plan
>>> on buying a replacement within that three-year window.
>>> </quote>
>>>
>>>
>>
>> 50 a MONTH!?!?!??!?!? Holy shit.
>>
>
> Here's a comment from a article about this lower laptop:
>
> <quote>
> "I'm staggered at the depths of stupid Google displays with this thing.
> Basically, you pay Google a snazzy premium for a snazzy dumb terminal to
> suck up personal data so Google can mine it and make more money off you."
> </quote>
>
> In other words, you get to pay Google $50 a month for the privilege of them
> sucking in every bit of personal data you have and then using your data to
> make them money.
>
Any time they start touting the Cloud storage... don't buy and don't do 
it.  Matter of fact... RUN!

[toc] | [prev] | [next] | [standalone]


#271 — Re: Linux vulnerability causes rootkit injection

FromDenis McMahon <denismfmcmahon@gmail.com>
Date2013-03-07 05:45 +0000
SubjectRe: Linux vulnerability causes rootkit injection
Message-ID<kh99hd$16u$1@dont-email.me>
In reply to#264
On Sun, 24 Feb 2013 09:34:31 -0700, GreyCloud wrote:

> Any time they start touting the Cloud storage... don't buy and don't do
> it.  Matter of fact... RUN!

I thought the whole point of cloud storage was to provide all government 
agencies globally with a single point of contact for a warrantless search 
of your complete life.

Or did I miss something?

-- 
Denis McMahon, denismfmcmahon@gmail.com

[toc] | [prev] | [next] | [standalone]


#272 — Re: Linux vulnerability causes rootkit injection

FromJim Beard <jdbeard@patriot.net>
Date2013-03-07 10:05 -0500
SubjectRe: Linux vulnerability causes rootkit injection
Message-ID<_ZednbTWkIEpMaXMnZ2dnUVZ_tudnZ2d@posted.lerostechnologies>
In reply to#271
On 03/07/2013 12:45 AM, Denis McMahon wrote:
> On Sun, 24 Feb 2013 09:34:31 -0700, GreyCloud wrote:
>
>> Any time they start touting the Cloud storage... don't buy and don't do
>> it.  Matter of fact... RUN!
>
> I thought the whole point of cloud storage was to provide all government
> agencies globally with a single point of contact for a warrantless search
> of your complete life.
>
> Or did I miss something?

You missed a few things.

Probably the most important is backup, which few lusers do 
despite decades of experience demonstrating its importance. 
Depending on which cloud you store stuff in, you not only get 
off-site backup but will likely get multiple backups as well.

Second, cracking and looting a home luser's machine is trivial in 
maybe 70-85 percent of cases.  Storage in the cloud will not 
reduce vulnerability of the home machine, but storage in the 
cloud is certainly  a minor increase in vulnerability (vulnerable 
to some extent in a second place, in addition to totally 
vulnerable in the first place, for most).  Those who keep their 
important stuff in the cloud, deleting it from the home machine 
and getting it back when needed, have a means to minimize 
vulnerability to the amateurs and script kiddies.

Third, while neither the cloud nor the home machine are safe from 
the pros, the bigger the cloud grows the greater the difficulty 
for the cracker when it comes time to sort and select from 
whatever was grabbed when a crack succeeds.  There is simply more 
stuff they have to sort through.

The only downside is that data once uploaded to the cloud could 
be kept forever, or until bit rot sets in.  I sort of suspect the 
cost of keeping storage disks spinning forever once written to, 
and of shifting data to other forms of permanent storage, is 
enough to discourage cloud operators for keeping everything forever.

Benefits to the government are incidental, and depend on the 
government involved.  If the pros decide to target you, they will 
likely get what they want, regardless of cloud or home machine or 
whatever.  Why increase the cost of government (and therefore the 
amount of taxes necessary to pay for it) by making government 
access to your data inconvenient?

The goal in computer security (for most -- a few with special 
requirements excepted) is to make it costly in time, effort, and 
hopefully money to crack your machine(s), and thereby reduce the 
incentive to target them.  Make it difficult enough, and the 
nasties will go after someone else.  (You don't have to be the 
fastest gazelle to escape the lion, just faster than the slowest 
gazelle between the lion and you.)

Don't be low-hanging fruit, easily available for the picking.

Cheers!

jim b.




-- 
UNIX is not user unfriendly; it merely
      expects users to be computer-friendly.

[toc] | [prev] | [next] | [standalone]


#273 — Re: Linux vulnerability causes rootkit injection

FromGreyCloud <mist@cumulus.com>
Date2013-03-07 12:36 -0700
SubjectRe: Linux vulnerability causes rootkit injection
Message-ID<YvidnX5yp8_OcaXMnZ2dnUVZ_t-dnZ2d@bresnan.com>
In reply to#271
On 3/6/2013 10:45 PM, Denis McMahon wrote:
> On Sun, 24 Feb 2013 09:34:31 -0700, GreyCloud wrote:
>
>> Any time they start touting the Cloud storage... don't buy and don't do
>> it.  Matter of fact... RUN!
>
> I thought the whole point of cloud storage was to provide all government
> agencies globally with a single point of contact for a warrantless search
> of your complete life.
>
> Or did I miss something?
>
No, you didn't miss a beat.  I just won't have my backups on a cloud and 
then have it disappear.  There really isn't any point to using a cloud.

[toc] | [prev] | [standalone]


Back to top | Article view | comp.os.linux.security


csiph-web