-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gabriel Gunderson wrote: > On Tue, Jul 14, 2009 at 7:49 PM, Scott Morris<scottmor...@suseblog.com> wrote: >> When you have been hacked: > > I don't mean to be a downer, but I've got bad news... The only thing > to do if you've already *been hacked* is re-install and rebuild from > trusted sources. Really, they've out smarted you once, are you going > to give them another chance? > > Well, I guess if you had md5/sha1 sums (that you can trust) of every > file on your system and you're willing to go file-by-file and verify > them when mounted on a trusted system (*not* the one that was hacked), > then, maybe, you could sleep again at night knowing all is well.
Even then, you have to be confident that the md5 sums you have are from *before* the hack. What if they broke in long before realized it and you have no reliable backups? I wholeheartedly concur with your sentiment that once they've broken in, nothing can be trusted. That said, it's not always practical to re-install. I had a box broken into and it was hundreds of miles away in an unmanned facility. The box wasn't doing a whole lot besides running a temperature monitor so justifying the cost of a trip and the time to do the re-install was difficult. Out of necessity I had to piece the system back together remotely and bide my time until I could make the trip. Sometimes life sucks like that. Corey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpd9oIACgkQwNwjtxfqOkPgsQCfefb4YEdZ6B8Nwaal7U0AbOVM V6kAnR7zS83dv50aH2vdwJ4T+CCA8+j9 =XeLL -----END PGP SIGNATURE----- /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
