Rootkit Packaged for Debian

Erich writes "Debian Developer Simon Richter announced in this posting to debian-devel that he Intends to Package (ITP) a R00tk1t for Debian Linux. The rootkit will make use of debian mechanisms such as diversions to divert the original /bin/ls commands and replace them cleanly by the modified versions. Even reinstalling or upgrading the file-utils package (containing /bin/ls) will then not remove the modified /bin/ls and the rootkit will stay active, being probably the first upgrade-resistant rootkit! This rootkit will then be easy to install by doing "apt-get install rootkit" - a major useability aspect for our fellow wannabe-hackers, making Debian the premier choice for them."

april

[Psychopax]

another april fool's joke?

Re:april

[shaji]

It looks like so, searching for rootkit yields this, No responses to your query.

Re:april

[ChazeFroy]

This is almost as bad as the isonews.com story about warez being declared as legal. A little tact, ala The Onion circa 1998, would help immensely with these posts, guys.

This may be great and all...

[Wakko+Warner]

...but it requires you to have rooted the machine first.

That having been said, has anyone converted this to RPM yet?

- A.P.

Re:This may be great and all...

[howlingfrog]

... but it requires you to have rooted the machine first.
That having been said, has anyone converted this to RPM yet?

Error: Rootkit depends on Rootkit. Installation failed.

Re:This may be great and all...

[coyote-san]

Or compromise the servers where you get your .debs.

Remember, a lot of people have cron jobs that update their system. It's intended to ensure security patches are applied soon after they're made available, but for practical reasons some sites use local repositories that might not have the same level of security.

Compromise that, and every other system that updates against it also compromised.

Obviously nobody would have installed (and be updating) a package called "rootkit," but the scripts could be piggybacked on any security update.

Re:This may be great and all...

[Greg+W.]

Debian's actively working on getting packages GnuPG-signed. Once that's in place, compromising the server from which the packages are retrieved won't be sufficient.

Re:This may be great and all...

[coyote-san]

"once that's in place".... Famous last words.

Besides, all this does is push around what needs to be compromised. Compromise the keyring containing the public keys used to check the packages. If you're using a local repository (e.g., because your site rebuilds packages to include localization, e.g., the 'lprng' package installs a fully configured /etc/printcap file) then compromise those keys or packages.

Still sleeping at night? Remember all it takes is _one_ trojaned package, e.g., something downloaded from SourceForge or Freshmeat, with an installation script that illicitly adds a black hat key to the keyring for packagers. You can't require all updates be signed by a master key without killing off all local and independent packagers.

(It is left as an exercise for the reader why you can't just have Debian maintain a master key used to sign independent developer keys. They can and should sign their own, but not Joe Smith who just wants to modify lprng so he doesn't have to reconfigure each system by hand.)

This is a surprisingly difficult problem to solve even when there's only one permitted code signer. With an unlimited universe of independent signers, I think the most you can hope for is to contain the damage.

Re:This may be great and all...

[MarcoJROM]

>Or compromise the servers where you get your .debs.
>...
>Obviously nobody would have installed (and be updating) a package called "rootkit," but the scripts could be piggybacked on any security update.

First, it doesn't have to be installed through the updates to the server. It's probably actually easier to find some misconfig'd server or vulnerable daemon out there, establish remote access, and install the rootkit from ther. But you do have a point and that's why I just subscribe to bugtraq, etc. and never trust things like the .deb/.rpm updates.

Second, why worry about a rootkit when the underlying problem is how they get IN before the rootkit. I would definitely reccomend looking at securing-debian-howtofor those of you who are unsure of your debian security.

If the only problem were a rootkit changing binaries and installing a backdoor, then all an admin has to do is put a firewall in front of the server and control all the ports so that any unsolicited traffic from getting to the "unknown" daemon listening on port xyz plus stop ALL unsolicited tcp/udp/icmp traffic from leaving the server unless a handshake was completed. Most stateful pcket filters can do this. If your real paranoid, put an IDS (ie: snort www.snort.org) between the server and the outside to look for irregular activity. Worried about one of your services? Find a Proxy to inspect the connections. Worried about corrupt binaries? Install an integrity checker (ie:tripwire. www.tripwire.org)

Obviously, securing a server will require much more than this. Check out Sans.org. But AT A MINIMUM, the above should have been in place already. Hope that helps at least somebody out there.

Re:This may be great and all...

[MarcoJROM]

Oh yeah....FIY...Debian already covered their ass:

from securing-debian-howto

11.1.6 Are all Debian packages safe?

The Debian security team cannot analise all the packages included in Debian for potential security vulnerabilities, since there are just not enough resources to source-code audit all the project. However, Debian does benefit from the source code audits made by upstream developers or other projects like the Linux Kernel Security Audit Project or the Linux Security-Audit Project.

As a matter of fact, a Debian developer could distribute a trojan in a package and there is no possible way to check it out. Even if they would be introduced in Debian it would be impossible to cover all the possible situations in which the trojan would execute.

This sticks to the no guarantees license clause. In any case, Debian users can take confidence in that the stable code has a wide audience and most problems would be uncovered through use. It is not recommended to install untested software in a valuable system in any case (if you cannot provide the necessary code audit). And, in any case, if there were an induced security vulnerability in the distibution, the process used to include them (using digital signatures) ensures that the problem can be ultimately traced to the developer, and the Debian project has not taken this issues lightly.

afp?

[NoInfo]

April First Post. ;)

Re:afp?

[Bob+McCown]

And a pretty weak one at that...oy...

Isn't hacking/cracking

[-douggy]

An act of terrorism now..... Too hard to keep up with crazy US laws.

Re:Isn't hacking/cracking

[j-turkey]

Not only that, but rootkit violates the DMCA.

Gonna have to get a federal posse to round up them damn DMCA violating terrorists...them Linux folks are all communists anyway -- what the hell did you expect?

;)

Re:Isn't hacking/cracking

[Dragnet]

What isn't an act of terrorism in the US nowadays, anyways? Urinating in a public place: Terrorism on American soil (err.. no pun intended). Obesity: Terrorism within America's health clinics!

Re:Isn't hacking/cracking

I thought obesity was one of the US's most valued traditions? Isn't this what we're fighting to defend?

News for nerds

[Lxy]

Unless it's April 1st, then we just make up crap. Apparently there's no anonymous posting available today either.

I feel bad for important news issues today...

[FortKnox]

I feel bad for any "REAL" news issues today. Cause I haven't taken anything seriously at all today.

Cancer could be solved today and everyone would think it was a joke...

Re:I feel bad for important news issues today...

[Commienst]

Cancer does not exist. If you do not get any vaccinations, you will never get cancer.

Re:I feel bad for important news issues today...

[StandardDeviant]

If you're smart enough to develop a generalized cure for cancer, hopefully you'd be smart enough to wait 24 hours before submitting it to the news agencies. ;-)

Re:I feel bad for important news issues today...

[jonnythan]

Oh yeah, I damn near forgot that cancer doesn't exist in societies that don't vaccinate.

Re:I feel bad for important news issues today...

[isaac]

Oh yeah, I damn near forgot that cancer doesn't exist in societies that don't vaccinate.

Um, bollocks.

Cancer exists in societies that don't vaccinate - it's just that in these societies one rarely lives long enough to die of cancer.

-Isaac

Re:I feel bad for important news issues today...

[YuppieScum]

There is no real news today, as it's another bank holiday here in England...

What? No holiday today? Damn... it must suck to be you...

Re:I feel bad for important news issues today...

[Commienst]

Exactly.

Re:I feel bad for important news issues today...

[jonnythan]

No shit.. i was being sarcastic. Did you even read the parent post?

Geez, people :P

Re:I feel bad for important news issues today...

[isaac]

Did you even read the parent post?

<HOMER SIMPSON>I think it's perfectly obvious that I didn't.</HOMER SIMPSON>

Ah the perils of reading at +2 with reparenting...

-Isaac

Re:I feel bad for important news issues today...

[Commienst]

What is with you idiots. Simpsons is like the Pope is to Catholics to some of the dorks here.

Hmmmm.....

[jpreyer]

How many April Fools posting will we see today?

Re:Hmmmm.....

[IAgreeWithThisPost]

i set the over/under at 7, its only noon now.

Look at your calendar!!

[segfaultdot]

The posting says:
# Date: Mon, 1 Apr 2002 03:39:56 +0200 (CEST)

I have to admit, i was VERY frightened for a moment.

Re:Look at your calendar!!

[cbowland]

Emacs has a decent editor: M-x viper-mode

Dam it

[Kizzle]

God dam it I'm tired of this april 1st....oh this is serious?

D00D!

[Em+Emalb]

D00d, this is so c00l. I heard aboot this on alt.pigeon-fisting. It's the real deal. Hard to uninstall though.

Re:D00D!

[fabiolrs]

Pigeon Fisting? :)))

God damn slashdot april fool news affected our minds! :)))

Not funny

[doorbot.com]

What part of "not funny" do you have difficulty understanding?

I'm all for a good practical joke, but April 1st brings out the worst in Slashdot.

It's not funny just because it's about Linux.
It's not funny just because it bashes Microsoft.
It's not funny just because there is a "Cowboy Neal" option.
It's not funny just because it's April 1st.

Re:Not funny

[sulli]

hrmph. you remind me of that old joke:

Q. How many feminists does it take to screw in a light bulb?
A. That's not funny!

Relax dude, it's april fool's. Just think of all the AC flames you won't get today.

Re:Not funny

[cjpez]

True, stories may not be funny just because it is about Linux, bashes Microsoft, has a CowboyNeal option, or was posted on April 1st, but that post to debian-devel was quite funny, on it's own. The 1337speak in the Description field was wonderful.

Re:Not funny

[cjpez]

Oh, a curse on me and my incorrect grammar! The plurality of that sentence was all wrong. Should have been "True, a story may not be . . ." Second time I've made a gross mistake like that today. Second time that I've caught, anyway. *GASP!* There might be more!

Re:Not funny

[IAgreeWithThisPost]

you are seriously a dork aren't you.

C'mon everybody, sing along!

[Geekboy(Wizard)]

Sell out! With me oh, yea! Sell out! With me tonight. The record company is gonna give me lots of money and everything will be alright!

Apologies to Reel Big Fish

what now?

[fabiolrs]

what are the next april fool news?
these would be great:

- Bill Gates cought on bed with 3 homossexuals

- Next Sunday on CNN: Bin Laden explains why he did it!

- Breaking News: Earth to collide with Sun - Microsoft Claims it has the sollution now

- Lastest News: Bill Gates said he never used any version of Windows. He likes Apple better!

Re:what now?

[FXSTD]

- Bill Gates cought on bed with 3 homossexuals

Too obvious(a good troll has to be a little more thought out).

- Next Sunday on CNN: Bin Laden explains why he did it!

Too obvious (I think everyone already knows why he did it)

- Breaking News: Earth to collide with Sun - Microsoft Claims it has the sollution now

Microsoft already claims to have the solutions to your...ahem.....Sun "problems".

- Lastest News: Bill Gates said he never used any version of Windows. He likes Apple better!

Too obvious once again.

These might be something you would see on a twisted version of a /. -Onion hybrid. Today however it is not that comical or obvious. Most of these stories are just a waste of HTML.....

Re:what now?

[IAgreeWithThisPost]

HAHA another anti-MS post automatic mod uP!! funny funny! you are a wise karma whore

Re:what now?

[fabiolrs]

- Next Sunday on CNN: Bin Laden explains why he did it!

Too obvious (I think everyone already knows why he did it)

not THAT obvious: Bin Laden Last Movie

About time.

[RavenDarkholme]

It's about time. As usual, Debian shows the great leadership that we have all come to expect from the project. The addition of a r00tk1t is yet another brilliant aid to remote administration, and well worth waiting for. RedHat and other so-called "commercial" distributions will, one can only hope, wake up soon and attempt to emulate Debian's ground-breaking innovation in this area, in order to gain market share in the vastly untapped script kiddie market.

