Slashdot Mirror

As you already pointed out, you have to have root access to the machine then install a root kit. This is just a bunch of FUD similar to the ruckus the so-called WordPress vulernabilities that were reported last month. Yes, they allowed you to redirect to any url as part of a seemingly innocent url, but you have to be logged into WordPress to exploit them. Highly overrated as severe security vulnerability.

Kernel modules have fuckall to do with spyware (who would be stupid enough to try and fly a massive chunk of spyware code in under the module radar?)

The equivalent in the Windows world would be a spyware dll. It's loaded by the Windows kernel (a call to "LoadModule" and the dll's name).

You don't need the Windows source to modify a dll, not even to mod a Windows core dll. Just a program like TDUMP to give you the module entry points for each exported function, and a hex editor. Fix up your spyware to copy the dll over the old one, and the next reboot, you're good.

If Linux ever has a large enough user base for anyone to give two shits about infecting it, it WILL be infected.

The top 10 viruses for last month: http://www.net-security.org/virus_news.php?id=464

The top ten viruses in September 2004, and the month they were first seen, were as follows:

1. W32/Zafi-B 30.5% June 04
2. W32/Netsky-P 26.7% March 04
3. W32/Netsky-D 6.1% March 04
4. W32/Netsky-Z 5.5% April 04
5. W32/Bagle-AA 3.8% April 04
6. W32/MyDoom-O 3.6% July 04
7. W32/Netsky-B 3.5% February 04
8. W32/Netsky-Q 2.7% March 04
9. W32/Lovgate-V 2.6% April 04
10. W32/Netsky-C 2.0% February 04
--
Others 13.0%

Please read this.

Check out Dead Man's Switch. If you die, it can send out e-mails to those of concern and delete all of your hardcore porn so not as to destroy your family's last image of you.

We can all sleep better now.

....is here. This for those of you who read the comments before reading the article ;)

HERE is the LINK

Thing is, if the person who sent it to you *does* know about computers, they will know you are a tool.

Try and convince me that there have _never_ been exploits via html & pdf.

Here's the latest PDF one.

Did you know that Melissa and Goga were originally delivered via RTF ?

From Improving
Passive Packet Capture: Beyond Device Polling.

"Linux, a very popular OS used for running network appliances, performs very poorly with respect to other OSs used in the same test" (FreeBSD and Win2k).

"The Linux kernel module is almost as fast as the userspace FreeBSD application".

Percentage of packets captured (in user space), using device polling, at 80,000 packets per second? Linux 5.6%, FreeBSD 99.9%. Linux manages 99.5% only using a kernel module.

SO LINUX MUST GO TO KERNEL SPACE TO ALMOST BE AS FAST AS FREEBSD WITHIN USER SPACE! Oh yeah, Linux runs much better than the BSD's.

Maybe if you BSD is dying trolls stopped crapping on here about BSD dying and instead actually learned a language apt for your OS of choice, you might actually be able to bring Linux up to "dead status" with the BSD's.

But wait, it gets worse! While trying to capture packets from a DoS application, Linux could only manage capture rates of 0.8% in user space and 9.7% in kernel space, while FreeBSD managed 74.7% in user space!

"FreeBSD performs much better than Linux"

"it is obvious that a vanilla FreeBSD system is much more efficient than a vanilla Linux system when used for packet capture."

From Improving
Passive Packet Capture: Beyond Device Polling.

"Linux, a very popular OS used for running network appliances,
performs very poorly with respect to other OSs used in the same
test" (FreeBSD and Win2k).

"The Linux kernel module is almost as fast as the userspace
FreeBSD application".

Percentage of packets captured (in user space), using device polling, at
80,000 packets per second? Linux 5.6%, FreeBSD 99.9%. Linux manages
99.5% only using a kernel module.

SO LINUX MUST GO TO KERNEL SPACE TO ALMOST BE AS FAST AS FREEBSD
WITHIN USER SPACE! Oh yeah, Linux runs much better than the
BSD's.

Maybe if you BSD is dying trolls stopped crapping on here about BSD
dying and instead actually learned a language apt for your OS of choice,
you might actually be able to bring Linux up to "dead status" with the
BSD's.

But wait, it gets worse! While trying to capture packets from a
DoS application, Linux could only manage capture rates of 0.8% in user
space and 9.7% in kernel space, while FreeBSD managed 74.7% in user
space!

"FreeBSD performs much better than Linux"

"it is obvious that a vanilla FreeBSD system is much more
efficient than a vanilla Linux system when used for packet
capture."

From Improving
Passive Packet Capture: Beyond Device Polling.

"Linux, a very popular OS used for running network appliances,
performs very poorly with respect to other OSs used in the same
test" (FreeBSD and Win2k).

