Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"The medium is the message." -- Marshall McLuhan


computers / comp.os.linux.misc / Linux Backdoor Exploits Guess What

SubjectAuthor
* Linux Backdoor Exploits Guess WhatF Russell
`* Re: Linux Backdoor Exploits Guess WhatFR
 +* Re: Linux Backdoor Exploits Guess WhatCarlos E.R.
 |`* Re: Linux Backdoor Exploits Guess WhatPaul
 | +* Re: Linux Backdoor Exploits Guess WhatPeter Köhlmann
 | |+- Re: Linux Backdoor Exploits Guess WhatCharlie Gibbs
 | |`- Re: Linux Backdoor Exploits Guess WhatMartin Smith
 | `- Re: Linux Backdoor Exploits Guess WhatCarlos E.R.
 `* Re: Linux Backdoor Exploits Guess WhatF Russell
  `* Re: Linux Backdoor Exploits Guess WhatMSB
   `* Re: Linux Backdoor Exploits Guess WhatCarlos E.R.
    `- Re: Linux Backdoor Exploits Guess WhatCheckBox

1
Linux Backdoor Exploits Guess What

<s6lv260bmb@news2.newsguy.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4907&group=comp.os.linux.misc#4907

 copy link   Newsgroups: comp.os.linux.advocacy alt.os.linux comp.os.linux.misc
Followup: comp.os.linux.advocacy
Path: i2pn2.org!i2pn.org!aioe.org!goblin2!goblin.stu.neva.ru!spln!extra.newsguy.com!newsp.newsguy.com!news2
From: fr...@random.info (F Russell)
Newsgroups: comp.os.linux.advocacy,alt.os.linux,comp.os.linux.misc
Subject: Linux Backdoor Exploits Guess What
Followup-To: comp.os.linux.advocacy
Date: 2 May 2021 10:31:34 GMT
Organization: NewsGuy.com
Lines: 23
Message-ID: <s6lv260bmb@news2.newsguy.com>
NNTP-Posting-Host: p6652755ffd3dbdb7d2735ce86a8589cf011d61264f79d514.newsdawg.com
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
User-Agent: Pan/0.147 (Sweet Solitude; 97d1711
refs/keep-around/97d1711be78cca5da38120c26f5db545ab0822ed)
 by: F Russell - Sun, 2 May 2021 10:31 UTC

A serious Linux backdoor (actually two) has been discovered recently:

https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/

But what does this nefarious entity exploit to establish persistence
on a GNU/Linux machine?

The answer should be glaringly obvious. It is SYSTEMD, and also its
partner in junk GNOME.

Distro patsies have a lot to fear from systemd. It is essentially
an open invitation for this kind of intrusion, and the future will
only bring more of the above.

My machines, however, will NEVER be exploited. NEVER, as in NEVER.
I am in control, and not some tinpot distro committee.

--

Systemd free. D.E. free.

Always and forever.

Re: Linux Backdoor Exploits Guess What

<s6oq2h02ea7@news4.newsguy.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4914&group=comp.os.linux.misc#4914

 copy link   Newsgroups: comp.os.linux.advocacy alt.os.linux comp.os.linux.misc
Followup: comp.os.linux.advocacy
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!news-out.netnews.com!news.alt.net!fdc2.netnews.com!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!spln!extra.newsguy.com!newsp.newsguy.com!news4
From: fr...@random.info (FR)
Newsgroups: comp.os.linux.advocacy,alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Followup-To: comp.os.linux.advocacy
Date: 3 May 2021 12:24:49 GMT
Organization: NewsGuy.com
Lines: 26
Message-ID: <s6oq2h02ea7@news4.newsguy.com>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
NNTP-Posting-Host: p9404d7caba59dde41d727067847249cd0a105b2c71c3eec6.newsdawg.com
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
User-Agent: Pan/0.146 (Hic habitat felicitas; d7a48b4
gitlab.gnome.org/GNOME/pan.git)
X-Received-Bytes: 1677
 by: FR - Mon, 3 May 2021 12:24 UTC

On Mon, 03 May 2021 08:53:21 +0200, Marc Haber wrote:

>
> While this is true, it's biased information
>

Nope. It's actually a biased understanding on the part of a
particular reader.

