On Wed, 2012-04-18 at 21:19 -0500, John Morris wrote: > On the other hand, has there ever been a real case found in the wild of > an infestation that was so good at covering its tracks? The security > problems I saw in the past were the crudest script kiddies and I haven't > even seen one of those attacks succeed since the 20th Century even on > erratically updated machines. There aren't a lot of exploits against > Linux to begin with, how many are going for deep penetration that aren't > targeted hits by intelligence agencies? If the NSA wants to look at > your or my machine they will and we will almost certainly never have a > clue they were there. > > In short, just how theoretical an attack am I expending effort to repel? I'm not any kind of security expert, but I'm pretty sure the answer to your first question is 'yes' and the answer to your last is 'not theoretical'. One interesting thing to do is look at the things chkrootkit checks for. As far as I'm aware, most of the chkrootkit checks are responses to real-world attacks. If you look at the checks, you can deduce that some of the attacks are pretty sophisticated. Oh, I'm pretty sure quite a lot real-world attacks work in ways that an rpm -Va check wouldn't expose, without needing to actually mung the rpm -Va operation in any way - simply by using files that aren't rpm tracked, for instance. But yeah, I'm not an expert on security at all, I only know enough to be a danger to myself and others. ;) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
