Our experiment with strapping (metal strap) a big ass heavy camera to the back of bucho’s head. This is just the next step in man + machine living in harmony. We may need to increase the confort level. :)
I ran across a couple disturbing surveillance articles (Wired News)…
England
British Surveillance Monitors Everyone, Everything
Amid growing concerns about the U.S. government spying on its citizens, it’s easy to lose sight of the fact that, when it comes to invading its people’s privacy, nobody beats Britain. In a move apparently designed to prove this point brilliantly, the U.K. has developed a plan to monitor every car trip taken in the country by way of camera surveillance. Since there are already about ten video cameras mounted on every intersection in the greater London area, all they’ve got to do is start tracking license plate numbers as they pass by each camera, letting Her Majesty’s Secret Service know exactly where each of her royal subjects is headed at any given time. The surveillance database is expected to maintain records of every citizen’s motoring habits over a five-year period.
United States
Where You At? (Big Brother May Be Following Your Every Move)
In a decision made all the more poignant by the Bush administration’s recent domestic spying debacle, a U.S. district court in New York ruled last week that law enforcement may now use your cellular network to track your movements without a court order. If it wasn’t already an established fact, the notion of privacy is now officially meaningless. The EFF is up in arms, as expected, but should you be, too? Read more HERE.
Today, upon checking my chrootkit log I noticed that it was reporting that bindshell was infected. Following are the steps I took to determine the problem:
I ran “netstat -tanup” and saw that famd was running on the port 1008. I had a feeling that this may be a false positive so I didn’t get all excited like I nomally do and rip the network cable out of the back. lol
I first backuped the famd executable then reinstalled famd from scratch. I did a diff on the two binaries and they proved to be the same so I felt more confident that my famd was not infected. When the fam service was running again I ran chkroot again and did not get the infected message. I thought that this was strange until i ran netstat again and saw that famd was not using port 1008 this time. I figured that the INFECTED message might happen when famd so happens to grab port 1008 to listen on. I decided to restart the fam daemon until it listened on port 1008.
This short script restarts famd until it listens on port 1008. Then one can run chkroot again to verify that that INFECTED message shows up when famd listens on port 1008.
famd listening on port 1008 script
After a while famd restarted listening on port 1008. I ran chkroot again and got the same INFECTED message. Seems like chkroot could test for bindshell infection better than just checking if a daemon is listening on port 1008 (I’m guessing?) as many others have got false positives on this test.