>
> The kit dumps a systemd unit into the appropriate directories. Ten
> years ago, it would have done so with an init script,
>

Only if the user allows the distro to establish a conventional
startup environment rather than implement his own, which is perfectly
possible under current GNU/Linux.

The sad fact is that, thanks to systemd, Linux is becoming more and
more centralized and it is such centralization that allows these
potential intrusions to happen.

Linux systems should be as diverse in setup as are its users but
instead we see just one dominant configuration, and this is a philosophy
that is directly traceable to IBM/Poettering.

Re: Linux Backdoor Exploits Guess What

<l9s5mh-85c.ln1@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4918&group=comp.os.linux.misc#4918

 copy link   Newsgroups: alt.os.linux comp.os.linux.misc
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!lilly.ping.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Mon, 3 May 2021 20:33:57 +0200
Lines: 7
Message-ID: <l9s5mh-85c.ln1@Telcontar.valinor>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
<s6oq2h02ea7@news4.newsguy.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net LyiVFq6qy+1rr8992Sl0cw/qkSUSIfK61vIfc9RDQ1Ekfe4rbR
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:mrXUeGXP/ylkBpwC8vNuPjmnppE=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.9.1
In-Reply-To: <s6oq2h02ea7@news4.newsguy.com>
Content-Language: es-ES
 by: Carlos E.R. - Mon, 3 May 2021 18:33 UTC

On 03/05/2021 14.24, FR wrote:
> Linux systems should be as diverse in setup as are its users but

In your opinion.

--
Cheers, Carlos.

Re: Linux Backdoor Exploits Guess What

<s6pj89$205$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4919&group=comp.os.linux.misc#4919

 copy link   Newsgroups: alt.os.linux comp.os.linux.misc
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Mon, 03 May 2021 15:34:32 -0400
Organization: A noiseless patient Spider
Lines: 39
Message-ID: <s6pj89$205$1@dont-email.me>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de> <s6oq2h02ea7@news4.newsguy.com> <l9s5mh-85c.ln1@Telcontar.valinor>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 3 May 2021 19:34:33 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="dba0a8965c7066baf367f50847f98121";
logging-data="2053"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/i4RqboPtMUj9FVPrb5rIfFMkneIf2xR4="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:KarMO8onwxceMWLV0KRqDd8QVHo=
In-Reply-To: <l9s5mh-85c.ln1@Telcontar.valinor>
 by: Paul - Mon, 3 May 2021 19:34 UTC

Carlos E.R. wrote:
> On 03/05/2021 14.24, FR wrote:
>> Linux systems should be as diverse in setup as are its users but
>
> In your opinion.
>

If you look at the effort that went into that malware,
you'd realize that the state sponsored actors would
take your "diverse 500 distro ecosystem" and simply
mint 500 attacks.

They're quite capable individuals. In this case,
practically every aspect of what they did, uses
crypto. These are not script kiddies. They work
for a government.

Bumping the head count in their APT is easy.
Simply tell the employees they're "Doing Gods Work"
or similar. 500 versions of malware, coming up.

*******

The other trend, is to incomplete reporting. I don't
know if anyone has noticed, but "the attack vector
is unknown" keeps showing up in these articles now.
That means, as players on defense, we're losing.

You can't attack a Linux system without some means
of leverage. And that's the really important part.
Picking the nits off the thing, by painstakingly
reporting the crypto used, is pretty pointless, if
the point of entry is unknown. If the input vector is
phishing, then we're pretty happy (you're only as
safe, as the dope running the computer). If an exposed
port on every machine is the vector, we're
philosophically screwed.

Paul

Re: Linux Backdoor Exploits Guess What

<s6pjdr$14t$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4920&group=comp.os.linux.misc#4920

 copy link   Newsgroups: alt.os.linux comp.os.linux.misc
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: peter-ko...@t-online.de (Peter Köhlmann)
Newsgroups: alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Mon, 3 May 2021 21:37:31 +0200
Organization: A noiseless patient Spider
Lines: 45
Message-ID: <s6pjdr$14t$1@dont-email.me>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
<s6oq2h02ea7@news4.newsguy.com> <l9s5mh-85c.ln1@Telcontar.valinor>
<s6pj89$205$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 3 May 2021 19:37:31 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="1a2d5345dfc32289be64423302324b8f";
logging-data="1181"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+bk8ylsLdHzIQXq2UOZwcAmwwprcibjZM="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.10.0
Cancel-Lock: sha1:B5H7EnSSVlkSAw2D1tXkfSqik1I=
In-Reply-To: <s6pj89$205$1@dont-email.me>
Content-Language: en-US
 by: Peter Köhlmann - Mon, 3 May 2021 19:37 UTC

Am 03.05.21 um 21:34 schrieb Paul:
> Carlos E.R. wrote:
>> On 03/05/2021 14.24, FR wrote:
>>> Linux systems should be as diverse in setup as are its users but
>>
>> In your opinion.
>>
>
> If you look at the effort that went into that malware,
> you'd realize that the state sponsored actors would
> take your "diverse 500 distro ecosystem" and simply
> mint 500 attacks.
>
> They're quite capable individuals. In this case,
> practically every aspect of what they did, uses
> crypto. These are not script kiddies. They work
> for a government.
>
> Bumping the head count in their APT is easy.
> Simply tell the employees they're "Doing Gods Work"
> or similar. 500 versions of malware, coming up.
>
> *******
>
> The other trend, is to incomplete reporting. I don't
> know if anyone has noticed, but "the attack vector
> is unknown" keeps showing up in these articles now.
> That means, as players on defense, we're losing.
>
> You can't attack a Linux system without some means
> of leverage. And that's the really important part.
> Picking the nits off the thing, by painstakingly
> reporting the crypto used, is pretty pointless, if
> the point of entry is unknown. If the input vector is
> phishing, then we're pretty happy (you're only as
> safe, as the dope running the computer). If an exposed
> port on every machine is the vector, we're
> philosophically screwed.
>
>   Paul

If the OS part of the machine is Windows, you are totally screwed.
The holes in windows and its applications are countless, and MS seems
unable to close even the most sensitive ones

Re: Linux Backdoor Exploits Guess What

<di56mh-ovk.ln1@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4921&group=comp.os.linux.misc#4921

 copy link   Newsgroups: alt.os.linux comp.os.linux.misc
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.szaf.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Mon, 3 May 2021 23:12:13 +0200
Lines: 57
Message-ID: <di56mh-ovk.ln1@Telcontar.valinor>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
<s6oq2h02ea7@news4.newsguy.com> <l9s5mh-85c.ln1@Telcontar.valinor>
<s6pj89$205$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 1U4YERiGNPJMmyxNLZ7+ZwWrLEt8q86M2WsC74B0ErhhWU0bLb
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:cfgP21i4oPZuR4HmOAbI/r++ndA=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.9.1
In-Reply-To: <s6pj89$205$1@dont-email.me>
Content-Language: en-CA
 by: Carlos E.R. - Mon, 3 May 2021 21:12 UTC

On 03/05/2021 21.34, Paul wrote:
> Carlos E.R. wrote:
>> On 03/05/2021 14.24, FR wrote:
>>> Linux systems should be as diverse in setup as are its users but
>>
>> In your opinion.
>>
>
> If you look at the effort that went into that malware,
> you'd realize that the state sponsored actors would
> take your "diverse 500 distro ecosystem" and simply
> mint 500 attacks.
>
> They're quite capable individuals. In this case,
> practically every aspect of what they did, uses
> crypto. These are not script kiddies. They work
> for a government.
>
> Bumping the head count in their APT is easy.
> Simply tell the employees they're "Doing Gods Work"
> or similar. 500 versions of malware, coming up.
>
> *******
>
> The other trend, is to incomplete reporting. I don't
> know if anyone has noticed, but "the attack vector
> is unknown" keeps showing up in these articles now.
> That means, as players on defense, we're losing.
>
> You can't attack a Linux system without some means
> of leverage. And that's the really important part.
> Picking the nits off the thing, by painstakingly
> reporting the crypto used, is pretty pointless, if
> the point of entry is unknown. If the input vector is
> phishing, then we're pretty happy (you're only as
> safe, as the dope running the computer). If an exposed
> port on every machine is the vector, we're
> philosophically screwed.

I simply meant that the statement "Linux systems should be as diverse in
setup as are its users" is just an opinion, and others think
differently. Why "should"? Well, for security reasons diversity is a
good thing. But for, how can I say it, for popularity, for growing the
numbers, standardization is a good thing instead.

As a Linux user, my most common problem is when someone (typically a
hardware vendor) produces something it will only work on very few
distributions and often not mine. Even when an institution friendly to
Linux publishes some software it happens that they tested only one or
two distributions and on others it fails. Unless they are really
friendly and they publish the source code.

--
Cheers, Carlos.

Re: Linux Backdoor Exploits Guess What

<s6pvr601tm4@news1.newsguy.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4922&group=comp.os.linux.misc#4922

 copy link   Newsgroups: comp.os.linux.advocacy alt.os.linux comp.os.linux.misc
Followup: comp.os.linux.advocacy
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!feeder5.feed.usenet.farm!feeder1.feed.usenet.farm!feed.usenet.farm!news-out.netnews.com!news.alt.net!fdc3.netnews.com!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!spln!extra.newsguy.com!newsp.newsguy.com!news1
From: fr...@random.info (F Russell)
Newsgroups: comp.os.linux.advocacy,alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Followup-To: comp.os.linux.advocacy
Date: 3 May 2021 23:09:26 GMT
Organization: NewsGuy.com
Lines: 19
Message-ID: <s6pvr601tm4@news1.newsguy.com>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
<s6oq2h02ea7@news4.newsguy.com> <l5s5mh-85c.ln1@Telcontar.valinor>
NNTP-Posting-Host: pdb49ca5b2639256ba2b7372d1a83227fbb7b12be1ffd8261.newsdawg.com
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
User-Agent: Pan/0.147 (Sweet Solitude; 97d1711
refs/keep-around/97d1711be78cca5da38120c26f5db545ab0822ed)
X-Received-Bytes: 1284
 by: F Russell - Mon, 3 May 2021 23:09 UTC

On Mon, 03 May 2021 20:31:49 +0200, Carlos E.R. wrote:

> On 03/05/2021 14.24, FR wrote:
>> Linux systems should be as diverse in setup as are its users but
>
> In your opinion.
>

You certainly are not inclined to be adventurous, inventive,
or diverse.

You are just another sheep in a distro cage.

--

Systemd free. D.E. free.

Always and forever.

Re: Linux Backdoor Exploits Guess What

<s6q0c811u8i@news3.newsguy.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4923&group=comp.os.linux.misc#4923

 copy link   Newsgroups: alt.os.linux comp.os.linux.misc
Path: i2pn2.org!i2pn.org!paganini.bofh.team!goblin3!goblin1!goblin.stu.neva.ru!spln!extra.newsguy.com!newsp.newsguy.com!news3
From: cgi...@kltpzyxm.invalid (Charlie Gibbs)
Newsgroups: alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: 3 May 2021 23:18:32 GMT
Organization: NewsGuy - Unlimited Usenet $23.95
Lines: 23
Message-ID: <s6q0c811u8i@news3.newsguy.com>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
<s6oq2h02ea7@news4.newsguy.com> <l9s5mh-85c.ln1@Telcontar.valinor>
<s6pj89$205$1@dont-email.me> <s6pjdr$14t$1@dont-email.me>
NNTP-Posting-Host: p6983f626b0d4a736083d958091bdcb1c4b8ecd48418167ed.newsdawg.com
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
User-Agent: slrn/1.0.3 (Linux)
 by: Charlie Gibbs - Mon, 3 May 2021 23:18 UTC

On 2021-05-03, Peter Köhlmann <peter-koehlmann@t-online.de> wrote:

> If the OS part of the machine is Windows, you are totally screwed.
> The holes in windows and its applications are countless, and MS seems
> unable to close even the most sensitive ones

s/unable/unwilling/

Remember the Windows 95 Registration Troj^H^H^H^HWizard?

