xploit your
existing vulnerabilities in your systems
insecure.org has lot more exploits posted and test apps than those you
posted
> It would be more work to make a Linux virus or worm because the designer
> would have to take care creating 2 programs as opposed to one.
gazillion ways to
>also sprach Dave Sherohman (on Mon, 01 Oct 2001 04:22:04PM -0500):
>> The only virus scanners I am aware of that run under linux are
>> designed to scan for Windows viruses in traffic that the linux server
>> is handling.
McAfee's (NAI) searches for Windows and Unix variants. From the Virus DAT
u
also sprach Dave Sherohman (on Mon, 01 Oct 2001 04:22:04PM -0500):
> The only virus scanners I am aware of that run under linux are
> designed to scan for Windows viruses in traffic that the linux server
> is handling.
are there any that can interface with postfix packaged as debian? i
can't find
ian-announce list. To
date, I am not aware of any virus/worm which has exploited
vulnerabilities less than a month or two old, so following
debian-accounce and applying security updates immediately when
they're announced would seem to be a very effective strategy.
> Are there any Linux
On Mon, Oct 01, 2001 at 01:51:31PM -0400, Theodore Knab wrote:
> With the Nimba virus/worm and the Code Red worm breaking Windows
> around the globe, I am nervously waiting for the next Linux Worm.
>
> It would be more work to make a Linux virus or worm because the
> designer wou
Hi all,
With the Nimba virus/worm and the Code Red worm breaking Windows around the
globe, I am nervously waiting for the next Linux Worm.
It would be more work to make a Linux virus or worm because the designer would
have to take care creating 2 programs as opposed to one.
What is being
On Thu, Apr 05, 2001 at 01:17:48PM -0400, Shawn Garbett wrote:
> There's a new virus in town. Here's the news for the mouthpiece of Bill
> himself:
>
> http://www.allnetdevices.com/wired/news/2001/04/05/motorola_set.html
> It mentions an adorefind program, has anyone run this under Debian? Are
>
http://www.securityfocus.com/ there's a link on the main page regarding
latest linux worm
and
http://www.sans.org/y2k/adore.htm
-thx, robt
Shawn Garbett wrote:
>
> Whoops, using a Microsoft Windows box with Netscape here at work,
> ugh. Had to fight the @[EMAIL PROTECTED] box just to give me
Whoops, using a Microsoft Windows box with Netscape
here at work, ugh. Had to fight the @[EMAIL PROTECTED] box just to give me the correct
URL:
http://www.msnbc.com/news/554789.asp
Tyrin Price wrote:
* Shawn Garbett <[EMAIL PROTECTED]> [05Apr01 13:17 -0400]:There's a new virus in town. Here's
* Shawn Garbett <[EMAIL PROTECTED]> [05Apr01 13:17 -0400]:
> There's a new virus in town. Here's the news for the mouthpiece of Bill
> himself:
>
> http://www.allnetdevices.com/wired/news/2001/04/05/motorola_set.html
> It mentions an adorefind program, has anyone run this under Debian? Are
> the
There's a new virus in town. Here's the news for the mouthpiece of Bill
himself:
http://www.allnetdevices.com/wired/news/2001/04/05/motorola_set.html
It mentions an adorefind program, has anyone run this under Debian? Are
there any recommended package upgrades to prevent these latest rounds of
On Sun, Apr 01, 2001 at 09:23:33AM +, hzi wrote:
> When you use wvdial, you read e-mail as root, don't you? Wvdial is probably
> the most common way to set up a ppp conection, since it's suggested in the
> Debian docuemtntaion.
> So I guess my question would be how to use wvdial and still re
> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
Ethan> sudo with an ALL=ALL entry is just as dangerous (more so
Ethan> IMO, because it turns user passwords into multiple root
Ethan> passwords) then su.
Hopefully one day you will be able to something like this:
Obtain a Kerb
On Sat, Mar 31, 2001 at 11:06:31PM -0800, Karsten M. Self wrote:
> on Sat, Mar 31, 2001 at 08:45:25AM -0600, John Hasler ([EMAIL PROTECTED])
> wrote:
> > Ethan Benson writes:
> > > cat <> ~/.bashrc
> > > alias su='su -c ~/.virus'
> > > EOF
> >
> > su might benefit from a configuration file that s
on Sat, Mar 31, 2001 at 08:45:25AM -0600, John Hasler ([EMAIL PROTECTED]) wrote:
> Ethan Benson writes:
> > cat <> ~/.bashrc
> > alias su='su -c ~/.virus'
> > EOF
>
> su might benefit from a configuration file that sets the permissable path
> for -c.
>
> Another possible fix might be for bash to
On Sat, Mar 31, 2001 at 05:54:07PM -0600, John Hasler wrote:
> Ethan Benson writes:
> > cat <> ~/.bashrc
> > export PATH="$HOME/.evil:${PATH}"
> > EOF
>
> > and put a bogus su shell script in ~/.evil
>
> chmod a-w ~/.bashrc ~/.bash_profile
>
> .bashrc and .bash_profile should be read-only by def
Ethan Benson writes:
> cat <> ~/.bashrc
> export PATH="$HOME/.evil:${PATH}"
> EOF
> and put a bogus su shell script in ~/.evil
chmod a-w ~/.bashrc ~/.bash_profile
.bashrc and .bash_profile should be read-only by default, IMHO.
--
John Hasler
[EMAIL PROTECTED] (John Hasler)
Dancing Horse Hill
El
hzi writes:
> When you use wvdial, you read e-mail as root, don't you?
I can't think of any reason why that follows.
> Wvdial is probably the most common way to set up a ppp conection, since
> it's suggested in the Debian docuemtntaion.
Which documentation is that?
--
John Hasler
[EMAIL PROTECT
hzi wrote:
>
> Hi-
>
> When you use wvdial, you read e-mail as root, don't you? Wvdial is probably
> the most common way to set up a ppp conection, since it's suggested in the
> Debian docuemtntaion.
>
> So I guess my question would be how to use wvdial and still remain safe from
> "virus".
Hi-
When you use wvdial, you read e-mail as root, don't you? Wvdial is probably the
most common way to set up a ppp conection, since it's suggested in the Debian
docuemtntaion.
So I guess my question would be how to use wvdial and still remain safe from
"virus".
Thank you,
On Sat, Mar 31, 2001 at 08:45:25AM -0600, John Hasler wrote:
> Ethan Benson writes:
> > cat <> ~/.bashrc
> > alias su='su -c ~/.virus'
> > EOF
>
> su might benefit from a configuration file that sets the permissable path
> for -c.
interesting idea, somewhat similar to sudo, though i think sudo's
on Sat, Mar 31, 2001 at 07:40:45PM +0200, Roberto Diaz ([EMAIL PROTECTED])
wrote:
> > Like every so-called Linux virus, it requires the user to behave stupidly
> > - it's really a trojan horse. It has the same permission rules as any
> > other program, so it can't cha
Roberto writes:
> What chances do we have to get a virus from a malicious .deb package
> someone had leak into debian.org?
It would have to acquire the signature of a Debian developer to get into
unstable, remain dormant for at least two weeks to get into testing, and
lie dormant there until the n
> Like every so-called Linux virus, it requires the user to behave stupidly
> - it's really a trojan horse. It has the same permission rules as any
> other program, so it can't change root-owned files, unless they are
> world-writable or you are running as root.
> The t
Ethan Benson writes:
> cat <> ~/.bashrc
> alias su='su -c ~/.virus'
> EOF
su might benefit from a configuration file that sets the permissable path
for -c.
Another possible fix might be for bash to somehow detect "gain-root"
commands and refuse to alias them.
--
John Hasler
[EMAIL PROTECTED]
Dan
On Fri, Mar 30, 2001 at 05:46:19PM -0800, Karsten M. Self wrote:
>
> Hmm...dual-booting considered harmful. Interesting.
>
> Short version being that relying on OS filesystem protections to keep
> you from mangling your system files is an invalid assumption if:
>
> - You're booting multiple
e root
> > > permission? Or can it?
> >
> > Like every so-called Linux virus, it requires the user to behave stupidly
> > - it's really a trojan horse.
>
> No, it's not a trojan, it's a virus.
>
> A trojan, classic definition, is a program th
on Wed, Mar 28, 2001 at 10:53:33PM -0500, William T Wilson ([EMAIL PROTECTED])
wrote:
> On Thu, 29 Mar 2001, Mark Devin wrote:
>
> > Surely this virus cannot overwrite executables that require root
> > permission? Or can it?