"The Linux kernel module is almost as fast as the userspace
FreeBSD application".

Percentage of packets captured (in user space), using device polling, at
80,000 packets per second? Linux 5.6%, FreeBSD 99.9%. Linux manages
99.5% only using a kernel module.

SO LINUX MUST GO TO KERNEL SPACE TO ALMOST BE AS FAST AS FREEBSD
WITHIN USER SPACE!

Maybe if you BSD is dying trolls stopped crapping on here about BSD
dying and instead actually learned a language apt for your OS of choice,
you might actually be able to bring Linux up to "dead status" with the
BSD's.

But wait, it gets worse! While trying to capture packets from a
DoS application, Linux could only manage capture rates of 0.8% in user
space and 9.7% in kernel space, while FreeBSD managed 74.7% in user
space!

"FreeBSD performs much better than Linux"

"it is obvious that a vanilla FreeBSD systems is much more
efficient than a vanilla Linux system when used for packet
capture."

From Improving
Passive Packet Capture: Beyond Device Polling.

"Linux, a very popular OS used for running network appliances,
performs very poorly with respect to other OSs used in the same
test" (FreeBSD and Win2k).

"The Linux kernel module is almost as fast as the userspace
FreeBSD application".

Percentage of packets captured (in user space), using device polling, at
80,000 packets per second? Linux 5.6%, FreeBSD 99.9%. Linux manages
99.5% only using a kernel module.

SO LINUX MUST GO TO KERNEL SPACE TO ALMOST BE AS FAST AS FREEBSD
WITHIN USER SPACE!

Maybe if you BSD is dying trolls stopped crapping on here about BSD
dying and instead actually learned a language apt for your OS of choice,
you might actually be able to bring Linux up to "dead status" with the
BSD's.

But wait, it gets worse! While trying to capture packets from a
DoS application, Linux could only manage capture rates of 0.8% in user
space and 9.7% in kernel space, while FreeBSD managed 74.7% in user
space!

"FreeBSD performs much better than Linux"

"it is obvious that a vanilla FreeBSD systems is much more
efficient than a vanilla Linux system when used for packet
capture."

From Improving
Passive Packet Capture: Beyond Device Polling.

"Linux, a very popular OS used for running network appliances,
performs very poorly with respect to other OSs used in the same
test" (FreeBSD and Win2k).

"The Linux kernel module is almost as fast as the userspace
FreeBSD application".

Percentage of packets captured (in user space), using device polling, at
80,000 packets per second? Linux 5.6%, FreeBSD 99.9%. Linux manages
99.5% only using a kernel module.

SO LINUX MUST GO TO KERNEL SPACE TO ALMOST BE AS FAST AS FREEBSD
WITHIN USER SPACE!

Maybe if you BSD is dying trolls stopped crapping on here about BSD
dying and instead actually learned a language apt for your OS of choice,
you might actually be able to bring Linux up to "dead status" with the
BSD's.

But wait, it gets worse! While trying to capture packets from a
DoS application, Linux could only manage capture rates of 0.8% in user
space and 9.7% in kernel space, while FreeBSD managed 74.7% in user
space!

"FreeBSD performs much better than Linux"

"it is obvious that a vanilla FreeBSD systems is much more
efficient than a vanilla Linux system when used for packet
capture."

Why not try Linux instead? It works better

From Improving
Passive Packet Capture: Beyond Device Polling.

"Linux, a very popular OS used for running network appliances,
performs very poorly with respect to other OSs used in the same
test" (FreeBSD and Win2k).

"The Linux kernel module is almost as fast as the userspace
FreeBSD application".

Percentage of packets captured (in user space), using device polling, at
80,000 packets per second? Linux 5.6%, FreeBSD 99.9%. Linux manages
99.5% only using a kernel module.

SO LINUX MUST GO TO KERNEL SPACE TO ALMOST BE AS FAST AS FREEBSD
WITHIN USER SPACE! Oh yeah, Linux runs much better than the
BSD's.

Maybe if you BSD is dying trolls stopped crapping on here about BSD
dying and instead actually learned a language apt for your OS of choice,
you might actually be able to bring Linux up to "dead status" with the
BSD's.

But wait, it gets worse! While trying to capture packets from a
DoS application, Linux could only manage capture rates of 0.8% in user
space and 9.7% in kernel space, while FreeBSD managed 74.7% in user
space!

"FreeBSD performs much better than Linux"

"it is obvious that a vanilla FreeBSD systems is much more
efficient than a vanilla Linux system when used for packet
capture."

It could have happened in the past. Pine has had similar vulnerabilities in the past.

Well, the first google search result for '"redhat 7.3" security update' yields: this link where a security bug in 7.3 is patched. That bug fix was released less than 15 days ago, so it seems like it still gets support.

