MAKE your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it - never write it down. And, oh yes, change it every few months.
These instructions are supposed to protect us. But they don't.
Some computer security experts are advancing the heretical thought that passwords might not need to be "strong," or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren't paying enough attention to more potent threats.
Here's one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes - including the strongest passwords you can concoct - and then sends it surreptitiously to a remote location.
Not to be picky, but keyloggers aren't deposited by viruses, though they are desposited by malware (the general term for malicioius software).
You're absolutely right about keyloggers. Unfortunately, many are now being spread via rootkits, which often have a booting component that is invisible to the operating system.
So, for each and every customer as part of my standard procedures I always scan for rootkits and I use a port spy to look at what connections are being made. I have a tendency to remove or disable apps/applets that connect to places I am unfamiliar with.
Unfortunately, Apple, HP, Google, and Adobe connect to so many addresses/sites with mystery numbers and names that I've often turned off perfectly legitimate functions. I just wish that those companies would connect to names and places we can easily understand.
A good example is "1e100.net" which on the surface looks really bogus. It's not. Google opens about 6 to 8 connections to it on port 1138 on up when you visit their main page. No explanation, no resolving to a name, so who's to know if it's legit or not? Would it hurt Google so much to attach a name to the address, such as "googleadsense.com" or something?
......... And *which* Operating System are you referring to?
Anyone got the stats of how many non-Windows OSs are *ever* infected by root kits etc?
-- Regards, David.
David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
Look up the infamous "Morris worm" -- it came the closes of _anything_ to date to shutting down the entire Internet. It utilized specific exploits for several different hardware platforms and O/S's , _none_ of which were e MS products. "primary" target was DEC VAX hardware, running U.C. Berkeley Unix. Number of _machines_ infected was orders of magnitude smaller than say what "I love you", or "Melissa" hit, number of _users_ affected (as a percentage of the 'entire' Internet-using community) was far *higher*.
As for a 'root kit' that is subject to definition. There were UNIX exploits out in te 80s/90s that replaced the standard system 'shared library' ("libc") with ones where certain information was 'filtered' and not visible to the calling program. e.g. processes that 'ps' or similar tools were now blind to, or directories that existed but were invisible to _any_ directory activity other that a 'cd'.
In round one of those wars, the bad guys would replace the utility program itself, e.g. 'ps', or 'ls', with one that would suppress the display of the bag guy activities. Round two, they replaced the dynamic-load library that the 'regular' executables relied on. That way an integrity test of the executable _still_ showed 'unmodified', although it was "lying through its teeth" about what was going on on the system. These are the kinds of reason you can't trust _anything_ on a compromised system without verifying that every component it relies on is unchanged -- it's generally impractical to do a complete verify, and it is usually far quicker and less labor intensive to do a complete re-install.
Given that the term originated in the Unix world (where someone whould hack in, get root access and replace a number of standard system files with specially modified versions) I would say probably quite a few.
I fact, that's one of the specific problems with root-escalation vulnerabilities in Linux.
Right you are, Wes. Googol, that is. Note that I choked before I could finish writing that word. (Gogol (Nikolai Vasilievich), OtOH, was a Russian author of roughly two centuries ago.)
Heh ... Engineers tend to use "aeb" to mean: a x 10^b . Mathematicians tend to use e^b for ... well, for e^b. Nobody uses that e notation for logarithms as such, although logarithms are ... well, somehow implicated here.
it's _strictly_ from computer science. Dating to the early days of the FORTRAN programming language, and being able to 'reasonably' parse such values on _input_. Internally values are stored as a 'characteristic' (the 'significant figures' and an 'exponent', with the base for the exponent being 'implied', and thus not physically present. since the implied base was the same for all exponent-factor numbers it was omitted 'to save bandwidth'
A number of early computers actually _stored_ data internally as decimal (*NOT* binary) values, thus the 'e-format' output was a 'natural' representation of the internal data format.
In this context, the 'e' is a sort-of shorthand for 'exponent' (with an implied 'power of ten' context), not to be confused with the 'e' that is the base for natural logarithms.
Yep, I suppose that there must be *some* historical and/or rare vulnerabilities in Unix/Linux systems *now*, but the bare facts are that these threats that being referred to *now* are almost solely Windows based, yet are always referred to without that obvious qualifier.
Someone please show me where these infamous "rootkits" have compromised non-Windows systems in comparison to Windows in the last 10 years and I'll give these threats a little more credence.
-- Regards, David.
David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
***** Moderator's Note *****
OK, children: play nice.
I have a small amount of experience in this area. Here's some free advice - the moment you commit yourself to defending any piece of software because of the name on the box it came in, you lose.
Microsoft's operating systems lead the "worst offender" list of virus magnets because Microsoft chose to make their products easier to use and thus more prone to malware. The company feels that security is a public-relations issue, since Microsoft's marketing team knows that the cost of infections and loss-of-use are "Externalities" that have nothing to do with the all-important goal of maintaining the market share which makes Microsoft's monopoly a self-fullfilling prophecy.
But -
_ANY_ software can be attacked, and owned, by knowledgeable crackers who find an attack vector which hasn't been plugged. IT DOESN'T MATTER what name is on the box! The only reason that the various *nix-based systems have the appearance of security is that the exploit writers have had such an easy time with Windows: a lot more machines to attack, combined with a careless and callous attitude about security, and therefore "Microsoft" products are "insecure".
As *nix varients gain market share, they will be attacked more often, and for the same reasons as Windows. The most well-known flavors of Linux, for example, concentrate on ease-of-use (it worked for Microsoft, didn't it?), and will therefore become targets in their turn.
Some distributions of *nix are "secure" (for most flavors of security) because the people behind them take a lot of time and trouble to _make_ them as secure as possible, and their market share varies in inverse relationship to the level of security that they have earned. FreeBSD is a lot more secure than a typical Linux varient, because those who work on it _CHOSE_ to make it so, and to suffer the reduced popularity that comes with requiring users to rtfm and to take a part in securing their systems. But, having learned Debian Linux, it remains my OS of choice. I do what I can to keep my OS secure, but I'm not willing to climb the BSD learning curve, so I've made a choice to forgo the added security of FreeBSD in order to enjoy OS I'm used to.
You can't have it both ways: more popularity means less security.
This has added humor value, as the term "rootkit" is a UNIX term for this type of compromise. The term was ported to Windows when this type of attack finally hit that platform.
The very fact that there are a lot of currently maintained and available Linux rootkit scanning tools implies that they're not merely a useless holdover from the past.
Compare where the various O/S's are in their "Internet lifetime", i.e, norm things for each O/S from the date that it first had a significant presence on the 'net, and the picture is *VERY* different.
There is a cynical remark from the QA trade that says "The number of discovered bugs in any system is finite. The number of _undiscovered_ bugs int that same system is, *by*definition*, infinite."
It *is* "possible" to write 'bug-free', 'vulnerability-free', 'secure against any direct attack' software. 20+ years ago, the Feds wrote a set of specs on what it took to do exactly that. The process is, unfortunately, very labor intensive, =very= time-consuming, and very,
*VERY*, expensive. As a result, it is utterly _impractical_ in the 'commercial' world. Virtually nobody is willing to wait 10+ years for such a trusted application, and absolutely *NOBODY* in the commercial sphere (let alone the 'home' market) is willing to pay the price that such '_provably_secure_" software would cost. AFAIK, there is _ONE_ system on the market built to those criteria, and the clientele is exclusively government contractors -- primarily weapons-systems people. The early versions had only the 'second highest' rating for a secure system (which did not include the 'proven bug-free' attribute), but were the _only_ systems available with that rating. they required custom-built hardware, and all application software had to be essentially custom-written for the platform. Bringing out a version with a "unix-like" system-call interface and user environment took a mere _eight_ years_ more, still on proprietary hardware. Another two years went to re-hosting on select COTS Intel-architecture PC platforms. The "proven bug-free" rating required _another_ 5+ years of development and testing/ certification. If Microsoft had gone that route, we might be about due for the releases of "Trusted MS-DOS 3.3".
***** Moderator's Note *****
Writing "bug free" and/or "perfectly secure" software is a lot like selling emergency rations that have to last for 50 years, taste good, and which can't be consumed by rodents. It's also a lot like being asked to make a deluxe lifeboat to lift national leaders up to the space station in time of war.
By the time the customers want to complain, you'll be rich and gone.
Heh! A major road here in Silicon Valley (San Francisco Bay Area, running from San Jose CA to San Francisco CA) is named El Camino Real. A wag once posted to ba.internet it should be renamed El Camino Double Precision due to the sheer amount of traffic (and congestion). :-)
Yep, that is why I am asking for *someone* to point out the actual examples of these threats rather than just assume that they occur.
Then why does *everything* I can find on the subject either date back to
2003/3 (like at the SANS site) *and* assume that the particular Linux/Unix system is directly connected to the Internet?
The bare truth is that for the majority of Linux systems in use now rootkits are not a threat, these system are either behind NAT devices and have no direct attack vector available for any malware or use the basic Linux security model of the last 5 years which does not allow installation of root privilege programs in same cavalier manner that Windows does.
I have not been able to find anything outlining Linux systems infected by rootkits in recent times, in almost 6 years on the Ubuntu Forums I have not come across a credible report of a rootkit infection (just nervous ex-Windows users seeing false positives as they desperately try and make their Linux systems more secure than the Windows systems they recently escaped from......)
The biggest threat to Linux users right now is installing software sourced from outside the official repositories of their particular distro, getting the message through that they could be installing something that could be malicious is a tough job because of the reputation Linux has for better security and the implicit trust people have in the Linux community for others.
There may well be current and active rootkit threats out there right now for Linux systems, but the truth is that the massive, overwhelming majority of threats are specifically for Windows and any reference to "PC threats" should specify this. People should know better than to lump all other more secure platforms into the same threat bucket as Windows, but they continue to do so.
I understand that the media will not care about the difference, but I do expect better from those who claim to have some understanding of technology.
-- Regards, David.
David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
***** Moderator's Note *****
Gentlemen, you are boxing with shadows.
It _does_ _not_ _matter_ if you are using Windows, or Linux, or BSD, or CP/M, or OS/2, or Joe's-Software-and-Barbecue System A! What
*matters* is being willing to do the hard work that makes systems secure, and sacrifice the convenience which leads to degraded security.
As I have said before: the moment you favor any particular OS based on the label that is on the box it came in, you lose.
Camino is road and real is royal. El Camino Real can be translated as Royal Road or Kingshighway, an older English usage. There is a Kingshighway (in English) in St. Louis. Wes Leatherock snipped-for-privacy@aol.com snipped-for-privacy@yahoo.com
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.