[SATLUG] Open Source Fest ?

Don Wright satlug at sbcglobal.net
Tue Mar 15 10:40:12 CDT 2011


mark wrote:

> ... I informed him that if they continued using bit-torrent to
>download questionable material (they were downloading music, apps and
>other copyrighted material) they would continue getting infections.

I agree that downloading items from sources of questionable legitimacy
is a malware risk, but please don't confuse the technology with the
misuse. Bittorrent is still used by most of the Linux distros because
it's a reliable, inexpensive way to distribute popular content. If the
original doesn't have a virus, the downloaded copy won't either.

Infestations on legitimate websites (such as the [1]BBC) account for
many malware attacks. From the linked article: "When a site like the
Beeb gets infected by a malicious link, the potential for many innocent
people to be affected by malware is huge," says Carl Leonard, senior
manager, security research, at Websense Security Labs. "Modern threats
target places where they will find good traffic, which is why we found
that 80 percent of the malicious sites we saw last year were actually
legitimate sites that had been compromised." Obviously, reading HTML
mail and reading mail with a Web browser adds to this risk.

In recent years Adobe (Flash, Reader) seems to have surpassed Microsoft
as the exploit-friendly platform of choice. (There's an unpatched
'critical' flaw in [2]Flash right now.) Last week I removed a Javascript
exploit from a Macintosh, so it can't be said Redmond is the root of
_all_ evil.

I'm sure we all know the *nix security model, vigorously applied, goes a
long way to prevent accidental infections like these, but remember "It
is impossible to make anything foolproof because fools are so
ingenious." (attrib. unknown)

--Don

[1] Infected BBC Websites:
http://www.darkreading.com/security/attacks-breaches/229218824/bbc-sites-injected-with-malicious-iframe.html

[2] Adobe Flash: http://news.cnet.com/8301-13506_3-20043248-17.html

-- 
Be well - or at least have interesting symptoms!


More information about the SATLUG mailing list