http://arstechnica.com/security/2013/12/anatomy-of-a-hack-what-a-successful-exploit-of-a-linux-server-looks-like/

Dan Goodin@ArsTechnica wrote:

Not just for Windows anymore

DiMino's anatomy lesson is a graphic demonstration of recent advances in exploits for Linux. Once primarily the domain of machines running Windows, point-and-click exploits are used to commandeer machines so attackers can use them in online crime schemes. The increased horsepower and bandwidth available in many Linux servers often makes them more attractive than personal computers running Microsoft OSes. And as has always been the case, hijacked bots don't come with expensive electricity bills, and they often make it easy for criminals to cover their tracks.

The takeaway from the demonstration is just how important it is for admins working with any OS to stay on top of security patching. DiMino counsels admins to go a step further by learning how to actively monitor network activity on the machines they watch over. His blog post provides instructions for using the Volatility software framework to perform forensics on server memory. Among other things, it allows users to identify remote connections and the processes that initiate them.

"Besides ensuring that Internet facing servers are properly patched and hardened, knowing how to quickly track such a compromise should be part of best practices," DiMino wrote.

[Edit] I especially love the promoted user comments from this article.

Loved this one....

"Check the blurb under the story...
Dan Goodin / Dan is the IT Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications. He lives in a cave and communicates with the outside world using Unicode smoke signals."

---

... So, XP shall live on LONG after they stop releasing updates...

After over a DECADE of updates, shouldn't that system by now be fully feature complete and debugged?... ;-/

Or does the NSA and others know of a few holes more yet? :-(


For a real-world experiment: Wait until we see the rising tide of XP spambot zombies to find out?...

And for those who still love the WinXP look-and-feel: Why can we not have a "WinXP"-skin on top of whatever new updated OS?... ;-)


IT is what we allow it to be...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

After over a DECADE of updates, shouldn't that system by now be fully feature complete and debugged?... ;-/

I don't know... have humans figured out how to write perfect code, including for the patches they write?

Nope, and the few systems that come anywhere close are tiny compared to Windows XP, and cost vastly more per line to develop. I once chatted with someone who had some idea of the development and checkout process for Space Shuttle code on the main computers. They were really, really trying, and got pretty close, but at an expense per unit functionality not thinkable for most applications.

Well... Trying to compare to the flight software of the Space Shuttle is definitely overly extreme. Similarly so for trying to compare to any safety-critical software.

A better comparison is to compare against other general use computer operating systems or general use programs. Some of those can be very good, all from good design or systematic brute force testing (eg: FFmpeg and a thousand fixes) or some of both. Good design in the first place gives the biggest gains.

Meanwhile, for some of the history of how Windows XP came to be and to linger:


Hackers [Crackers] Love Windows XP

... after April 8, 2014, organizations that continue to run [unpatched] Windows XP won't have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities, and test [against] Windows XP to see if it shares those [new found publicized] vulnerabilities...


It’s time for Windows XP to die

In a world where computer security and internet privacy are critical issues, one of the biggest problems we have is the continued use of Windows XP. ...

... Windows XP was not designed for the modern Internet threat environment...

... resulted in Microsoft fixing hundreds of potential Windows XP security issues with Windows XP Service Pack 2 (SP2). But what Microsoft couldn’t do in SP2 was alter the basic design of Windows XP, so those security changes deferred for Windows Vista. ...

... built as single user systems there was never a notion of separating normal use from administrative use, and many applications took advantage of this. Windows NT did have the notion of giving users different permissions, but if you tried to use this feature then you found many applications wouldn’t run...


Ballmer Blames the Failure of Windows Vista on Security

... Following the security disasters and 2000 and 2001 that befell Windows 98 and 2000, Microsoft shut down all software development and launched the Trustworthy Computing Initiative that advocated secure coding practices...

... What made XP and Vista more secure? Eliminating (or reducing) buffer overflow errors helped. But what really made a difference is shutting off services by default [to reduce the code exposed to be exploited]...


If Only We Knew Then What We Know Now About Windows XP

... Microsoft's long-anticipated replacement for "Win 9x" -- the series of releases that began with Windows 95 and ended with Windows Millennium Edition --was never supposed to stick around this long. But half a decade after it began shipping on new computers (followed a month later by its retail debut), XP lingers.

In that time, this software has been Microsoft's most successful...

... But XP has also become an apt demonstration of the difference between "popular" and "widely used." People use XP but don't love it. Why should they?

This operating system has needed a steady diet of patches to stay close to healthy. On a machine with a September 2001-vintage copy of Windows XP Home Edition, installing every bug-fix released as of August ballooned its Windows directory from 987 megabytes to 2.43 gigabytes.

You can think of Windows XP as a house with a second floor built of spackle, wood filler and duct tape.

And even with all those updates, the operating system has met only a few of its goals while falling short of others in a catastrophic manner. And it's done so for reasons that can't all be blamed on XP's design...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Well, have fun continuing to point out the flaws in XP.

I'll get back to you when I can no longer use it for doing an excellent job of supporting 8 of my crunchers.

Do not expect to hear from me for a long, long time.

Meow.

---

"Freedom is just Chaos, with better lighting." Alan Dean Foster

Hmmn, wasn't it XP with it's great plethora of games that forced Linux in making Wine and it's attempts to emulate Games for the Windows platform?

BTW, how is WINE doing?

---

... So, XP shall live on LONG after they stop releasing updates...

After over a DECADE of updates, shouldn't that system by now be fully feature complete and debugged?... ;-/

Or does the NSA and others know of a few holes more yet? :-(


For a real-world experiment: Wait until we see the rising tide of XP spambot zombies to find out?...

And for those who still love the WinXP look-and-feel: Why can we not have a "WinXP"-skin on top of whatever new updated OS?... ;-)


IT is what we allow it to be...
Martin

I have to ask our resident window basher how many flavors of linux have been released over how many years? You still cant get it just right or you just like change?

I ran Seti@Home on my P4 XP box for over 10 years with out a hitch or a hacker. My wifes celeron laptop has XP on it also,That has never had any problems.

I found XP to be one stable OS. So far Win7 seems just as stable, But time will tell. ( nine more years to go )

---

[/quote]

Old James

Hmmn, wasn't it XP with it's great plethora of games that forced Linux in making Wine and it's attempts to emulate Games for the Windows platform?

BTW, how is WINE doing?

Read for yourself. Very healthy and progressing nicely with two releases this year already. (Also note that a better description for WINE is to call it an "operating system calls translator," it doesn't do any emulation...):


About Wine

Wine (originally an acronym for "Wine Is Not an Emulator") is a compatibility layer capable of running Windows applications on several POSIX-compliant operating systems, such as Linux, Mac OSX, & BSD. Instead of simulating internal Windows logic like a virtual machine or emulator, Wine translates Windows API calls into POSIX calls on-the-fly, eliminating the performance and memory penalties of other methods...


Wine History

Wine's roots can be traced back to 1993. At the time several forces were converging that made running Windows applications appealing...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

When the hardware in my jukebox finally dies then XP will finally die here.

And that is an important point...

There's many pieces of hardware operated by whatever software that still run fine for their original function. Why be forced to change for the sake of Marketing?...


Times do move on, but some things can work well just the same for many years at a time. So why be forced into "renew everything every few months" Marketing cycles?...

IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

... So, XP shall live on LONG after they stop releasing updates...

After over a DECADE of updates, shouldn't that system by now be fully feature complete and debugged?... ;-/ ...

... how many flavors of linux have been released over how many years? You still cant get it just right or you just like change?

a: Many.

b: Both.

You can run an amazing amount of new software on a surprising range of hardware for anything from very new to decades old.

For those who reminisce for the old stuff, the last of the old 2.4 kernels is still supported since well over a decade now.

And even for the latest 3.6 kernels, there is very good backwards compatibility so that you can still run almost anything from any time.

All with a choice of desktops so you can choose any look you want...

So... I guess the emphasis has been on rapid development yet maintaining backwards compatibility. (Only very recently has support for some of the earliest versions of the x86 CPU been abandoned.)

I ran Seti@Home on my P4 XP box for over 10 years with out a hitch or a hacker. My wifes celeron laptop has XP on it also,That has never had any problems.

I found XP to be one stable OS. So far Win7 seems just as stable, But time will tell. ( nine more years to go )

Good stuff and good luck.

I jumped off the Windows bandwagon for my own use and developments when WinXP started suffering the first rampant malware attacks. Over ten years later, there is still a high burden to try to keep Windows 'safe'. Indeed, I use Linux systems to keep the Windows stuff as safe as practical. There just isn't that burden for any other OS thus far as far as I've seen.

Developments and time will tell...


Happy clean crunchin',
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Some bold and interesting comment for the new year:


Linux Wins the Desktop in 2014 and 3 More Bold Predictions

Linux won, the penguin has achieved world domination, and the usual commentarians completely missed it even after years of predicting it. Because it's not something that happened in a single flashy event, but rather has been the product of years of hard work and steady improvement. 2014 is the year that Linux starts to win the desktop, which is the final Linux frontier. And it is the year of exponential growth in every arena.

The strength of Linux and free/open source software is iteration. FOSS iterates many times faster than commercial proprietary software because there are no artificial barriers like those that infest the business world: no "brilliant" marketing ideas, no business processes (proposal, review, proposal, review, proposal, review, ad infinitum), no protecting existing product lines, no artificially crippling applications to create multiple price points...you know the dance. In the FOSS world when something needs to be done there are few obstacles to someone stepping up and doing it...


