Hi,

I never stated that running a 'rootkit' check would weed out the original attack or methods of attack. If you or anyone else wants to prepare a system that is clean from the get go then the methods are well documented.

Yes, one outlook for potential problems do align with browsing sessions. But most of the security risks have been for the basic browser application or related macro functionality not just poor user management skill(s) or practices.


Strange behavior? To be 'rootkit'ed by a knowledgeable and crafty user doesn't nor even possibly means that one's system will behave in a strange manner. Typically the violator will do everything to prevent causing problems that are visible but cause minor changes that should be transparent to the owner. Keyboard shadowing??

I do agree with the above but things can occur from the simplest action(s)

NewEgg has a nice portable keyboard at a reasonable price for the next trip.

I do hope the trip is OK for you!

onebuck, I don't mean to be offensive but I can't understand the relevance of your reply.

It does not contradict or compliment any of what I wrote, and I can't see how it is related at all.

I gave a specific answer to the question unspawn asked, and you seem to be replying with generic advice and practices? Sorry if I have missed something....I just don't see how it makes sense with what I wrote.

It does seem to me that you are not overly familiar with the different types of attacks and their methods. I would suggest first to familiarise yourself with the difference beteen targetted and distrubuted attacks, and then to see why for distrubted attacks why it is next to impossible that a linux machine will be a target.

My trip is good so far, thanks

Hi,

I don't take offense to the reply. My reply was augmented to each quote section, maybe the Costa Rica servers mangled your information.

My background is in systems and I feel my understanding is thorough therefore the opinions along with the presented information is valid. As for varied attacks you can be open to whenever not vigilant along with full awareness of the protection(s) schemes and how to compliment with available tools then we should care to present our methods of protection to those unaware.

As for your implication about lack of knowledge on DOS, Trojans or any form of attack is not valid. If you want to continue with the head in the sand attitude then 'so be it'. I will continue to convey to individuals that they should protect themselves either on a GNU/Linux system, OSX or even M$. If you think people cannot be phished, tricked into introduction or violation within the system or even at the software package level then you my friend don't know what is happening around you. Why do you think people are signing PM, hash coding packages or just plain security methods for personal exchanges? Be it for software, mail or whatever, sign it! Verify it! Protect it! One should be aware of the pitfalls around them. Be it for a browser, application or whatever the user should investigate all options available to protect.

Just to say 'It can't happen on GNU/Linux system' is just setting someone up for potential problems overall. Sure the typical script kiddie is going after the M$ market. But there are people who want your bandwidth, some want your $$ while others are just down right ornery.

We are not talking about CyberWar here but individual practices and methodology of how person(s) can have problems by not protecting things properly. Yes, GNU/Linux systems can be hacked, cracked or corrupted by someone else other than the rightful owner. And to say that the system will have unknown characteristics or act different is just a untruth.

My systems are protected and I do follow good netiquette while on 'MY' systems. I don't access my systems via remote other than via Known protected access. Most typical M$ users still feel secure with having virus protection of some form and don't realize the potential still exists to have future problems. Simple protection schemes along with good netiquette habits will prevent most things from occurring but not all.

As for the 'Browser' statements, I'll agree that most usage is via a browse session for typical users therefore the potential problems can arise from those same sessions. But I will add that a lot of people don't take the time to check software for installation to be valid. Be it for M$ or GNU/Linux. Assume? Closed source can be broken and used to cause problems for unsuspecting users. Open Source can be hacked just as easy if the user doesn't check the validity then they to could have a problem. So check or make the assumption that the software is valid thus gambling whether or not something will happen.

So this was a software fix. Potential problem? Yes, to a user that was not aware thus failing to update to the new 3.6.3 a remote code execution may occur on their system. This was blanket across OS not OS specific. So fonts that were to be updated could in effect pass code to cause execution on a system. If that code happened to be for a GNU/Linux system then it could create a security risk. Sure a big 'if' but a potential problem for those unaware.

Well, no, it just wasn't relevant.

You replied as though I were responding to what you had said earlier, when this was not the case.

My reply was quite specific in two parts in response to unspawns questions.

It was how I would determine the cause of an attack, and then why I thought the browser was the cause of attack.

As I said, your reply did not compliment or contradict what I said, it just seemed unrelated.

Sure, but nothing you have said in the thread has really been relevant.

I again bring up my analogy of recommending an oil change for a flat tire.

Of course it is good to encourage good security practices, but general advice is not so useful when someone has a specific problem.

I have no idea what you are saying here.

My attitude is anything but "head in the sand". I'm speaking from the perspective of someone who does this for a living, rather than just giving generic good advice.

I would like you to clarify exactly what you mean when you say "your implication about lack of knowledge on DOS, Trojans or any form of attack is not valid" as I can't make sense of it in context.

That's great. Giving good security advice is always useful, just somewhat out of place when someone has a specific problem that the generic advice does not really relate to.

Here you are putting words in my mouth.

I never said or implied any such thing.


Sure, and I agree.

Once again though, I don't understand how this generic advice, correct as it may be, relates to anything I have said. It doesn't contradict it, and it doesn't compliment it.

I never said it can't happen on a Linux system, at all.

As I said, you should read up on the difference between a distrubted attack, and a targetted attack.

No, it isnt.

An infected system will, necessarily act differently. Just because the user may not perceive that the system is acting differently, does not mean it is not.

Any unknown code executing is already the machine acting different.

Again, not meaning to offend, but I really don't think you have an idea about security specifically.

You know enough to keep your systems safe and secure, but not to the extent where you can speak authoritivley on the differences between different attack cases.

Yes.

This is more generic good practices security advices.

As I have said countless times, I agree with it, it just isn't related to the specific problem d1ver posted.

Just as recommending a general car checkup isn't useful for a flat tire. It can't hurt, and may help, but it isn't really useful to solve that specific problem.

This is *really* unrelated to d1vers problem.

As far as I can tell you are talking about ensuring the software you install is valid and verified.

Again, this is good practice, bur isnt related to the matter at hand.

Sure...once again I agree....it just isnt related to the problem at hand.

I really would suggest you read about the difference between targetted and dsitrubted attacks, or if you like I can go into some detail and explain the differences as they relate to Linux systems.