Yes, a can of worms... But general direction would be nice...
tensai at zmonkey.org
Wed Jul 15 09:32:23 MDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Gabriel Gunderson wrote:
> On Tue, Jul 14, 2009 at 7:49 PM, Scott Morris<scottmorris at suseblog.com> wrote:
>> When you have been hacked:
> I don't mean to be a downer, but I've got bad news... The only thing
> to do if you've already *been hacked* is re-install and rebuild from
> trusted sources. Really, they've out smarted you once, are you going
> to give them another chance?
> Well, I guess if you had md5/sha1 sums (that you can trust) of every
> file on your system and you're willing to go file-by-file and verify
> them when mounted on a trusted system (*not* the one that was hacked),
> then, maybe, you could sleep again at night knowing all is well.
Even then, you have to be confident that the md5 sums you have are from
*before* the hack. What if they broke in long before realized it and you
have no reliable backups? I wholeheartedly concur with your sentiment
that once they've broken in, nothing can be trusted.
That said, it's not always practical to re-install. I had a box broken
into and it was hundreds of miles away in an unmanned facility. The box
wasn't doing a whole lot besides running a temperature monitor so
justifying the cost of a trip and the time to do the re-install was
difficult. Out of necessity I had to piece the system back together
remotely and bide my time until I could make the trip. Sometimes life
sucks like that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the PLUG