!what's up with this?????

Discussion in 'NZ Computing' started by Max Burke, Oct 26, 2004.

  1. Max Burke

    Max Burke Guest

    I read this in Aardvark/ZD Net Australia...

    Red Hat warns of malicious security 'update'
    By Munir Kotadia, ZDNet Australia

    25 October 2004 Add your opinion

    Linux maker Red Hat is warning users about an e-mail that pretends to be an
    official security advisory but is actually a phishing-type scam that
    contains links to malicious code.
    The fake e-mail appears to have been sent from "" and was
    first spotted on Friday evening with a subject line: "RedHat: Buffer
    Overflow in 'ls' and 'mkdir'".
    The e-mail contains instructions on how to load and install a 'patch', which
    Red Hat warns is likely to contain malicious code.
    http://www.zdnet.com.au/news/security/0,2000061744,39164067,00.htm

    Then I get this in daily security email list from:
    NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT
    10/25/04

    Red Hat urges users to patch fileutils

    Red Hat sent an urgent note to subscribers urging them to apply the
    fileutils-1.0.6 patch to fix vulnerabilities in the "ls" and "mkdir". The
    flaw affects Red Hat 7.2 and greater. Download the patch here:
    <http://www.fedora-redhat.com/fileutils-1.0.6.patch.xxxtar.xxxgz>

    I know which website I believe and trust....
    I guess it had to happen sometime.

    [Note: the above download URL altered.]

    --

    Replace the obvious with paradise.net to email me
    Found Images
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Oct 26, 2004
    #1
    1. Advertising

  2. Max Burke

    AD. Guest

    On Tue, 26 Oct 2004 17:14:34 +1300, Max Burke wrote:

    > I know which website I believe and trust.... I guess it had to happen
    > sometime.


    Sounds like some of your sources for security info aren't very trustworthy
    if they fell for that one without checking it out.

    Now for the next question: Does this revelation indicate that your
    previous ideas about security have been clouded in any way?

    Cheers
    Anton
    AD., Oct 26, 2004
    #2
    1. Advertising

  3. Max Burke

    thing Guest

    AD. wrote:
    > On Tue, 26 Oct 2004 17:14:34 +1300, Max Burke wrote:
    >
    >
    >>I know which website I believe and trust.... I guess it had to happen
    >>sometime.


    you do? please enlighten.....

    >
    > Sounds like some of your sources for security info aren't very trustworthy
    > if they fell for that one without checking it out.
    >
    > Now for the next question: Does this revelation indicate that your
    > previous ideas about security have been clouded in any way?
    >
    > Cheers
    > Anton


    now, now, he probably applies all the MS patches sent to him via email
    as well....

    ;]

    Seriously,

    Note it was a Redhat advisory and not a Red Hat one, interesting boob....

    Given a high percentage of Apache (69%), and probably a high percentage
    of those running Red Hat, (50%?) it makes a lot of sense to aim such an
    attack at RH Linux, with 51 Million web servers even <0.001% gives quite
    a few (10,000+) web sites.....

    However instead of the huge amount of clueless home users they would
    have hit far more clued up admins....Most users of RHxSn would be on a
    subscription model with up2date already set to the proper Red Hat URL....

    So this leaves, old systems which probably are not secure anyway and
    people not paying for support.....

    My conclusion it that it is poorly targetted and executed, bit pathetic
    really....

    It almost suggests script kiddies had got a Linux root kit from
    somewhere, crudly packaged it and sent it off...maybe it was just
    kids....I find it hard to believe a "professional" cracker could put
    this together, I mean its sooooo bad.......

    regards

    Thing
    thing, Oct 27, 2004
    #3
  4. Max Burke

    AD. Guest

    On Wed, 27 Oct 2004 20:01:05 +1300, thing wrote:

    > My conclusion it that it is poorly targetted and executed, bit pathetic
    > really....


    Agreed but still, apparently Jason Meserve's virus and bug patch alert
    newsletter from Network World somehow fell for it.

    Imagine Max's reaction if some Linux oriented newsletter reported one of
    the fake MS patches as a real one.

    Cheers
    Anton
    AD., Oct 27, 2004
    #4
  5. Max Burke

    thing Guest

    AD. wrote:
    > On Wed, 27 Oct 2004 20:01:05 +1300, thing wrote:
    >
    >
    >>My conclusion it that it is poorly targetted and executed, bit pathetic
    >>really....

    >
    >
    > Agreed but still, apparently Jason Meserve's virus and bug patch alert
    > newsletter from Network World somehow fell for it.


    and someone trusts journalists?

    >
    > Imagine Max's reaction if some Linux oriented newsletter reported one of
    > the fake MS patches as a real one.
    >
    > Cheers
    > Anton


    Max actually uses a range of OSes I believe, he just does not like
    zealots who rave over reality.

    It will be interesting to watch how well these social engineering games
    do against a supposedly more switched on user base....

    regards

    Steven
    thing, Oct 28, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page