
Hacked. A Short Story - skazka16
http://kukuruku.co/hub/infosec/hacked-a-short-story-of-a-hack
======
derFunk
What's really important is that you _never_ should keep a compromised system
like this running, even if you think you found all modifications the attacker
did. You probably didn't. So save your configs and set this machine up from
scratch.

~~~
adwf
I was gonna say much the same thing. Once a machine has been compromised,
you've got to format and re-image it. The machine in the article could well
still have a rootkit installed. Not to mention he doesn't seem to know the
initial attack vector, so any security updates are meaningless if someones
credentials have been stolen.

Finally, if you're really paranoid, you also have to flash the bios in the
machine too as there are rootkits that can potentially survive formatting...

~~~
juliangregorian
This seems like a great reason to virtualize everything possible.

~~~
0xCMP
True, but even this isn't always perfect. I was told recently that Xen shares
the kernel memory space among VMs so if once is compromised at the kernel
level all of them could be compromised. This person dislikes using Amazon for
this reason because he can't be sure his box isn't popped through another VM.

~~~
DanielDent
Generally speaking, Xen-style virtualization is where each VM has their own
copy of the kernel and their own memory space. There are new-ish features like
transcendent memory which can blur the lines, but I don't think they are
widely deployed.

Systems like docker, LXC, and virtuozzo are where you run into the issue you
describe.

------
ludwigvan
He did not ask for money? Why on Earth? Dear fellow developers, know your
importance and always ask for the work you have done.

~~~
tikl1
It's complicated to just do something you were not supposed to and then go
with: "look I know I had to do that but instead I did that so please give me
[amount you never aggreed to pay]".

What he could have done on the other hand is: inform the client of the attack
and propose him to get rid of it for a certain fee...

~~~
ploxiln
He did cancel the job, at the end, but it sounded like he wanted to
investigate the hack for fun, when he came across it.

Not a good general/continuing policy, but maybe worth doing the first time, if
you're interested.

------
olalonde
Stories like this is what makes me believe immutable infrastructure is the
future.

~~~
curiously
curious to know how you can make a linux distro immutable from any
modification.

~~~
ay
Build a custom LiveISO.

There are plenty of tutorials, but it is boring to follow them manually,
especially if you need to make a couple of tweaks to ISO or update it.

So I put together a couple of scripts to automate the process:

[https://github.com/ayourtch/iso-livecd](https://github.com/ayourtch/iso-
livecd)

~~~
Sir_Cmpwn
Get root, create a ramdisk, copy /usr/bin/* into it, and remount it under
/usr/bin/*, and now you can do as you please.

------
ronnier
Offtopic: blog headers are becoming larger by the year it seems. Have there
been any studies to see what such large headers do to readership?

~~~
ProAm
Splash pages are back [1]

[1]
[http://www.cosmonautdreams.com/html/blog/websites/readabilit...](http://www.cosmonautdreams.com/html/blog/websites/readability/ux/2014/01/06/Are-
Splash-Pages-Back.html)

~~~
juliangregorian
I rather prefer these to splash screens, they evoke the opposing page to the
beginning of a magazine article; splash screens feel more like studio logo
animations before a film, only much less rewarding.

Your source's UX qualifications also seem a bit... dubious.

~~~
ProAm
> Your source's UX qualifications also seem a bit... dubious.

Just a developer and sys admin, my qualifications come purely from usage. I
only noticed the trend of web development going back to what it was in the
early 2000's where landing pages & splash screens were all the rage. I hate
reading any blog on medium or that follows this format to me it detracts from
the content and is visually irritating.

~~~
juliangregorian
Oh god, I didn't realize the linked site was your own. So, in the interest of
explaining why I was such an ass, allow me to donate some un-asked for
constructive criticism: your site suffers from a lack of contrast/color and
also lack of "breathing room" (line-heights and margins are too small). It's
not just a matter of taste; it actually taxes the eye and makes it harder to
absorb your content. Which isn't bad by the way. Just a bit hard to focus on.

~~~
ProAm
It's all good, you should have seen it before this. I think real programmers
should only have websites that render in lynx. :D I want bare bones, hard to
read, detail oriented, static website for myself.

------
jwildeboer
AFAICS the system wasn't updated for a year? Well, that's just plain stupid.

------
Romkinson
Read at habrahabr months ago. Great story

~~~
x4m
Actually 3 years ago. But they credit original source.
[http://habrahabr.ru/post/132668/](http://habrahabr.ru/post/132668/)

