FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-16-2009, 04:39 AM
T o n g
 
Default security (malware) issues in Linux bases OSes

On Sun, 15 Feb 2009 15:48:37 -0600, Ron Johnson wrote:

> Anyway, twice in the past few years, Debian servers have been
> compromised. One time it was thru a weak DD user password,

You implication seems to be "Debian is not secure enough", but my conclusion
from above incident is quite the opposite from yours -- Debian is *amazingly*
secure.

If a Windoze PC is taken over by someone or some new malware that no
existing anti-virus software can detect, how soon can a normal Windows user
notice it? how soon can a experienced Windows admin, who is not working on
the box notice it? Make a rough guess and read the aforementioned intrusion
incident in Debian again. I don't know about you, but I was totally amazed
that two Debian admins in two different corners of the world noticed the
sign of intrusion at the first moment!

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 05:13 AM
"H.S."
 
Default security (malware) issues in Linux bases OSes

T o n g wrote:

> You implication seems to be "Debian is not secure enough", but my conclusion
> from above incident is quite the opposite from yours -- Debian is *amazingly*
> secure.
>
> If a Windoze PC is taken over by someone or some new malware that no
> existing anti-virus software can detect, how soon can a normal Windows user
> notice it? how soon can a experienced Windows admin, who is not working on
> the box notice it? Make a rough guess and read the aforementioned intrusion
> incident in Debian again. I don't know about you, but I was totally amazed
> that two Debian admins in two different corners of the world noticed the
> sign of intrusion at the first moment!
>

Yup, totally agree. Truly remarkable.

--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 09:30 AM
Dave Sherohman
 
Default security (malware) issues in Linux bases OSes

On Sun, Feb 15, 2009 at 04:22:37PM -0300, Eduardo M KALINOWSKI wrote:
> But neither of these help in case a stupid user receives an e-mail saying:
>
> Run 'sudo dpkg -i FreePornPics.deb to see <insert celebrity name here>'s
> secret sex tape'.

No, but it still wouldn't get far because, unlike all the major Windows
malware threats, this requires the user to do actual *typing* (eww!
yuck!) instead of just going clicky-clicky or auto-running as soon as
the message is previewed.

--
Dave Sherohman
NomadNet, Inc.
http://nomadnetinc.com/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 01:12 PM
Paul E Condon
 
Default security (malware) issues in Linux bases OSes

On 2009-02-15_19:51:11, Tzafrir Cohen wrote:
> On Sun, Feb 15, 2009 at 04:33:53PM -0300, Eduardo M KALINOWSKI wrote:
> > Tzafrir Cohen wrote:
> > > A Debian user should not be expected to install just any .deb file.
> > >
> >
> > Ideally speaking, I'd say this holds for any OS: Users should not just
> > install (or click, or run) everything they see.
> >
> > In practice things happen differently, especially in the Windows world.
>
> As I have pointed out, there's no real reason for the user interface to
> make that operation too simple. After all, you're not really guaranteed
> that you'll actually be able to install that package, as you may not
> have its dependencies.

This discussion is kind of crazy. I wonder why a producer of malware,
would not make sure that his/her package depended only on packages
that are already available from official Debian repositories. Or,
perhaps, have the initial package patch the user's sources.list to
point to an extra special malware repository. Admittedly, most
malware producers are really incompetant, but there are also producers
of software that automate the production of malware. With these,
really stupid people can produce a piece of malware that is a well
crafted piece of evil.

Debian has already demonstrated initiative in automating package
signing, and, no doubt, other security measures of which I am
unaware. I suspect that the security is pretty good. Early on, there
were powerful organizations that would have benefitted handsomely if
Debian had been disrupted, and it wasn't disrupted. But there is
always the unknown unknown.




--
Paul E Condon
pecondon@mesanetworks.net


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 01:26 PM
Paul E Condon
 
Default security (malware) issues in Linux bases OSes

On 2009-02-15_17:26:23, Boyd Stephen Smith Jr. wrote:
> On Sunday 15 February 2009 15:48:37 Ron Johnson wrote:
> > [W]hat's to stop Joe Wannabe from doing this?
> >
> > $ sudo dpkg -i NakedBrittany.deb
>
> What's to stop Joe Wannabe from doing this?
> sudo rm -rf The Great American Novell / Movie

Joe Wannabe needs to learn more in order to do him self real harm.
Shouldn't it be:

sudo rm -rf "The Great American Novell"

? ;-)
And, without testing it, I'm pretty sure that

sudo rm -rf /

is trapped and subject to special handling. At least, it should be,
IMHO.

