Off-topic, slightly - Hand of Thief Linux Virus
Alchemist
raimiiic at gmail.com
Wed Aug 14 13:23:19 UTC 2013
2013/8/12 Daniel J Walsh <dwalsh at redhat.com>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/11/2013 02:28 PM, Alchemist wrote:
> >
> >
> >
> > 2013/8/11 <linuxnutster at videotron.ca <mailto:linuxnutster at videotron.ca>>
> >
> > On 08/10/2013 11:55 AM, Alchemist wrote:
> >
> > ..2013/8/10 <linuxnutster at videotron.ca <mailto:linuxnutster at videotron.ca
> >
> > <mailto:linuxnutster at __videotron.ca <mailto:linuxnutster at videotron.ca>>>
> >
> > I was just reading about this new malware threat. I'm not clear on how
> > exactly this thing can get installed on a Linux system. Would it require
> > 100% social engineering? I installed Fedora on my elderly mother's last
> two
> > laptops so she can do her banking without being paranoid about
> keyloggers,
> > trojans, etc... She is a news hound, so it's only a matter of time before
> > she comes flying at me demanding reassurances. --
> >
> > Mini gude how Fedora can protect You:
> >
> > 1. Use only official repos/strict package signing, no untrusted package
> > sources. 2. Update browser scope threats, Iced-Tea, Flash-plugin. (whole
> > system, whuh!) 3. Better create two browser profiles, one for everyday
> > usage with Iced-Tea disabled, other one ONLY for internet-banking with
> > Iced-Tea enabled, and tell your mother about the value of such security
> > solution. 4. Disable autorun
> >
> http://blogs.iss.net/archive/__papers/ShmooCon2011-USB___Autorun_attacks_against_Linux.__pdf
> >
> >
> <
> http://blogs.iss.net/archive/papers/ShmooCon2011-USB_Autorun_attacks_against_Linux.pdf
> >
> > 5. Use SELinux shield: # setsebool -P allow_execstack=0 # setsebool -P
> > allow_execheap=0 # setsebool -P allow_execmod=0 (may break some buggy
> > apps) 6. Set umask 077 in ~/.bashrc (and if needed ~/.gnomerc) to locally
> > or globally(/etc/profile,/etc/__bashrc) prevent new planted executables
> of
> > being execuded. Of course if only system is not for multiuser, and there
> is
> > no need for binary execution ~/ 7. HoT runs without root, so primary
> impact
> > will be taking over control of user evironment. Protect important config
> > files from modification, by setting chattr +i.(remove when needed)
> .bashrc
> > .bash_profile .bash_logout .pam_environment .xinitrc .gnomerc
> > .config/autostart/* and so on 8. Configure firewall, but this is
> different
> > story, as I know from experience, this is difficult to fit any user
> > browsing desires. But it's worth a try :)
> >
> >
> > An excellent turorial, thanks! Does HOT rely completely on social
> > engineering or can it penetrate easily via other means? Bearing in mind
> > that we only use offical repos...
> >
> > Yes, as this is still the most effective way nowadays (for Windows,
> > Android too), but as we understand social engineering as a wide range of
> > techniques(see SET), you may be ready to tell your mother, not to enter
> > root password, when PackageKit will ask for it- on malicious unsigned RPM
> > received with Skype or by clickjacking for example. Or even give her
> > limited sudo rigts if needed, and keep root password only to yourself.
> > Don't forget about browser exploit packs, it is only a matter of time
> until
> > they will put it browser exploits, but here properly configured SELinux
> > comes into play. Stay safe.
> >
> >
> >
> >
> >
> > -- users mailing list users at lists.fedoraproject.org
> > <mailto:users at lists.fedoraproject.org> To unsubscribe or change
> > subscription options:
> > https://admin.fedoraproject.__org/mailman/listinfo/users
> > <https://admin.fedoraproject.org/mailman/listinfo/users> Fedora Code of
> > Conduct: http://fedoraproject.org/code-__of-conduct
> > <http://fedoraproject.org/code-of-conduct> Guidelines:
> > http://fedoraproject.org/wiki/__Mailing_list_guidelines
> > <http://fedoraproject.org/wiki/Mailing_list_guidelines> Have a question?
> > Ask away: http://ask.fedoraproject.org
> >
> >
> >
> >
>
> You could also setup a confined user to run user_u for example.
>
Sure, I forgot about user_u. Htw all those who are afraid or lazy, here is
there is a nice SELinux into https://www.youtube.com/watch?v=MxjenQ31b70
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlII5vQACgkQrlYvE4MpobOKeQCgknWMZ5qCFO2KJj18avvjulMx
> O28AoJjRP+PMUqumGqOc0OLl+06NkNu4
> =Tp7O
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130814/808e6060/attachment.html>
More information about the users
mailing list