On Thu, Dec 13, 2018 at 09:50:31AM +0100, Florian Obser wrote:
> On Thu, Dec 13, 2018 at 09:25:25AM +0100, Kollar Arpad wrote:
> > Any creative hints to defend against these kind of threats?
>
> Your system has been compromised. The attacker is able to replace
> binaries, you have lost. If your package manager can still tell you
> that the sshd binary has been replaced that only means that you are
> dealing with an incompetent attacker.
>
> Throw the computer away. Get a new one. Install from scratch, restore
> data (and only data!) from backup.
This assumes you can tell the difference between data and code.
It's a rather fundamental thing that you cannot tell the difference
between data and code.
Data read by a program is interpreted in some way. That's a form of execution.
-Otto
