On Tue, Aug 18, 2020, 20:45 Russell Senior <[email protected]> wrote:
> Fwiw, my take when I saw the report was along the lines of "Oh, that's > interesting, what was the infection vector, how do I discover if a box is > infected, etc" and the supposed "technical details" were a bunch of > handwaving and then a suggestion to not run a kernel before 3.6 or > something. Who is still running a kernel as old as 3.6? > You would be surprised - there are hundreds of servers (60 CPU 2+TB RAM) in your typical enterprise running 2.6 kernel. The sadest thing - they are all the cream of the IT/tech heap. > "To prevent a system from being susceptible to Drovorub’s hiding and > persistence, system administrators should update to Linux Kernel 3.7 or > later in order to take full advantage of kernel signing enforcement." ... > like, when was this report written and why is it only now becoming public? > The last 3.6.x stable release was in December 2012. If the operating system > is hiding its parts from you, why not boot a live system to investigate? It > just reads like weird baffle-them-with-bs. > > On Tue, Aug 18, 2020 at 7:28 PM King Beowulf <[email protected]> > wrote: > > > On 8/14/20 5:33 AM, Rich Shepard wrote: > > > As a computer user and a non-professional I'd like your thoughts on > this > > > Ars > > > Technica article, "NSA and FBI warn that new Linux malware threatens > > > national security." > > > > > > < > > > https://arstechnica.com/information-technology/2020/08/nsa-and-fbi-warn-that-new-linux-malware-threatens-national-security/ > > > > > > > > > > > > Rich > > > > > > > The media hype this is hysterical...because RUSSIA! > > > > There have been numerous toolkits over the years with similar > > functionality (rootkit + botnet + spyware etc), so I'm not surprised a > > government spy agency cleans it up. Heck, UK probably has the same > > thing called "007" or similar and USA's some sort of unpronounceable > > acronym... > > > > From what I can tell, it is unlikely for this to be an issue without > > local root privileges since is it MALWARE and not an EXPLOIT: > > > > 1. needs local access to computer OR > > 2. trick user to installing the software via email or compromised > > download (gee, does that STILL happen?) OR > > 3. piggyback on existing remote access exploit to gain root access > > (privilege escalation). > > > > Thus, the same rules apply to keeping this off your systems and servers > > as have for decades: don't click random links, don't download random > > executable files, etc. > > > > -Ed > > > > _______________________________________________ > > PLUG: https://pdxlinux.org > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG: https://pdxlinux.org > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
