F17 Beta DVD install options

Dan Mashal dan.mashal at gmail.com
Thu Apr 19 07:27:09 UTC 2012 

If the NSA wants to look at your machine, they don't need your root password. 

End of story.

Thanks,
Dan

-----Original Message-----
From: test-bounces at lists.fedoraproject.org [mailto:test-bounces at lists.fedoraproject.org] On Behalf Of Adam Williamson
Sent: Wednesday, April 18, 2012 7:31 PM
To: For testing and quality assurance of Fedora releases
Subject: Re: F17 Beta DVD install options

On Wed, 2012-04-18 at 21:19 -0500, John Morris wrote:

> On the other hand, has there ever been a real case found in the wild 
> of an infestation that was so good at covering its tracks?  The 
> security problems I saw in the past were the crudest script kiddies 
> and I haven't even seen one of those attacks succeed since the 20th 
> Century even on erratically updated machines.  There aren't a lot of 
> exploits against Linux to begin with, how many are going for deep 
> penetration that aren't targeted hits by intelligence agencies?  If 
> the NSA wants to look at your or my machine they will and we will 
> almost certainly never have a clue they were there.
> 
> In short, just how theoretical an attack am I expending effort to repel?

I'm not any kind of security expert, but I'm pretty sure the answer to your first question is 'yes' and the answer to your last is 'not theoretical'. One interesting thing to do is look at the things chkrootkit checks for. As far as I'm aware, most of the chkrootkit checks are responses to real-world attacks. If you look at the checks, you can deduce that some of the attacks are pretty sophisticated.

Oh, I'm pretty sure quite a lot real-world attacks work in ways that an rpm -Va check wouldn't expose, without needing to actually mung the rpm -Va operation in any way - simply by using files that aren't rpm tracked, for instance. But yeah, I'm not an expert on security at all, I only know enough to be a danger to myself and others. ;)
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net

--
test mailing list
test at lists.fedoraproject.org
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test

More information about the test mailing list