Page 1 of 2

Pathetic news story of the week

PostPosted: Thu Feb 10, 2011 8:17 pm
by Rhakios
My nomination for pathetic news story of the week goes to The H, for this story.

It seems that we must all quake in our boots at the thought that Linux is vulnerable to USB drives carrying malware. All we need to do is, fail to keep our systems up to date, disable a couple of security mechanisms, and insert the specially crafted drive.

To be fair, the security specialist must have started work on this before the vulnerability in Evince was fixed and says he can get around the two mechanisms without disabling them manually beforehand. And he has so much confidence in his ability to do this, that he is happy to tell his audience about, but not actually demonstrate it.

I have no doubt that Linux is vulnerable in a number of ways, especially through methods designed to gull the careless user, but please, please, please, can we just have someone demonstrate something that works properly without resorting to "fixes" to get things going. Otherwise, this just reads like pathetic scaremongering.

PostPosted: Thu Feb 10, 2011 9:22 pm
by Bazza
Hi Rhakios...

> And he has so much confidence in his ability to do this, that
> he is happy to tell his audience about, but not actually
> demonstrate it.

Yeah I noticed that too.

My Windies box caught a Virus/Worm/Whatever last night.

Didn`t bother me much, soon got rid of it...

PostPosted: Thu Feb 10, 2011 9:47 pm
by LeeNukes
Still interesting, but as with most things, if someone has physical access to the system, consider it compromised.

PostPosted: Thu Feb 10, 2011 10:02 pm
by wyliecoyoteuk
As always, if you have system which has oit been updated for 6 months, do this...and this... and click on this... you perhaps get Linux virus or malware.

Whereas windows systems get viruses just by being connected or browsing a web page. meh

I know Linux us NOT invulnerable but really...

PostPosted: Thu Feb 10, 2011 10:29 pm
by nelz
LeeNukes wrote:Still interesting, but as with most things, if someone has physical access to the system, consider it compromised.


You don't need physical access for this, just give out free USB sticks.

PostPosted: Thu Feb 10, 2011 11:33 pm
by bobthebob1234
or drop them around. Its amazing what curiosity will make people do.

PostPosted: Fri Feb 11, 2011 1:01 am
by Dutch_Master
And even then: how can you be sure that stick is found by someone who uses Linux, hasn't updated for ages, is stupid enough do follow the instructions w/o knowing what they are and keep the stick inserted when he finds it's infected...? I think you'd have a better chance winning the lottery ;)

PostPosted: Fri Feb 11, 2011 6:55 am
by Rhakios
bobthebob1234 wrote:or drop them around. Its amazing what curiosity will make people do.


Really? :D

PostPosted: Fri Feb 11, 2011 10:33 am
by Ram
Rhakios wrote:
bobthebob1234 wrote:or drop them around. Its amazing what curiosity will make people do.


Really? :D


Curiosity killed the cat, but I'm not pressing that in work time.

PostPosted: Fri Feb 11, 2011 10:38 am
by nelz
Dutch_Master wrote:And even then: how can you be sure that stick is found by someone who uses Linux, hasn't updated for ages, is stupid enough do follow the instructions w/o knowing what they are and keep the stick inserted when he finds it's infected...?


Dual infected sticks, work on Windows and Linux.

The fix in evince is quite recent.

Never underestimate stupidity.

There are no instructions to follow, all they have to do is view the stick contents in Nautilus.

See third point.

Actually, you don't necessarily need to keep the stick inserted, if the malware's first step is to copy itself to your hard drive.

PostPosted: Fri Feb 11, 2011 12:20 pm
by Bazza
Hi nelz...

> Never underestimate stupidity.

Guilty as charged m`lud.

PostPosted: Fri Feb 11, 2011 6:04 pm
by Rhakios
nelz wrote:Dual infected sticks, work on Windows and Linux.


Good to see you have a plan. ;)

There are no instructions to follow, all they have to do is view the stick contents in Nautilus.


Yes there are, you have disable two security features first. The method of getting around them hasn't been demonstrated.

PostPosted: Sat Feb 12, 2011 9:23 am
by nelz
Weren't those security features enabled quite recently? Meaning anything not up to date is vulnerable.

PostPosted: Sat Feb 12, 2011 11:18 am
by Rhakios
nelz wrote:Weren't those security features enabled quite recently? Meaning anything not up to date is vulnerable.


I don't know about ASLR, but AppArmor has been around for quite a while now. For openSUSE users, some years, not so sure about other distros.

PostPosted: Sat Feb 12, 2011 12:56 pm
by nelz
Ah yes, I'd forgotten that it needed AppArmor turning off.