On point #1......yes, be suspicious of hotspots and confirm the MAC with the management of a public wifi provider. If you visit a hotspot regularly, it would be wise to set up the connection with a specific MAC to prevent connecting to a rogue AP
Point #2......If I had a company hosting a few sites, I would be able to move machines around and upgrade others by changing my own DNS settings which essentially moves www.host.com from one IP/machine to another IP/machine.....Quite frankly, you should rely on fully qualified host names to properly connect to a server. As a programmer, I had stated to others to use a host name if it exist for FTP and other file transmissions and I was ignored. One day, our business partner moved their FTP server to a new box and did so by changing the DNS. While you may hit the correct host 99% of the time, it isn't fully reliable Point #3.....I do, at times, download things from "mirror" sites. But I do so with suspicion of what I am downloading. To make COMPLETELY sure that you are getting what you think you are getting, you should only follow links from trusted sources (ie, the software developer may give you mirror sites, those are good) instead of from unknown sources like MikeSMithLinuxGroup.com may or may not have good intention...since I don't know the site, it is impossible to say whether I am getting malware or goodware. Point #4: ........If you log in as root or root equivalent, you have the real risk of causing damage by accidentally deleting files or installing software that may be malware. If you have the same root passwords on multiple system, root can mount cross network attacks from malware or virus... By limiting a user account, you remove the rights to any part of the system other than the user's home directory....... root is dangerous....keep your USERS as users. On Dec 9, 3:02 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > http://voices.washingtonpost.com/securityfix/2008/12/a_scary_twist_in... > > Looking this thing over, it appears that I'm right to be suspicious of > wifi hotspots. The server could be working fine, but apparently, > someone with an infected Winbox is all it would take to make this > exploit happen. > > The article mentions that DNSChanger only works on Windows and Apple, > but in theory, since one infected machine is acting as a relay, > anything including cell phones set to search for wifi hot spots (truly > platform agnostic) can be duped. > > So, naturally, I have some questions, and I think you guys will have > the answers. > > 1) So DNSChanger basically sets up a wifi source. Under Linux, when > I try to connect wirelessly under Fedora or Ubuntu, a list pops up of > available signals, as well as whether or not they are secure. Will > this dummy transmitter reveal itself in this list? Or, if I, say, go > to Panera Bread and see two wifi signals for Panera instead of one, is > this my cue to simply stay off the Internet, period? (As the saying > goes, If you can't be sure, be careful. It's a jungle out there.) > Also, if the signal is secure, is that a good sign that that signal is > not the DNSChanger one? > > 2) My bookmarks, homepage settings, etc. One of the comments notes > that domain names can be used to carry out the hijack, but using the > actual numeric IP address circumvents this (i.e. a VPN network that > goes by IP address instead of domain name). Is that true? And if so, > does my browser store this information as a domain name or numeric IP > address? > > 3) For Mac users like my dad -- the trojan is disguised as a plug-in > that has to be downloaded for the browser to function. Does this > mean, like in the case of Java or Flash, that the best course of > action is to simply point the browser to the web site home of the plug- > in (Sun or Adobe) and download it directly from them? > > 4) One commenter in the article says Linux users can avoid this > problem by blocking unknown DNS servers or by running with limited > privileges. Wouldn't the signal include something to make it not > unknown (or, if you are going someplace you've never been before, > wouldn't that potentially make a legit signal unknown)? And for > limited privileges, would I just create a new user account and > restrict the living daylights out of it, and that should prevent the > problem? (I can see that helping under Windows with preventing > installation, but not as far as the wifi signal being transmitted and > intercepted.) Would that really work under Linux? > > I guess this is a good enough list for starters. I apologize if some > of this is self-evident. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
