Linux security (was Re: [clug] Witty worm a wake up call)
mbp at sourcefrog.net
mbp at sourcefrog.net
Mon Jun 7 11:13:56 GMT 2004
On 7 Jun 2004, Tony and Robyn Lewis <beakysnugger at yahoo.co.uk> wrote:
> 1. how easy is it to keylog in Linux, assuming privileges of the user
> you're trying to log?
Fairly easy. X applications can generally catch all input going to
another window. Some things like ssh-askpass-gnome disable this and
the 'secure input' option on xterm does it too, but a smart attacker
could get around them.
> 2. how easy would it be to rigorously test to see if you're being
> sniffed? Could you reasonably expect to see, say, how many processes
> get your keystrokes (e.g. X -> shell -> some app), and then have a good
> indicator as to if you're being sniffed?
It's impossible to know for sure if an attacker has root on the
machine, unless you boot from known-good media. chkrootkit may help.
See e.g. http://www.google.com/search?q=t0rn
--
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20040607/605e37e6/attachment.bin
More information about the linux
mailing list