> On Friday 17 Oct 2003 15:53 pm, Jochem van Dieten wrote:
>
>>>You don't have to be doing something stupid to trigger a trojon.
>>
>>What would be a non-stupid way for an admin to trigger a trojan on his
>>server?
>
>
> DNS poisioning when you downloaded the patch file, for instance.
> On UNIX boxes, a local attacker could have altered an alias for a common
> command to fetch, compile and insert a Nasty kernel module and then waited
> for you to run that command.
That is what checksums are for.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
