sudo Install My Rootkit

Bandit Defense

Lesson: Don't let anyone have access to your box cause they can pwn it in 10 seconds.

 

Whats the point of this, which Linux user would knowingly untar a tatball from dubious source and let it execute. For pwning a Linux box, that person needs to know the password, only a rank fool will give access to a third person in a regular account, thats what the guest account is for.

 

If you walked away from your machine after you installed something with your password scenario.

 

If I were in a place where I was worried about someone tampering with my computer, there is no way I'd walk away from it without at least locking the screen. Takes two mouse clicks.

 

Please relax ... no machine anywhere in the world can survive local access misuse. Like I said, you may as well blowtorch the hard disk. I know you live rootkits and whatnot, but as easy it is to avoid all that on Windows, it's 10 times easier avoiding it on Linux. Just ... don't ... execute ... crap.
Mrk

 

I was told to learn about OS security I needed to learn how to exploit an OS.
By learning how it's eploited I can then know what steps to take to secure it.

I'm trying to discover for myself the security differences, Linux vs. Windows, instead of taking the word of everybody and their mother.
So far, Seems to be extra steps needed in Linux for the same exploit vectors of Windows.

Still,

Searching_ _ _

BTW History Channel is running back to back episodes of Monster Quest. Yeah buddy!

 

Experts have been "discovering" the differences for some time now, but I'm sure there are contributions you can make to the knowledge base.

Just remember that "a little knowledge can be a dangerous thing." And unless an in depth analysis accompanies the posting of "security vulnerabilities," including what has already been done to cure them, then they can legitimately be construed as spreading FUD. (F)ear, (U)ncertainty and (D)oubt.

IMO, trying to convince others that Linux is just as vulnerable to malware as Windows, serves no legitimate purpose. (Unless you own MS stock.)

 

Oh, come on! That any OS is vulnerable if somebody else has local access to it is a matter of course and not worth being discussed at all.

Good - but you should be "searching" for something substantial.

 

If I learn anything substantial I'll be sure to post it.

@lewmur
Your words are important.

Thanks,

You guys ever try Coreboot.

 

Thanks! Now I can scratch that off of my AATIDK list!


(Annoying Acronyms That I Don't Know)
But seriously, I have been wondering for some time now.

 

If you have a Debian machine, install bsdgames.
Then you just

And you can always ask wtf is wtf

 

why? wtf is the challenge in that?

 

Not one Linux machine I have setup in public environment have been hacked compared to myriads of Windows machine that gets hacked on daily basis.Not only that, in Windows we have to daily deal with the nonsense of HIPS, AV, dllhooking etc. and therefore even one update of these associated programs are missed, you are all in the open. So far all you are doing is posting alleged Linux exploits which have truly no bearing. Try and post remote exploits or stuff like dll hooking and then we can see the vulnerability. No matter what you say or post will change the fact that Linux still remains the safest OS around speically for home use and even for server use.

Please read this for a better insight.. http://www.technewsworld.com/story/55722.html


Linux outperforms Windows XP and Windows Vista because its architecture is different. Linux derives its security in large part from its Unix design philosophy, also used as the basis for Mac OS X.

There are two distinct differences that account for Linux's better security reputation, according to Cherry. One, users do not habitually log in as administrator, which is often required to run Windows. Two, mail clients and desktop applications do not automatically execute attached code.

In addition, technologies such as SELinux and AppArmor and stack randomization have been developed for Linux that help to limit the impact of a security breach if it were to occur, he said.

Linux is also better than Windows at recovering from buffer overflows, which are a common attack vector.

"This is best handled at the interface level as a register exploit in Windows," Ken Steinberg, CEO of computer-security firm Savant Protection, told LinuxInsider.

Linux allows software developers to go into the system and fix buffer overruns, he added. However, one can not do that with Windows.
Chink in the Armor

 

powernowd: PowerNow Daemon v1.00, (c) 2003-2008 John Clemens
Go away, you are not root. Only root can run me.

 

@Arup

How do I secure root?

 

There are a million ways:

Hardening, chroot, right permissions, no use of suid and guid, disable services, patching, shadow file, firewall, tcp wrappers, xinetd etc, it's not something you can cover in a thread or even 20 threads.

Mrk