-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 well, this is most certainly wierd. I do have, in fact, a copy of the databases here in question. I also happen to have a copy of all source codes related to linux based virii (including the uberhacker cd that contains more than a passing number of them for win32 and/or linux). I also have disassembled copies of several rootkits (which incorporate virus type code in them to "infect" binary files on a host system for the specific purposes of allowing an intruder access. Belive me when I say this, there *ARE* virii for linux/unix. However, I am rather mystified at why cert no longer displays them. oh well, the fact is: they do exist (don't let anyone fool you into thinking otherwise). My first rule of thumb is this: if there is a way to infect, intrude, or control a systems processes, regardless of OS, it can be done given time. Technomage On Sunday 02 February 2003 07:50 pm, you wrote: > On Mon, 27 Jan 2003, technomage wrote: > > I assume that you are using the terms "virii" and > "infection" very loosely here: searching on > http://www.cert.org/ for linux virii produces nothing, > and even if you widen the search for other > vulnerabilities, you can't come up with any quotable > numbers like the above, but that would not be > surprising to anyone who reads CERT advisories on a > regular basis, as I do. CERT is far too savvy to make > such an obvious mistake, considering how such mostly > meaningless numbers would be misinterpreted or > misunderstood in the press, and by the less > knowledgeable. So why did you publish such? Never mind > -- that's a rhetorical question, and yes, I know that > you were probably not actually saying you were > paraphrasing CERT, or anything like that, but you must > admit that "IS" the impression.... > > So I am guessing that those boxes you are referring to > had been rooted, probably by some script kiddie, via, > perhaps, a buffer overflow, and you were forced to > re-install the system, the way CERT recommends in their > tutorials for such situations? What would have > prevented the break-in, do you think? Most likely by > installing updates, the way CERT has repeatedly warned, > and as I have recommended previously? Or some of the > other measures CERT and others advise, such as not > running unneeded server daemons? Practical advice for > the newbie is what is needed here -- but others have > covered that ground already now. > > LCR - -- I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own - No. 6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+Pjq3n/usgigAaLcRAmPBAJ0XPT3IYyvUufwruJsUoXCjwar0jACfR/B5 OEKfyTGTSe4fMMZN5w7ho4E= =/0aX -----END PGP SIGNATURE-----