Yes, a can of worms... But general direction would be nice...

Corey Edwards tensai at zmonkey.org
Wed Jul 15 09:32:23 MDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gabriel Gunderson wrote:
> On Tue, Jul 14, 2009 at 7:49 PM, Scott Morris<scottmorris at suseblog.com> wrote:
>> When you have been hacked:
> 
> I don't mean to be a downer, but I've got bad news... The only thing
> to do if you've already *been hacked* is re-install and rebuild from
> trusted sources.  Really, they've out smarted you once, are you going
> to give them another chance?
> 
> Well, I guess if you had md5/sha1 sums (that you can trust) of every
> file on your system and you're willing to go file-by-file and verify
> them when mounted on a trusted system (*not* the one that was hacked),
> then, maybe, you could sleep again at night knowing all is well.

Even then, you have to be confident that the md5 sums you have are from
*before* the hack. What if they broke in long before realized it and you
have no reliable backups? I wholeheartedly concur with your sentiment
that once they've broken in, nothing can be trusted.

That said, it's not always practical to re-install. I had a box broken
into and it was hundreds of miles away in an unmanned facility. The box
wasn't doing a whole lot besides running a temperature monitor so
justifying the cost of a trip and the time to do the re-install was
difficult. Out of necessity I had to piece the system back together
remotely and bide my time until I could make the trip. Sometimes life
sucks like that.

Corey

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpd9oIACgkQwNwjtxfqOkPgsQCfefb4YEdZ6B8Nwaal7U0AbOVM
V6kAnR7zS83dv50aH2vdwJ4T+CCA8+j9
=XeLL
-----END PGP SIGNATURE-----



More information about the PLUG mailing list