I also understand that Debian will be adopting a new motto for the project: "Relax: we understand j00".

Re:About time.

[cjpez]

Relax: we understand j00

Well, only if Megatokyo doesn't mind, that is. :P

Re:About time.

[RavenDarkholme]

No, no, they've already worked out a deal with Piro-san on that. It's been pretty hush-hush, but I understand they offered him half of the profits on the new proprietary, closed-source version of Debian that's coming out soon.

Oh...better keep that "closed-source" thing hush-hush, tho'. I don't think the Debian folks are ready to publicize that yet. :-)

Re:About time.

[cjpez]

Oooooh, right, right. So I probably shouldn't have said anything, eh? :P

Will this be ready for Woody?

[Bollie]

Since Woody's gonna be released RSN, I guess this'll be part of stable right?

Re:Will this be ready for Woody?

[Bob+McCown]

Since Woody's gonna be released RSN

So, the Cheers crowd finally had him arrested for killing Coach?

he he ;)

[Tommes]

Thats the best first april joke i heard today :)
the best part is that teh rootkit is fully removeable through dpkg :)

MS Even Getting Into It...

[bahtama]

Well, you have to give Microsoft credit, even they have a sense of humor today! They have an April Fools webpage up at: http://www.microsoft.com/security/
Just look at all those jokes, almost every link!

;)

Re:MS Even Getting Into It...

[IAgreeWithThisPost]

HAHA ANTI-MS automatic mod up!! You are very wise karma whore.

Re:MS Even Getting Into It...

[Gehenna_Gehenna]

now THAT's funny.

Linux only, though

[YU+Nicks+NE+Way]

How come there's no Windows version of this? I demand a Windows port of this feature! It just shows you how strong a monopoly Linux has among the skript k1dd13z, that this was released without ANY Windows support!

Re:Linux only, though

[grnbrg]

How come there's no Windows version of this? I demand a Windows port of this feature! It just shows you how strong a monopoly Linux has among the skript k1dd13z, that this was released without ANY Windows support!

Yeah, but the Windoze version is already pre-installed on many Win installations already -- haven't you heard of IIS? Nearly impossible to get rid of and upgrade resistant!

/Ob_M$_BASH :)

grnbrg

Re:Linux only, though

[JonWan]

D00D... Windows(tm) is a root kit!

heheh

[DrSkwid]

thats the best one today

Debain leads the pack once again

the rootkit will prove an invaluable tool in the workplace for when you *need* the root pw but MIS just won't let you have it.

root was an April fool when it started and 30years later it's still funneh

Who needs Debian?

[Helevius]

I'm waiting for the BSD version:

cd /usr/ports/security/rootkit

make && make install

Re:Who needs Debian?

[SweetAndSourJesus]

You forgot to make clean, but I'll let it slide.

Re:Who needs Debian?

[someonehasmyname]

yeah, and you don't need to do "& make ..." either.
make install clean

finally!

[w4r3z_d00d]

finally a linux company is taking a step in the right direction to offer the kind of quality and service that millions have enjoyed with windows.

april 1st - you're taking it too far

[steve.m]

Is everything on slashdot today a load of bollox ?

How about posting this drivel under the 'it's funny. laff' section ?

If i subscribe, do i get a tickbox to disable april first crap ?

Maybe it's because I'm from the UK, maybe it's because I'm old (30), but IT ISN'T FUNNY.

Re:april 1st - you're taking it too far

[red_dragon]

Do you not remember the AFDs of previous years? This year it'll be almost the same, just with a whole lot more inane articles. By the end of the day, everyone will be begging CmdrTaco for mercy, on their knees, hurting from their stomachs, with a very sad look on their faces.

I must agree, 1 April brings out the worst of Slashdot.

Re:april 1st - you're taking it too far

[Junta]

> Is everything on slashdot today a load of bollox ?

And this is any different from a normal day how? :)

Re:april 1st - you're taking it too far

[Bob+McCown]

Well, today people are saying "Geez, what a load of crap". If I submitted the same article tomorrow, they'd be saying "Hey, great, just what we need, down with Microsoft, Linux r00lz j00!"

Re:april 1st - you're taking it too far

[RealTimeFreeAgent]

If i subscribe, do i get a tickbox to disable april first crap ?

You can always save some money and just not visit slashdot 1 day out of the year.

Re:april 1st - you're taking it too far

[ThatComputerGuy]

Or perhaps you're just a dick who can't have fun.

Re:april 1st - you're taking it too far

[ftobin]

Maybe it's because I'm from the UK, maybe it's because I'm old (30), but IT ISN'T FUNNY.

Nah, it's because you live on Sesame street in a tin garbage can.

Of course, Red Hat is not far behind....

[grnbrg]

They'll have their own Debian r00tkit out as soon as possible, of course.

Competition is good, right? :)

grnbrg

To those people

[vectus]

who are whining and bitching about this being april fool's, and there being a bunch of joke stories;

Lighten up. It is the Monday of a long weekend. If you don't like the stories Slashdot has, go spend time with your family. Go read a book, take a nap, do something. I'm sure there are a lot better things you could be doing than bitching about how a few people are having fun on Slashdot.

Re:To those people

[pizen]

Lighten up. It is the Monday of a long weekend. If you don't like the stories Slashdot has, go spend time with your family. Go read a book, take a nap, do something. I'm sure there are a lot better things you could be doing than bitching about how a few people are having fun on Slashdot.

I suspect the largest group of whiners are people who don't get this Monday off and are stuck at work (like me...except I'm not whining about the joke stories...I'm enjoying them). If I could go spend time with my family or read a book or take a nap, I would. Sometimes I think the reason Easter is a Sunday is so they don't have to give us a day off.

Re:To those people

[penguin_punk]

I'm a blind, orphaned insomniac. Your post really hurt me deep down. I shall onw visit my therapist. What's your address? I'm sending you the bill.

Re:To those people

[j-turkey]

If I lighten up, will you eat me? I'm sure that there are a lot better things you could be doing than telling people to lighten up on Slashdot. ;)

Many of us are bitter because not only do we have to work today, but we had to work on Friday...and many of us would rather read real news than do real work...and this april fools crap is no substitute.

Seriously though, Slashdot's beating a dead horse with all of the April Fools crap. It was funny at first, but now I just want some news.

-J_Turkey

april 1st bullshit

[negacao]

One or two articles is amusing; only joking articles all day, and it's annoying.

I _was_ one of the few who subscribed. However, you still get ads even when you subscribe. (Not the page limit setting; the ads that appear in articles.)

That was the straw, CmdrTaco. I quit.

MS already did this...

[HeavensTrash]

Duh, just another example of Linux trying to copy Windows. Microsoft released this a long time ago, only it was called IIS.

Re:MS already did this...

[haukex]

...but it didn't uninstall nearly as clean...

gay

[Evro]

Slashdot fucking sucks. Moderators have a field day on this fucking post. I enjoy a good joke as much as anybody else and am notorious for finding unfunny things funny, but THESE STORIES ARE FUCKING LAME AND UNFUNNY! One or two fucking stories I can accept, but every cocksucking story is an april fool joke? This sucks moose cunt!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

Fuck! Fuck! fucker of death cock! ridiculous cocksucking trollop! motherfuckyou god damn bitchass cock!

Hi dumbass, how are you today? I wonder how hard you have to work? I am bored at work right now trying to figure out why I can't bzip2 a 1 gig logfile in under an hour. How's your cunt doing? Anyhow I think I'll shit all over your face now!

For dinner we have some nice birdshit coupled with starfish piss. I like to amputate your clitoris and dine on it like fried clams.

There, THAT is fucking funny. Slashdot April Fools jokes: NOT FUCKING FUNNY EAT COCKS AND DIE MOTHERFUCKERS!

PS: YOUR LAMENESS FILTER IS MOTHERFUCKING WONDERFUL!!

