Re: SSHD rootkit heads up

[Lusotec]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chris Ahlstrom wrote:

> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>
> SSHD rootkit in the wild
> Published: 2013-02-21,
> Last Updated: 2013-02-22 09:23:59 UTC
>
> There are a lot of discussions at the moment about a SSHD rootkit
> hitting mainly RPM based Linux distributions.
> Thanks to our reader unSpawn, we received a bunch of samples of the
> rootkit. The rootkit is actually a trojanized library that links with
> SSHD and does *a lot* of nasty things to the system.

Here are some more interesting information on that.
http://www.webhostingtalk.com/showthread.php?t=1235797

Regards.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAlEnm1IACgkQGQjO2ccW76rL6wD/e+qRAoDmQNPCe56mSXDKjlRU
n7cJK7APUrztJX4lbKUA/2Ik111ZBdvWIGeSR12g52W6hFmaZjpS2Fi0qP6ILHKQ
=1zP1
-----END PGP SIGNATURE-----

[Cola Zealot]

Lusotec wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Chris Ahlstrom wrote:
>
>> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>
>> SSHD rootkit in the wild
>> Published: 2013-02-21,
>> Last Updated: 2013-02-22 09:23:59 UTC
>>
>> There are a lot of discussions at the moment about a SSHD rootkit
>> hitting mainly RPM based Linux distributions.
>> Thanks to our reader unSpawn, we received a bunch of samples of
>> the rootkit. The rootkit is actually a trojanized library that
>> links with SSHD and does *a lot* of nasty things to the system.
>
> Here are some more interesting information on that.
> http://www.webhostingtalk.com/showthread.php?t=1235797

Yup, maybe Linux is insecure by design?
Just repeat after me what has often been said in COLA:
"The OS can't be blamed"
"The user has to be blamed"
"There is NO Linux malware"
Are these claims still valid?. Lusrtec!

[JEDIDIAH]

On 2013-02-22, Cola Zealot <Cola_...@fuckoff.com> wrote:
> Lusotec wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Chris Ahlstrom wrote:
>>
>>> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>
>>> SSHD rootkit in the wild
>>> Published: 2013-02-21,
>>> Last Updated: 2013-02-22 09:23:59 UTC
>>>
>>> There are a lot of discussions at the moment about a SSHD rootkit
>>> hitting mainly RPM based Linux distributions.
>>> Thanks to our reader unSpawn, we received a bunch of samples of
>>> the rootkit. The rootkit is actually a trojanized library that
>>> links with SSHD and does *a lot* of nasty things to the system.
>>
>> Here are some more interesting information on that.
>> http://www.webhostingtalk.com/showthread.php?t=1235797
>
> Yup, maybe Linux is insecure by design?

So that's why we're talking about rootkits here and not
malformed JPEG documents or bad websites...

[deletia]

You're like Typhoid Mary over there trying to screech that someone
else is some sort of biohazard.

--
"If I give you a pfennig, you will be one pfennig richer and
I'll be one pfennig poorer. But if I give you an idea, you will |||
have a new idea, but I shall still have it, too." / | \
~ Albert Einstein

[Homer]

Verily I say unto thee that Lusotec spake thusly:

>
> Chris Ahlstrom wrote:
>
>> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>
>> SSHD rootkit in the wild
>> Published: 2013-02-21,
>> Last Updated: 2013-02-22 09:23:59 UTC
>>
>> There are a lot of discussions at the moment about a SSHD rootkit
>> hitting mainly RPM based Linux distributions.
>> Thanks to our reader unSpawn, we received a bunch of samples of the
>> rootkit. The rootkit is actually a trojanized library that links with
>> SSHD and does *a lot* of nasty things to the system.
>
> Here are some more interesting information on that.
> http://www.webhostingtalk.com/showthread.php?t=1235797

From the available evidence it seems this security breach was cause by a
proprietary application called CPanel, a notoriously insecure Web
interface for configuring servers.

Yet another good reason to choose Free Software.

(Subject corrected.)

--
K. | "You see? You cannot kill me. There is no flesh
http://slated.org | and blood within this cloak to kill. There is
Fedora 8 (Werewolf) on šky | only an idea. And ideas are bulletproof."
kernel 2.6.31.5, up 122 days | ~ V for Vendetta.

[Snit]

On 2/22/13 12:50 PM, in article slrnkifj0...@nomad.mishnet,

"JEDIDIAH" <je...@nomad.mishnet> wrote:

> On 2013-02-22, Cola Zealot <Cola_...@fuckoff.com> wrote:
>> Lusotec wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> Chris Ahlstrom wrote:
>>>
>>>> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>>
>>>> SSHD rootkit in the wild
>>>> Published: 2013-02-21,
>>>> Last Updated: 2013-02-22 09:23:59 UTC
>>>>
>>>> There are a lot of discussions at the moment about a SSHD rootkit
>>>> hitting mainly RPM based Linux distributions.
>>>> Thanks to our reader unSpawn, we received a bunch of samples of
>>>> the rootkit. The rootkit is actually a trojanized library that
>>>> links with SSHD and does *a lot* of nasty things to the system.
>>>
>>> Here are some more interesting information on that.
>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>>
>> Yup, maybe Linux is insecure by design?
>
> So that's why we're talking about rootkits here and not
> malformed JPEG documents or bad websites...
>
> [deletia]
>
> You're like Typhoid Mary over there trying to screech that someone
> else is some sort of biohazard.

The point is that if this were on Windows the "advocate" reaction would be
to blame the OS.

Not that it should be ignored that the only two OSs with *major* malware
concerns are Windows and Android, *any* OS can get malware, even iOS, OS X,
and desktop Linux.


--
"In fact, the main goal of Linux might be called usability... the most
important thing is that it works well and people ... want to use it."
-- Linus Torvalds

[Snit]

On 2/22/13 8:57 PM, in article m9rlv9-...@sky.matrix, "Homer"

<use...@slated.org> wrote:

> Verily I say unto thee that Lusotec spake thusly:
>>
>> Chris Ahlstrom wrote:
>>
>>> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>
>>> SSHD rootkit in the wild
>>> Published: 2013-02-21,
>>> Last Updated: 2013-02-22 09:23:59 UTC
>>>
>>> There are a lot of discussions at the moment about a SSHD rootkit
>>> hitting mainly RPM based Linux distributions.
>>> Thanks to our reader unSpawn, we received a bunch of samples of the
>>> rootkit. The rootkit is actually a trojanized library that links with
>>> SSHD and does *a lot* of nasty things to the system.
>>
>> Here are some more interesting information on that.
>> http://www.webhostingtalk.com/showthread.php?t=1235797
>
> From the available evidence it seems this security breach was cause by a
> proprietary application called CPanel, a notoriously insecure Web
> interface for configuring servers.
>
> Yet another good reason to choose Free Software.

And yet you choose G+ which is a proprietary solution.

So funny!


--
"When making pornography involves real abuse of real children ... that does
not excuse censorship. No matter how disgusting published works might be,
censorship is more disgusting." -- Richard Stallman

[Cola Zealot]

Snit wrote:
> On 2/22/13 8:57 PM, in article m9rlv9-...@sky.matrix, "Homer"
> <use...@slated.org> wrote:
>
>> Verily I say unto thee that Lusotec spake thusly:
>>>
>>> Chris Ahlstrom wrote:
>>>
>>>> https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
>>>>
>>>> SSHD rootkit in the wild
>>>> Published: 2013-02-21,
>>>> Last Updated: 2013-02-22 09:23:59 UTC
>>>>
>>>> There are a lot of discussions at the moment about a SSHD
>>>> rootkit hitting mainly RPM based Linux distributions.
>>>> Thanks to our reader unSpawn, we received a bunch of samples of
>>>> the rootkit. The rootkit is actually a trojanized library that
>>>> links with SSHD and does *a lot* of nasty things to the system.
>>>
>>> Here are some more interesting information on that.
>>> http://www.webhostingtalk.com/showthread.php?t=1235797
>>
>> From the available evidence it seems this security breach was cause
>> by a proprietary application called CPanel, a notoriously insecure
>> Web interface for configuring servers.
>>
>> Yet another good reason to choose Free Software.
>
> And yet you choose G+ which is a proprietary solution.

No problem for Homer.
As long as Microsoft is not involved, proprietary solutions are fine with
him, since he's a raging hypocrite who hoarded money from proprietary
software his entire career.

>
> So funny!

Indeed, this fanatic loon makes you laugh!

[Snit]

On 2/23/13 2:39 PM, in article 512936e2$0$12000$6e1e...@read.cnntp.org,

MS of Apple - the two companies who he envies the success of.

>> So funny!
>
> Indeed, this fanatic loon makes you laugh!
>

--
"I have never, ever cared about really anything but the Linux desktop."
-- Linus Torvalds

[Cola Zealot]

Creepy Ahlstrom, Homer, Rexford kingmaker and Peter Kohlmann have many
things in common.
They envy the success of (former) CEO's and huge innovators like Ballmer,
Jobs, Cook, Gates because these linturds have never achieved anything even a
tiny bit similar in life and never will.
This has turned them in angry old men and raving anti-corporate trolls.
Poor Linturds with their failed crap careers!

[fuyang]

You defend companies, that let things like this happen?

http://www.theregister.co.uk/2013/02/23/microsoft_azure_back_online/

You obey "huge innovators" that sell stolen ideas? You prefer to use
software that keeps users imprisonated?

--
fuyang

[Cola Zealot]

And of course you obey your masters at Google "a Linux Company" who sells a
crappy £1049 / $1604 / € 1216 laptop like this!
<quote>
Google is offering Pixel buyers an unprecedented 1 terabyte of cloud storage
for three years. The catch - and it's a big one - is that after those three
years, you're paying $50 per month to keep photos, GIFs, or whatever else
you right-click on stored in Google's cloud. That's a lot of money if you
don't plan on buying a replacement within that three-year window.
</quote>

[Hadron]

"Cola Zealot" <Cola_...@fuckoff.com> writes:

>
> And of course you obey your masters at Google "a Linux Company" who sells a
> crappy £1049 / $1604 / € 1216 laptop like this!
> <quote>
> Google is offering Pixel buyers an unprecedented 1 terabyte of cloud storage for
> three years. The catch - and it's a big one - is that after those three years,
> you're paying $50 per month to keep photos, GIFs, or whatever else you
> right-click on stored in Google's cloud. That's a lot of money if you don't plan
> on buying a replacement within that three-year window.
> </quote>
>
>

50 a MONTH!?!?!??!?!? Holy shit.


--
A certain COLA "advocate" faking his user-agent in order to pretend to be a Linux
user: User-Agent: Outlook 5.5 (WinNT 5.0), User-Agent: slrn/0.9.8.0
(Linux), Message-ID: <wPGdnd3NnOM...@comcast.com>

[Ezekiel]

"Hadron" <hadro...@gmail.com> wrote in message
news:qvy5edd...@news.eternal-september.org...

> "Cola Zealot" <Cola_...@fuckoff.com> writes:
>
>>
>> And of course you obey your masters at Google "a Linux Company" who sells
>> a

>> crappy �1049 / $1604 / ? 1216 laptop like this!

>> <quote>
>> Google is offering Pixel buyers an unprecedented 1 terabyte of cloud
>> storage for
>> three years. The catch - and it's a big one - is that after those three
>> years,
>> you're paying $50 per month to keep photos, GIFs, or whatever else you
>> right-click on stored in Google's cloud. That's a lot of money if you
>> don't plan
>> on buying a replacement within that three-year window.
>> </quote>
>>
>>
>
> 50 a MONTH!?!?!??!?!? Holy shit.
>

Here's a comment from a article about this lower laptop:

<quote>
"I'm staggered at the depths of stupid Google displays with this thing.
Basically, you pay Google a snazzy premium for a snazzy dumb terminal to
suck up personal data so Google can mine it and make more money off you."
</quote>

In other words, you get to pay Google $50 a month for the privilege of them
sucking in every bit of personal data you have and then using your data to
make them money.

--
> Just picked up the 8-gig model (iPhone)

Yeah, fine, cute toy and all, but some gimboid up there is trying to fob it
off as a "wowee" when in fact, it's more of a "gee whiz" - as in "Gee whiz,
now I can store phone numbers for 180 million people... and the two friends
I actually have."

Kelsey Bjarnason - Failing to understand smartphone basics
<dn0pn4-...@spanky.localhost.net>

[GreyCloud]

Any time they start touting the Cloud storage... don't buy and don't do
it. Matter of fact... RUN!

[Denis McMahon]

On Sun, 24 Feb 2013 09:34:31 -0700, GreyCloud wrote:

> Any time they start touting the Cloud storage... don't buy and don't do
> it. Matter of fact... RUN!

I thought the whole point of cloud storage was to provide all government
agencies globally with a single point of contact for a warrantless search
of your complete life.

Or did I miss something?

--
Denis McMahon, denismf...@gmail.com

[Jim Beard]

On 03/07/2013 12:45 AM, Denis McMahon wrote:
> On Sun, 24 Feb 2013 09:34:31 -0700, GreyCloud wrote:
>
>> Any time they start touting the Cloud storage... don't buy and don't do
>> it. Matter of fact... RUN!
>
> I thought the whole point of cloud storage was to provide all government
> agencies globally with a single point of contact for a warrantless search
> of your complete life.
>
> Or did I miss something?

You missed a few things.

Probably the most important is backup, which few lusers do
despite decades of experience demonstrating its importance.
Depending on which cloud you store stuff in, you not only get
off-site backup but will likely get multiple backups as well.

Second, cracking and looting a home luser's machine is trivial in
maybe 70-85 percent of cases. Storage in the cloud will not
reduce vulnerability of the home machine, but storage in the
cloud is certainly a minor increase in vulnerability (vulnerable
to some extent in a second place, in addition to totally
vulnerable in the first place, for most). Those who keep their
important stuff in the cloud, deleting it from the home machine
and getting it back when needed, have a means to minimize
vulnerability to the amateurs and script kiddies.

Third, while neither the cloud nor the home machine are safe from
the pros, the bigger the cloud grows the greater the difficulty
for the cracker when it comes time to sort and select from
whatever was grabbed when a crack succeeds. There is simply more
stuff they have to sort through.

The only downside is that data once uploaded to the cloud could
be kept forever, or until bit rot sets in. I sort of suspect the
cost of keeping storage disks spinning forever once written to,
and of shifting data to other forms of permanent storage, is
enough to discourage cloud operators for keeping everything forever.

Benefits to the government are incidental, and depend on the
government involved. If the pros decide to target you, they will
likely get what they want, regardless of cloud or home machine or
whatever. Why increase the cost of government (and therefore the
amount of taxes necessary to pay for it) by making government
access to your data inconvenient?

The goal in computer security (for most -- a few with special
requirements excepted) is to make it costly in time, effort, and
hopefully money to crack your machine(s), and thereby reduce the
incentive to target them. Make it difficult enough, and the
nasties will go after someone else. (You don't have to be the
fastest gazelle to escape the lion, just faster than the slowest
gazelle between the lion and you.)

Don't be low-hanging fruit, easily available for the picking.

Cheers!

jim b.




--
UNIX is not user unfriendly; it merely
expects users to be computer-friendly.

[GreyCloud]

On 3/6/2013 10:45 PM, Denis McMahon wrote:
> On Sun, 24 Feb 2013 09:34:31 -0700, GreyCloud wrote:
>
>> Any time they start touting the Cloud storage... don't buy and don't do
>> it. Matter of fact... RUN!
>
> I thought the whole point of cloud storage was to provide all government
> agencies globally with a single point of contact for a warrantless search
> of your complete life.
>
> Or did I miss something?
>

No, you didn't miss a beat. I just won't have my backups on a cloud and
then have it disappear. There really isn't any point to using a cloud.