[CentOS] duqu
John Hinton
webmaster at ew3d.com
Wed Dec 7 02:02:39 UTC 2011
On 12/6/2011 7:12 PM, Les Mikesell wrote:
> 2011/12/6 Fajar Priyanto<fajarpri at arinet.org>:
>>>>> I happen to have a copy of an older brute-forcer dictionary here (somewhere) and it's very large and has lots of very secure-seeming passwords in it.
>>>> Why not don't allow root login from ssh? That's basic yet effective.
>>> This particular brute-forcer didn't require root access to spread.
>>>
>>> It can work under a normal user without root....
>> You miss my point.
> I'd expect it to be at least typical to firewall direct ssh access
> from the internet.
>
This thread is mostly speculation. My 'other speculation' is that this
'could have been' a disgruntled employee. Someone that had root and also
a user on the system. It 'could have been' that the user was not removed
and the root pass not changed. Simple as that.... no break in per se,
but just bad policies. If they were a couple of versions back on
updates, there were other bad policies... but I think we 'speculated' on
that as well?
Further 'speculation' on this is just more CentOS list garbage unless
someone can provide details on what exactly did happen. More than likely
some inside C&C do have ideas, but are likely too embarrassed to say it.
Humans are lazy if they can be. Over time, complacent. Look at xBox. Now
this. And even if you do run a perfect system, just like with a new
virus... somebody has to get it first to turn it in for a signature to
be written. A certain number of people will get that virus.... a certain
number of servers will get exploited before patches are issued and the
delay of putting them into place. Black hats work just as hard as gray
hats and white hats and maybe harder.
You will never stop crime... you will never stop terrorism... you can
only do what you can to limit it without bankrupting yourself (in time
or money) in the process, and try to be prepared for when it hits.
So, when is CentOS 7.0 going to be ready? ;)
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
More information about the CentOS
mailing list