[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] I'm new here, and I already have something to share
- To: Alex <fd@xxxxxxxx>
- Subject: Re: [Full-disclosure] I'm new here, and I already have something to share
- From: Jasper Kips <jasper@xxxxxxxxxxxxx>
- Date: Fri, 8 Nov 2013 19:21:38 +0100
Alex,
Not allowing anonymous SSH, doesn't mean you need a password for SSH. Actually,
certificates are way more secure than passwords.
Just a damned security guy
Jasper Kips,
Always waiting for the ricochet
> Op 8 nov. 2013 om 18:47 heeft Alex <fd@xxxxxxxx> het volgende geschreven:
>
> I don't care about this worm. Having password on ssh is not user friendly.
> Damn you security guys.
>
>
> Am 7. November 2013 07:02:23 schrieb Jack Johnson <jack@xxxxxxxxxxxxxxxxx>:
>> It is a user friendly report about a new worm/rootkit (only goes into worm
>> mode when UUCP is active) that is able to, but has not yet, wreaked havoc on
>> any system that it infects.
>>
>> This report does drop dox, since it mentions the handle of an EFNet user.
>> However, all it is
>> is a description of a currently-active rootkit.
>>
>> Xplatform.JPreskit rootkit
>>
>> User friendly report written by Jack Johnson
>> 'j4jackj' on EFNet
>>
>> DESCRIPTION
>> This newest infection is a rootkit spread by weak passwords and duff links.
>> It was made by an EFNetter called JPres. He originally developed it on the
>> BeOS
>> but it is able to strike every operating system that has actual use in the
>> world.
>>
>> THREAT LEVEL
>> This threat is terminal, for once a computer is infected, if you isolate it,
>> the failsafe mode kicks in. The JPresKit failsafe is to nuke the hard disk
>> on which /
>> resides.
>>
>> It is able to infect Windows ia32 and amd64 architectures, Debian and RHEL
>> 32 and 64,
>> and the BeOS, PowerPC and Intel.
>>
>> Threat activation is manually, by an unsuspecting user or by the master
>> using a weak
>> password via SSH and RSH.
>>
>> PAYLOAD DELIVERY
>> Payload delivery once the rootkit is on the computer is by Pastebin.com.
>> Payloads are encrypted and base64 encoded. It is unknown which encryption
>> method
>> from those available in a default (insert form of UNIX here) install is used.
>>
>> The format for payload titles is @tagYYYYMMDDSS where YYYYMMDDSS is a
>> serial number determining the time of execution, and tag is the
>> tag of the rooted machine.
>>
>> BEHAVIOUR
>> On UNIX systems, when UUCP is enabled, this rootkit is also a worm.
>> This rootkit/worm is able to morph by the master issuing commands to the
>> worm.
>>
>> RECOMMENDED ACTION
>> You must back up and reinstall. This rootkit may still be present after a
>> reinstall,
>> if you moved your files to the new installation.
>>
>> PREVENTION
>> In the future, do not allow anonymous SSH into your computer, unless for
>> things like UUCP.
>> This will prevent future reinfection.
>>
>> Thank you for reading this report as a matter of urgency.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/