On Friday 24 Jan 2003 10:32 am, Rifza Adriansyah wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 23 January 2003 10:05 pm, Derek Jennings wrote: > > (Hmm How do you know that site does not contain malicious HTML > > designed to cause a buffer overflow in your browser and install a > > Trojan on your computer? - The best defence against that > > possibility is to not visit the site with Internet Explorer :-) > > I read at www.linuxsecurity.com that there is a trojan for linux in > mp3 files. Have you heard or read about this, Derek ?. Could tripwire > protect linux box from trojan horses ?. Any comments will be > appreciated. > > - -- > Rifza Adriansyah >
Yes. I read about it here http://212.100.234.54/content/6/28842.html and here http://www.pclinuxonline.com/modules.php?name=News&file=article&sid=4252 It exploits a bug in a version of mpg123 to run arbitary code when you play a malicious mp3 file. It can damage files in your *user* account (so long as you are not running as root) The version of mpg123 shipped with Mandrake is not vulnerable, and the alternative mp3 player mpg321 is not affected. There was also a bug found in mozilla a while back which would allow a malicious website to run arbitary code in your computer. http://www.mozilla.org/projects/security/known-vulnerabilities.html I am no security expert, but I do not think Tripwire would protect against either of those attacks. As I understand it tripwire works by comparing files checksums against those previously calculated to find evidence of intrusion. (As can msec) While Linux is not immune to malicious attack, it is certainly better protected than Windows, but you should still get your security updates regularly. derek -- ---------------------------------- www.jennings.homelinux.net
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com