Security Questions are Stupid

Had to register on some sites recently, and Security Questions were mandatory. That triggered my rant mode, so now I’m going to tell everyone why Security Questions are stupid.

  1. I don’t have a favourite song, movie, poem, etc.
  2. Neither do I like to watch sports, have favourite artist or athlete.
  3. In the era of Facebook, relying on (assumed to be) private information knowledge is stupid. This includes Mother’s maiden name, pet name, or brand of car.
  4.  The favourites questions are particularly dumb because they assume your favourites don’t change over time.
  5. Ditto for dream job. Let’s see… when I was 3 I wanted to be a soldier. Then a doctor. Then a lawyer. Now I’ll do anything that earns me lots of money. Soon I’ll be happy I even have a job.

That is all I can think of for now. Any other thing you can think of?

Linux Malware

Lots of users getting malware on their linux computers lately. Most of the time, the infection vector is due to a weak password. That aside, let’s look at a typical malware.

Below is a print out of the particular malware that resides in /var/tmp

var/tmp/ /.m/
var/tmp/ /.m/LinkEvents
var/tmp/ /.m/1.user
var/tmp/ /.m/Makefile
var/tmp/ /.m/.m.tar.gz
var/tmp/ /.m/2.user
var/tmp/ /.m/m.set
var/tmp/ /.m/m.help
var/tmp/ /.m/genuser
var/tmp/ /.m/src/
var/tmp/ /.m/src/com-ons.c
var/tmp/ /.m/src/combot.c
var/tmp/ /.m/src/channel.c
var/tmp/ /.m/src/config.h
var/tmp/ /.m/src/defines.h
var/tmp/ /.m/src/function.c
var/tmp/ /.m/src/link.o
var/tmp/ /.m/src/combot.o
var/tmp/ /.m/src/dcc.c
var/tmp/ /.m/src/Makefile
var/tmp/ /.m/src/xmech.c
var/tmp/ /.m/src/link.c
var/tmp/ /.m/src/xmech.o
var/tmp/ /.m/src/dcc.o
var/tmp/ /.m/src/main.c
var/tmp/ /.m/src/cfgfile.o
var/tmp/ /.m/src/h.h
var/tmp/ /.m/src/cfgfile.c
var/tmp/ /.m/src/userlist.o
var/tmp/ /.m/src/parse.o
var/tmp/ /.m/src/userlist.c
var/tmp/ /.m/src/structs.h
var/tmp/ /.m/src/mcmd.h
var/tmp/ /.m/src/socket.o
var/tmp/ /.m/src/vars.o
var/tmp/ /.m/src/parse.c
var/tmp/ /.m/src/gencmd.c
var/tmp/ /.m/src/global.h
var/tmp/ /.m/src/debug.o
var/tmp/ /.m/src/Makefile.in
var/tmp/ /.m/src/text.h
var/tmp/ /.m/src/com-ons.o
var/tmp/ /.m/src/main.o
var/tmp/ /.m/src/trivia.c
var/tmp/ /.m/src/gencmd
var/tmp/ /.m/src/usage.h
var/tmp/ /.m/src/socket.c
var/tmp/ /.m/src/trivia.o
var/tmp/ /.m/src/debug.c
var/tmp/ /.m/src/vars.c
var/tmp/ /.m/src/function.o
var/tmp/ /.m/src/commands.c
var/tmp/ /.m/src/commands.o
var/tmp/ /.m/src/config.h.in
var/tmp/ /.m/src/channel.o
var/tmp/ /.m/checkmech
var/tmp/ /.m/bash
var/tmp/ /.m/configure
var/tmp/ /.m/3.user
var/tmp/ /.m/go
var/tmp/ /.m/r/
var/tmp/ /.m/r/raway.e
var/tmp/ /.m/r/rversions.e
var/tmp/ /.m/r/rkicks.e
var/tmp/ /.m/r/rsay.e
var/tmp/ /.m/r/rsignoff.e
var/tmp/ /.m/r/rpickup.e
var/tmp/ /.m/r/rinsult.e
var/tmp/ /.m/r/rtsay.e
var/tmp/ /.m/r/rnicks.e
var/tmp/ /.m/mkindex

As you can see. they have cleverly hidden it by using a directory name with 2 spaces. Some interesting files are

$ cat 1.user
handle Santo
mask *!*@91.210.81.78
prot 4
aop
channel *
access 100

handle Ciao
mask *!*@Ciao.users.undernet.org
prot 4
aop
channel *
access 100

$ head src/cfgfile.c
/*
EnergyMech, IRC bot software
Parts Copyright (c) 1997-2001 proton, 2002-2003 emech-dev

The malware looks to be an IRC bot, which is quite typical for linux. Anyway, at this point in time I lost interest. If you want a closer look at this thing, feel free to email me. 🙂