A Look at BSD Rootkits

← Back to Stories (view on slashdot.org)

Posted by Zonk on Thursday May 31, 2007 @06:43AM from the under-the-devil's-horns dept.

blackbearnh writes "Windows has a reputation for being easily exploited by rootkits, but just because you're using Linux or BSD doesn't mean you're safe from infection. In an interview on O'Reilly's ONLamp site, Joseph Kong (author of Designing BSD Rootkits ), talks about how to build and defend against Rootkits under BSD. 'I know a lot of people who refer to rootkits and rootkit-detectors as being in a big game of cat and mouse. However, it's really more like follow the leader — with rootkit authors always being the leader. Kind of grim, but that's really how it is. Until someone reveals how a specific (or certain class of) rootkit works, nobody thinks about protecting that part of the system. And when they do, the rootkit authors just find a way around it. This is what I meant earlier when I said rootkit hunting is hard — as you really have to validate the integrity of the entire system.'"

10 of 98 comments (clear)

Min score:

Reason:

Sort:

Illegal Book? by Numbah+One · 2007-05-31 06:48 · Score: 5, Funny

is this book illegal in Germany?
Run your system off of CD by Nom+du+Keyboard · 2007-05-31 06:53 · Score: 4, Funny

Run your system off of a bootable CD. A little slower to boot, but once it's in memory...

--
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
1. Re:Run your system off of CD by dedazo · 2007-05-31 08:02 · Score: 2, Funny
  
  Good idea, as long as it's not a Sony CD...
  
  --
  Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
2. Re:Run your system off of CD by that+this+is+not+und · 2007-05-31 10:18 · Score: 2, Funny
  
  You only have one CD-ROM drive in your system??
Re:Pardon me, but I'm not surprised by jalet · 2007-05-31 06:56 · Score: 5, Funny

> based on my penetration testing and signature analysis.
> E. Wyatt Tomlinson

OK, so we finally analyzed your signature above, and now we would like to proceed with the penetration testing of you.

Please advise.

--
Votez ecolo : Chiez dans l'urne !
A BSD rootkit? by wumpus188 · 2007-05-31 06:58 · Score: 2, Funny

Theo must really pissed this guy off.
but once it's in memory... by Anonymous Coward · 2007-05-31 07:15 · Score: 1, Funny

but once it's in memory...

What can I say? BSD is in our memory, rest in peace BSD! You will remain in our memories..
Re:*BSD developers leave behind trail of corpses by BosstonesOwn · 2007-05-31 07:16 · Score: 3, Funny

Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.

Since when did Steve Balmer start working at dragonflyBSD ?

--
This package Does Not Contain a Winner
Re:There is no fundamental reason by nuzak · 2007-05-31 09:04 · Score: 2, Funny

> Have the compiler randomize the kernel's ABI.

I believe this is called the Linux Kernel Development Process. It even scrambles the API's pretty good between iterations.

--
Done with slashdot, done with nerds, getting a life.
Re:Once you're penetrated you're ****ed. by turing_m · 2007-05-31 14:39 · Score: 3, Funny

"Security is like sex... once you're penetrated you're ****ed."

I think a car analogy would work better here... at least cars are something most people here have a passing familiarity with.

--
If I have seen further it is by stealing the Intellectual Property of giants.