Information Security News mailing list archives

Re: Linux Security Week - December 2nd 2002

From: InfoSec News <isn () c4i org>
Date: Wed, 4 Dec 2002 02:59:17 -0600 (CST)

Forwarded from: matthew patton <pattonme () yahoo com>

I don't normally comment on these but I feel a couple bear some
words...

* Open-Source Trojans: A Growing Problem?
November 25th, 2002

Experts say the insertion of Trojans into two popular tools
reinforces the need to run readily available programs, such as MD5
hashes, to ensure that code hasn't been altered.  Experts recommend
using MD5 hashes to expose Trojans.

http://www.linuxsecurity.com/articles/projects_article-6256.html


I'm sure readers here are aware that MD5 etc. hashes do next to
nothing to expose trojans unless the user actually checks their
generated hash with a couple different authoritative locations and
discovers the discrepency. Obviously anyone who had access to a distro
server can generate their own hash and the user will as a matter of
course compute their copy and it will match and blithely continue
secure in knowing nothing useful about what they just downloaded.
Trojans introduced into CVS trees are the real and far more nefarious
threat.

* Combating Reverse Telnet Using OpenBSD Packet Filter (pf)
November 25th, 2002

This article is meant for those who are going to implement firewall
using OpenBSD. The main purpose for this article is to protect
servers (such as web, mail, dns and others) within a firewalled
network.  This article is based on my personal experiences and I
could not guarantee it will suit all system that you have.

http://www.linuxsecurity.com/articles/documentation_article-6255.html


They should have added to their disclaimer: "We are inexperienced
firewall rule-base authors and clearly have not read the extensive
literature out there on IPF/PF nor appreciate what our rulesets do." I
have emailed the two gents a strong critique of their purported
article and hope they see fit to heavily revise it if not yank it
altogether. IMO a far better ruleset and hardening the OS process was
presented by me at SANS 97 and somewhere on the 'net should be mirrors
of my firewall-guide that went thru OpenBSD from start to finish and
resulted in a floppy-sized bootable image with all the necessary
pieces. I probably have it on 4mm tape somewhere but no idea where
that tape is hiding...



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

Current thread:

Linux Security Week - December 2nd 2002 InfoSec News (Dec 03)
- <Possible follow-ups>
- Re: Linux Security Week - December 2nd 2002 InfoSec News (Dec 04)