More rm -rf clowns: Security through education

jdong, who continues to amaze me as an exceptional source of information and advice on system security, has posted a forum-wide announcement regarding more — yes, still more — attempts to snooker new users into erasing their entire installation with a sudo rm -rf command.

It’s an exceptionally juvenile stunt, but one that, as jdong mentions, is best fought off by educating everyone, new and veteran users alike. The latest round was nothing like the blitz from a week ago, and more or less included one “newcomer” using a proxy IP to give “advice” on any topic, always suffixed with an rm -rf command. Like I said, it’s very juvenile.

But the real bonus in jdong’s announcement is an excellent list of other malicious commands and code that are common attempts to trick someone into hosing a system.

Take the time to look them over, partly because it’s fascinating reading, but also because some of the examples are amazingly simple and elegant. And some of them, frighteningly enough, are completely indecipherable without compiling them — and the results are particularly destructive. Participants in this thread should definitely take note.

About these ads

5 thoughts on “More rm -rf clowns: Security through education

  1. Dr Small

    I read that last night while on the forums. I saw this little blue bar at the top that I never noticed before. He really had some good examples, and I’m glad he has brought this to a head ;)

    Reply
  2. Daniel Aleksandersen

    One possible ‘fix’ would be to display a warning message at the top of every post suggesting ‘known stupid things to do’.

    Something like ‘Warning: The following post contains information known to be potentially harmful to your system.’ would do.

    Reply
  3. jdelay

    What about creating a filter for the forums that turn any rm -rf command into ***, much like swear words now? A bit too drastic no doubt, but it could work.

    But education is much better, I agree.

    Reply
  4. K.Mandla Post author

    That was discussed, but the problem is that there are legitimate uses for the rm -rf sequence, and filtering it out could cause bigger headaches. In all, being proactive rather than reactive is probably the best strategy here.

    Reply
  5. Danny

    Like I’m learning in my Network Security class, and on all the Security podcast I listen to: The user is the biggest vulnerability on any system -Windows, Mac/BSD, or Linux. While I don’t appreciate the maliciousness of the poster, it does show an important common security problem; Social Engineering. This hacker used a social network to create havoc almost like a virus would. Also, the social hacker showed an actual vulnerability in our forums. It would be so easy to get users to wget malicious code.

    I wonder if it was a Mac or Windows user doing the posting. Or maybe even someone with a legitimate security concern that went to extremes. Nah….that’d be like invading another country because you thought….Oh, wait. Nevermind.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s