How to tell if I've been hacked?
Nils Kassube
kassube at gmx.net
Wed Aug 26 12:38:29 UTC 2009
Andrew Farris wrote:
> On Tue, 2009-08-18 at 21:54 -0400, Scott Ehrlich wrote:
> > There is a lot of talk about the vulnerable Linux kernel. I'm
> > simply wondering the telltale signs if a given system has been
> > hacked? What, specifically, does a person look for?
>
> Who's been talking about the linux kernel being vulnerable? Thats not
> more MS FUD is it?
It would be more interesting to know which vulnerability is meant. But
as long as that is unknown it is not useful to claim it is MS FUD. After
all there was an old vulnerability discovered recently.
If it is this vulnerability [1], it is exploitable for local attackers
only. But beware, someone connected via SSH would count as a local
attacker as well.
> A great way to avoid all this trouble is to only install packages
> from the offical repos. this eliminates the possibility that someone
> could install a backdoor into your system, with which they could
> 'hack' your pc.
You can install the ssh server from the repos and let others login. Then
your machine is open to the above mentioned vulnerability. While it is
certainly a good idea to use only software from trusted sources, it
doesn't mean you are always safe.
> What I'm really interested in, though, is who was talking about the
> Linux kernel being insecure :)
Only a few examples: [1], [2], [3], [4], [5]. Don't pretend Linux is invincible.
Nils
[1] <https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-August/000952.html>
[2] <http://lkml.org/lkml/2009/8/13/549>
[3] <http://www.theregister.co.uk/2009/08/14/critical_linux_bug/>
[4] <http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html>
[5] <http://linux.slashdot.org/story/09/08/13/2022212/Local-Privilege-Escalation-On-All-Linux-Kernels>
More information about the ubuntu-users
mailing list