I appears to come from the Fedora team.

Yet strangely or rather not so strangely missing when comparing to Linux.

One would have thought it is equally important regardless of platforms used, but aparently not.

An In-Depth look Into Windows Security in 2003
by Mirko Zorz - Monday, 22 December 2003.

When it comes to security predictions for next year, basically everyone says it's going to be worst than this year despite the increased spending on security and some progress made when it comes to security awareness. Let's take a look at some interesting happenings that made the news during 2003 when it comes to Microsoft security and perhaps you'll be able to judge for yourself what 2004 will bring.

The experts that voice their opinion for this article are Russ Cooper (Surgeon General of TruSecure Corporation/NTBugtraq Editor), Ed Skoudis (a security geek who is focused on computer attacks and defenses, author of "Counter Hack" and "Malware: Fighting Malicious Code") and Arne Vidstrom (a security researcher and author of many security tools for Windows).

It's January and things don't look good

Just as we were getting used to writing 2003 instead of 2002 in our letters, here comes the Slammer worm and all hell brakes loose as thousands of computers are infected worldwide.

This, however, was not Microsoft's fault since a patch was available several months ago before the worm was unleashed. This has put the issue of irresponsible users into the spotlight while others said the reason why some servers weren't patched is because administrators are worried about the side-effects that come with a patch.

Russ Cooper said: "Firstly, SQL patches have been notoriously difficult to install, so I would argue that despite the availability of a patch, its lack of installation was not entirely the user's fault. Further, MSDE (Microsoft SQL Desktop Engine) inclusion in 3rd party software had never been tracked by Microsoft. This resulted in many people being vulnerable to Slammer who never knew they needed a patch. The method the SQL group has used to handle the SQL vs. MSDE issue have been very poor, with KB articles typically only being found by searching for SQL rather than MSDE. Finally the SQL Server Resolution Service, the service targeted by Slammer, isn't even mentioned in the SQL 7.0 documentation either as being present, installed, or enabled by default."

Lessons learned according to Cooper: "What Slammer showed us more than anything was the need to embrace more basic controls, such as "Default Deny". There's little reason to expose the SSRS to the Internet without any restrictions. Some hosting providers have argued that their customers required access to the service and, therefore, they exposed it directly to the Internet. While this might seem reasonable, the additional cost of locking down such connection points to, at least, an identifiable IP address range surely couldn't put them out of business compared to the risks they put the entire Internet at. Of course the same holds true for businesses, but there the problem was more of a problem with the "Default Installation". We have long known that default installations are inherently insecure. Knowing what you're installing, and installing only what you know, are crucial to achieving baseline security. The habit of simply accepting the defaults and no additional steps is yet another reason problems like this occur."

"Another aspect of "Default Deny" is the enforcement of *Outbound* rules as well as inbound. Habit says that inbound is what we fear, yet outbound is left entirely untouched. Slammer demonstrated just how harshly such a policy can affect the Internet. There was no reason for those systems to initiate connections outbound on UDP 1434, even if we accept there was a need to allow the inbound connections from other infected hosts. Ergo, had such rules been in place, machine

An In-Depth look Into Windows Security in 2003
by Mirko Zorz - Monday, 22 December 2003.

When it comes to security predictions for next year, basically everyone says it's going to be worst than this year despite the increased spending on security and some progress made when it comes to security awareness. Let's take a look at some interesting happenings that made the news during 2003 when it comes to Microsoft security and perhaps you'll be able to judge for yourself what 2004 will bring.

The experts that voice their opinion for this article are Russ Cooper (Surgeon General of TruSecure Corporation/NTBugtraq Editor), Ed Skoudis (a security geek who is focused on computer attacks and defenses, author of "Counter Hack" and "Malware: Fighting Malicious Code") and Arne Vidstrom (a security researcher and author of many security tools for Windows).

It's January and things don't look good

Just as we were getting used to writing 2003 instead of 2002 in our letters, here comes the Slammer worm and all hell brakes loose as thousands of computers are infected worldwide.

This, however, was not Microsoft's fault since a patch was available several months ago before the worm was unleashed. This has put the issue of irresponsible users into the spotlight while others said the reason why some servers weren't patched is because administrators are worried about the side-effects that come with a patch.

Russ Cooper said: "Firstly, SQL patches have been notoriously difficult to install, so I would argue that despite the availability of a patch, its lack of installation was not entirely the user's fault. Further, MSDE (Microsoft SQL Desktop Engine) inclusion in 3rd party software had never been tracked by Microsoft. This resulted in many people being vulnerable to Slammer who never knew they needed a patch. The method the SQL group has used to handle the SQL vs. MSDE issue have been very poor, with KB articles typically only being found by searching for SQL rather than MSDE. Finally the SQL Server Resolution Service, the service targeted by Slammer, isn't even mentioned in the SQL 7.0 documentation either as being present, installed, or enabled by default."

