sudo Install My Rootkit

Discussion in 'all things UNIX' started by Searching_ _ _, Mar 28, 2009.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Bandit Defense

    Lesson: Don't let anyone have access to your box cause they can pwn it in 10 seconds.
     
  2. Arup

    Arup Guest

    Whats the point of this, which Linux user would knowingly untar a tatball from dubious source and let it execute. For pwning a Linux box, that person needs to know the password, only a rank fool will give access to a third person in a regular account, thats what the guest account is for.
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    If you walked away from your machine after you installed something with your password scenario.
     
  4. lewmur

    lewmur Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    332
    If I were in a place where I was worried about someone tampering with my computer, there is no way I'd walk away from it without at least locking the screen. Takes two mouse clicks.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Please relax ... no machine anywhere in the world can survive local access misuse. Like I said, you may as well blowtorch the hard disk. I know you live rootkits and whatnot, but as easy it is to avoid all that on Windows, it's 10 times easier avoiding it on Linux. Just ... don't ... execute ... crap.
    Mrk
     
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I was told to learn about OS security I needed to learn how to exploit an OS.
    By learning how it's eploited I can then know what steps to take to secure it.

    I'm trying to discover for myself the security differences, Linux vs. Windows, instead of taking the word of everybody and their mother.
    So far, Seems to be extra steps needed in Linux for the same exploit vectors of Windows.

    Still,

    Searching_ _ _

    BTW History Channel is running back to back episodes of Monster Quest. Yeah buddy!
     
  7. lewmur

    lewmur Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    332
    Experts have been "discovering" the differences for some time now, but I'm sure there are contributions you can make to the knowledge base.

    Just remember that "a little knowledge can be a dangerous thing." And unless an in depth analysis accompanies the posting of "security vulnerabilities," including what has already been done to cure them, then they can legitimately be construed as spreading FUD. (F)ear, (U)ncertainty and (D)oubt.

    IMO, trying to convince others that Linux is just as vulnerable to malware as Windows, serves no legitimate purpose. (Unless you own MS stock.)
     
    Last edited: Mar 29, 2009
  8. tlu

    tlu Guest

    Oh, come on! That any OS is vulnerable if somebody else has local access to it is a matter of course and not worth being discussed at all.

    Good - but you should be "searching" for something substantial.
     
  9. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    If I learn anything substantial I'll be sure to post it.

    @lewmur
    Your words are important.

    Thanks,

    You guys ever try Coreboot.
     
  10. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Thanks! Now I can scratch that off of my AATIDK list!


    (Annoying Acronyms That I Don't Know):argh:
    But seriously, I have been wondering for some time now.
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    If you have a Debian machine, install bsdgames.
    Then you just
    And you can always ask wtf is wtf :D
     
  12. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    why? wtf is the challenge in that?:D
     
  13. Arup

    Arup Guest


    Not one Linux machine I have setup in public environment have been hacked compared to myriads of Windows machine that gets hacked on daily basis.Not only that, in Windows we have to daily deal with the nonsense of HIPS, AV, dllhooking etc. and therefore even one update of these associated programs are missed, you are all in the open. So far all you are doing is posting alleged Linux exploits which have truly no bearing. Try and post remote exploits or stuff like dll hooking and then we can see the vulnerability. No matter what you say or post will change the fact that Linux still remains the safest OS around speically for home use and even for server use.

    Please read this for a better insight.. http://www.technewsworld.com/story/55722.html


    Linux outperforms Windows XP and Windows Vista because its architecture is different. Linux derives its security in large part from its Unix design philosophy, also used as the basis for Mac OS X.

    There are two distinct differences that account for Linux's better security reputation, according to Cherry. One, users do not habitually log in as administrator, which is often required to run Windows. Two, mail clients and desktop applications do not automatically execute attached code.

    In addition, technologies such as SELinux and AppArmor and stack randomization have been developed for Linux that help to limit the impact of a security breach if it were to occur, he said.

    Linux is also better than Windows at recovering from buffer overflows, which are a common attack vector.

    "This is best handled at the interface level as a register exploit in Windows," Ken Steinberg, CEO of computer-security firm Savant Protection, told LinuxInsider.

    Linux allows software developers to go into the system and fix buffer overruns, he added. However, one can not do that with Windows.
    Chink in the Armor
     
  14. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    powernowd: PowerNow Daemon v1.00, (c) 2003-2008 John Clemens
    Go away, you are not root. Only root can run me.
     
  15. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    @Arup

    How do I secure root?
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    There are a million ways:

    Hardening, chroot, right permissions, no use of suid and guid, disable services, patching, shadow file, firewall, tcp wrappers, xinetd etc, it's not something you can cover in a thread or even 20 threads.

    Mrk
     
Loading...
Thread Status:
Not open for further replies.