Feeds

Linux vulnerable to Windows-style autorun exploits

Caveats abound

How to simplify SSL certificate management

A security researcher has demonstrated how it might be possible to perform autorun-style attacks against weakly secured Linux PCs.

Windows worms including Conficker and Stuxnet have often spread onto networks after infected USB sticks were plugged into PCs. This has happened automatically in cases where autorun was enabled, as it did in default on older versions of Windows until a change pushed by Microsoft on Tuesday. With autorun-enabled executable files run with minimal user interaction.

Research by Jon Larimer, of IBM's X-Force security division, shows that the issue of autorun causing possible mischief is not (as might have been previously thought) wholly irrelevant to Linux boxes. Larimer developed a demo to show how it might be possible to insert a USB stick with modified code into a Ubuntu PC to get rid of a screensaver without entering a password – and display the user's desktop.

The demo relied on taking advantage of a flaw in GNOME Evince document viewer that was patched in January and, even so, was kind of "weak" because it was shown on a machine with in-built exploit mitigation disabled, as Larimer himself clearly explains.

During a talk at last weekend's ShmooCon security conference Larimer explains how these mitigations – namely ASLR and AppArmor – might be defeated. This aspect of his research was not included in the demo simply to make sure that the demonstration was reliable and he didn't have to mess around trying to run a brute-force attack on ASLR in front of a live audience.

The upshot of the research is that you might be able to do things you aren't supposed to do on a Linux box by misusing autorun functionality. It doesn't mean that Linux autorun worms might be created using the sort of jiggery-pokery illustrated by Larimer.

Even leaving aside the fact that the minuscule ecosystem of Linux malware strains are dwarfed by orders of magnitude by the Windows virus hoard, plenty of other caveats apply, as Larimer makes clear.

More on Larimer's research can be found in a blog post here and in a YouTube video clip of his presentation. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Nothing illegal to see here: Tribunal says TEMPORA spying is OK
Rules mass surveillance is legal, in principle at least
Google kills CAPTCHAs: Are we human or are we spammer?
Do you make up these questions, Mr Wonka?
'We're having panic attacks' ... Sony staff and families now threatened in emails
Join us or else say messages purportedly from GOP hackers
The internet is less free than last year. Thanks a bunch, Snowden
Running around, warning everyone the NSA is spying on us all. What is he like?
Author fined $500k in first US spyware conviction
100,000 creeps buy mobe-watching wares
Snowden files show NSA's AURORAGOLD pwned 70% of world's mobe networks
Brits and Yanks snoop on security standards bods
Sony Pictures struggles as staff details, salaries and films leaked
Fury and Annie now doing the rounds - along with staff's privates
Stupid humans and their EXPENSIVE DATA BREACHES
Non-human cockups only account for 7% of leaks
prev story

Whitepapers

The falling cost - and rising value - of desktop virtualization
The growing strategic value of desktop virtualization, from a more flexible, productive workforce to lower real estate costs, has made it a key IT strategy.
Focus on 5 SIEM requirements
In order for SIEM to help usher in more effective security and risk management strategies—particularly as they relate to threat mitigation, embracing trends, and aligning with business priorities—these five issues must be solved.
The Escalating Threat of DDoS Attacks
With increasing frequency and scale, some of the world’s largest data center and network operators are suffering from crippling Distributed Denial of Service (DDoS) attacks.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Everything a site builder wants to know
The major changes in Drupal 8 for end users, site builders, designers and front-end developers, and for back-end developers - part 2.