Guest Dan Posted August 28, 2008 Posted August 28, 2008 http://www.us-cert.gov/current/index.html#...penssh_security {Note: Web Link may be manipulated by others and smart web surfing is encouraged like reading in plain text and blocking remote code -- Disclaimer: Poster is not responsible if someone hacks post and web link is illegally changed} Here is the information from US-Cert.gov which is a part of DHS: all below should be considered a quote ". . ." SSH Key-based Attacks added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed. Phalanx2 appears to be a derivative of an older rootkit named "phalanx". Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site. Detection of phalanx2 as used in this attack may be performed as follows: "ls" does not show a directory "/etc/khubd.p2/", but it can be entered with "cd /etc/khubd.p2". "/dev/shm/" may contain files from the attack. Any directory named "khubd.p2" is hidden from "ls", but may be entered by using "cd". Changes in the configuration of the rootkit might change the attack indicators listed above. Other detection methods may include searching for hidden processes and checking the reference count in "/etc" against the number of directories shown by "ls". US-CERT encourages administrators to perform the following actions to help mitigate the risks: Proactively identify and examine systems where SSH keys are used as part of automated processes. These keys will typically do not have passphrases or passwords. Encourage users to use the keys with passphrase or passwords to reduce the risk if a key is compromised. Review access paths to internet facing systems and ensure that systems are fully patched. If a compromise is confirmed, US-CERT recommends the following actions: Disable key-based SSH authentication on the affected systems, where possible. Perform an audit of all SSH keys on the affected systems. Notify all key owners of the potential compromise of their keys. US-CERT will provide additional information as it becomes available. US-CERT credits DFN-CERT for their contributions regarding this issue. {Note: to Microsoft only users: The above is provided as a general service announcement and although it affects Linux systems is provided here publically to raise user's awareness of how serious computer attacks are getting --- thank you for any feedback and have a great day} Also please use Microsoft's own password tool to generate stronger passwords that are safe and secure. I hope Steve Riley, MSFT will ocmment for all of us to benefit on the issue of new security and safety measures and the new source code Microsoft is slowly but surely developing. That new source code is what I am super excited about for Microsoft's future. Quote
Guest MowGreen [MVP] Posted August 28, 2008 Posted August 28, 2008 Where are the Penguin fanbois exclaiming " Linux is the safest OS; it's impenetrable " ? C'mon guyz, do your part. You have a role to fill here. But, seriously, Dan. Anyone with common sense knows that any system that is exposed to the internet can be compromised. And, it is irrelevant which OS one runs. The key is, never drink 'OS koolaid'. Use the one that suits your purposes but don't tell everyone that it is ' the most secure ' or ' it can't be hacked '. That's total nonsense. MowGreen [MVP 2003-2008] =============== -343- FDNY Never Forgotten =============== Dan wrote: <span style="color:blue"> > http://www.us-cert.gov/current/index.html#...penssh_security > > {Note: Web Link may be manipulated by others and smart web surfing is > encouraged like reading in plain text and blocking remote code -- Disclaimer: > Poster is not responsible if someone hacks post and web link is illegally > changed} > > Here is the information from US-Cert.gov which is a part of DHS: all below > should be considered a quote ". . ." > > SSH Key-based Attacks > added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm > > US-CERT is aware of active attacks against linux-based computing > infrastructures using compromised SSH keys. The attack appears to initially > use stolen SSH keys to gain access to a system, and then uses local kernel > exploits to gain root access. Once root access has been obtained, a rootkit > known as "phalanx2" is installed. > > Phalanx2 appears to be a derivative of an older rootkit named "phalanx". > Phalanx2 and the support scripts within the rootkit, are configured to > systematically steal SSH keys from the compromised system. These SSH keys are > sent to the attackers, who then use them to try to compromise other sites and > other systems of interest at the attacked site. > > Detection of phalanx2 as used in this attack may be performed as follows: > > > "ls" does not show a directory "/etc/khubd.p2/", but it can be entered with > "cd /etc/khubd.p2". > "/dev/shm/" may contain files from the attack. > Any directory named "khubd.p2" is hidden from "ls", but may be entered by > using "cd". > Changes in the configuration of the rootkit might change the attack > indicators listed above. Other detection methods may include searching for > hidden processes and checking the reference count in "/etc" against the > number of directories shown by "ls". > US-CERT encourages administrators to perform the following actions to help > mitigate the risks: > > Proactively identify and examine systems where SSH keys are used as part of > automated processes. These keys will typically do not have passphrases or > passwords. > Encourage users to use the keys with passphrase or passwords to reduce the > risk if a key is compromised. > Review access paths to internet facing systems and ensure that systems are > fully patched. > If a compromise is confirmed, US-CERT recommends the following actions: > > Disable key-based SSH authentication on the affected systems, where possible. > Perform an audit of all SSH keys on the affected systems. > Notify all key owners of the potential compromise of their keys. > US-CERT will provide additional information as it becomes available. > > US-CERT credits DFN-CERT for their contributions regarding this issue. > > {Note: to Microsoft only users: The above is provided as a general service > announcement and although it affects Linux systems is provided here > publically to raise user's awareness of how serious computer attacks are > getting --- thank you for any feedback and have a great day} > > Also please use Microsoft's own password tool to generate stronger passwords > that are safe and secure. I hope Steve Riley, MSFT will ocmment for all of > us to benefit on the issue of new security and safety measures and the new > source code Microsoft is slowly but surely developing. That new source code > is what I am super excited about for Microsoft's future.</span> Quote
Guest Dan Posted August 29, 2008 Posted August 29, 2008 Thanks for your reply MowGreen. I really do respect you and consider you a great asset to this group. I loved when Apple users were so sure of their operating system and computers that they claimed they were really safe and when an Apple, Windows Vista and Ubuntu Linux computer competed against each other the first one to be hacked was the Apple. BTW, have you heard anything about Microsoft new source code that you can publicly share on this newsgroup? "MowGreen [MVP]" wrote: <span style="color:blue"> > Where are the Penguin fanbois exclaiming " Linux is the safest OS; it's > impenetrable " ? > C'mon guyz, do your part. You have a role to fill here. > > But, seriously, Dan. Anyone with common sense knows that any system that > is exposed to the internet can be compromised. And, it is irrelevant > which OS one runs. > The key is, never drink 'OS koolaid'. Use the one that suits your > purposes but don't tell everyone that it is ' the most secure ' or ' it > can't be hacked '. That's total nonsense. > > > MowGreen [MVP 2003-2008] > =============== > -343- FDNY > Never Forgotten > =============== > > > Dan wrote: > <span style="color:green"> > > http://www.us-cert.gov/current/index.html#...penssh_security > > > > {Note: Web Link may be manipulated by others and smart web surfing is > > encouraged like reading in plain text and blocking remote code -- Disclaimer: > > Poster is not responsible if someone hacks post and web link is illegally > > changed} > > > > Here is the information from US-Cert.gov which is a part of DHS: all below > > should be considered a quote ". . ." > > > > SSH Key-based Attacks > > added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm > > > > US-CERT is aware of active attacks against linux-based computing > > infrastructures using compromised SSH keys. The attack appears to initially > > use stolen SSH keys to gain access to a system, and then uses local kernel > > exploits to gain root access. Once root access has been obtained, a rootkit > > known as "phalanx2" is installed. > > > > Phalanx2 appears to be a derivative of an older rootkit named "phalanx". > > Phalanx2 and the support scripts within the rootkit, are configured to > > systematically steal SSH keys from the compromised system. These SSH keys are > > sent to the attackers, who then use them to try to compromise other sites and > > other systems of interest at the attacked site. > > > > Detection of phalanx2 as used in this attack may be performed as follows: > > > > > > "ls" does not show a directory "/etc/khubd.p2/", but it can be entered with > > "cd /etc/khubd.p2". > > "/dev/shm/" may contain files from the attack. > > Any directory named "khubd.p2" is hidden from "ls", but may be entered by > > using "cd". > > Changes in the configuration of the rootkit might change the attack > > indicators listed above. Other detection methods may include searching for > > hidden processes and checking the reference count in "/etc" against the > > number of directories shown by "ls". > > US-CERT encourages administrators to perform the following actions to help > > mitigate the risks: > > > > Proactively identify and examine systems where SSH keys are used as part of > > automated processes. These keys will typically do not have passphrases or > > passwords. > > Encourage users to use the keys with passphrase or passwords to reduce the > > risk if a key is compromised. > > Review access paths to internet facing systems and ensure that systems are > > fully