Re: how to fix rootkit?

To: debian-security@lists.debian.org
Subject: Re: how to fix rootkit?
From: Michael Stummvoll <michael@stummi.org>
Date: Wed, 08 Feb 2012 19:39:19 +0100
Message-id: <4F32C157.5090206@stummi.org>
In-reply-to: <CAM7p17MyvsWKTd-CH0SDoDCCU5VxqLXW_cPSC=_JkhqUn3+Kzg@mail.gmail.com>
References: <4F3237FA.1050206@lab127.karelia.ru> <20120208125104.GA18436@thangorodrim.de> <CAM7p17PMimBO-Ouu4gRy7L7PXWdy=a2jRhYo6Wq-J0OKY0DGPw@mail.gmail.com> <4F328178.40209@ulg.ac.be> <4F328961.4040006@advan-ce.hu> <CAM7p17Nv7iF9voVWVOocTq78dLn9S9O_61VgBfzWQNaDoSvaxw@mail.gmail.com> <4F32A8E5.1060806@stummi.org> <CAM7p17MyvsWKTd-CH0SDoDCCU5VxqLXW_cPSC=_JkhqUn3+Kzg@mail.gmail.com>

Am 08.02.12 18:46, schrieb Fernando Mercês:
> Reading memory after turning off? There are a easy way to it?
> 
> When I said "your own binaries", I mean "get fresh copies of
> binaries and use in system with a USB stick or something like that.
> Do not use the compromised system binaries". That's it. ;-)

And who says, that the new binarys don't work in "compromized mode",
e.g. with a LD_PRELOAD? ;)

you can't trust a compromized system, not even when you running (or
think you are running) own binaries. Who knows, what the kernel does.

Kind Regards,
Michael

Reply to:

Follow-Ups:
- Re: how to fix rootkit?
  - From: Jutta Zalud <ju@netzwerklabor.at>
- Re: how to fix rootkit?
  - From: "Milan P. Stanic" <mps@arvanta.net>

References:
- how to fix rootkit?
  - From: "volk@lab127.karelia.ru" <volk@lab127.karelia.ru>
- Re: how to fix rootkit?
  - From: Alexander Schreiber <als@thangorodrim.de>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Leonor Palmeira <mlpalmeira@ulg.ac.be>
- Re: how to fix rootkit?
  - From: Repasi Tibor <repasi.tibor@advan-ce.hu>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Michael Stummvoll <michael@stummi.org>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>

Prev by Date: Re: how to fix rootkit?
Next by Date: Re: how to fix rootkit?
Previous by thread: Re: how to fix rootkit?
Next by thread: Re: how to fix rootkit?
Index(es):
- Date
- Thread