Slashdot Mirror

← Back to Stories (view on slashdot.org)

Analysis of Linux Backdoor Used In Freenode Hack

Posted by Soulskill on from the silent-but-deadly dept.

An anonymous reader writes "A detailed analysis has been done of the Linux backdoor used in the freenode hack. It employed port knocking and encryption to provide security against others using it. This seems a little more sophisticated than your average black-hat hacker.

2 of 37 comments (clear)

  1. Re:security methods can be used by both sides by grcumb · · Score: 5, Informative

    If you think I've misinterpreted the problem, please tell me exactly where.

    Right here:

    You know the kind of shabby security joke that Windows turned into? The same thing has happened to linux and BSD

    The security problems that afflict Linux, Mac OS X and, to a much lesser extent, *BSD are fundamentally different in the way they manifest.

    We have yet to see the systemic infestation that characterised Windows in the late '90s and early '00s. There was a time mid-decade when the time it took to for an unattended, freshly installed Windows box to get pwned was estimated to be 20 minutes.

    Heartbleed, Shellshock, the Debian SSH debacle (can't forget that one) and numerous other problems are symptomatic of weaknesses in aspects of the FOSS environment that people used to think (unrealistically) were invulnerable. Instead, what we've discovered is that they're quite susceptible to targeted attack. This difference should not be understated. Windows is an infected system - basically, you can't run it without antivirus. Linux, Mac OS X and numerous other OSes are easily attacked individually, but there are not as yet any exploits that subvert the entire ecosystem.

    None of this is to dismiss how serious the potential threat is. I just want to make it clear that, so far, the danger that we see is different from what we are living with in the Windows world. It's different in quantity and quality.

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  2. Sensationalistic title and wording used in OA by LazLong · · Score: 5, Informative

    The OA uses the term "Linux backdoor," but then goes on to describe it as a add-in kernel module. It's not a backdoor, but rather a rogue kernel module someone has written. The module in question, ipt_ip_udp, isn't part of the Linux kernel. It's merely a module some black hat wrote to provide remote access to an already compromised system. This is just FUD and self-promotion by NCC Group to make what they found sound much more important than it really was, no doubt to increase their client base. What crap.

    To sum up, it isn't a Linux back door and it isn't a vulnerability in the Linux kernel source code. It's merely a rootkit.