I read the Windows EULA from end to end back in the XP days or so.
I found a line that basically stated that they claim the right to
walk into your machine whenever they feel like it, take a look around,
and remove anything which they - in their sole estimation - feel you
should not have.

I can't imagine that they've gotten any better since.

--
/~\ Charlie Gibbs | They don't understand Microsoft
\ / <cgibbs@kltpzyxm.invalid> | has stolen their car and parked
X I'm really at ac.dekanfrus | a taxi in their driveway.
/ \ if you read it the right way. | -- Mayayana

Re: Linux Backdoor Exploits Guess What

<og58mh-v22.ln1@debian.rakupottery.org.uk>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4938&group=comp.os.linux.misc#4938

 copy link   Newsgroups: alt.os.linux comp.os.linux.misc
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mar...@smithproductions.co.uk (Martin Smith)
Newsgroups: alt.os.linux,comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Tue, 4 May 2021 16:23:36 +0100
Organization: A noiseless patient Spider
Lines: 52
Message-ID: <og58mh-v22.ln1@debian.rakupottery.org.uk>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
<s6oq2h02ea7@news4.newsguy.com> <l9s5mh-85c.ln1@Telcontar.valinor>
<s6pj89$205$1@dont-email.me> <s6pjdr$14t$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="f41bf3e96b6433cbd720e13e7c9cc99c";
logging-data="29274"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1++N2gKUx8Pk+g4yaALnHAK"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0)
Gecko/20100101 Thunderbird/78.10.0
Cancel-Lock: sha1:YrbrJccj5J38FwkZmtI18gzqnQc=
In-Reply-To: <s6pjdr$14t$1@dont-email.me>
Content-Language: en-GB
 by: Martin Smith - Tue, 4 May 2021 15:23 UTC

On 03/05/2021 20:37, Peter Köhlmann wrote:
> Am 03.05.21 um 21:34 schrieb Paul:
>> Carlos E.R. wrote:
>>> On 03/05/2021 14.24, FR wrote:
>>>> Linux systems should be as diverse in setup as are its users but
>>>
>>> In your opinion.
>>>
>>
>> If you look at the effort that went into that malware,
>> you'd realize that the state sponsored actors would
>> take your "diverse 500 distro ecosystem" and simply
>> mint 500 attacks.
>>
>> They're quite capable individuals. In this case,
>> practically every aspect of what they did, uses
>> crypto. These are not script kiddies. They work
>> for a government.
>>
>> Bumping the head count in their APT is easy.
>> Simply tell the employees they're "Doing Gods Work"
>> or similar. 500 versions of malware, coming up.
>>
>> *******
>>
>> The other trend, is to incomplete reporting. I don't
>> know if anyone has noticed, but "the attack vector
>> is unknown" keeps showing up in these articles now.
>> That means, as players on defense, we're losing.
>>
>> You can't attack a Linux system without some means
>> of leverage. And that's the really important part.
>> Picking the nits off the thing, by painstakingly
>> reporting the crypto used, is pretty pointless, if
>> the point of entry is unknown. If the input vector is
>> phishing, then we're pretty happy (you're only as
>> safe, as the dope running the computer). If an exposed
>> port on every machine is the vector, we're
>> philosophically screwed.
>>
>>    Paul
>
> If the OS part of the machine is Windows, you are totally screwed.
> The holes in windows and its applications are countless, and MS seems
> unable to close even the most sensitive ones
>
back in the days of win95 a certain Mr Gates said we are not interested
in security we want features... like stock prices running across the
bottom of the screen, nothing much has changed since then

--
Martin

Re: Linux Backdoor Exploits Guess What

<0e1c9g19d4034e0nbebhhh8nfpi1h3fcod@4ax.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4943&group=comp.os.linux.misc#4943

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!tr1.eu1.usenetexpress.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!buffer1.nntp.dca1.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Fri, 07 May 2021 22:41:21 -0500
From: Bit15_...@nowhere (MSB)
Newsgroups: comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Fri, 07 May 2021 23:41:20 -0400
Message-ID: <0e1c9g19d4034e0nbebhhh8nfpi1h3fcod@4ax.com>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de> <s6oq2h02ea7@news4.newsguy.com> <l5s5mh-85c.ln1@Telcontar.valinor> <s6pvr601tm4@news1.newsguy.com>
X-Newsreader: Forte Agent 2.0/32.652
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 32
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 98.77.166.178
X-Trace: sv3-fm63DwjY0DLdowYlEJrelDdrzoi6zfSFzMpZMwON0/0Nb2zMbhKhz4Otj5yCGABrQXy2m7h8zwkF5vG!YT+QEe4QhT0K/KBJzIWyz2KJfyx7t6GJXYJEdYXZNP/0g8U/auARb9BlWdFaXie9CBudFXUKThfz!a6mXFh4JnSWwZxs=
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 2170
 by: MSB - Sat, 8 May 2021 03:41 UTC

On 3 May 2021 23:09:26 GMT, F Russell <fr@random.info> wrote:

>On Mon, 03 May 2021 20:31:49 +0200, Carlos E.R. wrote:
>
>> On 03/05/2021 14.24, FR wrote:
>>> Linux systems should be as diverse in setup as are its users but
>>
>> In your opinion.
>>
>
>You certainly are not inclined to be adventurous, inventive,
>or diverse.
>
>You are just another sheep in a distro cage.

Systemd has its plusses and minuses. Like all
"overlord" apps, it CAN open the door to widespread
evil. However init.d is not invulnerable either, just
never got around to being exploited.

If you are super-super-super concerned about security
then by all means dump systemd. There are distros
expressly made without it - or roll your own. You can
try a cut-back Unix too. Or hey - there's always Plan-9,
nobody would write malware for that :-)

Unlike the MS/Apple-verse. we HAVE choices here.
Pick what suits YOUR need.

As for "diverse" systems ... some plusses and maybe
more minuses. Too diverse = unsupportable.

Re: Linux Backdoor Exploits Guess What

<gi8qmh-eo7.ln1@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=4965&group=comp.os.linux.misc#4965

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Tue, 11 May 2021 14:06:08 +0200
Lines: 38
Message-ID: <gi8qmh-eo7.ln1@Telcontar.valinor>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de>
<s6oq2h02ea7@news4.newsguy.com> <l5s5mh-85c.ln1@Telcontar.valinor>
<s6pvr601tm4@news1.newsguy.com> <0e1c9g19d4034e0nbebhhh8nfpi1h3fcod@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 9LkWlR9n9YLMSPvXQorA7gmnan4tr9ramMdB3EpqZayhKZYVT7
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:/65LOxC+AKUBnoHc1E7D0GxtCtE=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.10.0
In-Reply-To: <0e1c9g19d4034e0nbebhhh8nfpi1h3fcod@4ax.com>
Content-Language: en-CA
 by: Carlos E.R. - Tue, 11 May 2021 12:06 UTC

On 08/05/2021 05.41, MSB wrote:
> On 3 May 2021 23:09:26 GMT, F Russell <fr@random.info> wrote:
>
>> On Mon, 03 May 2021 20:31:49 +0200, Carlos E.R. wrote:
>>
>>> On 03/05/2021 14.24, FR wrote:
>>>> Linux systems should be as diverse in setup as are its users but
>>>
>>> In your opinion.
>>>
>>
>> You certainly are not inclined to be adventurous, inventive,
>> or diverse.
>>
>> You are just another sheep in a distro cage.
>
> Systemd has its plusses and minuses. Like all
> "overlord" apps, it CAN open the door to widespread
> evil. However init.d is not invulnerable either, just
> never got around to being exploited.
>
> If you are super-super-super concerned about security
> then by all means dump systemd. There are distros
> expressly made without it - or roll your own. You can
> try a cut-back Unix too. Or hey - there's always Plan-9,
> nobody would write malware for that :-)
>
> Unlike the MS/Apple-verse. we HAVE choices here.
> Pick what suits YOUR need.
>
> As for "diverse" systems ... some plusses and maybe
> more minuses. Too diverse = unsupportable.
>

He rolls his own and despises everybody else that doesn't.

