PDA

View Full Version : SECURITY ALERT-Why It Seems To Be Ignored?



bongski55
07-20-2003, 12:13 PM
This post (http://www.knoppix.net/forum/viewtopic.php?t=3552) is getting very few responses although it looks serious. Any response from Stephen,Rickenbacherus,etc ? I am really concerned about this.

eadz
07-20-2003, 12:22 PM
No-one has sent it to the debian-knoppix mailing list, however, it is a local exploit.

Now if you're worried about a local exploit, I take it you have your computer in a locked safe with no physical access to it?

Additionally, I don't see a .qt directory in /tmp/ . Do you have one?

bongski55
07-20-2003, 12:27 PM
What is a Local Exploit?

eadz
07-20-2003, 01:00 PM
It means you must already have an account on your computer before you can exploit it.

bongski55
07-20-2003, 06:58 PM
So does it mean this security problem is not severe?

Please make this clear.

Thanks!

Stephen
07-20-2003, 07:04 PM
I think the post got the response it deserved I have the last two version installed on a spare drive I use for testing and could find no such file in either.

And to be perfectly clear on the local expliot a person must have physical access to your machine and be able to login to the computer. The only totaly secure computer is one kept under lock and key that only you have access to and with no connection to any network.

bongski55
07-20-2003, 07:28 PM
I was concerned because I do have those files both on root's home and my home-the is the .qt directory with the files mentioned in that alert. I have version 0606.

Would it be safe to delete the directory? I have no idea if it relates to the qt programs.

Stephen
07-20-2003, 08:29 PM
I've logged into my nephew's computer which I have put the 06-06 version on a well and the file is not here either that being said it is only a directory in the /tmp directory so remove it if you feel that uncomfortable with it being there as was stated above the only way someone could use the exploit ( if it is actually one this has yet to be confirmed) would be to have access to your computer.

bongski55
07-21-2003, 08:00 AM
Thanks Stephen for replying and please pardon my seemingly paranoid reaction to this. One of the reasons why I am shifting to Linux is the frequent security problems and various viri which seem to plague windows systems. At one time my pc and the office pc was infected with 10 viri which fortunately norton was able to catch. And now this.

BTW, the .qt directory in my pc is NOT in the /tmp. It is one of the hidden directory on the /home/user. In this case, does this relate to the alert or it is not affected ,being not in the /tmp directory?

fingers99
07-21-2003, 01:28 PM
The .qt files in the other directories are fine and safe. Don't remove them!

If you're still feeling paranoid (and it's not such a bad thing!) you might like to install a firewall and look for Linux security articles on the internet (Google will chuck up plenty).

But it's worth mentioning that the best security strategy is to simply back up your data.

eadz
07-21-2003, 01:55 PM
Following up on Finger's post :

Securing Debian Manual

http://www.debian.org/doc/manuals/securing-debian-howto/

Stephen
07-21-2003, 08:22 PM
Thanks Stephen for replying and please pardon my seemingly paranoid reaction to this. One of the reasons why I am shifting to Linux is the frequent security problems and various viri which seem to plague windows systems. At one time my pc and the office pc was infected with 10 viri which fortunately norton was able to catch. And now this.

BTW, the .qt directory in my pc is NOT in the /tmp. It is one of the hidden directory on the /home/user. In this case, does this relate to the alert or it is not affected ,being not in the /tmp directory?

In addition to the fine suggestion above you may want to look into installing the program bastille-linux (http://www.bastille-linux.org/) a security hardening tool. Also coming from the windows world where security seems to be taken so lightly by MS I can see where you would be concerned. Rest assured that people in Linux take security as their number 1 priority and when problems arise they are fixed ASAP you do not have to wait months or even years for problems that are known to be corrected.

I do not wish to ascribe motives to the person who made this post but I find it strange that he did not even make the effort to inform the developers ( at least I have seen no mention of it on the developers list) the usual procedure in cases of a problem is to inform the developers give them the opporitunity to correct the problem and then when you post the vulnerability you offer a solution or work around to the problem. Just my 2 cents and worth every penny.

FelixDzerzhinsky
08-16-2003, 08:14 PM
I've installed bastille and done the scripts. Is there a way to check that it (particularly the firewall is working?

Stephen
08-16-2003, 10:14 PM
I've installed bastille and done the scripts. Is there a way to check that it (particularly the firewall is working?

Gibson Research Corporation (https://grc.com/default.htm) has a free port scanner you would be looking for the Shield's Up link. You can also use security scan (http://scan.sygatetech.com/) from Sygate.

FelixDzerzhinsky
08-18-2003, 07:58 AM
Thanks Stephen. It works! :D