>
> Neither is an actual security issue.
>
> > and the
> > other thru a poorly-working (official) Debian patch to ssh. (Or was
> > it SSL?)
>
> I don't recall this actually causing the Debian servers to be compromised.

I also think don't recall a compromise.

> --
> Boyd Stephen Smith Jr. ,= ,-_-. =.
> bss@iguanasuicide.net ((_/)o o(\_))
> ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
> http://iguanasuicide.net/ \_/
>



--
Paul E Condon
pecondon@mesanetworks.net


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 01:32 PM
Dave Sherohman
 
Default security (malware) issues in Linux bases OSes

On Mon, Feb 16, 2009 at 07:26:38AM -0700, Paul E Condon wrote:
> And, without testing it, I'm pretty sure that
>
> sudo rm -rf /
>
> is trapped and subject to special handling. At least, it should be,
> IMHO.

Only one way to find out whether it is or not... Try it! *evil grin*

(Well, OK, you could just look at the source, I suppose, but where's the
fun in that?)

--
Dave Sherohman
NomadNet, Inc.
http://nomadnetinc.com/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 01:37 PM
"H.S."
 
Default security (malware) issues in Linux bases OSes

Paul E Condon wrote:
> unaware. I suspect that the security is pretty good. Early on, there
> were powerful organizations that would have benefitted handsomely if
> Debian had been disrupted, and it wasn't disrupted. But there is

Interesting. Care to elaborate a bit?

Thanks.




--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 01:56 PM
Paul E Condon
 
Default security (malware) issues in Linux bases OSes

On 2009-02-16_09:37:55, H.S. wrote:
> Paul E Condon wrote:
> > unaware. I suspect that the security is pretty good. Early on, there
> > were powerful organizations that would have benefitted handsomely if
> > Debian had been disrupted, and it wasn't disrupted. But there is
>
> Interesting. Care to elaborate a bit?
>
> Thanks.

Ronnie spoke of an Evil Empire. I think there is another evil empire.
But there are also evil people who believe that they will be handsomely
rewarded by a powerful corporation if they do something illegal that,
they believe, will benefit the powerful corporation.

I have no special knowledge, just a powerful belief in a dark side to
human nature.

--
Paul E Condon
pecondon@mesanetworks.net


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 02:02 PM
"H.S."
 
Default security (malware) issues in Linux bases OSes

Paul E Condon wrote:
> On 2009-02-16_09:37:55, H.S. wrote:
>> Paul E Condon wrote:
>>> unaware. I suspect that the security is pretty good. Early on, there
>>> were powerful organizations that would have benefitted handsomely if
>>> Debian had been disrupted, and it wasn't disrupted. But there is
>> Interesting. Care to elaborate a bit?
>>
>> Thanks.
>
> Ronnie spoke of an Evil Empire. I think there is another evil empire.
> But there are also evil people who believe that they will be handsomely
> rewarded by a powerful corporation if they do something illegal that,
> they believe, will benefit the powerful corporation.
>
> I have no special knowledge, just a powerful belief in a dark side to
> human nature.
>

Right.

Regards.

--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 03:26 PM
Ron Johnson
 
Default security (malware) issues in Linux bases OSes

On 02/16/2009 04:30 AM, Dave Sherohman wrote:

On Sun, Feb 15, 2009 at 04:22:37PM -0300, Eduardo M KALINOWSKI wrote:

But neither of these help in case a stupid user receives an e-mail saying:

Run 'sudo dpkg -i FreePornPics.deb to see <insert celebrity name here>'s
secret sex tape'.


No, but it still wouldn't get far because, unlike all the major Windows
malware threats, this requires the user to do actual *typing* (eww!
yuck!) instead of just going clicky-clicky or auto-running as soon as
the message is previewed.



You have a point. However...

Hooking file-roller into gksu and dpkg wouldn't be that hard.

In fact, I wouldn't be surprised if that weren't already the case.

--
Ron Johnson, Jr.
Jefferson LA USA

Supporting World Peace Through Nuclear Pacification


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org