Re: [ISN] Linux Security Week - December 2nd 2002

From: InfoSec News (isnat_private)
Date: Wed Dec 04 2002 - 00:59:17 PST

  • Next message: InfoSec News: "[ISN] Update from The Intelligence Network"

    Forwarded from: matthew patton <pattonmeat_private>
    
    I don't normally comment on these but I feel a couple bear some
    words...
    
    > * Open-Source Trojans: A Growing Problem?
    > November 25th, 2002
    > 
    > Experts say the insertion of Trojans into two popular tools
    > reinforces the need to run readily available programs, such as MD5
    > hashes, to ensure that code hasn't been altered.  Experts recommend
    > using MD5 hashes to expose Trojans.
    > 
    > http://www.linuxsecurity.com/articles/projects_article-6256.html
    
    I'm sure readers here are aware that MD5 etc. hashes do next to
    nothing to expose trojans unless the user actually checks their
    generated hash with a couple different authoritative locations and
    discovers the discrepency. Obviously anyone who had access to a distro
    server can generate their own hash and the user will as a matter of
    course compute their copy and it will match and blithely continue
    secure in knowing nothing useful about what they just downloaded.
    Trojans introduced into CVS trees are the real and far more nefarious
    threat.
    
    
    > * Combating Reverse Telnet Using OpenBSD Packet Filter (pf)
    > November 25th, 2002
    > 
    > This article is meant for those who are going to implement firewall
    > using OpenBSD. The main purpose for this article is to protect
    > servers (such as web, mail, dns and others) within a firewalled
    > network.  This article is based on my personal experiences and I
    > could not guarantee it will suit all system that you have.
    > 
    > http://www.linuxsecurity.com/articles/documentation_article-6255.html
    
    They should have added to their disclaimer: "We are inexperienced
    firewall rule-base authors and clearly have not read the extensive
    literature out there on IPF/PF nor appreciate what our rulesets do." I
    have emailed the two gents a strong critique of their purported
    article and hope they see fit to heavily revise it if not yank it
    altogether. IMO a far better ruleset and hardening the OS process was
    presented by me at SANS 97 and somewhere on the 'net should be mirrors
    of my firewall-guide that went thru OpenBSD from start to finish and
    resulted in a floppy-sized bootable image with all the necessary
    pieces. I probably have it on 4mm tape somewhere but no idea where
    that tape is hiding...
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Dec 04 2002 - 03:30:06 PST