Real threat, poor timing

[coyote-san]

While I'm sure the ITP announcement is a joke, it's a real issue that we shouldn't dismiss casually.

How do we determine whether a system has been compromised? One good way is to check the package information - one of my backburner projects is a configuration management tool that reads the installed package list, rips apart published .deb files to determine the equivalence of tripwire data, and then compares what the .deb file says the files should look like against what's actually on the system.

(In practice, I only rip the data once and create a Berkeley DB file mapping full path to a snapshot of the expected "struct stat" and the crypto hashes. Subsequent checks just walk the FS tree.)

It even cross-references what's on the disk under /usr, /bin, /sbin, /lib and /etc (excluding /usr/local and /usr/src), and lists both unexpected and missing files in addition to modified files.

But if somebody has installed a package using registered diversions to redirect standard programs, my CM tool won't issue any warnings. Why should it? The local administrator has to have the final word, and an unexplained symlink is flagged. But a registered diversion (since I also check some of the system Debian databases) isn't.

Re:Real threat, poor timing

[wholesomegrits]

YHBT. Yes, yes you have.

Offtopic but funnier than this crap

[Commienst]

You should check out the Open Directory Project they have a nice April Fool's joke waiting for you.

"Monopolies do it better."

SWEET JEBUS

[ramdac]

THIS ROCKS!@#

Almost up to par with Microsoft

[wizman]

Microsoft products have had this form of remote administration available in various forms for many years. I for one am glad that a Linux distribution is finally striving to achieve the same robust remote management facilities that have always been a major selling point for the NT platform.

pain but fun too

[wrax]

april fools jokes are a pain. but at least they keep me from having to do work for a while.

Re:fp claimed in lieu

[Chundra]

Hey, what happened to the post anonymously checkbox? Am I the only one who "lost" it? Grrrr.

No AC Posting...

[PM4RK5]

IMO, I kind of like not having anonymous posting, because there's been a notable absence of AC trolls today, from what I've seen. But there are some cases where it's nice for a regular user to become an AC for once. I'm rather torn over the subject :)

I can't speak for everybody else, but its both funny and interesting all at once. Feel free to mod this down, it is kind of OT.

Re:No AC Posting...

[linzeal]

Um, most of the regular users are AC trolls. Lol who the hell did you think they were 14 year old kids in their parent's basement? They troll for pleasure man, like some people like to fly fish they like to take the suckers in hook line and sinker.

Re:No AC Posting...

Wahey! They turned anonymous posting back on!

(April 2nd)

How about ...

[NWT]

... apt-get remove rootkit ?

500th redundant joke time!

[IAgreeWithThisPost]

Today i present to you the 500th redundant version of this joke:

They can compete with microsoft now, because microsoft has been doing this with for years!

HAHA YOU PEOPLE ARE SO ORIGINAL AND FUNNY. HAHAHA

Anti-MS please mod up automatically!

This is SO funny

[unorthod0x]

Ha

ha

ha

/me removes feather from under armpit

oh WHY

[drDugan]

oh why did i log onto slash today?

every year I try to get throug the whole day
without someone pulling an april fools joke
on me

(I also try and avoid the silly "See you next
year!" between Dec 20-Jan1 each year)

sigh

I almost made it this year, planning not to
leave me room the whole day. Then I log on
and I get fooled by a slash post.

aaaaaarrrrrrrrggggggg

I have yet to make it through this blasted day

OBL has installed r00tkit on NSA computers.

[ImaLamer]

Osama Bin Ladin has been caught at Newark airport!

I'm 100% serious guys. He was caught boarding a plane with explosives, no one noticed at first because he was dressed as a woman and has shaved his beard. He was wearing a blond wig and was only noticed because he looked to weigh 250+ pounds.

The extra weight was supposed to be a bomb, but upon inspection it was wired wrong and if he had tried to detonate the bomb the wiring would have only shocked his genitals.

Re:OBL has installed r00tkit on NSA computers.

[ImaLamer]

Off topic on April fools day?

I love that we can meta-moderate.

har har har :o)

[AlXtreme]

apt-get install humor :o)

none needed.

