lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20031222213639.4b3d9da4.g.thomas@nux-acid.org>
From: g.thomas at nux-acid.org (Gino Thomas)
Subject: Removing ShKit Root Kit

Brian Eckman <eckman@....edu> wrote:
> What is a secure environment? If it was a secure environment, the 
> machine would not have been compromised. Period.

As we all know nothing is 100% secure, so it can be compromised if
in a high secure environment or not.

> That might be a threat for those still running Office 97 or earlier. 
> Unless it's a signed macro from a trusted source. Unless I'm missing 
> something, Macros haven't been much of a threat since Office 2000 came 
> out (That was roughly four years ago if you aren't counting).

That was one of a million possible ways for the attacker to modify
any data to become malicious in a way or two.

> Regardless, is anyone reading Microsoft Word docs using Microsoft Office 
> on a system that is *that* critical that you absolutely cannot risk it 
> getting compromised again regardless of cost? If so, perhaps you need to 
> keep that machine off of a network.

If the compromised box was for example a FTP-Server holding many .doc,
.mped, .avi,... files? The attacker could made the trojan general, so
any workstation that will execute any of the "backup" files could get
compromised.

> For example, if it would take hundreds of hours to check the integrity 
> of all of the data or recreate it, that had better be one mission 
> critical database we're talking about, or else anybody in their right 
> mind won't think twice about accepting the risk of copying that data 
> back where it came from. Security isn't always ideal circumstances. Your 
> company still needs to make a profit.

I agree. I did not claim this to be possible for every environment.


-- 
Gino Thomas | mailto: g.thomas@...-acid.org | http://nux-acid.org
GPG: E6EA9145 | 4578 F871 893E 1FEC 31FC 5B5E 8A46 4CC8 E6EA 9145

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