[CentOS] duqu

John Hinton webmaster at ew3d.com
Wed Dec 7 02:02:39 UTC 2011


On 12/6/2011 7:12 PM, Les Mikesell wrote:
> 2011/12/6 Fajar Priyanto<fajarpri at arinet.org>:
>>>>> I happen to have a copy of an older brute-forcer dictionary here (somewhere) and it's very large and has lots of very secure-seeming passwords in it.
>>>> Why not don't allow root login from ssh? That's basic yet effective.
>>> This particular brute-forcer didn't require root access to spread.
>>>
>>> It can work under a normal user without root....
>> You miss my point.
> I'd expect it to be at least typical to firewall direct ssh access
> from the internet.
>
This thread is mostly speculation. My 'other speculation' is that this 
'could have been' a disgruntled employee. Someone that had root and also 
a user on the system. It 'could have been' that the user was not removed 
and the root pass not changed. Simple as that.... no break in per se, 
but just bad policies. If they were a couple of versions back on 
updates, there were other bad policies... but I think we 'speculated' on 
that as well?

Further 'speculation' on this is just more CentOS list garbage unless 
someone can provide details on what exactly did happen. More than likely 
some inside C&C do have ideas, but are likely too embarrassed to say it.

Humans are lazy if they can be. Over time, complacent. Look at xBox. Now 
this. And even if you do run a perfect system, just like with a new 
virus... somebody has to get it first to turn it in for a signature to 
be written. A certain number of people will get that virus.... a certain 
number of servers will get exploited before patches are issued and the 
delay of putting them into place. Black hats work just as hard as gray 
hats and white hats and maybe harder.

You will never stop crime... you will never stop terrorism... you can 
only do what you can to limit it without bankrupting yourself (in time 
or money) in the process, and try to be prepared for when it hits.

So, when is CentOS 7.0 going to be ready? ;)

-- 
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions




More information about the CentOS mailing list