存档

文章标签 ‘sk13b’

debian 创始人 Ian Murdock 去世

2015年12月31日 评论已被关闭

认识debian和linux的小伙伴从linuxfocus开始,翻译文章,翻译安全手册,复盘debian.org被黑过程,学习do_brk,sk13b,phrack58-7 linux on the fly kernel patching,感恩murdock,英年早逝,一路走好。

期待死亡原因披露。

https://bits.debian.org/2015/12/mourning-ian-murdock.html

Ian Murdock

With a heavy heart Debian mourns the passing of Ian Murdock, stalwart proponent of Free Open Source Software, Father, Son, and the ‘ian’ in Debian.

Ian started the Debian project in August of 1993, releasing the first versions of Debian later that same year. Debian would go on to become the world’s Universal Operating System, running on everything from embedded devices to the space station.

Ian’s sharp focus was on creating a Distribution and community culture that did the right thing, be it ethically, or technically. Releases went out when they were ready, and the project’s staunch stance on Software Freedom are the gold standards in the Free and Open Source world.

Ian’s devotion to the right thing guided his work, both in Debian and in the subsequent years, always working towards the best possible future.

Ian’s dream has lived on, the Debian community remains incredibly active, with thousands of developers working untold hours to bring the world a reliable and secure operating system.

The thoughts of the Debian Community are with Ian’s family in this hard time.

His family has asked for privacy during this difficult time and we very much wish to respect that. Within our Debian and the larger Linux community condolences may be sent to in-memoriam-ian@debian.org where they will be kept and archived.

 

Debian.org Hacked http://mirror.hamakor.org.il/archives/linux-il/12-2003/7013.html

Linux kernel do_brk() lacks argument bound checking http://isec.pl/vulnerabilities/isec-0012-do_brk.txt

Linux on-the-fly kernel patching without LKM http://phrack.org/issues/58/7.html#article

检测sk13b suckit linux rootkit

2010年12月22日 评论已被关闭

看了下面几行,再看看chkrootkit和rkhunter的检测代码,就知道为啥默认安装的suckit sk这么好检测了。检测sk1.x其实还有其他的方法,可以检测隐藏进程,还可以利用sk13b的一些bug来做检测 :) sk13b里还有个好东西,那就是让人怀念的elfuck,经典的ELF加密程序。

顺便发个sk13b的下载地址。04年的东西现在还能用,真没想到,一个内核rootkit写成这样,让那些经常更新还不稳定的软件情何以堪啊。

http://www.xfocus.net/tools/200408/763.html

阅读全文…