More rm -rf clowns: Security through education

jdong, who continues to amaze me as an exceptional source of information and advice on system security, has posted a forum-wide announcement regarding more — yes, still more — attempts to snooker new users into erasing their entire installation with a sudo rm -rf command.

It’s an exceptionally juvenile stunt, but one that, as jdong mentions, is best fought off by educating everyone, new and veteran users alike. The latest round was nothing like the blitz from a week ago, and more or less included one “newcomer” using a proxy IP to give “advice” on any topic, always suffixed with an rm -rf command. Like I said, it’s very juvenile.

But the real bonus in jdong’s announcement is an excellent list of other malicious commands and code that are common attempts to trick someone into hosing a system.

Take the time to look them over, partly because it’s fascinating reading, but also because some of the examples are amazingly simple and elegant. And some of them, frighteningly enough, are completely indecipherable without compiling them — and the results are particularly destructive. Participants in this thread should definitely take note.

About these ads

5 Responses to “More rm -rf clowns: Security through education”


  1. 1 Dr Small 2007/11/21 at 10:59 PM

    I read that last night while on the forums. I saw this little blue bar at the top that I never noticed before. He really had some good examples, and I’m glad he has brought this to a head ;)

  2. 2 Daniel Aleksandersen 2007/11/22 at 1:24 AM

    One possible ‘fix’ would be to display a warning message at the top of every post suggesting ‘known stupid things to do’.

    Something like ‘Warning: The following post contains information known to be potentially harmful to your system.’ would do.

  3. 3 jdelay 2007/11/23 at 10:42 PM

    What about creating a filter for the forums that turn any rm -rf command into ***, much like swear words now? A bit too drastic no doubt, but it could work.

    But education is much better, I agree.

  4. 4 K.Mandla 2007/11/23 at 11:02 PM

    That was discussed, but the problem is that there are legitimate uses for the rm -rf sequence, and filtering it out could cause bigger headaches. In all, being proactive rather than reactive is probably the best strategy here.

  5. 5 Danny 2007/11/26 at 2:52 PM

    Like I’m learning in my Network Security class, and on all the Security podcast I listen to: The user is the biggest vulnerability on any system -Windows, Mac/BSD, or Linux. While I don’t appreciate the maliciousness of the poster, it does show an important common security problem; Social Engineering. This hacker used a social network to create havoc almost like a virus would. Also, the social hacker showed an actual vulnerability in our forums. It would be so easy to get users to wget malicious code.

    I wonder if it was a Mac or Windows user doing the posting. Or maybe even someone with a legitimate security concern that went to extremes. Nah….that’d be like invading another country because you thought….Oh, wait. Nevermind.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Welcome!



Visit the Wiki!

Some recent desktops


May 6, 2011
Musca 0.9.24 on Crux Linux
150Mhz Pentium 96Mb 8Gb CF
 


May 14, 2011
IceWM 1.2.37 and Arch Linux
L2300 core duo 3Gb 320Gb

Some recent games


Apr. 21, 2011
Oolite on Xubuntu 11.04
L2300 core duo 3Gb 320Gb

Enter your email address to subscribe to this blog and receive notifications of new posts.

Join 405 other followers

License

This work is licensed under the GNU Free Documentation License. Please see the About page for details.

Blog Stats

  • 3,961,025 hits

Archives


Follow

Get every new post delivered to your Inbox.

Join 405 other followers

%d bloggers like this: