Posts Tagged ‘security’

never ask for root again

Monday, August 17th, 2009

just a short note to all of you:

linux is not secure. Passwordless root is here :-*

Yes, it has been published elsewhere, but I’ll do mine to push this meme to you: there can be no “untrusted local users” nor do I believe that your services aren’t exploitable.

Two seconds later I have root on your box.

Despite LSM. Despite SELinux. Despite jails and virtualization. Despite all your assumptions.

You will need some very fine security gents and a little of your own smarts to secure your nets. Call us :-)

The best link on this issue so far has been:

cr0: bypassing linux with null pointer

Do you want security? Go run carpal-tunnel-inducing OpenBSD, swell swell if only it smelled well FreeBSD, or, *drum rolls*

drop-in up-to-date secure and invulnerable grsec kernel for ubuntu and debian

Only disadvantage I can see is that they don’t provide amd64 and desktop builds.

Dilligence and perseverence is the path to victory,
and although paranoia may not be the path to safety
noone should leave their front door open.

In other news, and probably a little lame for those of you coming thru the planet feed, security.vcl is here – properly used, understood and abused it could save you some worries, making sure no “untrusted user” went “local” in the first place.

Also, tell your friends: there is a Facebook virus about. It sends links to you from your friends accounts. If you click on the link, you too will be sending your friends links.

Yeah, I know, that sounds like what I do on facebook all day. Except the difference is you don’t know you’re sending links.

So watch out.

And tell your less savvy friends.

politiet sliter

Tuesday, March 17th, 2009

Politiet sliter med datasystemene sine. En kollega har allerede nevnt saken. Det er skremmende men slett ikke overraskende. Det tar nok mer enn to uker før de får kontroll på viruset, spør du meg.

Jeg lurer på om vi på Redpill-Linpro ikke kunne hjulpet dem litt.
Gode forslag flyr rundt på kontoret:

Vi kunne brannvegget de så viruset ikke sprer seg. Vi kunne satt dem opp med tynnklienter og MultiFrame. Vi kunne fått orden på deres skrivbare shares med litt samba-magi. Vi kunne fått deres applikasjoner over på wine, eller virtualisert dem. Vi kunne stuntmigrert dem ved hjelp av noen usbnøkler og/eller litt PXE-foo – og så, ikke mere virus.

En ting er bra sikkert: det kommer til å ta dem ukesvis bare å få kontroll hvis de fortsetter med det nåværende systemet.. og de utsetter seg for at noe lignende skjer igjen og igjen og igjen.

Bonusen er at våre løsninger er åpen kildekode, så klart!