On Fri, 2025-02-14 at 14:51 -0700, home user via users wrote:
On 2/14/25 3:49 AM, Patrick O'Callaghan wrote:
On Thu, 2025-02-13 at 23:32 -0800, Samuel Sieb wrote:
Those tools are not going to provide any useful help.
I tend to agree. I've never used either of them and have had no consequences as a result. Linux can have security issues of course, but my feeling is that they are much more likely to come from phishing or from supply-chain attacks, which rootkit detectors aren't going to catch.
poc
Thank-you Samuel and Patrick.
I'm all for "redeeming" a few minutes each week!
supply-chain attack? I've not heard of that one before.
An example of a supply-chain attack would be the (fortunately failed) attempt at subverting the XZ source code:
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
which was caught in time by an alert guy from Microsoft of all places.
I'd ask what's next, but I fear I won't like the answer. And I'm concerned that the answer will "help" the malicious people/groups that are snooping and harvesting this list for e-mail addresses and names.
That's absolutely the wrong attitude. People need to be aware of potential vulnerabilities. Clearly there are sensible conventions about disclosure in order to give developers time to correct errors, but secrecy is the enemy of quality. That's one reason we use free software.
poc