berlios.de compromised since 2005
Stephen John Smoogen
smooge at gmail.com
Wed Jan 13 20:35:18 UTC 2010
On Wed, Jan 13, 2010 at 11:33 AM, Jon Ciesla <limb at jcomserv.net> wrote:
> Seth Vidal wrote:
>>
>>
> Thanks, Seth. And if we don't, what's a good resource for security
> auditing n00bs?
1) Look over the change history. Don't trust the source repository but
older versions of the tar balls and see what has changed between them.
2) Look over the code for what doesn't make any sense... sometimes the
dropping of some shell code or obsfucated shell code is obvious this
way.
3) What are the permissions of the programs.. setuid/setgid
programs/packages should be looked at more closely.
4) Look over what the program opens, closes, etc. fetchmail opening
mail files is probably ok.. it opening up /proc/kmem?? maybe not.
5) Work on getting a group of code auditors together in Fedora to look
these over more thoroughly.
This will find the non-clever people (who are usually 40-60% of the
people who break in and change stuff). The clever ones.. no idea.. a
complete line by line audit might uncover it.. at which point you have
rewritten the app.
--
Stephen J Smoogen.
Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning
More information about the devel
mailing list