patched. > > If a compromise is confirmed, US-CERT recommends the following actions: > > > > Disable key-based SSH authentication on the affected systems, where possible. > > Perform an audit of all SSH keys on the affected systems. > > Notify all key owners of the potential compromise of their keys. > > US-CERT will provide additional information as it becomes available. > > > > US-CERT credits DFN-CERT for their contributions regarding this issue. > > > > {Note: to Microsoft only users: The above is provided as a general service > > announcement and although it affects Linux systems is provided here > > publically to raise user's awareness of how serious computer attacks are > > getting --- thank you for any feedback and have a great day} > > > > Also please use Microsoft's own password tool to generate stronger passwords > > that are safe and secure. I hope Steve Riley, MSFT will ocmment for all of > > us to benefit on the issue of new security and safety measures and the new > > source code Microsoft is slowly but surely developing. That new source code > > is what I am super excited about for Microsoft's future.</span> > </span> Quote
Guest Steve Riley [MSFT] Posted August 29, 2008 Posted August 29, 2008 Dan, I have resisted writing a message like the one I'm writing now but I can wait no longer. I'm not exactly sure what it is that you expect to accomplish with statements like "web link may be manipulated by others" and "poster not responsible if someone hacks post" (other than possibly stoking the fears of other readers) nor do I understand your repeated requests for me to comment on various things (I am not any kind of Microsoft crystal ball). In the newsgroups I avoid religious arguments about software, engaging in flame wars, or questioning people's motives because none of those activities do anyone any good. But your exaggerated claims about the realm of possible attacks, your continued devotion to "internal safety" vs. "external security" (which are terms NO ONE ELSE in the security field uses), your frequent invocation of DHS (and your cc-ing the US-CERT in your private emails to me -- what's up with that?), and your strange occupation with "source code" is really getting quite tiresome. In this thread you wonder about some kind of "new source code" that might be under development. In your thread "Source Code," you lament that, according to Wikipedia, Windows 7 "will use the Windows NT source code" -- then later on claim that we've got some sort of secret skunkworks project. Do you really even understand what source code is? Nowhere in the Wikipedia article did I see any reference to Windows NT source code. Do you realize that virtually none of the original NT code still exists in the current versions of Windows? Much of the architecture (for example -- file storage, communications, process handling, and memory managememt) is still in place, of course, but nearly every single element has been rewritten and expanded to increase reliability and security, and to take advantage of modern hardware capabilities. In a reply to "Is DNSSEC supported by Windows?" you claim that DOS is required for "internal safety" -- is this a joke? Do you understand that DOS is an ancient thing written for a totally different time -- when there were no networks, no multitasking, no re-entrance (executing the same piece of code multiple simultaneous times), no multi-user support, and no concept of virtualizing any of these layers? DOS HAS ZERO security of any kind. To claim "society and the world are paying for the mistake" of not using DOS in the current version of Windows is really rather silly. Your assertion that "the majority of people here...have...bought the company line" is intended to indicate what? What "company" do you mean? Information security practices and philosophies have evolved over time to address changing business requirements in an age where everything is connected all the time using public networks. To claim that "the majority" are wrong and that the development practices (and products) of two decades ago will somehow save us from all evil shows a fundamental misunderstanding of the issues and solutions. Dan, I am not attacking your motives or impugning your character. But I am asking that you rethink your positions (and your allegiances) as you continue your journey in field of computer security. -- Steve Riley steve.riley@microsoft.com http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com "Dan" <Dan@discussions.microsoft.com> wrote in message news:F78F1DC8-4ADD-4174-BAEE-7FD50FCF635A@microsoft.com...