--
Cheers, Carlos.

Re: Linux Backdoor Exploits Guess What

<7o2hag1khi6ntang1gsd47i1f9lmkckbi8@4ax.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=5117&group=comp.os.linux.misc#5117

 copy link   Newsgroups: comp.os.linux.misc
Path: i2pn2.org!i2pn.org!news.uzoreto.com!tr3.eu1.usenetexpress.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!buffer1.nntp.dca1.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Fri, 21 May 2021 23:44:34 -0500
From: A25...@krOrange.buzz (CheckBox)
Newsgroups: comp.os.linux.misc
Subject: Re: Linux Backdoor Exploits Guess What
Date: Sat, 22 May 2021 00:44:34 -0400
Message-ID: <7o2hag1khi6ntang1gsd47i1f9lmkckbi8@4ax.com>
References: <s6lv260bmb@news2.newsguy.com> <s6o6l1$aqq$1@news1.tnib.de> <s6oq2h02ea7@news4.newsguy.com> <l5s5mh-85c.ln1@Telcontar.valinor> <s6pvr601tm4@news1.newsguy.com> <0e1c9g19d4034e0nbebhhh8nfpi1h3fcod@4ax.com> <gi8qmh-eo7.ln1@Telcontar.valinor>
X-Newsreader: Forte Agent 2.0/32.652
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 52
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 98.77.165.45
X-Trace: sv3-756vNs3qyG6DrCHWcnKhU7IASBLhIQFcmQYotsyO9zCUG02o96qg3FqI/sJW8HAgoFPy++vn9ynCWgT!BUkmryWe3O6dKrxV+acSHECS8WOfFAkqMQ/QloP6z4XH+HI3zOWxUGcZ/dO6Pu7qsHI/Z55ui6O/!qeNcZSqMZGBVGA==
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 3033
 by: CheckBox - Sat, 22 May 2021 04:44 UTC

On Tue, 11 May 2021 14:06:08 +0200, "Carlos E.R."
<robin_listas@es.invalid> wrote:

>On 08/05/2021 05.41, MSB wrote:
>> On 3 May 2021 23:09:26 GMT, F Russell <fr@random.info> wrote:
>>
>>> On Mon, 03 May 2021 20:31:49 +0200, Carlos E.R. wrote:
>>>
>>>> On 03/05/2021 14.24, FR wrote:
>>>>> Linux systems should be as diverse in setup as are its users but
>>>>
>>>> In your opinion.
>>>>
>>>
>>> You certainly are not inclined to be adventurous, inventive,
>>> or diverse.
>>>
>>> You are just another sheep in a distro cage.
>>
>> Systemd has its plusses and minuses. Like all
>> "overlord" apps, it CAN open the door to widespread
>> evil. However init.d is not invulnerable either, just
>> never got around to being exploited.
>>
>> If you are super-super-super concerned about security
>> then by all means dump systemd. There are distros
>> expressly made without it - or roll your own. You can
>> try a cut-back Unix too. Or hey - there's always Plan-9,
>> nobody would write malware for that :-)
>>
>> Unlike the MS/Apple-verse. we HAVE choices here.
>> Pick what suits YOUR need.
>>
>> As for "diverse" systems ... some plusses and maybe
>> more minuses. Too diverse = unsupportable.
>>
>
>He rolls his own and despises everybody else that doesn't.

Good that he can roll his own.

Not so good that he despises anyone who has a
more realistic time/price/supportability paradigm.

Ultra-customized systems are usually not going to
be financed by real-world employers. What they are
is an attempt at creatng a "hostage situation" where
the programmer cannot be disemployed and holds
ultimate power. Pointy-haired bosses may be dim,
but most understand THAT reality and will chop it
off at the knees.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor