Yes, a can of worms... But general direction would be nice...
tensai at zmonkey.org
Wed Jul 15 11:20:48 MDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Gabriel Gunderson wrote:
> On Wed, Jul 15, 2009 at 9:32 AM, Corey Edwards<tensai at zmonkey.org> wrote:
>>> Well, I guess if you had md5/sha1 sums (that you can trust) of every
>>> file on your system and you're willing to go file-by-file and verify
>>> them when mounted on a trusted system (*not* the one that was hacked),
>>> then, maybe, you could sleep again at night knowing all is well.
>> Even then, you have to be confident that the md5 sums you have are from
>> *before* the hack. What if they broke in long before realized it and you
>> have no reliable backups?
> Right, if you read the above, you'll see that the suggestion is to use
> md5/sha1 sums *that you can trust*. This implies that you made them
> after a clean install (or before you plugged it into the interwebs).
> I only point this out because I got 2 responses that start with "Even
> then," and then go on to cover items that I already mentioned ;)
Fair enough, you got me. My point was that just because you do trust
your backups doesn't necessarily mean they're trustworthy. In the case
you describe, yeah that's pretty safe. But systems change continually
and without the mind-numbing task of verifying each and every file
change you can't say for certain whether it was for good or evil.
I mean, you haven't yet noticed that I broke into your server. :P
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the PLUG