John Andersen wrote:
Feel free - it's likely some rude hack to bypass tcp wrappers, and allow ssh access from anywhere, or install some sort of innocuous-sounding daemon which listens for passwords or some such, and sends them to an offsite host. Those sorts of "honor-system viruses" for unix are quite common, but hardly ever work, up to now, since they require someone with both root access to a unix system, and a lack of sophistication, two qualities which have up to now been largely kept apart.Instead of laughing at it, has anyone actually LOOKED at what this would install on a redhat system?
As new users come to linux in droves in the coming years we willIndeed, which is why distros like linspire (which makes doing everything as root the easiest, most convenient, and the default case) are particularly dangerous - linux/unix in general have a more secure design, but vendors can't go doing really insecure things like that or it will backfire. the vendors have a window of opportunity to really get their act together security-wise, the ones that don't will likely suffer.
have to expect more of these social engineering scams and some
of these attempts in the windows world are pretty sophisticated
and WORK far more frequently than you might imagine.
e
