![]() ![]() The latter is much less work (if you want to rotate the signature, one file to update, SHA256 of a bunch of files can be much lighter than signing them all), but trust is on the repository. RPM signs the packages, not the repo, deb/FreeBSD packages sign the repo, and it's transitive after that (you get a signed file containing the hashes, therefore you know the hashes are right.). Given how Russia has shit all over everyone these days, I know they have zero fucks to give about being caught with their hands where they don't belong.ĭepends on the package format. And Kapersky has been caught with its hand in that cookie jar one time more than it should have been. ![]() But in the spy game, anything is possible. If you look at the time frames involved, that's more than enough time to run a targeted attack and keep the lines open to the point the malware has done the job it was intended to do and they can close up the server. Since it was Kapersky Labs who released this information, I'm also going to add my totally unsupported by definitive facts notion that this was malware developed by those friendly(ish) with Russia, and was already replaced with something more sinister, before Kapersky said anything about it. ![]() Either that, or it was a targeted attack against specific IP's that succeeded or failed. Were I to hazard a guess, I'd speculate that perhaps a combination of factors (repository-available down-loaders, for one example, and somewhat more savvy computer users as a secondary influence) ended up making the whole attempt worthless. Given that, I did notice that the article says NOTHING about how many machines were potentially infected, and that it shut down for unknown reasons. It's just a bit more difficult than most to get someone to install something sketcy. Linux is NOT bulletproof, of course, contrary to what some folks may claim. You pretty much have to do that in Linux, even for something as simple as a boot log record.Īnd going outside of the repositories is always a bit sketchy, and requires some reading and research. After all, at least these days, most folks use Windows and never once have to go to cmd for CLI solution. Granted, skill and opsec awareness are two entirely different things, but on average, Linux people have more direct contact with the OS than Windows folks do. ![]() Untamed, it's not exactly an OS your grandmother would want. Click to expand.I can't really imagine THAT many people who use Linux falling for this. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |