Linux-Malware in Gentoo a Threat to Puppy?
Linux-Malware in Gentoo a Threat to Puppy?
Is there any likelihood that the Linux-malware recently found in Gentoo might metasticize to Puppy and other distros?
http://www.zdnet.com/blog/bott/linux-in ... ag=nl.e539
Could this be the beginning of attacks on complacent Linux users?
I have observed that the recent releases of Quirky and Wary come with Firewalls by default - did Barry see this coming?
http://www.zdnet.com/blog/bott/linux-in ... ag=nl.e539
Could this be the beginning of attacks on complacent Linux users?
I have observed that the recent releases of Quirky and Wary come with Firewalls by default - did Barry see this coming?
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
Thanks indeed for telling about this.
The text he write about comes from here
http://www.fewt.com/2010/06/linux-infected.html
http://www.zdnet.com/blog/bott/linux-in ... ag=nl.e539Update 12:30PM PDT 14-Jun-2010: It’s much worse than it appears. According to this report, the malware-compromised code was included in the official Gentoo distribution:
Would you consider it to be a big deal if it was found in a distribution? Gentoo just released an update to remove the backdoor.
http://packages.gentoo.org/package/net-irc/unrealircd
I’m sure there will be others, I believe the package is also available in Arch. I haven’t really looked to see if it was anywhere else.
The text he write about comes from here
http://www.fewt.com/2010/06/linux-infected.html
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
Someone explained on another list ...
More technically literate details hereIt is specifically Unreal3.2.8.1.tar.gz on a small subset of mirror sites, and not particularly a Gentoo problem but any distro that includes the Unreal Tournament IRC server. The sad part is it has been there for several months and was just now noticed; the good news is that as soon as it was noticed, the corrupt version of that file was removed and replaced with a clean copy. So that's not a "shame on Gentoo" problem; it's a shame on the maintainers of the Unreal mirrors.
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
If what I'm understanding is correct, the problem was with the people distributing the Unreal source code. It was some of their mirrors that were compromised, and they were the idiots that weren't signing their files with PGP. Without the PGP signature the people at Gentoo had no way of realizing that the source code was tainted. The Gentoo folks then distributed the compromised file from their trusted (but insecure) source code provider.
It should also be noted that this would only affect people that installed Unreal. It wasn't actually included with the base distro (with Gentoo the kernel isn't even included with the base distro, you have to compile it yourself). Since Gentoo distributes only source code and does not have binaries on their servers, there was no way for a virus scanner to catch the corrupted files.
I suppose the folks at Gentoo shouldn't have used an unsigned file, but I don't think that I would have considered the possibility of the official Unreal mirrors distributing bad code so I can't really bash them.
Constant vigilance!
It should also be noted that this would only affect people that installed Unreal. It wasn't actually included with the base distro (with Gentoo the kernel isn't even included with the base distro, you have to compile it yourself). Since Gentoo distributes only source code and does not have binaries on their servers, there was no way for a virus scanner to catch the corrupted files.
I suppose the folks at Gentoo shouldn't have used an unsigned file, but I don't think that I would have considered the possibility of the official Unreal mirrors distributing bad code so I can't really bash them.
Constant vigilance!
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Re: Linux-Malware in Gentoo a Threat to Puppy?
In fact ALL official releases since 4.12 (at least) have the firewall installed and on by default. That certainly was the case with 4.2x releases, and I'm pretty sure it is true of 4.3x too.edoc wrote:I have observed that the recent releases of Quirky and Wary come with Firewalls by default - did Barry see this coming?
[i]Actions speak louder than words ... and they usually work when words don't![/i]
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
I've wondered about this lately myself. I always use the firewall wizard when configuring a new Puppy or using pfix=ram., but note that:
1. whether your use the "automatic" or the "default" method, the result seems to be the same
2. there's no indication whether it's running or not, as promised by the displayed messges.
3. there's no indication of any method of turning it off, should you wish to use another firewall or no firewall at all. To believe the display, once configured and saved, it will start at bootup every time.
So while I'm not sure what to believe now - is the firewall on by default or not? And can it be turned off once saved to the 2fs file?
There are numerous menus in Puppy that appear to respond to user input, but in the end achieve nothing. They have not been functional for years, if ever, and simply have never been removed or fixed.
1. whether your use the "automatic" or the "default" method, the result seems to be the same
2. there's no indication whether it's running or not, as promised by the displayed messges.
3. there's no indication of any method of turning it off, should you wish to use another firewall or no firewall at all. To believe the display, once configured and saved, it will start at bootup every time.
So while I'm not sure what to believe now - is the firewall on by default or not? And can it be turned off once saved to the 2fs file?
There are numerous menus in Puppy that appear to respond to user input, but in the end achieve nothing. They have not been functional for years, if ever, and simply have never been removed or fixed.
otropogo@gmail.com facebook.com/otropogo
I've wondered about this lately myself. I always use the firewall wizard when configuring a new Puppy or using pfix=ram., but note that:
1. whether your use the "automatic" or the "default" method, the result seems to be the same
2. there's no indication whether it's actually running as promised by the displayed messages.
3. there's no indication of any method of turning it off, should you wish to use another firewall or no firewall at all. To believe the display, once configured and saved, it will start at bootup every time.
So I'm not sure what to believe now - is the firewall on by default or not? And can it be turned off once saved to the 2fs file?
There are numerous menus in Puppy that appear to respond to user input, but in the end achieve nothing. They have not been functional for years, if ever, and simply have never been removed or fixed.
1. whether your use the "automatic" or the "default" method, the result seems to be the same
2. there's no indication whether it's actually running as promised by the displayed messages.
3. there's no indication of any method of turning it off, should you wish to use another firewall or no firewall at all. To believe the display, once configured and saved, it will start at bootup every time.
So I'm not sure what to believe now - is the firewall on by default or not? And can it be turned off once saved to the 2fs file?
There are numerous menus in Puppy that appear to respond to user input, but in the end achieve nothing. They have not been functional for years, if ever, and simply have never been removed or fixed.
otropogo@gmail.com facebook.com/otropogo
This you can test in the urxvt, rxvt or console or terminal or CLI.
like this
iptables -L
if it says accept in all places then most likely it is not activated.
But more than than that I have no idea how to know how good it is.
But my experience is that if one don't activate it then it is active but of no use at all. It is active in the sense that it is there but it is allowing everything both in and out.
But if one run the set up then it activate the Drop things you can see there but I don't get what it means. Hopefully somebody explain it to us.
what tubby refers to is how you can detail every little thing it can change.
While the set up allow what I quoted. A preset by the developer
like this
you write# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
TRUSTED all -- anywhere anywhere state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
Chain TRUSTED (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
#
iptables -L
if it says accept in all places then most likely it is not activated.
But more than than that I have no idea how to know how good it is.
But my experience is that if one don't activate it then it is active but of no use at all. It is active in the sense that it is there but it is allowing everything both in and out.
But if one run the set up then it activate the Drop things you can see there but I don't get what it means. Hopefully somebody explain it to us.
what tubby refers to is how you can detail every little thing it can change.
While the set up allow what I quoted. A preset by the developer
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
thanks tubby, will have a look, but I doubt I'll understand enough to make changes. I'm used to Zonealarm.Take a peek in etc/rc.d/rc.firewall, open as text and see for yourself what you can alter.
thanks Nooby. PS. do you ever regret your pessimistic choice of username?This you can test in the urxvt, rxvt or console or terminal or CLI.
otropogo@gmail.com facebook.com/otropogo
Hahah, if you have a good suggestion do write me a PM and I will consider it.
Nooby is a crazy name but it is kind of very apt. I am like an eternal Newbie. Knowledge almost never get remembered due to my bad attention.
Should I call myself maybe Nobody?
Hmm
Promise to send me a PM with a good suggestion so nobody else take it.
Nooby is a crazy name but it is kind of very apt. I am like an eternal Newbie. Knowledge almost never get remembered due to my bad attention.
Should I call myself maybe Nobody?
Hmm
Promise to send me a PM with a good suggestion so nobody else take it.
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
You mean you'd consider changing your username? Is that even possible.?
I guess you'd still be recognizable by your avatar.
I could certainly make some suggestions. Send me a pm or e-mail and tell me more about yourself. I have the impression you're in Sweden or thereabouts.
Your claimed memory deficit doesn't sound plausible though. You're forever posting references, while I have trouble just remembering not to waste my time with the BBS search engine.
I guess you'd still be recognizable by your avatar.
I could certainly make some suggestions. Send me a pm or e-mail and tell me more about yourself. I have the impression you're in Sweden or thereabouts.
Your claimed memory deficit doesn't sound plausible though. You're forever posting references, while I have trouble just remembering not to waste my time with the BBS search engine.
otropogo@gmail.com facebook.com/otropogo
Somebody complained about me writing Europe. But I failed to find where to correct it.
The mods told me it is allowed to change username as long as one don't use such change for trolling or anything bad.
As you say my avatar would reveal me but most revealing is my writing style.
None else are as naive in their posting as me. Unfortunately for me I have no way to pretend to be somebody else. my body automatically write in my style even if I try to be like everybody else. Hopeless case.
The mods told me it is allowed to change username as long as one don't use such change for trolling or anything bad.
As you say my avatar would reveal me but most revealing is my writing style.
None else are as naive in their posting as me. Unfortunately for me I have no way to pretend to be somebody else. my body automatically write in my style even if I try to be like everybody else. Hopeless case.
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
It isn't possible for a user to change his own name (with the current settings), but an administrator can change a user's names upon request as long as there's a decent reason - e.g. the name offends somebody or brings up painful memories or makes people not take them seriously, etc., so they want to change it to something different.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Good to know.And then all of their posts would be reattributed to the new name, presumably.Pizzasgood wrote:It isn't possible for a user to change his own name (with the current settings), but an administrator can change a user's names upon request as long as there's a decent reason - e.g. the name offends somebody or brings up painful memories or makes people not take them seriously, etc., so they want to change it to something different.
Some forums are completely rigid on this point.
When registering for another online forum I made a typo and got myself registered as "otorpogo". I immediately contacted the admin about it and requested a correction. The answer was "absolutely not", no reason given.
So I've been stuck with it for years now.
otropogo@gmail.com facebook.com/otropogo
I trust Pizzasgood on this. I guess the Mods here felt so sorry for my poor choice of name that they allowed me on spot to change when I did mention it in Dec 2009 whatever.
Since then I have cooled down a bit on changing it.
Yes all old posts would be in the new name if I get it too.
Since then I have cooled down a bit on changing it.
Yes all old posts would be in the new name if I get it too.
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
@Nooby- you think you can't remember things? Fifty+ years ago, my maths lecturer used to come in, write for a couple of minutes in a corner of the blackboard, draw a box round it, and say "For the benefit of Mr (me), that's what we learnt last week." And then start his lecture. Things haven't improved....
gerry
gerry
Thanks Gerry.
Sometimes I wonder if not Nobody would be a good nick name to use.
or this one "Whatever". Or why not "Ignorius" or "When Will I Be Loved"
or ... I lack imagination to come up with something that really would work.
Heheheh, we have PuppyLuvr so maybe I should name myself
QuirkyTester but that sounds too demanding too. I am not tested. More of a
Quirky:MessMaker, QuirkyConfuser, ...
Sometimes I wonder if not Nobody would be a good nick name to use.
or this one "Whatever". Or why not "Ignorius" or "When Will I Be Loved"
or ... I lack imagination to come up with something that really would work.
Heheheh, we have PuppyLuvr so maybe I should name myself
QuirkyTester but that sounds too demanding too. I am not tested. More of a
Quirky:MessMaker, QuirkyConfuser, ...
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though