And you know... Linux has become so ubiquitous that if you do anything online, you will almost certainly now be using Linux systems...

In some ways that is good. In other ways that can develop into something scary. We really do need some other two or three other different systems to maintain a healthy set of independent working standards that must work between systems...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Funny that it's still only a 2% OS (in all it flavours) in the Desktop/Laptop sweepstakes.

http://netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0&qpct=6

Cheers.

I want what ML is smoking.

---

[/quote]

Old James

Funny that it's still only a 2% OS (in all it flavours) in the Desktop/Laptop sweepstakes.

http://netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0&qpct=6

And yet...


Voice of the Masses: Is the “year of Linux on the desktop” question still relevant?

... Take a Windows user who spends most of his/her time using Google Mail, Google Drive, Facebook, Twitter, Amazon and the like. Windows may be the desktop OS in this case, but all of the web apps and sites are being served up by Linux. So as people spend more and more time using web apps, many of which are powered by Linux, has Linux already won on the desktop, in one way?...


(And for some good irreverent chaotic but informative fun: :-) )

Podcast Season 2 Episode 1 - Ignorance Predators

In this episode: Linux is now more popular than ever on the desktop (and on mobile). And thanks to 14 new Steam Machines announced by Valve at CES, it’s becoming a gaming behemoth. Red Hat is going to work closer with CentOS and the UK government’s ‘porn filter’ is filtering more than porn. Also in the show, we’ve got the longest ever ‘Finds of a Fortnight’, an ace Voice of the Masses and a special guest...



Windows 8? You’ll need support with that – the open source column

When a big store is selling a support package because you’ve ‘chosen’ Windows 8, then there’s surely a huge problem...

... While when it came to laptops, to badly paraphrase Henry Ford, you can have any operating system you like, as long as it’s Windows 8.

In truth, most of us have long since resigned ourselves to this, but the next move from the salesperson genuinely astonished my friend. “You’ll need to buy our support package”, they were informed, “because Windows 8 is so hard to use”. Whoa...

... But then that’s the idea. The eradication of choice. The making you feel you have a wide selection of products to choose from, simply because they come in different colours. ...

It feels like a battle has been lost here. And while Microsoft may be experiencing problems breaking into any market that isn’t the desktop PC, too little has changed since Windows took its stranglehold on consumer computing. And when you go into primary schools and see computers piled up with Microsoft software, you can’t help but feel the next generation is going to make the same mistakes we did...



IT is what we allow it to be...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

I want what ML is smoking.

Me too as it must be good.

Cheers.

I want what ML is smoking.

Me too as it must be good.

Cheers.

To bad linux isnt as good. The world would be beating a path to its doors for that better mouse trap.

---

[/quote]

Old James

Wine's roots can be traced back to 1993. At the time several forces were converging that made running Windows applications appealing...

Wow, you're saying that Linux users were envious of MS users? Hmmn, Microsoft had its uses then.

@James, yes XP was a great O/S, but will Win 7 last that long?

---

Wine's roots can be traced back to 1993. At the time several forces were converging that made running Windows applications appealing...

Wow, you're saying that Linux users were envious of MS users? ...

Hardly... You do love emotive words to seize upon any one word regardless of the surrounding context.

So... Back in 1993 and... WINE very naturally developed from other projects floating around at the time during the computer age of cross-platform cooperation whereby a strong goal was to allow any software to run anywhere. I believe Microsoft attempted to stifle that...

See: Wikipedia - WINE History

@James, yes XP was a great O/S, but will Win 7 last that long?

For such a 'great' OS, shame that it soon developed such a high malware load and internet pollution!


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

@James, yes XP was a great O/S, but will Win 7 last that long?

For such a 'great' OS, shame that it soon developed such a high malware load and internet pollution!

To be fair, that was because it was the most common OS at the time making it the best target.

---

Life on earth is the global equivalent of not storing things in the fridge.

@James, yes XP was a great O/S, but will Win 7 last that long?

For such a 'great' OS, shame that it soon developed such a high malware load and internet pollution!

To be fair, that was because it was the most common OS at the time making it the best target.

That continues to be a frivolously lame excuse.

We've now had over 50 years of *nix systems, some running very high value computing, and yet we see nothing of the sort or widespread and yet still continuing scale of malware that afflicts Windows systems.

Note also that we have Linux now running very many (unsupported-install-and-forget) low level appliances. Other than the usual exploits seen due to sloppy manufacturing practices, again you'll find that the systems inherently simply do not support viruses.

So... The Marketed excuse of "most popular to malware due to market share" is frivolously wrong on all counts...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)