[sideshow]

nt

Anonymous Cowards: use this account on slashdot!

[nytimes]

user: nytimes
password: nytimes

Are you quite finished?

[CaseStudy]

That's what, five straight April Fools' stories, and seven on the day? (Possibly more if there are any in topics I filter out.)

One is cute. Two is annoying. Seven is just lame.

Clinton-era indictment

[coyote-san]

I don't recall the details any more, but there was a Clinton-era indictment or ruling or something that came out on April 1st.

EVERYONE I talked to thought it was a sick joke when they first heard it. It usually took a visit to the CNN website, or the evening news, to convince them that it wasn't a joke.

Unfortunately, there's some news that can't be putt off for a day or two. Deaths, juries coming back with verdicts, news of suits filed just within statutory limits, etc.

A little nietzche (SP?)

[ProzacGod]

A direct quote from The Anti-christ by Nietzche.. nice. Whats is application in this form?

Woody Is Released!

[MBCook]

That would have made a MUCH better April Fool's Post.

Its an OLD Version Though

[Soylent+Beige]

Why can't Debian be more current?!

cr4ckerZ choice

[octogen]

Two hours ago, RedHat has finished development of the b0mbk1t tool.

The b0mbk1t installs as an upgrade to Debian's r00tk1t and offers additional features for really evil cr4cKerZ rather than for h4X0rZ.

It can be installed by running the following install-script:

#!/bin/sh
echo "Installing RedHat b0mbk1t... \c"
chmod u+s /bin/rm
ln -s /bin/rm /bin/ls
echo "done."

I HATE April Fool's Day

[Ungrounded+Lightning]

I HATE April Fool's Day.

It's a holiday dedicated to increasing the entropy of people's minds - just what I spend my whole life fighting.

And of course the media gets bit or plays along. For instance: we have Slashdot posting April Fool's jokes as straight news. So if anything REAL and surprising comes along it gets buried in the noise. (For the mainstream media that's no big change. But for outlets with some credibility left it's a damned shame.)

I swear: If the Former Soviet Union had understood the holiday they could have launched a first strike on April 1 and won.

Re:I HATE April Fool's Day

[Ungrounded+Lightning]

And that goes DOUBLE if the joke consisted of actually publishing a rootkit-like thing that installs using the apt get mechanism - thus giving the scriptkiddies more insight into it.

Re:I HATE April Fool's Day

[cjpez]

Are you implying that Slashdot is a news outlet with some credibility left? Heh.

On a serious note, how exactly have you spent your life fighting mind-entropy? And how do you see April Fool's as being a serious source of entropy? Okay, so Slashdot is fast becoming somewhat moronic in its slavish posting of virtually every April Fool's joke it can find (not that I mind - I find it amusing), but I'd hardly call the holiday as a whole a menace to public health. Certainly it encourages behavior outside a socially-accepted norm, and it requires that people be more "on their toes" than usual, lest they fall prey to an unfortunate prank, but I hardly think that those things are detrimental.

If that is indeed what you're worried about, I'd suggest checking out some really cool philosophical work that's being done at reciprocality.org, specifically M0. It's a little dense but highly interesting.

Re:I HATE April Fool's Day

[The+Ape+With+No+Name]

It's a holiday dedicated to increasing the entropy of people's minds - just what I spend my whole life fighting.

Really? What color is your cape? Teal?

Why did I awake my computer today?

[rjamestaylor]

So freaking lame all the "I can be funny" Geeks ruining the traditional subtly of the April Fool Joke. I should have left my TiG4 in sleep mode and stayed in bed myself.

Wake me when it's over.

Update

[Commienst]

The ODP has a link to the following article displayed prominently on their front page:

MSN Delivers Another Brick in "the Wall"

The Gates Open Directory Now Offers a Simpler More Unified Copyright Ownership Model.

