Appendix A. Internet Resources for the Latest Intrusions and Defenses | Real World Linux Security Prentice Hall Ptr Open Source Technology Series

Various Internet resources for the latest information on intrusions and defenses are listed in this appendix as well as additional source information and documentation that is either changing at a significant rate, or will not fit in the book, or where permission to use the material could not be obtained. This also will allow you quickly to get fixes to security bugs and find out about new tools to increase security, as well as find support for your existing software. The crackers are reading these lists; you should too. Keep in mind that the crackers know that you are looking to these sites for help. There is always the possibility that crackers have breached the sites or have included false information in mailing lists.

Generally, CD-ROMs in sealed containers are much less likely to have been compromised, though this author has read that a certain CD-ROM widely distributed by Microsoft contained a Trojan horse, and certainly other vendors have suffered this too. Certainly, checking MD5 or other published checksums increases your confidence. Wait to install a patch until it has been recommended by several trusted sources. I recommend allowing at least a few days for the possibility that someone contributing to one of these sites might say, "Wait! It's a trap!" Because many open-source tools are available from several sites, for extra security download the one you want from several sites and do a byte-by-byte comparison or use md5sum for a hard-to-breach message digest to protect against the cracker breaking into a site and inserting a Trojan.

If the patch is not urgent enough to require installing immediately, wait a few days, download it again, then compare it against the earlier copies on the assumption that the intrusion that might have corrupted the first copy would have been dealt with by then. Some of these sites may be "dead" by the time you try them; check my site for updates. Also be wary of alleged "new and improved" versions that might contain Trojans. This did, in fact, happen with one popular security tool around 1998.

These traps of "new and improved" containing Trojans and "detour this way" certainly are not limited to computers or ancient mythology. I find the following theft to be both ingenious and risky:

Most banks offer a night depository where small businesses can each insert a canvas bag containing the day's cash receipts after the shop has closed and they have counted the money. Naturally, the bank already has closed by this time. On one particular evening, merchants found a sign on their bank's depository door saying "Out of order: deposit with guard." Next to the depository stood a very stern man in a very crisp bank guard uniform looking very guard-like with a large canvas bag.

Uniforms and bank supplies can be purchased quite easily in any large city. Thus, these thieves made off with many tens of thousands of dollars and were smart enough not to repeat their exploit.

Top