Mailinglist Archive: opensuse (911 mails)

< Previous Next >
Re: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs
On 12/24/2015 02:11 PM, John Andersen wrote:
Yes, but that only works on dedicated purpose machines with large budgets, and
an IT department that deliver employee smack-downs.

Anything upon which the user is apt to run a web browser can't be filtered
in such a way without resorting to a very tightly controlled proxy server
(which simply moves the problem somewhere further away and harder to manage).

I egress filter email ports, and a few similar things at the firewall, but when
users are talking to big-mailers (google, yahoo, microsoft) it becomes almost
to keep a list of valid destinations up to date. Connection addresses end up
being pools
any you never know what IP the next connection is going to.

Egress filtering is hard, which is exactly why malware almost always attempts
to use outbound connections, and very often uses standard destination ports
(like 80)
and often uses standard protocols.

With the level of sophistication of the current malware, it really boils down to the old tried and true rules to keep you safe.

With e-mail:

- only open attachments when that:

(1) are from a known sender, and (more importantly);
(2) you are *expecting* to receive.

- if there are *any* questions about (1) or (2) above:

(3) confer with the sender (before opening); or
(4) *do not* open the attachment.

With web-sites:

- only visit reputable sites (that may mean not using some at all),
- disable flash (in favor of html5, etc.),
- disable javascript (FF noscript, etc.),
- block cookies from 3rd party sites (legitimate sites still work),
- know what you are clicking on (to the extent possible - slow down), and
- if it looks suspicious, it probably is (close window using WM [X] button)

There are many more good rules of thumb, but this minimum set will prevent you from being your own worst enemy.

It's a shame the world if full of so damn many dishonest and dishonorable

David C. Rankin, J.D.,P.E.
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups