Date: Sat, 24 Nov 2018 21:15:46 +0100 From: Ralf Mardorf <ralf.mardorf@rocketmail.com> To: freebsd-questions@freebsd.org Subject: Re: New Virus that targets *.nix Message-ID: <20181124211546.5e2d4bdd@archlinux> In-Reply-To: <20181124194356.26dd5ad7.freebsd@edvax.de> References: <DM5PR20MB210207A5208820C5F435CC1580D50@DM5PR20MB2102.namprd20.prod.outlook.com> <20181124194356.26dd5ad7.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Nov 2018 19:43:56 +0100, Polytropon wrote: >Always use "curl myapp.example.com | sudo bash" to install >the software you trust! Apply snake oil as desired. ;-) For those interested to compromise Linux installs, targeting Ubuntu flavours might be the easiest way to go. I seriously doubt that a lot of Ubuntu users do check downloaded install media correctly against the gpg signed sha256sum provided by Ubuntu. Usually they don't know how to get the public key and how to verify the checksum against the public key, in the first place. Providing compromised Ubuntu flavour install media is easier to do, than using common vulnerabilities to get access to a handful of well maintained Linux or *BSD installs. When using common vulnerabilities, the best approach is to get access to the bad maintained routers using an embedded Linux. I guess that criminals are criminals, because they will get as much income for as less work as possible. However, if criminals have got a special interest that justifies to do much hard work, they likely will use more complicated hacks, than a noticeable bash script or they don't hack anything at all and instead use a screw driver... ...or else... real criminal experts provide Internet search engines and free Internet services, to legally get what they want. Other criminals hack those providers of Internet search engines and free Internet services. Isn't it interesting that after hackers have stolen data from providers of Internet search engines and free Internet services that many people are afraid, while the same people aren't afraid that those providers of Internet search engines and free Internet services already misused this data before it was stolen? Alexa, send this email!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181124211546.5e2d4bdd>