Posts by PeteA

Re: Wow, that's no script kiddie

the malware “integrates deeply into the authentication stack, survives system updates, and leaves almost no forensic traces. Combined with layered obfuscation and environment tampering, this makes it exceptionally hard to detect using traditional tools."

That statement sounds almost breathless yet doesn't actually make a lot of sense based on the article. Disassembling it a bit:

- It's a PAM module, so obviously it is integrated into the Pluggable Authentication Module stack.

- It only survives system updates if the update doesn't reconfigure the PAM stack. Same as any other bit of malware that uses a modified configuration file somewhere.

- It definitely leaves forensic traces, in the form of [1] entries in the PAM configuration and [2] `.so`s in unexpected locations. It doesn't seem to leave much in the way of traces *when activated*, though you'll still get the audit records which should ring alarm bells.

- Where is the "layered obfuscation"? There is obfuscation by means of the `.so` names, but I didn't notice any _layering_ involved.

- "Leaves almost no forensic traces" appears to be a reference to the "environment tampering", i.e. getting rid of the SSH_* environment variables and redirecting history to `/dev/null`. Which I'd suggest is more related to self-protection by avoiding little things like the IP address of the SSH client (read: malicious actor) being logged than to hiding forensic traces. The traces should still be pretty visible if you know what you're looking for, unless there's more going on than the article suggests.

Given that installing the malware requires root access to do PAM reconfiguration then far from needing a bunch of knowledge to envision this hack it actually seems rather overblown. I'd imagine it'd be easy enough to configure standard PAM modules to have the same effect. For example,`pam_succeed_if` should do the job quite nicely.

Make it fast?

Hmm, I know about the other parts of the approach, but don't remember that bit. Don't think anyone could accuse Windows 3 of being fast. Or Windows 95. Or 98, millenium edition, NT, 2000, 7, 8 or 10 really. Haven't had the misfortune of having to use 11 yet, but I'm sure it's coming.

Re: Medical misinformation

You get to see a GP? How do you manage that?

Re: Palemoon, check. Seamonkey, check.

Yes - vim

Re: Global operating system

To an extent, the "global operating system" is the emergent behaviour from the combination of all the various standards (formal and informal), legislation and "standard practice" that has developed over the years into a rather arcane IP-based API.

It's all fractals-in-fractals ... what's the OS on my desktop? I'd probably say "Linux", although I really mean "a Linux kernel with a GNU userland and whatever other binaries I install". But in fact, that's just the OS I interact with. I imagine that each of my disks has an OS too (pointless having an ARM processor if not!!), along with all the other peripherals that gain "smarts" over time. So yeah, I buy into the idea of higher- and lower- level control planes^h^h^h operating systems. A shell running inside a container might _think_ it has an operating system, courtesy of the various kernel features (such as namespaces and cgroups) that have been cunningly kludged into the virtualisation construct known as "a container", but it doesn't really, it's just an illusion.

When I deploy some workload into Kubernetes ... I'd suggest that the k8s API's come very close to Wikipedia's definition of an operating system ("An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. ") ... hmmm ... a bit like kubelet then? And how does kata fit in?

Von Neumann / MIT architectures are interesting concepts. The reality is that we are rapidly moving to a much more distributed & interconnected system which resembles an ecological environment and has lots of different morphologies. Many of the inhabitants are symbionts (such as the OS on my HDD's), some are classic Von Neumann / MIT behemoths

Re: For shame, Richard

A mild observation, more bitter personally

Concept OK - implementation lacking

The essential concept behind SystemD (modelling the system as a dependency graph) works for me, but unfortunately the implementation is rather lacking in reliability. I've developed the same level of nervousness about rebooting that I used to have for Windows a decade or two ago. Init relied on you to get things right, and had nothing more than basic linear prioritisation. Much more basic - and much less maintenance hassle.

Semver FTW?

Welcome back, amanfrommars

See title

Re: Windows 10 worked out super-great for me

"As a consolation, I can use Raspbian on my Raspberry Pi, and it's based on Linux. Apparently they now have a version that can run on a PC "

OK - I sympathise with your desire to use Linux on your desktop, but think you might need to do a bit of reading around before the assertion that you're not able to use any current distribution on your machine [presumably PC]. It may also be useful to quantify "not a one of them will work" into HOW they don't work; are they all the same [i.e., possible hardware-vs-Linux-defaults issue] or different [i.e., possible distribution-specific issues]

Windows kind of works on Raspberry Pi, but it is extremely slow and driver support is very buggy.

So it's just like Windows on x86 / AMD64 then.

Re: "Orphans?"

Middle bit? <seealso cref="wsl" />

Said for a while I prefer Airbus as a passenger - though the Embraer 190's are very nice, the ride feels very 'crisp' with none of the wallowing that I associate with this size of aircraft [and the 737 in particular].

Re: Insanity

You mean suspend/resume, I think

Re: Sounds liek the lawyer is trying to muddy the waters.

Are incompetence and being on the take exclusive conditions?

Re: Norwich

Oh, I assumed it was just your local dialect. Guess it's from across the pond, eh?

Re: unregulated rip-off site

Interesting - I prefer buying independently where possible (just got some kit from ebuyer, who were actually the cheapest of the 'usual suspects' for standard gear). Direct was (very roughly) 5% lower than Amazon price, and I really loathe the way Amazon treat me with the constant devaluation of their products.

Re: Linux Torvalds

... and thereby demonstrating the reasoning behind Richard Stallman's viewpoints.

Re: location trusted

Indeed. Props to the libcurl team for helping people not to shoot themselves in the foot, but the (previous) behaviour is exactly what I'd expect from the man page:

-L, --location

(HTTP) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place.

Headers are part of an HTTP request, so I'd expect them to be sent to "the new place".