Sujet : Re: Malware find in the news: xz related.
De : gtaylor (at) *nospam* tnetconsulting.net (Grant Taylor)
Groupes : comp.os.linux.miscDate : 31. Mar 2024, 20:40:44
Autres entêtes
Organisation : TNet Consulting
Message-ID : <uuce7s$47g$4@tncsrv09.home.tnetconsulting.net>
References : 1 2 3 4 5 6 7 8
User-Agent : Mozilla Thunderbird
On 31.03.2024 um 19:15 Uhr Lew Pitcher wrote:
Still, if I had one of the suspicious xz/liblzma packages installed, I'd not hesitate to "nuke it from orbit" and replace it with a known-good version.
I'm not a fan of nuke it from orbit as a knee jerk reaction that some people have.
On 3/31/24 14:27, Marco Moock wrote:
The big trouble with that: You need to think that your entire system is compromised, including the files you had there, passwords you typed, private keys used.
There are two primary forms of compromise here; disclosure and alteration. The first is somewhat difficult to prove didn't happen. The second one can be quite easy to do with good backup systems.
Good backup systems that have sufficient history can tell when files change by comparing content (not just date / time / size / checksum). As such you can tell what files have been modified and when. With this knowledge, you can relatively easily go back to trusted versions across the entire system (at least what's covered by the backup).
There are almost always ways to return a system to a safe state to use. It's just that they often take more time and effort than nuking the entire system from orbit.
-- Grant. . . .
Malware find in the news: xz related.
Re: Malware find in the news: xz related.