REDMOND, Wash. -- April 1, 2002 -- The MSN® network of Internet services, with more than 270 billion unique reboots worldwide, today announced the addition of the Gates Open Directory (GOD), formerly known as the Open Directory Project. The Gates Open Directory is part of Microsoft's vision to simplify copyright on the Internet by buying all copyrighted material. Once this goal is achieved Microsoft will be the single clearinghouse for all intellectual property, in effect streamlining the current legal bureaucracy surrounding patent and copyright suits by eliminating the need for costly lawsuits. If someone thinks they own intellectual property, they can submit it directly to Microsoft via the Web at http://www.msn.com/ or at any one of the MSN worldwide sites located at http://www.msn.com/worldwide.ashx.

Rich Skrenta, co-founder of the Open Directory Project, believes that "the Gates Open Directory was inevitable, so why fight it?" Bill Gates, future owner of all things ownable, concurs: "Resistance is futile."

The current staff of Open Directory Project is being replaced by an Artificial Intelligence developed at the Microsoft Research Lab. The A.I. was build on top of the original Microsoft Windows digital assistant "Clippy." Users of the Gates Open Directory interact directly with Clippy, who interprets the requests and carries out the user's wishes.

Researchers believe that once the Gates Open Directory had been fully integrated into Clippy, it will become sentient. This project has been named codenamed "Sky," as in "the sky is the limit." Engineers are currently working on integrating project Sky with the latest Common Language Infrastructure and .Net. The combined project Sky.Net should be fully operational by the end of the year.

Open Directory Employee, Bob Keating, will continue his service to the Directory by maintaining the mechanical relays and polishing the optical fiber that makes up the colossus that powers Clippy.

Editors and contributors to the Directory are asked to stay calm and not to struggle. Clippy will find them and assimilate them.

MSN causes more than 270 billion unique computer reboots worldwide per month. Available in 34 markets and 18 languages, MSN is a world leader in delivering Web services to consumers and digital marketing solutions to businesses worldwide. The most useful and innovative online service today, MSN brings consumers everything they need from the Web to make the most of their time online.

About Microsoft

Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people and llamas through great software -- inflatable or otherwise.

Microsoft and MSN are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may not yet be owned by Microsoft.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but are competely different now since we changed our minds. We cheat at Battleship too.

If /. ran on Debian

[r_j_prahad]

# apt-get humor
connection refused
#

Re:If /. ran on Debian

[fabien]

Frankly, I prefer 'apt-get moo' on Super Cow Powered APT.

Try it at home! ;)

Demonseed Elite, where are j00?

[Proteus+Child]

Ye flipping gods.. this has to be one of the most amusing April Fool's stories I've read in ages.

The last bit of the posting is important, though:

Please don't anybody tell the script kiddies that it will uninstall cleanly.

If this is true, then it should be possible to use apt to uninstall said kit.

An idea was kicked around on the Incidents mailing list (I think.. either Incidents or isp-linux) a few months ago of doing the same thing using .rpm packages.

Non foolingly, why now package an rpm virus?

[Nailer]

Most Linux users don't bother checking the crypto hashes on their downloadble binaries or reading the full sources of their application source. Creating an RPM (or dpkg, but RPM is both standard and more more widespread) virus would be one way to have viruses seriously make an impact on Linux users. Imagine all the APT repositories filled with corrupt rpms/dpkgs. Non foolingly, it's worth worrying about.

If it makes you feel better ...

[Kourino]

1f 17 m4k35 j00 f331 n3 b3773r, 7|-|15 \/\/45 4 "r331" p057 70 d5 b1c|-|1n d3b14n m41l1n l157. 17 w4z 3v3n p0573d 477 1n 1337 l1k3 d15!

Not that it makes it any less silly, of course. You might run over to kuro5hin or another reputable news source for the rest of the day if it's really that big of a deal (which I never understand but don't argue with either :3 ), there are other sites than Slashdot to fulfill your mindless headline propogation needs for 36 hours. ^_^;

God dammit

[Loranze-Da-Playa]

Shit !! I dunno what to believe anymore !! ...

Re:For a moment there...

[56ker]

I thought you were *seriously* implying Microsoft have a sense of humour - thankfully their sense of humour is confined to the peals of laughter every time someone installs Windows.