[ubuntu-uk] A small Bet, because Im fed up with not knowing.

Nik Butler nik at reducedhackers.com
Mon Oct 9 10:51:36 BST 2006 

Tony Arnold wrote:
> Nik,
> does not say all the attacks were viruses!
>   
True
> I've seen plenty of Linux/Unix systems compromised. The vast majority
> have been compromised through weak passwords or user's password being
> discovered.
>   
As for any system, though we can see our security exploits more openly
> Most attacks seem to result in the running of a IRC bot, which can then
> be used to launch DDOS attacks or SPAM or whatever.
>   
So .  Hence my question.. how easy is it really to make a process from 
email to infection.

I can accept that firewalls and applications require user security and 
poor passwords make poor defences but should a desktop user be allowing 
port 22 or other overflow port to be open directly . Actually thats a 
key thought and the reason I wanted to have the conversation what should 
the Desktop environment come with as a locked down and locked out 
feature set.

> I've also seen system utilities replaced with versions that hide the bad
> software, so root access must have been gained somehow.
>   
Yes me to but mostly on my servers with public facing or natted IPs. but 
not my Desktops.
> The only thing I'm not sure about is whether any of this is
> self-propagating.
>   
No, theyre not.. but I have pleny of example script bots and scripts 
from infected machines that show how they scour and report back to the 
irc channel.


Having recently fixed a relatives Win2k box though I had to confess that 
it would have been easier if I could have cleanly booted of a CD and 
managed the Disk from a seperate system , much like I do in Linux.  
There were work arounds but the Easy of Use and Innovative Intrgration 
that comes with Windows made it far to easy for automated programs.   
Most infections on Servers under linux have been non automated , user 
driven attacks by people whove found an exploit.  So it gets harder for 
them to automate an attack .

I suspect Metasploit will be the first to find a way through and when 
they do the arms race will step up a bit. However I dont expect to end 
up paying a "fee" to protect my system against problems inherent in the 
system in the first place and thats another good reason to be 
considering a alternative.


Nik

More information about the ubuntu-uk mailing list