Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: File sharing with Bittorrent: what possible security threads?

from [Alexander Klimov] Network Security [Permanent Link]
Subject: Re: File sharing with Bittorrent: what possible security threads?
Date: Thu, 27 Mar 2008 17:51:09 +0200 (IST) 
On Thu, 27 Mar 2008, Adam Pal wrote:

i see no difference between the usual Windows-user and the
linux-user who stays logged in as root on his KDE and surfs on the
web (yes, such behavioral patterns exists *G* ), so from this point
of view, in certain circumstances linux viruses propagate similar to
windows-viruses.


Probably they can, but do they really?

Consider, for example, an attack described by F-secure
<http://www.f-secure.com/weblog/archives/00001406.html>.

  When you open the attached PDF file, you actually get a real
  PDF document with a relevant statement. However, this is not
  a normal PDF document. It contains a modified version of
  a PDF-Encode vulnerability to exploit Adobe Acrobat when the
  document is opened. The exploit silently drops and runs a file
  called C:\Program Files\Update\winkey.exe. This is a
  keylogger that collects and sends everything typed on the
  affected machine

Is it possible to write a keylogger for Linux and construct such
an attack? Sure. Are where enough Linux users to justify the cost
of development? No! And, by the way, almost for sure an exploit
against Adobe Acrobat will not work with xpdf, plus there is
a good chance that an attack developed for Red Hat will not work
on Debian (or vice versa).

-- 
Regards,
ASK
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Removing ping/icmp from a network, Jason
Next by Date:  Re: DoD aproved disk wiping tool, John Syers
Previous by Thread:  Re: File sharing with Bittorrent: what possible security threads?, Adam Pal
Next by Thread:  Re: File sharing with Bittorrent: what possible security threads?, Mark Laczin
Indexes:  [Date] [Thread] [Top] [All Lists]