>
> Like every so-called Linux virus, it req
on Wed, Mar 28, 2001 at 07:11:00PM -0900, Ethan Benson ([EMAIL PROTECTED])
wrote:
> On Wed, Mar 28, 2001 at 10:53:33PM -0500, William T Wilson wrote:
> > On Thu, 29 Mar 2001, Mark Devin wrote:
<...>
> > The thing that's special about it is that it can infect both Windows and
> > Linux executable
On Wed, Mar 28, 2001 at 10:19:10PM -0500, Ben Collins wrote:
> Anyone can do that. I can write a C program and send it to you that
> emails me /etc/passwd and /etc/shadow. You still have to be dumb enough
> to execute it. That's not a virus, that's social trickery. Now, if it
> emails itself (and r
This article might point out some things
http://www.theregister.co.uk/content/8/17938.html
-Original Message-
From: John Griffiths [mailto:[EMAIL PROTECTED]
Sent: donderdag 29 maart 2001 5:08
To: Ben Collins
Cc: Mark Devin; Debian-user
Subject: Re: Linux Virus
At 10:00 PM 3/28/2001
On Wed, Mar 28, 2001 at 10:43:12PM -0500, Ben Collins wrote:
> Arguably, there is less of a chance of that under Linux. Most people who
> use Windows (like 99.9%) use either Outlook, Eudora or Netscape for
> email. On Linux, the numbers cannot be used against it. If you target a
> Lin
Well... remember that most of the recent Melissa style worms are slapped
together with Visual Basic... Not a great risk that ext2 support will
show up :-)
--Rich
...and the paperclip winked at me and said: "It looks like you're
writing a macro virus... Would you like help?"
(another stolen .sig)
On Wed, Mar 28, 2001 at 10:53:33PM -0500, William T Wilson wrote:
> On Thu, 29 Mar 2001, Mark Devin wrote:
>
> > Surely this virus cannot overwrite executables that require root
> > permission? Or can it?
>
> Like every so-called Linux virus, it requires the user to
On Thu, 29 Mar 2001, Mark Devin wrote:
> Surely this virus cannot overwrite executables that require root
> permission? Or can it?
Like every so-called Linux virus, it requires the user to behave stupidly
- it's really a trojan horse. It has the same permission rules as any
other pro
e aspects of their replication,
> and the cunning nature of their social engineering.
Arguably, there is less of a chance of that under Linux. Most people who
use Windows (like 99.9%) use either Outlook, Eudora or Netscape for
email. On Linux, the numbers cannot be used against it. If you target
t 10:29 PM 3/28/2001 -0500, Ben Collins wrote:
>On Thu, Mar 29, 2001 at 01:26:39PM +1000, John Griffiths wrote:
>> >IMO, this is nothing completely new or innovative. ASM has been around a
>> >long time, even before viruses. It all boils down to people being smart
>> >enough not to accept attachmen
On Thu, Mar 29, 2001 at 01:26:39PM +1000, John Griffiths wrote:
> >IMO, this is nothing completely new or innovative. ASM has been around a
> >long time, even before viruses. It all boils down to people being smart
> >enough not to accept attachments form people they don't know, and
> >especially d
>IMO, this is nothing completely new or innovative. ASM has been around a
>long time, even before viruses. It all boils down to people being smart
>enough not to accept attachments form people they don't know, and
>especially don't execute programs sent to you randomly over the
>internet.
Agreed u
On Thu, Mar 29, 2001 at 01:07:49PM +1000, John Griffiths wrote:
> At 10:00 PM 3/28/2001 -0500, Ben Collins wrote:
> >On Thu, Mar 29, 2001 at 12:55:16PM +1000, Mark Devin wrote:
> >> Does anyone know anything further on this new W32.Winux virus.
> >> Check out this link:
> >> http://news.cnet.com/ne
At 10:00 PM 3/28/2001 -0500, Ben Collins wrote:
>On Thu, Mar 29, 2001 at 12:55:16PM +1000, Mark Devin wrote:
>> Does anyone know anything further on this new W32.Winux virus.
>> Check out this link:
>> http://news.cnet.com/news/0-1003-200-5329436.html?tag=st.cn.1.lthd
>>
>> Surely this virus canno
On Thu, Mar 29, 2001 at 12:55:16PM +1000, Mark Devin wrote:
> Does anyone know anything further on this new W32.Winux virus.
> Check out this link:
> http://news.cnet.com/news/0-1003-200-5329436.html?tag=st.cn.1.lthd
>
> Surely this virus cannot overwrite executables that require root
> permission
Does anyone know anything further on this new W32.Winux virus.
Check out this link:
http://news.cnet.com/news/0-1003-200-5329436.html?tag=st.cn.1.lthd
Surely this virus cannot overwrite executables that require root
permission? Or can it?
Cheers.
Mark.
43 matches
Mail list logo