Lessons learned according to Cooper: "What Slammer showed us more than anything was the need to embrace more basic controls, such as "Default Deny". There's little reason to expose the SSRS to the Internet without any restrictions. Some hosting providers have argued that their customers required access to the service and, therefore, they exposed it directly to the Internet. While this might seem reasonable, the additional cost of locking down such connection points to, at least, an identifiable IP address range surely couldn't put them out of business compared to the risks they put the entire Internet at. Of course the same holds true for businesses, but there the problem was more of a problem with the "Default Installation". We have long known that default installations are inherently insecure. Knowing what you're installing, and installing only what you know, are crucial to achieving baseline security. The habit of simply accepting the defaults and no additional steps is yet another reason problems like this occur."

"Another aspect of "Default Deny" is the enforcement of *Outbound* rules as well as inbound. Habit says that inbound is what we fear, yet outbound is left entirely untouched. Slammer demonstrated just how harshly such a policy can affect the Internet. There was no reason for those systems to initiate connections outbound on UDP 1434, even if we accept there was a need to allow the inbound connections from other infected hosts. Ergo, had such rules been in place, machine

http://www.net-security.org/article.php?id=619

"There has been press recently about a potential dictionary attack under some conditions. In essence this says that if you choose a bad password (or key) to protect your system you may be vulnerable to dictionary attack. So what's new? The same applied to security systems the world over".

Bill's made it possible for any random high-school loser to destroy $14 billion of other people's hard work. He's soaked the world in gasoline and handed out a billion matches. That's an "achievement"?

I read this article a few days ago and bookmarked most of the links I thought valueable. If anyone else is interested add some more to this thread so I can grab them :)

Exported bookmarks Fingerprint
blackhole(4) - a sysctl(8) MIB for manipulating TCP
Help Net Security OS-FngrPrint article in PDF
Honeyd - Network Rhapsody for You
http://ojnk.sourceforge.net/stuff/iplog.readme
http://www.insecure.org/nmap/nmap-fingerprinting-a rticle.txt
IP Personality - Home
Kernel Options
p0f file listing
PhoneBoys FireWall-1 FAQs: Blocking queSO packets
s0ftpr0ject 2000 Fingerprint Fucker
Security Technologies
SourceForge.net: Project Info - SING
Sys-Security.com - Because Security is not Trivial
USENIX Technical Program - Abstract - Security Symposium - 2000

Nope, seems to me Toxen's pseudonym is "Zorz".

Nope, seems to me Toxen's pseudonym is "Zorz".

This exact same story was on net-security.org yesterday. If you would like more information about this topic go to this story @ net-security.org.

Debian Linux has issued 93 security warnings this year which is quite a surprise.

DOS 1.0 0 :-)

Friggen slash doesn't like <a>0</a> :-(

Red Hat 77

Microsoft 70

FreeBSD 25

Sun 6

Novell 4

Red Hat 77

Microsoft 70

FreeBSD 25

Sun 6

Novell 4

Red Hat 77

Microsoft 70

FreeBSD 25

Sun 6

Novell 4

Red Hat 77

Microsoft 70

FreeBSD 25

Sun 6

Novell 4

Red Hat 77

Microsoft 70

FreeBSD 25

Sun 6

Novell 4

I am a firewall engineer/tech. As bad as I hate to say it, but, especially with the tech industry being in the shape it's in right now, things like this help assure that I will have a job for the foreseeable future.

Also here's another article about the worm, for those who care.

check out this link for more info.

In first issue of Help Net Security newsletter (named Default for some strange reason that bugged us for along time), published on Friday 13 August 1999, one of our editors was Jordan Socran from Zero Knowledge Systems. His first piece was about ZKS and its history, so it is very interesting to read it...

URL:
http://www.net-security.org/ tex t/articles/zks.shtml

I'll also try to find out an old interview I did with them, when Freedom wasn't even created, where he talks about future plans etc. I'll add the URL to this thread...

Cheers

I don't want to start an OS war since I have no big problems with windows. As far as w2k being the best OS MS has ever had, I really have to disagree. I've never had personal experience with it but from what I've read it is their worst attempt at security yet. This article explains these problems a little more thorougly.

I've performed a small search on altavista and I found that f0bic is a male. He was arrested on 12th june. See and search for 'f0bic' on your page...

So if flipz is not gay he must be a female :-)

If also found, while searching for f0bic that a website (that is not listed on attrition) has been 'edited' for so many time that it was referenced by Altavista :-)