[kwlug-disc] server compromised
adamglauser at gmail.com
Thu May 14 09:24:05 EDT 2009
john at netdirect.ca wrote:
> If your package manager supports file verification use it. RPM based systems can
> use "rpm -Va". Save the output and manually inspect all the changed files.
Have you ever heard of a rootkit which installs a modified rpm that
would return a false positive verification of packages it had changed?
I think that some viruses on Windows will hamstring antivirus software
if they can get around it in the first place, making detection much more
difficult. It seems like a logical move to try something similar with
More information about the kwlug-disc