Re: Off-topic, slightly - Hand of Thief Linux Virus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






2013/8/12 Daniel J Walsh <dwalsh@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/11/2013 02:28 PM, Alchemist wrote:
>
>
>
> 2013/8/11 <linuxnutster@xxxxxxxxxxxx <mailto:linuxnutster@xxxxxxxxxxxx>>
>
> On 08/10/2013 11:55 AM, Alchemist wrote:
>
> ..2013/8/10 <linuxnutster@xxxxxxxxxxxx <mailto:linuxnutster@xxxxxxxxxxxx>
> <mailto:linuxnutster@__videotron.ca <mailto:linuxnutster@xxxxxxxxxxxx>>>
>
> I was just reading about this new malware threat. I'm not clear on how
> exactly this thing can get installed on a Linux system. Would it require
> 100% social engineering? I installed Fedora on my elderly mother's last two
> laptops so she can do her banking without being paranoid about keyloggers,
> trojans, etc... She is a news hound, so it's only a matter of time before
> she comes flying at me demanding reassurances. --
>
> Mini gude how Fedora can protect You:
>
> 1. Use only official repos/strict package signing, no untrusted package
> sources. 2. Update browser scope threats, Iced-Tea, Flash-plugin. (whole
> system, whuh!) 3. Better create two browser profiles, one for everyday
> usage with Iced-Tea disabled, other one ONLY for internet-banking with
> Iced-Tea enabled, and tell your mother about the value of such security
> solution. 4. Disable autorun
> http://blogs.iss.net/archive/__papers/ShmooCon2011-USB___Autorun_attacks_against_Linux.__pdf
>
>
<http://blogs.iss.net/archive/papers/ShmooCon2011-USB_Autorun_attacks_against_Linux.pdf>
> 5. Use SELinux shield: # setsebool -P allow_execstack=0 # setsebool -P
> allow_execheap=0 # setsebool -P allow_execmod=0 (may break some buggy
> apps) 6. Set umask 077 in ~/.bashrc (and if needed ~/.gnomerc) to locally
> or globally(/etc/profile,/etc/__bashrc) prevent new planted executables of
> being execuded. Of course if only system is not for multiuser, and there is
> no need for binary execution ~/ 7. HoT runs without root, so primary impact
> will be taking over control of user evironment. Protect important config
> files from modification, by setting chattr +i.(remove when needed) .bashrc
> .bash_profile .bash_logout .pam_environment .xinitrc .gnomerc
> .config/autostart/* and so on 8. Configure firewall, but this is different
> story, as I know from experience, this is difficult to fit any user
> browsing desires. But it's worth a try :)
>
>
> An excellent turorial, thanks! Does HOT rely completely on social
> engineering or can it penetrate easily via other means? Bearing in mind
> that we only use offical repos...
>
> Yes, as this is still the most effective way nowadays (for Windows,
> Android too), but as we understand social engineering as a wide range of
> techniques(see SET), you may be ready to tell your mother, not to enter
> root password, when PackageKit will ask for it- on malicious unsigned RPM
> received with Skype or by clickjacking for example. Or even give her
> limited sudo rigts if needed, and keep root password only to yourself.
> Don't forget about browser exploit packs, it is only a matter of time until
> they will put it browser exploits, but here properly configured SELinux
> comes into play. Stay safe.
>
>
>
>
>
> -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx
> <mailto:users@xxxxxxxxxxxxxxxxxxxxxxx> To unsubscribe or change
> subscription options:
> https://admin.fedoraproject.__org/mailman/listinfo/users
> <https://admin.fedoraproject.org/mailman/listinfo/users> Fedora Code of
> Conduct: http://fedoraproject.org/code-__of-conduct
> <http://fedoraproject.org/code-of-conduct> Guidelines:
> http://fedoraproject.org/wiki/__Mailing_list_guidelines
> <http://fedoraproject.org/wiki/Mailing_list_guidelines> Have a question?
> Ask away: http://ask.fedoraproject.org
>
>
>
>

You could also setup a confined user to run user_u for example.


Sure, I forgot about user_u. Htw all those who are afraid or lazy, here is there is a nice SELinux into https://www.youtube.com/watch?v=MxjenQ31b70
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlII5vQACgkQrlYvE4MpobOKeQCgknWMZ5qCFO2KJj18avvjulMx
O28AoJjRP+PMUqumGqOc0OLl+06NkNu4
=Tp7O
-----END PGP SIGNATURE-----

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux