BPFDoor: I just give up.

guigirl

My defeated summary:

It's been out there in Nixland for at least 5 years
If the attack/infection vector is known, no bastard is telling we poor users
It's hard a/f to detect
It's hard a/f to purge

I mean, what the hell is the point anymore of ordinary users even bothering to care about security? Stuff like this implies one's earnest best endeavours are pointless.

npro

paul1149

@guigirl said in BPFDoor: I just give up.:

Stuff like this implies one's earnest best endeavours are pointless.

It's always been a horse race. Now the white hats need to respond with protection. Disturbing that it's been active for five years though.

greybeard

@guigirl Agreed.
I seem to spend an inordinate amount of time keeping my systems updated (OSs) and all security programmes are the latest versions and have all patches / updates. Old habits die hard.
I am beginning (as you) wonder why I lose a half day a week doing this.

npro

Just when you thought you have read enough about the Berkeley Packet Filter and its damn numerous already exploited vulnerabilities you get this:

https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat

Small rant: This concerns primarily Banks in Brazil and is a rootkit, not a virus to spread out, but still, it's obvious something in BPF's initial design wasn't very well thought out and it became a dream attacking surface by now, can't they get rid of it/replace with something else? (semi-rhetorical question). F* userspace for the sake of "performance" ffs!

guigirl

@npro I began reading about this a few days ago, screamed in annoyance, was gonna post about it here, but then realised "hey, what's the point? nobody describes the specific attack vector, & it's apparently undetectable [albeit, ofc not literally, otherwise we'd not be talking about it], meaning users are utterly powerless, which means now i just lie back & fatalistically say "here i am, come & ravage me" ".