On 12/25/2014 11:23 AM, Reco wrote: > Hi. > > On Thu, Dec 25, 2014 at 10:18:11AM -0500, Jerry Stuckle wrote: >> On 12/25/2014 8:54 AM, Andre N Batista wrote: >>> On Wed, Dec 24, 2014 at 11:18:36AM -0500, Jerry Stuckle wrote: >>>> On 12/24/2014 2:01 AM, Danny wrote: >>>>> Hi Bob, >>>>> >>>>> You were right, SFTP, FileZilla and Proftp confused the hell out of me >>>>> ... lol >>>>> ... I must add in my defense though that I was in a state of panic after >>>>> syslog >>>>> warned me of an attack by someone during the night via ssh ... So I >>>>> frantically tried to >>>>> make ssh and Proftp work together without reading the online guides >>>>> properly ... >>>>> >>>>> Sometimes one does stupid things ... lol ... >>>>> >>>>> Thanks for everyone's input ... >>>>> >>>>> Danny >>>>> >>>> >>>> Danny, >>>> >>>> As a side note - don't panic over SSH attacks. Instead, use the right >>>> tools and techniques to secure your systems and let them do their jobs. >>>> Monitor the server to ensure you didn't leave any holes. >>>> >>>> For instance, Fail2ban blocked over 100 IP's from accessing one of my >>>> servers on yesterday alone. The attacks keep coming, but none have ever >>>> succeeded. >>> >>> Not surprisingly, I mostly agree with the advice given here, we all >>> learnt from the same sources. >>> >>> Nonetheless, since you claimed to be using puTTy for your ssh needs on >>> windows, I should warn you that recently someone claimed to be able to >>> use it as a means to compromise a ssh server: >>> >>> http://seclists.org/fulldisclosure/2014/Dec/42 >>> >>> I have not put it's claims to test, but since the last stable version of >>> putty dates back one year >>> >>> http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html >>> >>> and since there seems to be no mention of this bug on putty bug tracking >>> system >>> >>> http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ >>> >>> I guess you should deploy it at large, at least until it has been fixed. >>> >>> Good luck! >>> >> >> It's possible to corrupt ANY program if you replace a .dll or .so with >> your own code. > > Indeed. But the program which can be tricked to use your own library > instead of a system one - is called vulnerable usually. I don't mean > LD_PRELOAD or LD_LIBRARY_PATH tricks but something akin to a braindead > Windows behavior (which looks for libraries in a current dir first). > > Reco > >
ANY program is vulnerable if care isn't taken to ensure a download contains the right files. That's why there are checksums. So according to your definition, any program - including the kernel - is vulnerable to such an attack, and should be classified as such. This is true for ANY operating system - not just Windows or Linux. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/549cc5c5.4000...@gmail.com
