OSSPACK

Devil is not so black as he is painted.

buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"

Read more of this story at Slashdot.

You don't have to live in the Big Apple to appreciate its homegrown, handcrafted goods. CXXVI T-Shirts ($32) are a great example. Available in a number of designs, some NYC-specific,...

Visit Uncrate for the full post.

Over the past few weeks, I have been busy. My regular job, my hobby and working with the folks at Linux Journal. Along the way, I have been thinking about the Open Source world more than I have in the past. And as I have been talking about it with people, I have been getting the standard responses you might expect.

read more

Like the company's earlier Personal Cooking System, the Jetboil Flash Cooking System ($100) joins an insulated canister/cooking cup with an adjustable-flame burner to provide hot single-serving meals no matter where...

Visit Uncrate for the full post.

Like the company's earlier Personal Cooking System, the Jetboil Flash Cooking System ($100) joins an insulated canister/cooking cup with an adjustable-flame burner to provide hot single-serving meals no matter where...

Visit Uncrate for the full post.

Blending the qualities of a traditional chef's knife with the versatility of a Japanese cleaver, the Wusthof Classic Nakiri Knife ($100) makes a fine gift for the cook in your...

Visit Uncrate for the full post.

Like the fish for which it's named, the Piranha Pocket Tool ($50; December 2009) can help you get the job done quickly. Made from a single piece of heat-treated, corrosion-resistant...

Visit Uncrate for the full post.

Believe it or not, the bow-tie isn't just for stuffy old professors anymore — and these Apolis Activism Bow-Ties ($65) are a great way to add the old-time staple to...

Visit Uncrate for the full post.

This is the best source for buying small quantities of chemicals -- always a challenge in these days of chemical hysteria. Elemental Scientific will sell to individuals, online, with no paperwork or license needed. They have a very respectable selection of about 300 reagents and compounds. More than enough for most educational purposes, or for most basement experiments. You can purchase all kinds of acids, corrosives, poisons, explosives and dangerous stuff that you can not get elsewhere -- but only in small quantities. That's fine, because a small amount is often all you want for doing experiments, and many chemical supply outfits will sell only larger quantities if they sell to you at all. Elemental also offers glassware, lab equipment, and general experimental paraphernalia. They cater to homeschoolers and hobby experimentalists. If you've ever tried to buy chemicals elsewhere you'll recognize what an incredible resource this place is. Most chemicals will be shipped UPS, but a short list of 18 especially hazardous chemicals need extra hazmat protection, which is an added charge.

-- KK

Elemental Scientific