Re: [SLUG] Sony-BM Rootkit:

From: steve szmidt (steve@szmidt.org)
Date: Sun Nov 13 2005 - 19:54:50 EST


On Sunday 13 November 2005 13:10, Paul M Foster wrote:
>
> The question is: under either one of these scenarios, could a serious
> hacker install a rootkit, and how?

The answer is that it depends primarily on if these server apps have any
vulnerabilities. Buffer overflows etc. Can the criminal gain user rights? As
that user can he then gain access to other s/w which has more severe flaws?

Ultimately if you search for a hack challenge where they pay the successful
hacker, you'll discover that their ingenuity can be nothing short of amazing.
F.ex. a shopping cart that used to be under RedHats umbrella had something
like 600,000 attack attempts and only two got in.

When you read how these two got in you can only wonder what made them even try
some of those methods. The point being that you got a number of ways someone
can get in. If it is possible someone may just discover it.

All you need to do is to browse the wrong website and you could end up being
owned depending on a lot of variables. It does not matter if you don't have
an open incoming port at all, since you brought them right in when you
browsed. You in effect carried the hacker in and gave him free reins.

Statistically its just a matter of minutes for an unprotected box to get
owned. And realize that the hacker is usually not at all interested in
letting you know he's there...

Many people have funny ideas on why they would not be a target. The fact is if
you are online you are a very potential target. It's not a matter of trying
to scare people, it's just how the Internet is today.

Critical customers don't even have a LAN which is connected to the Internet.
They use seperate computers for that.

How do they install it? By f.ex. planting it on a web site. Maybe one that is
pretending to be another one. Or just one they owned. You browse it - you
install it.

There are so many ways. What you need to do is to really try to stay on top of
updates. Learn the field of hacking so you know what they do on a day to day
basis. There's no substitute for knowledge.

-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:02:12 EDT