This is Monday’s open trackback post. Link to this post and track back. More below the post body,
Very brief background, then a critical issue. Follow carefully.
It’s a given: Mass Media Podpeople and our political masters are going to lie, obfuscate and fabricate out their kiesters in order to lead us down whatever garden path they believe best for their agendas. Don’t believe that? Just check the fake news coming from Mass Media Podpeople about any one issue–take the Lebanon war–or the primo bullshit coming from our political masters–“Read My Lips Jr.” on amnesty for illegals, for example.
Recently, bloggers and other online “alternative media” have provided some relief from the bullshit. But internet watchdogs have an Achilles heel most don’t stop to think about carefully: site and personal computer security.
But do think about it. How many bloggers do you recall having come under DDOS attacks in the last year or having had their sites hacked? More than just some few. Check with your service provider and DO maintain the highest degree of security you can given their service structure, if you feel your blog could possibly come under attack.
But what about your own computer? Sure, you run the latest and greatest anti-virus software, firewall software and anti-spyware. Don’t you? And you DO make sure it’s all up to date at all times, right? Right? If you have a broadband connection (surely you do :-)) you also run a decent HARDWARE firewall and have its security settings at a relatively high level. Right? And your wireless firewall/router is set for the highest level security/encryption it allows, too.
Of course. because, if some malware author could gain control of your system, you’re no better off than if some hacker gained control of your blog.
But what priviledges do you normally run when you log onto your computer?
Yeh, administrator, right?
Bad blogger, bad!
A pointer from a sysadmin emailing into Chaos Manor Musings to Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD and Intel brings bad news to EVERY computer user who logs onto their system with administrator priviledges…
A proof-of-concept root kit that can take control of any system running with admin priviledges in any of the above mentioned systems has already been demonstrated.
And yes, there’s now no known defense EXCEPT not running your system under admin priviledges or, maybe just running your system under admin priviledges when disconnected from the network–*yech!* And NOTE: M$ Windows security updates will not download and install except under admin priviledge mode… Yeh, there are ways around that, too, but they are cumbersome.
You have been warned. Regularly running your system in admin mode instead of a lesser-priviledged user mode can leave you open to this kind of root kit zombie-ing (for whatever purpose such root kit author might desire).
We need our computers to keep our voices. Just use good sense and practice safe computing, OK? Don’t be the first to have yourvoice silenced by carelessness leaving you vulnerable to a malicious attack (he says as he goes to add another user account to his one machine that usually *cough* does run in admin mode. *heh* ;-)).
One small word of comfort: no such root kit is “in the wild” at this point. That anyone (who’s talking) knows of, that is…
As I said, this is an open trackback post. Link to this post and track back. If you want to host your own linkfests, check out
Also note the other fine blogs featuring linkfests at Linkfest Haven.
Well, I can understand the “Big Boys” getting hacked (and hacked off by the intrusions, lol) but do you think we minor bugs in the ecosphere really are in danger? lgp