NYLXS - Free Software Events

Thu Nov 21 23:52:09 2024

EVENTS

FREE
SOFTWARE
INSTITUTE

POLITICS

JOBS

MEMBERS'
CORNER

MAILING
LIST

NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2015-11-01

HANGOUT

2024-11-21 | 2024-10-21 | 2024-09-21 | 2024-08-21 | 2024-07-21 | 2024-06-21 | 2024-05-21 | 2024-04-21 | 2024-03-21 | 2024-02-21 | 2024-01-21 | 2023-12-21 | 2023-11-21 | 2023-10-21 | 2023-09-21 | 2023-08-21 | 2023-07-21 | 2023-06-21 | 2023-05-21 | 2023-04-21 | 2023-03-21 | 2023-02-21 | 2023-01-21 | 2022-12-21 | 2022-11-21 | 2022-10-21 | 2022-09-21 | 2022-08-21 | 2022-07-21 | 2022-06-21 | 2022-05-21 | 2022-04-21 | 2022-03-21 | 2022-02-21 | 2022-01-21 | 2021-12-21 | 2021-11-21 | 2021-10-21 | 2021-09-21 | 2021-08-21 | 2021-07-21 | 2021-06-21 | 2021-05-21 | 2021-04-21 | 2021-03-21 | 2021-02-21 | 2021-01-21 | 2020-12-21 | 2020-11-21 | 2020-10-21 | 2020-09-21 | 2020-08-21 | 2020-07-21 | 2020-06-21 | 2020-05-21 | 2020-04-21 | 2020-03-21 | 2020-02-21 | 2020-01-21 | 2019-12-21 | 2019-11-21 | 2019-10-21 | 2019-09-21 | 2019-08-21 | 2019-07-21 | 2019-06-21 | 2019-05-21 | 2019-04-21 | 2019-03-21 | 2019-02-21 | 2019-01-21 | 2018-12-21 | 2018-11-21 | 2018-10-21 | 2018-09-21 | 2018-08-21 | 2018-07-21 | 2018-06-21 | 2018-05-21 | 2018-04-21 | 2018-03-21 | 2018-02-21 | 2018-01-21 | 2017-12-21 | 2017-11-21 | 2017-10-21 | 2017-09-21 | 2017-08-21 | 2017-07-21 | 2017-06-21 | 2017-05-21 | 2017-04-21 | 2017-03-21 | 2017-02-21 | 2017-01-21 | 2016-12-21 | 2016-11-21 | 2016-10-21 | 2016-09-21 | 2016-08-21 | 2016-07-21 | 2016-06-21 | 2016-05-21 | 2016-04-21 | 2016-03-21 | 2016-02-21 | 2016-01-21 | 2015-12-21 | 2015-11-21 | 2015-10-21 | 2015-09-21 | 2015-08-21 | 2015-07-21 | 2015-06-21 | 2015-05-21 | 2015-04-21 | 2015-03-21 | 2015-02-21 | 2015-01-21 | 2014-12-21 | 2014-11-21 | 2014-10-21 | 2014-09-21 | 2014-08-21 | 2014-07-21 | 2014-06-21 | 2014-05-21 | 2014-04-21 | 2014-03-21 | 2014-02-21 | 2014-01-21 | 2013-12-21 | 2013-11-21 | 2013-10-21 | 2013-09-21 | 2013-08-21 | 2013-07-21 | 2013-06-21 | 2013-05-21 | 2013-04-21 | 2013-03-21 | 2013-02-21 | 2013-01-21 | 2012-12-21 | 2012-11-21 | 2012-10-21 | 2012-09-21 | 2012-08-21 | 2012-07-21 | 2012-06-21 | 2012-05-21 | 2012-04-21 | 2012-03-21 | 2012-02-21 | 2012-01-21 | 2011-12-21 | 2011-11-21 | 2011-10-21 | 2011-09-21 | 2011-08-21 | 2011-07-21 | 2011-06-21 | 2011-05-21 | 2011-04-21 | 2011-03-21 | 2011-02-21 | 2011-01-21 | 2010-12-21 | 2010-11-21 | 2010-10-21 | 2010-09-21 | 2010-08-21 | 2010-07-21 | 2010-06-21 | 2010-05-21 | 2010-04-21 | 2010-03-21 | 2010-02-21 | 2010-01-21 | 2009-12-21 | 2009-11-21 | 2009-10-21 | 2009-09-21 | 2009-08-21 | 2009-07-21 | 2009-06-21 | 2009-05-21 | 2009-04-21 | 2009-03-21 | 2009-02-21 | 2009-01-21 | 2008-12-21 | 2008-11-21 | 2008-10-21 | 2008-09-21 | 2008-08-21 | 2008-07-21 | 2008-06-21 | 2008-05-21 | 2008-04-21 | 2008-03-21 | 2008-02-21 | 2008-01-21 | 2007-12-21 | 2007-11-21 | 2007-10-21 | 2007-09-21 | 2007-08-21 | 2007-07-21 | 2007-06-21 | 2007-05-21 | 2007-04-21 | 2007-03-21 | 2007-02-21 | 2007-01-21 | 2006-12-21 | 2006-11-21 | 2006-10-21 | 2006-09-21 | 2006-08-21 | 2006-07-21 | 2006-06-21 | 2006-05-21 | 2006-04-21 | 2006-03-21 | 2006-02-21 | 2006-01-21 | 2005-12-21 | 2005-11-21 | 2005-10-21 | 2005-09-21 | 2005-08-21 | 2005-07-21 | 2005-06-21 | 2005-05-21 | 2005-04-21 | 2005-03-21 | 2005-02-21 | 2005-01-21 | 2004-12-21 | 2004-11-21 | 2004-10-21 | 2004-09-21 | 2004-08-21 | 2004-07-21 | 2004-06-21 | 2004-05-21 | 2004-04-21 | 2004-03-21 | 2004-02-21 | 2004-01-21 | 2003-12-21 | 2003-11-21 | 2003-10-21 | 2003-09-21 | 2003-08-21 | 2003-07-21 | 2003-06-21 | 2003-05-21 | 2003-04-21 | 2003-03-21 | 2003-02-21 | 2003-01-21 | 2002-12-21 | 2002-11-21 | 2002-10-21 | 2002-09-21 | 2002-08-21 | 2002-07-21 | 2002-06-21 | 2002-05-21 | 2002-04-21 | 2002-03-21 | 2002-02-21 | 2002-01-21 | 2001-12-21 | 2001-11-21 | 2001-10-21 | 2001-09-21 | 2001-08-21 | 2001-07-21 | 2001-06-21 | 2001-05-21 | 2001-04-21 | 2001-03-21 | 2001-02-21 | 2001-01-21 | 2000-12-21 | 2000-11-21 | 2000-10-21 | 2000-09-21 | 2000-08-21 | 2000-07-21 | 2000-06-21 | 2000-05-21 | 2000-04-21 | 2000-03-21 | 2000-02-21 | 2000-01-21 | 1999-12-21

Key: Value:

MESSAGE

DATE	2015-11-08
FROM	Rick Moen
SUBJECT	Re: [Hangout-NYLXS] ransomware - attacking apache
Quoting Ruben Safir (mrbrklyn-at-panix.com): > http://techcrunch.com/2015/11/06/linux-ransomware-is-now-attacking-webmasters/ > > Linux Ransomware Is Now Attacking Webmasters ^^^^^^^^^ > Posted yesterday by John Biggs (-at-johnbiggs) > Next Story > > A new bit of ransomware is now attacking Linux-based machines, ^^^^^^^^^ And the hook is set with a deliberately false statement and false headline. Let's see how many paragraphs before it unravels. > specifically the folders associated with serving web pages. Called > Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and > home/root folders. The system then asks for a single bitcoin to decrypt > the files. > > From Dr.Web Antivirus: > > Once launched with administrator privileges, the Trojan dubbed ^^^^^^ > Linux.Encoder.1 downloads files containing cybercriminals’ demands and a > file with the path to a public RSA key. After that, the malicious > program starts as a daemon and deletes the original files. Subsequently, > the RSA key is used to store AES keys which will be employed by the > Trojan to encrypt files on the infected computer. _One_ paragraph to the Great Unraveling. In the next one, author Biggs drops this being a trojan; a bit of monkeyshines performed on a system after it has been exploited through other means entirely. The problem the system administrator must be concerned about is not Linux.Encoder.1 but rather the vulnerability that gives the intruder access, after which trojans are the least of the sysadmin's problems. So, basically this is yet another stupid, badly written security article targeted at gullible readers who don't understand much -- and doesn't actually say anything of interest. I have duly added Linux.Encoder.1 to category 'IV. The Ringers. Post-Compromise Rootkits (Trojan, Worm) and Attack Tools (not malware at all)' on http://linuxmafia.com/~rick/faq/#virus4 . To quote the comment paragraphs I wrote immediately after the long alphabetical list of 'ringer' codebases (invariably promoted by antimalware companies to line their pocketbooks): Every one of those is some sort of _post-attack_ tool; all are erroneously claimed on sundry anti-virus companies' sites (and consequently in various news articles) to be "Linux viruses". Some are actually "rootkits", which are kits of software to hide the intruder's presence from the system's owner and install "backdoor" re-entry mechanisms, after the intruder's broken in through other means entirely. Some are "worms"/"trojans" of the sort that get launched locally on the invaded system, by the intruder, to probe it and remote systems for further vulnerabilities. Some are outright attack tools of the "DDoS" (distributed denial of service) variety, which overwhelm a remote target with garbage network traffic from all directions, to render it temporarily non-functional or incommunicado. The news reporters and anti-virus companies in question should be ashamed of themselves: None of the above, in itself, can break into any remote Linux system. All must be imported manually and installed by an intruder who has cracked your system by other means. One notes that John Biggs at least is good enough to credit 'Dr.Web anti-virus' -- a 'Russian IT-security solutions vendor developing Dr.Web anti-virus for businesses and personal use, as well as anti-virus as a service since 1992' (ta-dah!) as his source for this so-called news story. Also, Mr. Biggs _does_ also lamely throw this in at the end: > The malware requires administrator privileges to run and, presumably, > a sysadmin who would allow for such a program to run unbridled. Two thing, Mr. Biggs: (1) Did you notice that this means Linux.Encoder.1 is not 'attacking' Linux machines and webmasters as claimed in your headline and lead sentence? Or were you too busy copying and pasting from Dr.Web? (2) No, Mr. Biggs, typically the sysadmin would not wake up one morning and decide 'Today I want to allow post-attack tools to run.' Instead, the sysadmin would leave open some unrelated security weakness permitting intrusion and escalation of privilege to root, and _that_ is the 'attack'. Rubbish, dimwitted story, as per usual. Practically all IT journalism stories about Linux security are just ill-concealed PR material from antivirus firms (Dr.Web, Avira, F-Secure, Kaspersky Lab, McAfee, Panda Security, Sophos, and Symantec, among others) republished by tech journalists with low standards desperate to achieve line-inches with low effort under deadline pressure, and this was no exception. > The team recommends backing up all data and keeping all files in place > if you’re attacked until researchers create a decryption system. The 'team' are a bunch of idiots. What readers _should_ be doing is systematic periodic backups and meaningful system security. Ruben, why did you copy and paste this idiocy that Biggs copied and pasted from an antivirus firm? Do you need a hobby? http://techcrunch.com/author/john-biggs/ says 'Biggs is the East Coast Editor of TechCrunch. [...] He is the former editor-in-chief of Gizmodo.com and lives in Bay Ridge, Brooklyn.' I'm sorry for Brooklyn. I _like_ Brooklyn. -- Cheers, "If you see a snake, just kill it. Rick Moen Don't appoint a committee on snakes." rick-at-linuxmafia.com -- H. Ross Perot McQ! (4x80) _______________________________________________ hangout mailing list hangout-at-nylxs.com http://www.nylxs.com/