Owning computers via spelling mistakes
Symantec researchers have detailed a painfully simple attack method that hackers may already be using to bypass security protections and break into UNIX and Linux-based computers.
In a blog authored by Symantec Security Response Researcher Ron Bowes on May 29, the expert highlighted a threat he characterized as "an artifact of the entire concept of user-separation" that may actually allow hackers to carry out their work on such machines.
The technique mirrors similar problems that Bowes recently highlighted in another posting that examined issues in the user account control (UAC) anti-user privilege escalation technology offered in Microsoft's Vista OS.
According to Bowes, using "sudo" (short for "super user do") -- a command used on Unix-based operating systems to allow a user to run programs with the highest possible privilege -- combined with misspelled variation on other commands, can allow attackers to execute their code more effectively.
- Login or register to post comments
- Printer-friendly version
- 2762 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
re: Spelling Mistakes
Isn't that a shame, a exploit for all those poor slobs stuck using 'sudo' this 'sudo' that instead of having a real 'root' account.
Who could that be.......... could it be
SATANUbuntu?Symantec clinging onto straws?
Strange type of "flaw" to be finding, IMHO.