Sneaky New Linux Attack Discovered
Innovative back door looks like normal SSH traffic.
Security experts have announced the discovery of a Linux back door attack that they have pronounced "more sophisticated than we have seen in the past." This attack apparently breached a large hosting provider, providing access to usernames, passwords, email, financial records, and other personal information. Although some of this information was encrypted, investigators could not rule out the possible theft of encryption keys.
The attack was unique in its ability to conceal its own communication within SSH. According to the report, “… the back door did not open a network socket or attempt to connect to a command-and-control server. Rather, the back door code was injected into the SSH process to monitor network traffic and look for the following sequence: colon, exclamation mark, semi-colon, period (:!;.).”
The back door watches for this pattern and parses any traffic after the traffic is received. Hidden commands are encrypted using Blowfish and Base64 encoding.
According to the report, once the code is activated, the attacker can submit any command using the following syntax:
exec sh -c '[ATTACKER_COMMAND]'>/dev/null 2>/dev/null
The backdoor also supports several pre-configured commands and lets the attacker extract SSH connection data from the system.To detect the attack, search the traffic for presence of the initiation string (:!;.). The report at the Symantec site also describes a way to detect the attack through an SSHD process dump.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.