If a non-root user has infected himself, then the virus is present, and it won't be able to create/dev/hdx1 or/dev/hdx2. It also will not be able to listen for EGP packets. The damage from a non-priv user being infected will be pretty minimal, unless file permissions are loose, and others start to run infected files.
Re:So what do I have to do to get it?
on
Linux Virus Alert
·
· Score: 2
It infects ELF files, that's it. It needs help to spread, which is why I don't expect it to spread much. To get between boxes, it would have to ride on some sort of file transfer mechanism like NFS, HTTP, FTP, etc... or have someone manually share it via email, floppies...
EGP isn't used anymore. Well, I'm sure it's still used somewhere, but it has been officially replaced.
This is the method that one would use to activate the backdoor. Any Linux box running IP is capable of receiving EGP packets, or any IP type, if a listener is registered. If you get infected (as root), the EGP stuff will work just fine.
It is also important to note that this article is not about a virus. It is about a trojan
No, it's about a virus. It infects files. I would not also classify it as a trojan, but that's debatable.
The question with Linux binaries is are they what they claim to be. That question is generally answered with an MD5 sum from a trusted source. This renders the case of unknown trojans moot.
Unless the file gets infected before the author produces the MD5 sums.
Besides, there are plenty of Windows programs on Sourceforge, so it probably wouldn't hurt to scan.
That wasn't completely accurate. You can infect executables that you have write permision to just fine. Anything in your home directory, for example. On the vast majority of systems, you'll need to be root to infect/bin. (If you don't have to be root to write to executables in/bin, you've got worse problems.)
Re:Not via email you dont you wascally wabbit
on
Linux Virus Alert
·
· Score: 2
Right. There are rumors that one of the SSH exploit binaries was infected with a virus similar to this one.
So, I was curious what this feature actually does. I picked a troller from this article, and marked him as foe. Then I reloaded the page. His dot thing... it turned red.
The horror.
So, I read at -1. Do I take it then that this feature does nothing for me? Or have I just not figured it out yet?
If I'm only shown 25 pictures, it doesn't matter how many I'm not show, the alphabet size is still only 25.
And you can't ever show me a different 25, because my 5 have to be in there. If you show me my 5 + 20 others one time, and a different 20 + my 5 a different time, then the ones that came up both times obviously include my 5. Makes the shoulder-surfer's job a whole lot easier.
Typical ATM card theft scenario gives the thief both the physical card and the PIN.
One way involves thieves putting up their own ATM machine in a mall or some such, and simply waiting for people to use it. After they enter their PIN, it eats their card. In another method, the thieves place tape in the atm card slot ("looping") and videotape anyone using the ATM. When the victim leaves, they retreive the card, which the tape prevented from coming out of the ATM machine.
A variation of the fake ATM machine method returns the card, but records the card info, and the thieves program another card with that info, which is equivalent to having the physical card in their possesion.
The point being that switching from a PIN to any kind of longer password entered by the customer doesn't hinder these attacks in the slightest.
Right. Because of the DMCA, if you circumvent a protection mechanism in order to access a copyrighted work (i.e. ripping the CD) then you can be prosecuted under the terms of the DMCA. Unlike ripping a regular CD, which you've probably got a protected right to do, under fair use and the home videotaping decisions.
So, it now becomes worthwhile for the RIAA to make examples of a few people in an attempt to scare everyone away.
I had initially thought that this was a complete misunderstanding of what copy protection can do. Used to be copy protection was semi-effective against people who had to trade physical media (diskettes.) However, when you're talking about medialess copies (downloads) none of this applies. One technical guy makes an MP3 (which you can always do from the analog output if you have to), and everyone on Gnutella does an expotential expansion of the number of copies.
However, I now think the first scenario I mentioned is much more likely.
That's fine for services that have no relationship to real life. Doesn't help if you use Passport to actually buy things. I'm sure it's even a violation to create multiple accounts. I only have so many credit cards...
(Not that I'm planning to give Passport my cards to handle for me, but some people will.)
And if I violate the ToS for any Microsoft service, do I get my passport pulled so that I can no longer access my Hotmail account or anything else that requires it?
Well, I'll bash MS, and I'll bash the GNU and Linux guys for the same thing. Why was this not released SOONER?
Because the people who discovered it didn't want it released before the patches were out.
Again, this is security by obsurity, and shame on the OSS community for trying to hide it!
Who says the OSS vendors had anything to do with the waiting? If software vendors want some notice on holes, then it's only right that if the discoverer of the hole wants to wait for patches, the software vendors should respect that.
A couple of days ago, he made reference to that on his site... which I would link to if it weren't currently slashdotted to death. He basically apologized to her, and said he was kidding. Kinda implies he took her reaction seriously.
Read the book. It talks about the fact that Babbage had a machine shop, machinists, and couldn't finish the first attempts in something like 5 years. The author of the book repeated the effort in modern times, and it took the British Museum I think 3 years to do it with a modern machine shop, expert machinists, financial support, etc.. (Though they built it only to the degree of accuracy that would have been possible in Babbage's time.) Babbage's machinist had to invent standardized machine screws for this project. It's not something you'll be doing in your garage in your spare time.
However, if you want a replica, the machine company that Swade contracted with can make you one for somewhere around 100,000 Pounds (Brisish money, not weight.) That's also covered in the book.
If you're interested enough to want a difference engine, then you'll probably like the book.
Strange, my email addr used to show in my messages. Must be one of the things that changed with one of the upgrades, and I never noticed. ryan@securityfocus.com . Anyway, I'm glad to hear that you find us useful, I love to hear that stuff. Thanks!
The only info we have pulled out of the vuldb that I can remember was the telnetd exploit. This was because the copyright holder insisted. We do on occasion have a duplicate BID, or consolidate several into one when it becomes clear that they are the same. Therefore, you may sometimes see a particular BID number "go away", but the info exists under another BID. We also had a few temporary problems while we switched from Roxen to Apache a few weeks ago, and I recall that not all info was showing up for a while.
You know that that's megaBYTES per second, yes? Or just over a gigbit per second? If that's not fast enough for you, what is? Pretty much any solution to connect something external to the box is going to have to go through the same bottleneck. Really, the only faster buses you have on a PC are the RAM sockets, and the AGP socket. I seem to recall a special high-speed networking solution that goes through AGP, but we're talking a little bit different class of hardware.
Slashdot Mirror
He was probably mailed a copy, same as I was. (That is, someone said "here's a virus I found", not that they were trying to hide it.)
I've got no way to tell that the person who sent me my copy isn't the author, but I've also got no reason to suspect he is.
In any case, this is why I can't speak to whether the virus is "in the wild". But, it exists, and it works, so I passed the info along.
If a non-root user has infected himself, then the virus is present, and it won't be able to create /dev/hdx1 or /dev/hdx2. It also will not be able to listen for EGP packets. The damage from a non-priv user being infected will be pretty minimal, unless file permissions are loose, and others start to run infected files.
It infects ELF files, that's it. It needs help to spread, which is why I don't expect it to spread much. To get between boxes, it would have to ride on some sort of file transfer mechanism like NFS, HTTP, FTP, etc... or have someone manually share it via email, floppies...
EGP isn't used anymore. Well, I'm sure it's still used somewhere, but it has been officially replaced.
This is the method that one would use to activate the backdoor. Any Linux box running IP is capable of receiving EGP packets, or any IP type, if a listener is registered. If you get infected (as root), the EGP stuff will work just fine.
Well, the primary reason would be the lack of any viruses to scan for.
3 &key=000010000500002&page=0&mode=1
There are a few:
http://www.viruslist.com/eng/viruslist.asp?id=303
It is also important to note that this article is not about a virus. It is about a trojan
No, it's about a virus. It infects files. I would not also classify it as a trojan, but that's debatable.
The question with Linux binaries is are they what they claim to be. That question is generally answered with an MD5 sum from a trusted source. This renders the case of unknown trojans moot.
Unless the file gets infected before the author produces the MD5 sums.
Besides, there are plenty of Windows programs on Sourceforge, so it probably wouldn't hurt to scan.
Because there are many more WIndows boxes, and virus writers like to have their virus run on as many machines as possible.
That wasn't completely accurate. You can infect executables that you have write permision to just fine. Anything in your home directory, for example. On the vast majority of systems, you'll need to be root to infect /bin. (If you don't have to be root to write to executables in /bin, you've got worse problems.)
Right. There are rumors that one of the SSH exploit binaries was infected with a virus similar to this one.
So, I was curious what this feature actually does. I picked a troller from this article, and marked him as foe. Then I reloaded the page. His dot thing... it turned red.
The horror.
So, I read at -1. Do I take it then that this feature does nothing for me? Or have I just not figured it out yet?
OK, and the math comes out the same...
If I'm only shown 25 pictures, it doesn't matter how many I'm not show, the alphabet size is still only 25.
And you can't ever show me a different 25, because my 5 have to be in there. If you show me my 5 + 20 others one time, and a different 20 + my 5 a different time, then the ones that came up both times obviously include my 5. Makes the shoulder-surfer's job a whole lot easier.
I recognize the reference... but the real 3 most common passwords are
password
the username
your company name
Typical ATM card theft scenario gives the thief both the physical card and the PIN.
One way involves thieves putting up their own ATM machine in a mall or some such, and simply waiting for people to use it. After they enter their PIN, it eats their card. In another method, the thieves place tape in the atm card slot ("looping") and videotape anyone using the ATM. When the victim leaves, they retreive the card, which the tape prevented from coming out of the ATM machine.
A variation of the fake ATM machine method returns the card, but records the card info, and the thieves program another card with that info, which is equivalent to having the physical card in their possesion.
The point being that switching from a PIN to any kind of longer password entered by the customer doesn't hinder these attacks in the slightest.
That didn't seem to fly for DVDs and DeCSS.
Right. Because of the DMCA, if you circumvent a protection mechanism in order to access a copyrighted work (i.e. ripping the CD) then you can be prosecuted under the terms of the DMCA. Unlike ripping a regular CD, which you've probably got a protected right to do, under fair use and the home videotaping decisions.
So, it now becomes worthwhile for the RIAA to make examples of a few people in an attempt to scare everyone away.
I had initially thought that this was a complete misunderstanding of what copy protection can do. Used to be copy protection was semi-effective against people who had to trade physical media (diskettes.) However, when you're talking about medialess copies (downloads) none of this applies. One technical guy makes an MP3 (which you can always do from the analog output if you have to), and everyone on Gnutella does an expotential expansion of the number of copies.
However, I now think the first scenario I mentioned is much more likely.
That's fine for services that have no relationship to real life. Doesn't help if you use Passport to actually buy things. I'm sure it's even a violation to create multiple accounts. I only have so many credit cards...
(Not that I'm planning to give Passport my cards to handle for me, but some people will.)
And if I violate the ToS for any Microsoft service, do I get my passport pulled so that I can no longer access my Hotmail account or anything else that requires it?
2. The USA (and elsewhere) will become a corporate-financed police state.
Yup. I'm just waiting for RoboCop to go rogue.
Well, I'll bash MS, and I'll bash the GNU and Linux guys for the same thing. Why was this not released SOONER?
Because the people who discovered it didn't want it released before the patches were out.
Again, this is security by obsurity, and shame on the OSS community for trying to hide it!
Who says the OSS vendors had anything to do with the waiting? If software vendors want some notice on holes, then it's only right that if the discoverer of the hole wants to wait for patches, the software vendors should respect that.
Now I no longer have to pay the CP/M tax, and I can continue writing software for a FREE operating system.
A couple of days ago, he made reference to that on his site... which I would link to if it weren't currently slashdotted to death. He basically apologized to her, and said he was kidding. Kinda implies he took her reaction seriously.
Read the book. It talks about the fact that Babbage had a machine shop, machinists, and couldn't finish the first attempts in something like 5 years. The author of the book repeated the effort in modern times, and it took the British Museum I think 3 years to do it with a modern machine shop, expert machinists, financial support, etc.. (Though they built it only to the degree of accuracy that would have been possible in Babbage's time.) Babbage's machinist had to invent standardized machine screws for this project. It's not something you'll be doing in your garage in your spare time.
However, if you want a replica, the machine company that Swade contracted with can make you one for somewhere around 100,000 Pounds (Brisish money, not weight.) That's also covered in the book.
If you're interested enough to want a difference engine, then you'll probably like the book.
Strange, my email addr used to show in my messages. Must be one of the things that changed with one of the upgrades, and I never noticed. ryan@securityfocus.com . Anyway, I'm glad to hear that you find us useful, I love to hear that stuff. Thanks!
The only info we have pulled out of the vuldb that I can remember was the telnetd exploit. This was because the copyright holder insisted. We do on occasion have a duplicate BID, or consolidate several into one when it becomes clear that they are the same. Therefore, you may sometimes see a particular BID number "go away", but the info exists under another BID. We also had a few temporary problems while we switched from Roxen to Apache a few weeks ago, and I recall that not all info was showing up for a while.
But basically, no we aren't pulling anything out.
The large version requires Quicktime pro. That sucks.
You know that that's megaBYTES per second, yes? Or just over a gigbit per second? If that's not fast enough for you, what is? Pretty much any solution to connect something external to the box is going to have to go through the same bottleneck. Really, the only faster buses you have on a PC are the RAM sockets, and the AGP socket. I seem to recall a special high-speed networking solution that goes through AGP, but we're talking a little bit different class of hardware.