<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">This piece of news is likely old hat by now, but it was news to me when I learned of it yesterday.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><a href="https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/">https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/</a></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">Given the serious nature of it's vector(kernel), it made me pause and tried to think of a better way to protect my Linux devices.</div><div class="gmail_default" style="font-family:tahoma,sans-serif">I currently employ the "Debian" way(my coinage?) as in keeping my use profile real limited with no su privileges and auto-blocking JS stuff on my browser(Firefox) with only known safe site being allowed to run Java.</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">Anything else I can do to reduce my attack surface that you smartypants folks might deem necessary/useful?<br></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br clear="all"></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Thanks,<br><br>Ron Singh<br><br></div></div></div></div></div>