<span style="color:blue"> > Thanks for your reply MowGreen. I really do respect you and consider you > a > great asset to this group. I loved when Apple users were so sure of their > operating system and computers that they claimed they were really safe and > when an Apple, Windows Vista and Ubuntu Linux computer competed against > each > other the first one to be hacked was the Apple. BTW, have you heard > anything > about Microsoft new source code that you can publicly share on this > newsgroup? > > "MowGreen [MVP]" wrote: ><span style="color:green"> >> Where are the Penguin fanbois exclaiming " Linux is the safest OS; it's >> impenetrable " ? >> C'mon guyz, do your part. You have a role to fill here. >> >> But, seriously, Dan. Anyone with common sense knows that any system that >> is exposed to the internet can be compromised. And, it is irrelevant >> which OS one runs. >> The key is, never drink 'OS koolaid'. Use the one that suits your >> purposes but don't tell everyone that it is ' the most secure ' or ' it >> can't be hacked '. That's total nonsense. >> >> >> MowGreen [MVP 2003-2008] >> =============== >> -343- FDNY >> Never Forgotten >> =============== >> >> >> Dan wrote: >><span style="color:darkred"> >> > http://www.us-cert.gov/current/index.html#...penssh_security >> > >> > {Note: Web Link may be manipulated by others and smart web surfing is >> > encouraged like reading in plain text and blocking remote code -- >> > Disclaimer: >> > Poster is not responsible if someone hacks post and web link is >> > illegally >> > changed} >> > >> > Here is the information from US-Cert.gov which is a part of DHS: all >> > below >> > should be considered a quote ". . ." >> > >> > SSH Key-based Attacks >> > added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm >> > >> > US-CERT is aware of active attacks against linux-based computing >> > infrastructures using compromised SSH keys. The attack appears to >> > initially >> > use stolen SSH keys to gain access to a system, and then uses local >> > kernel >> > exploits to gain root access. Once root access has been obtained, a >> > rootkit >> > known as "phalanx2" is installed. >> > >> > Phalanx2 appears to be a derivative of an older rootkit named >> > "phalanx". >> > Phalanx2 and the support scripts within the rootkit, are configured to >> > systematically steal SSH keys from the compromised system. These SSH >> > keys are >> > sent to the attackers, who then use them to try to compromise other >> > sites and >> > other systems of interest at the attacked site. >> > >> > Detection of phalanx2 as used in this attack may be performed as >> > follows: >> > >> > >> > "ls" does not show a directory "/etc/khubd.p2/", but it can be entered >> > with >> > "cd /etc/khubd.p2". >> > "/dev/shm/" may contain files from the attack. >> > Any directory named "khubd.p2" is hidden from "ls", but may be entered >> > by >> > using "cd". >> > Changes in the configuration of the rootkit might change the attack >> > indicators listed above. Other detection methods may include searching >> > for >> > hidden processes and checking the reference count in "/etc" against the >> > number of directories shown by "ls". >> > US-CERT encourages administrators to perform the following actions to >> > help >> > mitigate the risks: >> > >> > Proactively identify and examine systems where SSH keys are used as >> > part of >> > automated processes. These keys will typically do not have passphrases >> > or >> > passwords. >> > Encourage users to use the keys with passphrase or passwords to reduce >> > the >> > risk if a key is compromised. >> > Review access paths to internet facing systems and ensure that systems >> > are >> > fully patched. >> > If a compromise is confirmed, US-CERT recommends the following actions: >> > >> > Disable key-based SSH authentication on the affected systems, where >> > possible. >> > Perform an audit of all SSH keys on the affected systems. >> > Notify all key owners of the potential compromise of their keys. >> > US-CERT will provide additional information as it becomes available. >> > >> > US-CERT credits DFN-CERT for their contributions regarding this issue. >> > >> > {Note: to Microsoft only users: The above is provided as a general >> > service >> > announcement and although it affects Linux systems is provided here >> > publically to raise user's awareness of how serious computer attacks >> > are >> > getting --- thank you for any feedback and have a great day} >> > >> > Also please use Microsoft's own password tool to generate stronger >> > passwords >> > that are safe and secure. I hope Steve Riley, MSFT will ocmment for >> > all of >> > us to benefit on the issue of new security and safety measures and the >> > new >> > source code Microsoft is slowly but surely developing. That new source >> > code >> > is what I am super excited about for Microsoft's future.</span> >> </span></span> Quote
Guest Tom [Pepper] Willett Posted August 29, 2008 Posted August 29, 2008 CLAP! CLAP! CLAP! Thanks, Steve. "Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in message news:33716B98-3D29-4499-9573-7A4FB4558358@microsoft.com... : Dan, I have resisted writing a message like the one I'm writing now but I : can wait no longer. I'm not exactly sure what it is that you expect to : accomplish with statements like "web link may be manipulated by others" and : "poster not responsible if someone hacks post" (other than possibly stoking : the fears of other readers) nor do I understand your repeated requests for : me to comment on various things (I am not any kind of Microsoft crystal : ball). : : In the newsgroups I avoid religious arguments about software, engaging in : flame wars, or questioning people's motives because none of those activities : do anyone any good. But your exaggerated claims about the realm of possible : attacks, your continued devotion to "internal safety" vs. "external : security" (which are terms NO ONE ELSE in the security field uses), your : frequent invocation of DHS (and your cc-ing the US-CERT in your private : emails to me -- what's up with that?), and your strange occupation with : "source code" is really getting quite tiresome. : : In this thread you wonder about some kind of "new source code" that might be : under development. In your thread "Source Code," you lament that, according : to Wikipedia, Windows 7 "will use the Windows NT source code" -- then later : on claim that we've got some sort of secret skunkworks project. Do you : really even understand what source code is? Nowhere in the Wikipedia article : did I see any reference to Windows NT source code. Do you realize that : virtually none of the original NT code still exists in the current versions : of Windows? Much of the architecture (for example -- file storage, : communications, process handling, and memory managememt) is still in place, : of course, but nearly every single element has been rewritten and expanded : to increase reliability and security, and to take advantage of modern : hardware capabilities. In a reply to "Is DNSSEC supported by Windows?" you : claim that DOS is required for "internal safety" -- is this a joke? Do you : understand that DOS is an ancient thing written for a totally different : time -- when there were no networks, no multitasking, no re-entrance : (executing the same piece of code multiple simultaneous times), no : multi-user support, and no concept of virtualizing any of these layers? DOS : HAS ZERO security of any kind. To claim "society and the world are paying : for the mistake" of not using DOS in the current version of Windows is : really rather silly. : : Your assertion that "the majority of people here...have...bought the company : line" is intended to indicate what? What "company" do you mean? Information : security practices and philosophies have evolved over time to address : changing business requirements in an age where everything is connected all : the time using public networks. To claim that "the majority" are wrong and : that the development practices (and products) of two decades ago will : somehow save us from all evil shows a fundamental misunderstanding of the : issues and solutions. : : Dan, I am not attacking your motives or impugning your character. But I am : asking that you rethink your positions (and your allegiances) as you : continue your journey in field of computer security. : : : -- : Steve Riley : steve.riley@microsoft.com : http://blogs.technet.com/steriley : http://www.protectyourwindowsnetwork.com : : : : "Dan" <Dan@discussions.microsoft.com> wrote in message : news:F78F1DC8-4ADD-4174-BAEE-7FD50FCF635A@microsoft.com... : > Thanks for your reply MowGreen. I really do respect you and consider you : > a : > great asset to this group. I loved when Apple users were so sure of their : > operating system and computers that they claimed they were really safe and : > when an Apple, Windows Vista and Ubuntu Linux computer competed against : > each : > other the first one to be hacked was the Apple. BTW, have you heard : > anything : > about Microsoft new source code that you can publicly share on this : > newsgroup? : > : > "MowGreen [MVP]" wrote: : > : >> Where are the Penguin fanbois exclaiming " Linux is the safest OS; it's : >> impenetrable " ? : >> C'mon guyz, do your part. You have a role to fill here. : >> : >> But, seriously, Dan. Anyone with common sense knows that any system that : >> is exposed to the internet can be compromised. And, it is irrelevant : >> which OS one runs. : >> The key is, never drink 'OS koolaid'. Use the one that suits your : >> purposes but don't tell everyone that it is ' the most secure ' or ' it : >> can't be hacked '. That's total nonsense. : >> : >> : >> MowGreen [MVP 2003-2008] : >> =============== : >> -343- FDNY : >> Never Forgotten : >> =============== : >> : >> : >> Dan wrote: : >> : >> > http://www.us-cert.gov/current/index.html#...penssh_security : >> > : >> > {Note: Web Link may be manipulated by others and smart web surfing is : >> > encouraged like reading in plain text and blocking remote code -- : >> > Disclaimer: : >> > Poster is not responsible if someone hacks post and web link is : >> > illegally : >> > changed} : >> > : >> > Here is the information from US-Cert.gov which is a part of DHS: all : >> > below : >> > should be considered a quote ". . ." : >> > : >> > SSH Key-based Attacks : >> > added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm : >> > : >> > US-CERT is aware of active attacks against linux-based computing : >> > infrastructures using compromised SSH keys. The attack appears to : >> > initially : >> > use stolen SSH keys to gain access to a system, and then uses local : >> > kernel : >> > exploits to gain root access. Once root access has been obtained, a : >> > rootkit : >> > known as "phalanx2" is installed. : >> > : >> > Phalanx2 appears to be a derivative of an older rootkit named : >> > "phalanx". : >> > Phalanx2 and the support scripts within the rootkit, are configured to : >> > systematically steal SSH keys from the compromised system. These SSH : >> > keys are : >> > sent to the attackers, who then use them to try to compromise other : >> > sites and : >> > other systems of interest at the attacked site. : >> > : >> > Detection of phalanx2 as used in this attack may be performed as : >> > follows: : >> > : >> > : >> > "ls" does not show a directory "/etc/khubd.p2/", but it can be entered : >> > with : >> > "cd /etc/khubd.p2". : >> > "/dev/shm/" may contain files from the attack. : >> > Any directory named "khubd.p2" is hidden from "ls", but may be entered : >> > by : >> > using "cd". : >> > Changes in the configuration of the rootkit might change the attack : >> > indicators listed above. Other detection methods may include searching : >> > for : >> > hidden processes and checking the reference count in "/etc" against the : >> > number of directories shown by "ls". : >> > US-CERT encourages administrators to perform the following actions to : >> > help : >> > mitigate the risks: : >> > : >> > Proactively identify and examine systems where SSH keys are used as : >> > part of : >> > automated processes. These keys will typically do not have passphrases : >> > or : >> > passwords. : >> > Encourage users to use the keys with passphrase or passwords to reduce : >> > the : >> > risk if a key is compromised. : >> > Review access paths to internet facing systems and ensure that systems : >> > are : >> > fully patched. : >> > If a compromise is confirmed, US-CERT recommends the following actions: : >> > : >> > Disable key-based SSH authentication on the affected systems, where : >> > possible. : >> > Perform an audit of all SSH keys on the affected systems. : >> > Notify all key owners of the potential compromise of their keys. : >> > US-CERT will provide additional information as it becomes available. : >> > : >> > US-CERT credits DFN-CERT for their contributions regarding this issue. : >> > : >> > {Note: to Microsoft only users: The above is provided as a general : >> > service : >> > announcement and although it affects Linux systems is provided here : >> > publically to raise user's awareness of how serious computer attacks : >> > are : >> > getting --- thank you for any feedback and have a great day} : >> > : >> > Also please use Microsoft's own password tool to generate stronger : >> > passwords : >> > that are safe and secure. I hope Steve Riley, MSFT will ocmment for : >> > all of : >> > us to benefit on the issue of new security and safety measures and the : >> > new : >> > source code Microsoft is slowly but surely developing. That new source : >> > code : >> > is what I am super excited about for Microsoft's future. : >> Quote
Guest FromTheRafters Posted August 30, 2008 Posted August 30, 2008 "Dan" <Dan@discussions.microsoft.com> wrote in message news:F78F1DC8-4ADD-4174-BAEE-7FD50FCF635A@microsoft.com...<span style="color:blue"> > Thanks for your reply MowGreen. I really do respect you and consider you > a > great asset to this group. I loved when Apple users were so sure of their > operating system and computers that they claimed they were really safe and > when an Apple, Windows Vista and Ubuntu Linux computer competed against > each > other the first one to be hacked was the Apple. BTW, have you heard > anything > about Microsoft new source code that you can publicly share on this > newsgroup?</span> I can. It won't support file system and registry virtualization for legacy programs. Software developers should keep this in mind when writing or porting for Vista. Average users should consider this when purchasing software they want to use on the next Microsoft offering. XP was pretty forgiving of those who didn't follow the guidelines, Vista less so, and the next even less so. I think I saw the new OS's codename somewhere, but I fogot it already. Quote
Guest Dan Posted August 30, 2008 Posted August 30, 2008 Thank you for your feedback, Steve and sorry I did not mean to hurt Microsoft. "Steve Riley [MSFT]" wrote: <span style="color:blue"> > Dan, I have resisted writing a message like the one I'm writing now but I > can wait no longer. I'm not exactly sure what it is that you expect to > accomplish with statements like "web link may be manipulated by others" and > "poster not responsible if someone hacks post" (other than possibly stoking > the fears of other readers) nor do I understand your repeated requests for > me to comment on various things (I am not any kind of Microsoft crystal > ball). > > In the newsgroups I avoid religious arguments about software, engaging in > flame wars, or questioning people's motives because none of those activities > do anyone any good. But your exaggerated claims about the realm of possible > attacks, your continued devotion to "internal safety" vs. "external > security" (which are terms NO ONE ELSE in the security field uses), your > frequent invocation of DHS (and your cc-ing the US-CERT in your private > emails to me -- what's up with that?), and your strange occupation with > "source code" is really getting quite tiresome. > > In this thread you wonder about some kind of "new source code" that might be > under development. In your thread "Source Code," you lament that, according > to Wikipedia, Windows 7 "will use the Windows NT source code" -- then later > on claim that we've got some sort of secret skunkworks project. Do you > really even understand what source code is? Nowhere in the Wikipedia article > did I see any reference to Windows NT source code. Do you realize that > virtually none of the original NT code still exists in the current versions > of Windows? Much of the architecture (for example -- file storage, > communications, process handling, and memory managememt) is still in place, > of course, but nearly every single element has been rewritten and expanded > to increase reliability and security, and to take advantage of modern > hardware capabilities. In a reply to "Is DNSSEC supported by Windows?" you > claim that DOS is required for "internal safety" -- is this a joke? Do you > understand that DOS is an ancient thing written for a totally different > time -- when there were no networks, no multitasking, no re-entrance > (executing the same piece of code multiple simultaneous times), no > multi-user support, and no concept of virtualizing any of these layers? DOS > HAS ZERO security of any kind. To claim "society and the world are paying > for the mistake" of not using DOS in the current version of Windows is > really rather silly. > > Your assertion that "the majority of people here...have...bought the company > line" is intended to indicate what? What "company" do you mean? Information > security practices and philosophies have evolved over time to address > changing business requirements in an age where everything is connected all > the time using public networks. To claim that "the majority" are wrong and > that the development practices (and products) of two decades ago will > somehow save us from all evil shows a fundamental misunderstanding of the > issues and solutions. > > Dan, I am not attacking your motives or impugning your character. But I am > asking that you rethink your positions (and your allegiances) as you > continue your journey in field of computer security. > > > -- > Steve Riley > steve.riley@microsoft.com > http://blogs.technet.com/steriley > http://www.protectyourwindowsnetwork.com > > > > "Dan" <Dan@discussions.microsoft.com> wrote in message > news:F78F1DC8-4ADD-4174-BAEE-7FD50FCF635A@microsoft.com...<span style="color:green"> > > Thanks for your reply MowGreen. I really do respect you and consider you > > a > > great asset to this group. I loved when Apple users were so sure of their > > operating system and computers that they claimed they were really safe and > > when an Apple, Windows Vista and Ubuntu Linux computer competed against > > each > > other the first one to be hacked was the Apple. BTW, have you heard > > anything > > about Microsoft new source code that you can publicly share on this > > newsgroup? > > > > "MowGreen [MVP]" wrote: > ><span style="color:darkred"> > >> Where are the Penguin fanbois exclaiming " Linux is the safest OS; it's > >> impenetrable " ? > >> C'mon guyz, do your part. You have a role to fill here. > >> > >> But, seriously, Dan. Anyone with common sense knows that any system that > >> is exposed to the internet can be compromised. And, it is irrelevant > >> which OS one runs. > >> The key is, never drink 'OS koolaid'. Use the one that suits your > >> purposes but don't tell everyone that it is ' the most secure ' or ' it > >> can't be hacked '. That's total nonsense. > >> > >> > >> MowGreen [MVP 2003-2008] > >> =============== > >> -343- FDNY > >> Never Forgotten > >> =============== > >> > >> > >> Dan wrote: > >> > >> > http://www.us-cert.gov/current/index.html#...penssh_security > >> > > >> > {Note: Web Link may be manipulated by others and smart web surfing is > >> > encouraged like reading in plain text and blocking remote code -- > >> > Disclaimer: > >> > Poster is not responsible if someone hacks post and web link is > >> > illegally > >> > changed} > >> > > >> > Here is the information from US-Cert.gov which is a part of DHS: all > >> > below > >> > should be considered a quote ". . ." > >> > > >> > SSH Key-based Attacks > >> > added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm > >> > > >> > US-CERT is aware of active attacks against linux-based computing > >> > infrastructures using compromised SSH keys. The attack appears to > >> > initially > >> > use stolen SSH keys to gain access to a system, and then uses local > >> > kernel > >> > exploits to gain root access. Once root access has been obtained, a > >> > rootkit > >> > known as "phalanx2" is installed. > >> > > >> > Phalanx2 appears to be a derivative of an older rootkit named > >> > "phalanx". > >> > Phalanx2 and the support scripts within the rootkit, are configured to > >> > systematically steal SSH keys from the compromised system. These SSH > >> > keys are > >> > sent to the attackers, who then use them to try to compromise other > >> > sites and > >> > other systems of interest at the attacked site. > >> > > >> > Detection of phalanx2 as used in this attack may be performed as > >> > follows: > >> > > >> > > >> > "ls" does not show a directory "/etc/khubd.p2/", but it can be entered > >> > with > >> > "cd /etc/khubd.p2". > >> > "/dev/shm/" may contain files from the attack. > >> > Any directory named "khubd.p2" is hidden from "ls", but may be entered > >> > by > >> > using "cd". > >> > Changes in the configuration of the rootkit might change the attack > >> > indicators listed above. Other detection methods may include searching > >> > for > >> > hidden processes and checking the reference count in "/etc" against the > >> > number of directories shown by "ls". > >> > US-CERT encourages administrators to perform the following actions to > >> > help > >> > mitigate the risks: > >> > > >> > Proactively identify and examine systems where SSH keys are used as > >> > part of > >> > automated processes. These keys will typically do not have passphrases > >> > or > >> > passwords. > >> > Encourage users to use the keys with passphrase or passwords to reduce > >> > the > >> > risk if a key is compromised. > >> > Review access paths to internet facing systems and ensure that systems > >> > are > >> > fully patched. > >> > If a compromise is confirmed, US-CERT recommends the following actions: > >> > > >> > Disable key-based SSH authentication on the affected systems, where > >> > possible. > >> > Perform an audit of all SSH keys on the affected systems. > >> > Notify all key owners of the potential compromise of their keys. > >> > US-CERT will provide additional information as it becomes available. > >> > > >> > US-CERT credits DFN-CERT for their contributions regarding this issue. > >> > > >> > {Note: to Microsoft only users: The above is provided as a general > >> > service > >> > announcement and although it affects Linux systems is provided here > >> > publically to raise user's awareness of how serious computer attacks > >> > are > >> > getting --- thank you for any feedback and have a great day} > >> > > >> > Also please use Microsoft's own password tool to generate stronger > >> > passwords > >> > that are safe and secure. I hope Steve Riley, MSFT will ocmment for > >> > all of > >> > us to benefit on the issue of new security and safety measures and the > >> > new > >> > source code Microsoft is slowly but surely developing. That new source > >> > code > >> > is what I am super excited about for Microsoft's future. > >> </span></span> > </span> Quote
Guest Dan Posted August 30, 2008 Posted August 30, 2008 Thank you. This new Microsoft source code as far as I can remember is a small project within Microsoft and I read about it during the summer but I sadly do not recall the data. Steve, from what I have read about Windows 7 is that it will not use an entirely new source code but will have additional functionality added on top of Windows Vista and I use Windows 98 Second Edition for legacy support so that is a non-issue about compatibility and I encourage users to use Windows 98 Second Edition if they need the compatibility with old dos games because I enjoy them so much and they were designed and programmed so well. Remember, with King's Quest 1 by Sierra on Line for the IBM PCjr that Sierra had to fit the entire program on 1 5.25 inch floppy disk and the computer itself had no hard drive. It was so cool because it allowed you to use the IBM keyboard without a wire with only 2 double AA batteries. The reason I mention this is because I feel the industry has moved too far away from its roots in the past and has forgotten some important parts of the past and my hope is for the future that Microsoft can lead the way in developing an entirely new source code for businesses and consumers to use alike in true harmony which is just a pipe dream on my part I guess but at least I can dream and hope, right. "FromTheRafters" wrote: <span style="color:blue"> > > "Dan" <Dan@discussions.microsoft.com> wrote in message > news:F78F1DC8-4ADD-4174-BAEE-7FD50FCF635A@microsoft.com...<span style="color:green"> > > Thanks for your reply MowGreen. I really do respect you and consider you > > a > > great asset to this group. I loved when Apple users were so sure of their > > operating system and computers that they claimed they were really safe and > > when an Apple, Windows Vista and Ubuntu Linux computer competed against > > each > > other the first one to be hacked was the Apple. BTW, have you heard > > anything > > about Microsoft new source code that you can publicly share on this > > newsgroup?</span> > > I can. > > It won't support file system and registry virtualization for > legacy programs. Software developers should keep this > in mind when writing or porting for Vista. Average users > should consider this when purchasing software they want > to use on the next Microsoft offering. > > XP was pretty forgiving of those who didn't follow the > guidelines, Vista less so, and the next even less so. > > I think I saw the new OS's codename somewhere, but > I fogot it already. > > > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.