lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: ge at linuxbox.org (Gadi Evron)
Subject: IRC spying on EEYE!

rap1st wrote:
> Hello!
> 
> Since the government is increasing it spying on irc, I too have increased
> my irc spying. Ive recently intercepted some communication between EEYE's
> own Marc Maiffret aka the chameleon, and RLoxley of Team Hackphreak!
> 
> <RLoxley> hey
> <RLoxley> waykee
> <chame|eon> hey man!
> <chame|eon> long time

Although this is most likely fake, it bugged me for a few minutes once a 
week for a while now.

I tried to figure out a good reason to have a "few instances" of tripwire.

As tripwire was basically an offline tool, running "once" and saving 
checksums, knowing which file is a binary and would never change, etc. 
etc. etc. I didn't get the idea behind running a few instances of it.

I came up with a few remote possibilities:

1. If you are running tripwire or the like on an existing system, 
online. That could mean someone is already on it.. but the possibility 
of them playing with tripwire or tripwire being your problem is remote. 
Even if tripwire gets the job done - it will be the compromised files 
that are stored in checksums.

2. Running the tool from a few locations so that the above also can't 
happen if for some reason the virgin system you just created, and is 
off-line, might be hacked by all-powerful aliens (or the NSA, why not. 
They have magic software rays).

3. Blah. Use tripwire from a cd, and don't save the resulting 
information locally, maybe put it on the same cd? After all.. someone 
ACTUALLY could change the files locally. Now, to that I have to say - 
duh. So, running a not connected backup - okay. That is just best practices.

As for actual "few instances" - make a backup, people. :o)

I am sorry, but the log is just so silly, I had to. Now it is off my 
mind... unless someone thinks differently, or secretly re-invented the 
somewhat dead (and shamefully so) amazing technology of tripwire and is 
running it in real time?

Well, there is always aide.

	Gadi.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