Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: yes, its t0rn again
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: yes, its t0rn again
  • From: Andrew Edelstein <[EMAIL PROTECTED]>
  • Date: Wed, 03 Jan 2001 18:18:26 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
On Mon, Jan 01, 2001 at 05:19:37PM -0000, johnathan curst wrote:
> Another substancial Change which i picked up on
> was while setting up a honeypot, i did the usual
> md5sum binary output's saved onto non-writeable
> floppy, but the crontabed script which was checking
> for any changes to the md5sum results, was unable
> to pick up on any difference even though the hackers
> binaries replaced mine. (Any ideas ?) Hence taking
> me longer to detect the comrpomise..

Make sure your md5sum binary is also on immutable media. It doesn't do you any
good to have known good checksums, if the binary that does the checking can be
hacked to tell you what the hacker wants it to tell you.

--
Andrew Edelstein		http://andrew.pure-chaos.com

Colonel Slade: There are 2 kinds of people in this world, Charlie. The first
group is the people that face the music; the second group are those who run
for cover. Cover is better.
				Scent of a Woman
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.