[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-list
Subject: Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?
From: William Oliver <vendor () billoblog ! com>
Date: 2017-06-30 0:38:13
Message-ID: 1498783093.7584.23.camel () billoblog ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Thu, 2017-06-29 at 16:56 -0700, T.C. Hollingsworth wrote:
> > Prerequisites(S//NF)
> > The target must be running a compatible 64-bit version of
> CentOS/RHEL 6.x (kernel version 2.6.32).
> This doesn't even work on Fedora.
> Fedora kernels move too fast for them to keep up with binaries; they
> would have to use the source and rebuild it akmod style on every
> kernel upgrade. They aren't doing this; they want to keep their stuff
> secret.
>
> It could, however, have been ported to RHEL7 (and not leaked).
> > (S//NF) The Operator must have shell access to the target.
> So you have to already have a vulnerability or have a server
> administrator in the CIA's pocket. This is just a rootkit they use
> once they already have the keys to kingdom.
>
I went to a conference not too long ago with some feds who were in the
business of breaking into computers (not the CIA). They were pretty
cocky. But, really, my impression is that they pretty much count on
someone in an organization doing something stupid. And it's a good bet
-- if you have an organization of 500 people, the chances are very good
that at least *one* of them will do something that will compromise your
system. I used to do security for a federal network of mostly
scientists, who largely considered security nothing more than a huge
imposition on their ability to get work done. I had to be *very*
careful to make sure that my policies and actions were not overly
demanding on them, else they would start actively seeking ways to get
around things.
The difference between my colleagues and some of the "hackers" I have
known is that not only did these guys believe they could break into
anything, but they also assumed that their computers were compromised
unless proven otherwise. It was pretty funny. You could tell the IT
guys and gals at the meeting easily. They were the ones with tape over
the cameras on their laptop.
Personally, I assume that my computers are always on the verge of being
compromised. It's one of the things I like about fedora -- I always do
a clean install when a new version comes out, and I occasionally to a
clean reinstall midway through. That basically means I wipe my machine
every three months. It won't stop people from breaking in, but it
hampers long term surveillance.
billo
[Attachment #5 (text/html)]
<html><head></head><body><div><br></div><div>On Thu, 2017-06-29 at 16:56 -0700, T.C. \
Hollingsworth wrote:</div><blockquote type="cite"><div dir="auto"><div \
class="gmail_extra" dir="auto"><div class="gmail_quote"><br></div></div><div \
dir="auto"><span style="font-family:sans-serif">> \
Prerequisites(S//NF) </span><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">> The target must be running a compatible 64-bit \
version of CentOS/RHEL 6.x (kernel version 2.6.32).</div><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">This doesn't even work on Fedora.</div><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">Fedora kernels move too fast for them to keep up with \
binaries; they would have to use the source and rebuild it akmod style on every \
kernel upgrade. They aren't doing this; they want to keep their stuff \
secret.<br></div><div dir="auto" style="font-family:sans-serif"><br></div><div \
dir="auto" style="font-family:sans-serif">It could, however, have been ported to \
RHEL7 (and not leaked).</div><div dir="auto" \
style="font-family:sans-serif"><br></div><div dir="auto" \
style="font-family:sans-serif">> (S//NF) The Operator must have shell access to \
the target.</div><div dir="auto" style="font-family:sans-serif"><br></div><div \
dir="auto" style="font-family:sans-serif">So you have to already have a vulnerability \
or have a server administrator in the CIA's pocket. This is just a rootkit they use \
once they already have the keys to kingdom.</div><div dir="auto" \
style="font-family:sans-serif"></div></div></div><pre> \
</pre></blockquote><div><br></div><div>I went to a conference not too long ago with \
some feds who were in the business of breaking into computers (not the CIA). They \
were pretty cocky. But, really, my impression is that they pretty much count on \
someone in an organization doing something stupid. And it's a good bet -- if you \
have an organization of 500 people, the chances are very good that at least *one* of \
them will do something that will compromise your system. I used to do security for a \
federal network of mostly scientists, who largely considered security nothing more \
than a huge imposition on their ability to get work done. I had to be *very* careful \
to make sure that my policies and actions were not overly demanding on them, else \
they would start actively seeking ways to get around things. \
</div><div><br></div><div>The difference between my colleagues and some of the \
"hackers" I have known is that not only did these guys believe they could break into \
anything, but they also assumed that their computers were compromised unless proven \
otherwise. It was pretty funny. You could tell the IT guys and gals at the meeting \
easily. They were the ones with tape over the cameras on their \
laptop.</div><div><br></div><div>Personally, I assume that my computers are always on \
the verge of being compromised. It's one of the things I like about fedora -- I \
always do a clean install when a new version comes out, and I occasionally to a clean \
reinstall midway through. That basically means I wipe my machine every three months. \
It won't stop people from breaking in, but it hampers long term \
surveillance.</div><div><br></div><div><br></div><div>billo</div></body></html>
[Attachment #6 (text/plain)]
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic