Pathetic news story of the week

Discussion topics, Linux related - not requests for help

Moderators: ChrisThornett, LXF moderators

Pathetic news story of the week

Postby Rhakios » Thu Feb 10, 2011 8:17 pm

My nomination for pathetic news story of the week goes to The H, for this story.

It seems that we must all quake in our boots at the thought that Linux is vulnerable to USB drives carrying malware. All we need to do is, fail to keep our systems up to date, disable a couple of security mechanisms, and insert the specially crafted drive.

To be fair, the security specialist must have started work on this before the vulnerability in Evince was fixed and says he can get around the two mechanisms without disabling them manually beforehand. And he has so much confidence in his ability to do this, that he is happy to tell his audience about, but not actually demonstrate it.

I have no doubt that Linux is vulnerable in a number of ways, especially through methods designed to gull the careless user, but please, please, please, can we just have someone demonstrate something that works properly without resorting to "fixes" to get things going. Otherwise, this just reads like pathetic scaremongering.
Bye, Rhakios
User avatar
Rhakios
Moderator
 
Posts: 7634
Joined: Wed Apr 06, 2005 11:18 pm
Location: Midlands, UK

Postby Bazza » Thu Feb 10, 2011 9:22 pm

Hi Rhakios...

> And he has so much confidence in his ability to do this, that
> he is happy to tell his audience about, but not actually
> demonstrate it.

Yeah I noticed that too.

My Windies box caught a Virus/Worm/Whatever last night.

Didn`t bother me much, soon got rid of it...
73...

Bazza, G0LCU...

Team AMIGA...
User avatar
Bazza
LXF regular
 
Posts: 1476
Joined: Sat Mar 21, 2009 11:16 am
Location: Loughborough

Postby LeeNukes » Thu Feb 10, 2011 9:47 pm

Still interesting, but as with most things, if someone has physical access to the system, consider it compromised.
User avatar
LeeNukes
LXF regular
 
Posts: 954
Joined: Sun Jun 21, 2009 8:11 pm
Location: At the bar

Postby wyliecoyoteuk » Thu Feb 10, 2011 10:02 pm

As always, if you have system which has oit been updated for 6 months, do this...and this... and click on this... you perhaps get Linux virus or malware.

Whereas windows systems get viruses just by being connected or browsing a web page. meh

I know Linux us NOT invulnerable but really...
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
User avatar
wyliecoyoteuk
LXF regular
 
Posts: 3461
Joined: Sun Apr 10, 2005 10:41 pm
Location: Birmingham, UK

Postby nelz » Thu Feb 10, 2011 10:29 pm

LeeNukes wrote:Still interesting, but as with most things, if someone has physical access to the system, consider it compromised.


You don't need physical access for this, just give out free USB sticks.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8522
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby bobthebob1234 » Thu Feb 10, 2011 11:33 pm

or drop them around. Its amazing what curiosity will make people do.
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was
User avatar
bobthebob1234
LXF regular
 
Posts: 1373
Joined: Thu Jan 03, 2008 9:38 pm
Location: A hole in a field

Postby Dutch_Master » Fri Feb 11, 2011 1:01 am

And even then: how can you be sure that stick is found by someone who uses Linux, hasn't updated for ages, is stupid enough do follow the instructions w/o knowing what they are and keep the stick inserted when he finds it's infected...? I think you'd have a better chance winning the lottery ;)
Dutch_Master
LXF regular
 
Posts: 2451
Joined: Tue Mar 27, 2007 1:49 am

Postby Rhakios » Fri Feb 11, 2011 6:55 am

bobthebob1234 wrote:or drop them around. Its amazing what curiosity will make people do.


Really? :D
Bye, Rhakios
User avatar
Rhakios
Moderator
 
Posts: 7634
Joined: Wed Apr 06, 2005 11:18 pm
Location: Midlands, UK

Postby Ram » Fri Feb 11, 2011 10:33 am

Rhakios wrote:
bobthebob1234 wrote:or drop them around. Its amazing what curiosity will make people do.


Really? :D


Curiosity killed the cat, but I'm not pressing that in work time.

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
User avatar
Ram
LXF regular
 
Posts: 1679
Joined: Thu Apr 07, 2005 9:44 pm
Location: Guisborough

Postby nelz » Fri Feb 11, 2011 10:38 am

Dutch_Master wrote:And even then: how can you be sure that stick is found by someone who uses Linux, hasn't updated for ages, is stupid enough do follow the instructions w/o knowing what they are and keep the stick inserted when he finds it's infected...?


Dual infected sticks, work on Windows and Linux.

The fix in evince is quite recent.

Never underestimate stupidity.

There are no instructions to follow, all they have to do is view the stick contents in Nautilus.

See third point.

Actually, you don't necessarily need to keep the stick inserted, if the malware's first step is to copy itself to your hard drive.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8522
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby Bazza » Fri Feb 11, 2011 12:20 pm

Hi nelz...

> Never underestimate stupidity.

Guilty as charged m`lud.
73...

Bazza, G0LCU...

Team AMIGA...
User avatar
Bazza
LXF regular
 
Posts: 1476
Joined: Sat Mar 21, 2009 11:16 am
Location: Loughborough

Postby Rhakios » Fri Feb 11, 2011 6:04 pm

nelz wrote:Dual infected sticks, work on Windows and Linux.


Good to see you have a plan. ;)

There are no instructions to follow, all they have to do is view the stick contents in Nautilus.


Yes there are, you have disable two security features first. The method of getting around them hasn't been demonstrated.
Bye, Rhakios
User avatar
Rhakios
Moderator
 
Posts: 7634
Joined: Wed Apr 06, 2005 11:18 pm
Location: Midlands, UK

Postby nelz » Sat Feb 12, 2011 9:23 am

Weren't those security features enabled quite recently? Meaning anything not up to date is vulnerable.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8522
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby Rhakios » Sat Feb 12, 2011 11:18 am

nelz wrote:Weren't those security features enabled quite recently? Meaning anything not up to date is vulnerable.


I don't know about ASLR, but AppArmor has been around for quite a while now. For openSUSE users, some years, not so sure about other distros.
Bye, Rhakios
User avatar
Rhakios
Moderator
 
Posts: 7634
Joined: Wed Apr 06, 2005 11:18 pm
Location: Midlands, UK

Postby nelz » Sat Feb 12, 2011 12:56 pm

Ah yes, I'd forgotten that it needed AppArmor turning off.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8522
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Next

Return to Discussion

Who is online

Users browsing this forum: No registered users and 0 guests