[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ISN] Linux Security Week - December 2nd 2002



Forwarded from: matthew patton <pattonme@xxxxxxxxx>

I don't normally comment on these but I feel a couple bear some
words...

> * Open-Source Trojans: A Growing Problem?
> November 25th, 2002
> 
> Experts say the insertion of Trojans into two popular tools
> reinforces the need to run readily available programs, such as MD5
> hashes, to ensure that code hasn't been altered.  Experts recommend
> using MD5 hashes to expose Trojans.
> 
> http://www.linuxsecurity.com/articles/projects_article-6256.html

I'm sure readers here are aware that MD5 etc. hashes do next to
nothing to expose trojans unless the user actually checks their
generated hash with a couple different authoritative locations and
discovers the discrepency. Obviously anyone who had access to a distro
server can generate their own hash and the user will as a matter of
course compute their copy and it will match and blithely continue
secure in knowing nothing useful about what they just downloaded.
Trojans introduced into CVS trees are the real and far more nefarious
threat.


> * Combating Reverse Telnet Using OpenBSD Packet Filter (pf)
> November 25th, 2002
> 
> This article is meant for those who are going to implement firewall
> using OpenBSD. The main purpose for this article is to protect
> servers (such as web, mail, dns and others) within a firewalled
> network.  This article is based on my personal experiences and I
> could not guarantee it will suit all system that you have.
> 
> http://www.linuxsecurity.com/articles/documentation_article-6255.html

They should have added to their disclaimer: "We are inexperienced
firewall rule-base authors and clearly have not read the extensive
literature out there on IPF/PF nor appreciate what our rulesets do." I
have emailed the two gents a strong critique of their purported
article and hope they see fit to heavily revise it if not yank it
altogether. IMO a far better ruleset and hardening the OS process was
presented by me at SANS 97 and somewhere on the 'net should be mirrors
of my firewall-guide that went thru OpenBSD from start to finish and
resulted in a floppy-sized bootable image with all the necessary
pieces. I probably have it on 4mm tape somewhere but no idea where
that tape is hiding...



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.