[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to fix rootkit?

On 02/08/12 18:07, Russell Coker wrote:
> On Thu, 9 Feb 2012, Stephen Hemminger <shemminger@vyatta.com> wrote:
>> The advice I heard is trust nothing (even reflash the BIOS).
> Do you know of any real-world exploits that involve replacing the BIOS?  It's 
> been theoretically possible for a long time but I haven't seen any references 
> to it being done.
Exploits that are theoretically possible are implemented by private 3rd
parties(and Hackers!).

I've a small collection of utilities I know that I'm the only one who
has a copy, though other tools that work the same way more then likely
> Also one thing to keep in mind is the apparent competence of the attackers.  
> If they didn't bother changing debsums then it's unlikely that they did any of 
> the other tricky things which have been discussed (such as trojaning the 
> kernel).
A RedHat expert can alter a running Debian kernel, but might miss debsum.

Reply to: