Bugtraq mailing list archives

Re: snooper watchers

From: fc () all net (Dr. Frederick B. Cohen)
Date: Sun, 26 Feb 1995 00:13:01 -0500 (EST)

If I turn the paranoid mode up a notch or two here..
What is to stop someone from mounting another filesystem over the top of
your tripwire database and crontab entries.  Replace the mount and df
commands to not show the new mount point.  Now you continue to believe
that you are a happy camper, all safe and secure.

...


Btw an easier attack is to just modify the script that regularly runs
tripwire, usually run from cron.

...


                                     Tim N.


        This whole set of issues has been researched in some depth and
partially solved - partially proven unsolvable.  See "Defense in Depth
Against Computer Viruses" and "Program Evolution for Operating System
Security" - both in the IFIP-TC11 Journal Computers and Security -
I won't bother to tell you who the author was - FC

Current thread:

Re: snooper watchers, (continued)
- - Re: snooper watchers Julian Assange (Feb 23)
    - Re: snooper watchers Karl Strickland (Feb 28)
    - Re: snooper watchers Julian Assange (Feb 28)
  - Re: snooper watchers Ben Taylor (Feb 24)
- Re: snooper watchers Charles Stephens (Feb 23)
- Re: snooper watchers mascarkp () cc3 adams edu (Feb 24)
- Re: snooper watchers Eiji Hirai (Feb 24)
  - Re: snooper watchers Gene Rackow (Feb 25)
    - Re: snooper watchers Timothy Newsham (Feb 25)
    - Re: snooper watchers Darren Reed (Feb 25)
    - Re: snooper watchers Dr. Frederick B. Cohen (Feb 25)
- Re: snooper watchers smb () research att com (Feb 26)
- Re: snooper watchers der Mouse (Feb 26)
- Re: snooper watchers Timothy Jones (Feb 26)
  - Re: snooper watchers Leo Bicknell (Feb 26)
    - Re: snooper watchers Christopher Samuel (Feb 27)
  - No Subject Nicholas West (Feb 26)
  - Re: snooper watchers Peter Wemm (Feb 27)