Rootkits, as we know them now, came into being sometime in the mid 1990s. At that time, Sun operating system UNIX system administrators started seeing strange server behavior, missing disk space, CPU cycles and network connections that strangely did not show up in command netstat. By implementation technology, three main classes of Rootkits are available today: binary kits, kernel kits and library kits. The first class achieves its goal by replacing certain system files with their Trojan counterparts. The second uses kernel components (also called modules) or Trojans, and the third employs system library Trojans. Rootkits found in the wild (such as captured on Honeypots), often combine Trojaned binaries with higher "security" provided by the kernel and library components.

A vulnerability in how Sun Solaris handles fonts leaves systems susceptible to takeover by an attacker, according to a security bulletin.

The vulnerability comes from Sun's implementation of the X Windows Font Service, which serves font files to clients and runs by default on all versions of Solaris, according to an advisory issued by the CERT Coordination Center at Carnegie Mellon University.

This article is meant for those who are going to implement firewall using OpenBSD. The main purpose for this article is to protect servers (such as web, mail, DNS and others) within a firewalled network.
This article is based on wanvadder's personal experiences and wanvadder cannot guarantee it will suit all system that you have. Fell free to email wanvadder any comments, feedback or any other issues concerning this article. Co-operations from everybody are highly appreciated.

This is a step-by-step practical guide to auditors when carrying out a Unix Audit. It mostly covers Sun Solaris systems, but it has cross-references for AIX and Linux.

KDE is a popular open source graphical desktop environment for Unix workstations. Its kdenetwork module contains a LAN browsing implementation known as LISa, which is used to identify CIFS and other servers on the local network. LISa consists of two main modules: "lisa", a network daemon, and "resLISa", a restricted version of the lisa daemon created by Alexander Neundorf. LISa's lisa module can be accessed in KDE using the URL type "lan://"; the resLISa module can be accessed using the URL type "rlan://". A buffer overlfow vulnerability in the product allows attackers to gain elevated privileges.

Subject:      UnixWare 7.1.1 Open UNIX 8.0.0 : 
              rcp of /proc causes denial-of-service 
Advisory #:   CSSA-2002-SCO.41
Issue date:   2002 October 21
_________________________________________________________


1. Problem Description

        An rcp of /proc by a normal user can cause the entire system
        to be unusable. 

If you find you've been cracked use these old-school Unix tools to help track down the perpetrators

You have determined that your network has been breached. There are two standard approaches on what to do next:

• Close the holes as fast as possible and put in safeguards to protect against future attacks.
• Identify the perpetrator and prepare for prosecution.
• 
  

DesktopLinux.com guest author David Scribner has penned an article introducing new users to GnuPG on GNU/Linux (and UNIX) systems. Scribner focuses on how this powerful encryption package can play a vital role in personal and business communications by increasing security. This very detailed article will be available in two parts this week on DesktopLinux.com . .

Nominum Inc says a recently discovered flaw in the dominant domain name server on the internet is far more serious than originally thought, and could allow crackers to crash or even take control of any internet-connected application running on Unix, Kevin Murphy writes.

"We know for sure we can use this bug to crash any application," said Richard Probst, VP of product management at Nominum, which has released a product that fixes the problem. "And we think we know how to use it to hijack any application, but we haven't seen an exploit yet."

Johnny-B-Goode writes "Sun Microsystems Inc is still facing protests from unhappy Solaris x86 users despite announcing the resurrection of the Unix operating system for Intel Corp-compatible processors at last month's LinuxWorld Conference and Expo, Matthew Aslett writes.

Santa Clara, California-based Sun has fought a running battle with Solaris x86 users since it canceled the development of Solaris 9 x86 in January, citing development costs and market economics. The user community has come together to launch a web site, www.save-solaris-x86.org, and has run advertisements protesting against Sun's plans in several newspapers, including the San Jose Mercury News, the Boston Globe, the Australian Financial Review, and the UK Guardian.

The latest, and largest ad appeared in the San Jose Mercury News on Tuesday September 3, and comes just weeks after Sun announced the return of Solaris x86 with plans to support version 9 on its new LX50 general-purpose Intel-compatible server. Despite that announcement, the user community is still unhappy that Solaris 9 x86, due for release in early 2003, will initially only be licensed for use with Sun's own LX50 server.

The customer community will not be satisfied until Solaris 9 x86 is available as a stand-alone product at reasonable prices and until management fully engages us as partners who share the same goal for Sun to be the leader in the technology industry for another 20 years, reads the ad, which is entitled Shame on you, Scott, and challenges Sun's CEO Scott McNealy to meet with community members and technical press to support his company's actions.
"