New Linux Rootkit Emerges (Threat Post)
The Linux rootkit does not appear to be a modified version of any known piece of malware and it first came to light last week when someone posted a quick description and analysis of it on the Full Disclosure mailing list. That poster said that his site had been targeted by the malware and some of his customers had been redirected to malicious sites."
Posted Nov 20, 2012 22:45 UTC (Tue)
by Darkmere (subscriber, #53695)
[Link]
Posted Nov 21, 2012 2:33 UTC (Wed)
by NikoNiko (guest, #87342)
[Link] (1 responses)
Then it must be specifically a Gentoo rootkit.
Posted Nov 21, 2012 9:56 UTC (Wed)
by tpo (subscriber, #25713)
[Link]
Posted Nov 21, 2012 3:52 UTC (Wed)
by alison (subscriber, #63752)
[Link] (9 responses)
Posted Nov 21, 2012 6:42 UTC (Wed)
by LightDot (guest, #73140)
[Link]
I'm sure this argument has been repeated ad nauseam by now, I'm just too lazy to see if there is any actual research data to back up one of the views... Eh, still too lazy. Let's just leave it at empirical "if I look at what big dawgs are running, ie. Fedora or RHEL/CentOS/SL, that alone should count for something"...
Posted Nov 21, 2012 7:08 UTC (Wed)
by Rearden (subscriber, #35172)
[Link]
Posted Nov 21, 2012 10:13 UTC (Wed)
by robert_s (subscriber, #42402)
[Link] (6 responses)
But I think it's more "security through obscurity" than actual "security bugs being accidentally fixed" that may help you there. Running obscure or frequently changing versions of things could give you an amount of invulnerability to opportunistic attackers toolkits of pre-built, version (and often build)-sensitive exploits.
But I think the argument for such a thing is relatively thin, as it will give you little protection against an "advanced persistent threat".
Posted Nov 21, 2012 15:10 UTC (Wed)
by imgx64 (guest, #78590)
[Link] (5 responses)
Posted Nov 21, 2012 15:21 UTC (Wed)
by robert_s (subscriber, #42402)
[Link]
Posted Nov 21, 2012 15:55 UTC (Wed)
by alison (subscriber, #63752)
[Link] (3 responses)
Posted Nov 22, 2012 9:06 UTC (Thu)
by man_ls (guest, #15091)
[Link] (2 responses)
With stable versions, security fixes are backported from latest releases. There is an increased maintenance burden, but otherwise security should be similar. Again, 0-day or no-day. The advantage of quick releases is mostly decreased maintenance.
Posted Nov 22, 2012 20:08 UTC (Thu)
by redden0t8 (guest, #72783)
[Link] (1 responses)
Posted Nov 23, 2012 9:47 UTC (Fri)
by nix (subscriber, #2304)
[Link]
New Linux Rootkit Emerges (Threat Post)
New Linux Rootkit Emerges (Threat Post)
What an enjoyable day! Your comment and the "Gnome3 lalala" thread running in parallel have me chuckling all the time.
Thanks to all participating! :-) !
New Linux Rootkit Emerges (Threat Post)
Maybe running such an old kernel is a bad idea
Maybe running such an old kernel is a bad idea
Maybe running such an old kernel is a bad idea
Maybe running such an old kernel is a bad idea
Maybe running such an old kernel is a bad idea
But I think it's more "security through obscurity" than actual "security bugs being accidentally fixed" that may help you there. Running obscure or frequently changing versions of things could give you an amount of invulnerability to opportunistic attackers toolkits of pre-built, version (and often build)-sensitive exploits.
"Security through obscurity" does not mean running uncommon software/software versions. It means that the security mechanisms are a "secret", as opposed to the keys of such mechanisms.
Maybe running such an old kernel is a bad idea
Maybe running such an old kernel is a bad idea
A moving target is usually of no help in this situation. As we have seen in kernel vulnerabilities, an unpatched hole in version n is likely to be carried over to n+1, so whatever attack works on one version will work on the next -- until fixed once and for all. So it is 0-day or no-day.
Moving target
Moving target
Moving target