On Thu, Dec 13, 2018 at 09:25:25AM +0100, Kollar Arpad wrote:
> https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/
>
> ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, "The Dark Side of the ForSSHe", they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats
Yes, researchers have found these things in the wild. The thing that irritates me no end
is that the way this is written, one could be lead to believe that the malware just
magically appears on your box.
> Any creative hints to defend against these kind of threats?
Creative hints? No. The best defence is as always,
PATCH YOUR SHIT!
(As in, install all relevant updates that come from trusted sources.)
Keep your systems up to date, do not install new, improved versions of anything
from sources other than the trusted repositories, do not muck around with config
options you don't understand, and oh
PATCH YOUR SHIT!
(Again as in, install all relevant updates that come from trusted sources.)
I could go on about not allowing root logins, going to keys-only logins, various other
things, my meta-rant wrapped around several articles on the "Hail Mary Cloud" password
guessing episodes is at https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html
(TL;DR: it all started with a dodgy binary off a Debian system) has a few other points
in the summary pieces.
The other suggestions you have are mostly not relevant in an OpenBSD environment and
to my mind at least just adds complexity for no real gain. If you for some reason want
to stick to passwords, longer ones *are* better, but AFAIK code changes to passwd
are not necessary just to accommodate that as long as you can live with a max length
of 128 characters (which is the current limit if I read http://man.openbsd.org/passwd
correctly).
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
No comments:
Post a Comment