| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <15533237421C6E4296CC33A2090B224A54C92C@UTDEVS02.campus.ad.utdallas.edu> From: pauls at utdallas.edu (Schmehl, Paul L) Subject: Removing ShKit Root Kit > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Alexander Schreiber > Sent: Monday, December 22, 2003 12:24 AM > To: Chris > Cc: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Removing ShKit Root Kit > > There is exactly one way to properly clean up a rooted box: > backup the system (for later analysis and for keeping any > data that might be needed), wipe the disks and reinstall from > known clean install media, update the system to get all > current security updates und properly secure the box. > This advice is common, and it's always mystified me. Why would you want backups of the "data"? If the box is compromised, you can't trust *anything* on it, can you? How can you know for certain that "data" isn't a cleverly concealed backdoor? I can understand backing up the disk for offline analysis, but I would think you'd want to restore your data from known good copies, wouldn't you? And if you don't have known good data backups, well, then consider it a lesson learned and do it right the next time. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists