I just wanted to share a *great* paper I'm currently reading, which
describes the bone-chilling set of exploiting programs that has been
talked about recently - A network of related tools to install and hide
a credentials stealing infrastructure that, at least so far, has been
mainly used to send spam.
http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
Why is this paper of interest specifically to this list?
- Debian is often mentioned in the examples. The reviewed daemons
target multiple platforms, Debian among them.
- Very thorough analysis. The paper will be a fun and welcome read to
any security enthusiast.
- Mitigation. Possibly, by better understanding the techniques used by
the attackers, the Debian security team can avoid some of the
pitfalls that led to its spread. Frankly, many of them look just
like a collection of bugs leading to elevated access and regular
sysadmin good practices (!), so I'm not sure too much can be done
about them, but... You are the experts ;-)
Attachment:
signature.asc
Description: Digital signature