On Mon, 2005-01-17 at 23:45 -0700, Kevin Brown wrote: > > > articleId=55301844&classroom=> > > > > html mail to keep line from wrapping - sorry > > Heh, and for those of use using a proper mail client, it still wrapped because > all HTML was stripped from the message for display :) > > Better way to avoid line wrap in URLs... tinyurl.com :) --- I know - but I'm lazy. I have to say that I'm disappointed that your Mozilla wrapped that html. Even worse was the other link I posted was a session id which of course won't work for anyone anyway. Lazy and stupid I guess. --- > > > Interesting magazine - this month has a number of articles that I > > thought were interesting but this one caught my attention. Suggests that > > the day of the rootkit and 'poisoned' ls, ps etc. is/will be replaced > > with kernel modules that at the kernel level, can evade detection by > > typical security tools such as tripwire and at kernel level, can scrub > > itself from processes showing in things like top and ps. > > > > Seems as though the stakes of security administration is rising above > > and beyond the merely intelligent. > > Think I've seen a lot about kernel module level rootkits in the last few years. > If it goes in as a module then there might be other ways to pick up on it that > it can't evade. Either kernels with no module support or a variation on the > rootkit module that is for security purposes to monitor what other modules get > loaded up by the system :) > > It would be hidden, so even the rootkit wouldn't know it was there, heheh. --- monolithic vs modular? seems as though that debate was settled before .1 kernel - I know that I'm always gonna opt for easy. I'm not sure how far SELinux will go in detecting/preventing modular rootkits. Shame on me but I haven't bothered investigating what it is about at all yet (as I type this on a FC-3 system with SELinux installed on it). It does seem that tools such as chkrootkit and tripwire have outlived their usefulness though. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss