Paranoia for Beginners

For discussions about security.
Post Reply
Message
Author
User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#121 Post by Lobster »

For those not adopting the 'back to modem' or 'always off' internet connection
methodology, here is how flash, available in Puppy and PDF,
also available, is the new point of attack . . .

http://www.anewmorning.com/2011/02/17/a ... fographic/

Frets, threats and solutions to the usual drop point . . .

Puppy Linux
Securing your PC
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#122 Post by Lobster »

Polygraph Technician: This is a control question, a riddle really. How would you say would be the easiest way to take a weapon away from a Grammaton Cleric?
Brandt: [speaks into Preston's ear] You ask him for it.
That is from the film 'Equilibrium' with its outrageous but fun Gun-Fu

Let us apply it to the current time . . .
Them - How do you find out what people are doing and thinking?
Puppy Whisper - You ask them.


Simple really. Facebook rises. Is insecure. Job done.
The new generation shares and blogs without privacy concerns.
Transparency is the new norm. Are you raising suspicion by not having a social network account? :roll:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#123 Post by Lobster »

bacofoil = proprietary tinfoil used by tin hats

I am a great believer in preemtive paranoia.
Get them before they are after you. :)

Of course I am not crazy enough to implement this system which
I call the 'triple dorje' but the idea may be sound:

This is the system I would implement if I ran out of bacofoil.
Requires 3 computers. Each connected to the router, each secure.
Maybe it could be done with Virtual Box.
I would then swap between the three computers, perhaps generating spurious
noise from two machines . . .
Yeah too crazy - I know . . . :roll:

But maybe it is possible to write a macro that simulates
usage, whilst implementing an underlying 'world domination communication' node . . .

This week we got line crackle and had to have a new line installed to the telegraph poles (still used in parts of London) This carries both the telephone line and broadband. Our old line was about 30 years old and exposed to the elements and had corroded. It all sounded very plausible. Probably because it was.
Come to think of it we are one of the few streets that does not have cable. Why? Must find more bacofoil whilst I contemplate the answer . . . :wink:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#124 Post by Lobster »

Being truly paranoid one has to worry about operating systems one is not even running

This on security breach on Android OS
http://techcrunch.com/2011/03/05/androi ... -response/

Eventually I intend to be running Android or its descendent as a brain implant,
so am a little concerned at the remote kill precedent - a good thing for now . . .

Puppy Linux
Organically based
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#125 Post by Lobster »

Electromagnetic pulses can fry our electronics temporarily.
A multisession Puppy can get us up and running again
with our data intact.
Would hard drives and solid state devices survive?
http://www.puppylinux.com/multi-puppy.htm
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#126 Post by Lobster »

Something for you to worry about:
http://www.darkreading.com/vulnerabilit ... DR_APP_SEC

I quite like the sound of drive by malware.
Does this mean hackers in cars checking out the wifi connections?
I do occasionally run my eeepc from wifi and now have another wifi connected PC,
with which yesterday. I turned the firewall off.
Tsk tsk - so reckless . . .
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#127 Post by Lobster »

I know most paranoids are too fearful to trust the excellent Lastpass
http://lastpass.com/

so here is how to implement a secure password,
http://www.columnfivemedia.com/wp-conte ... SSWORD.png

that should keep you happy in between tinfoil origami classes :wink:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
abushcrafter
Posts: 1418
Joined: Fri 30 Oct 2009, 16:57
Location: England
Contact:

#128 Post by abushcrafter »

Lobster wrote:Being truly paranoid one has to worry about operating systems one is not even running

This on security breach on Android OS
http://techcrunch.com/2011/03/05/androi ... -response/

Eventually I intend to be running Android or its descendent as a brain implant,
so am a little concerned at the remote kill precedent - a good thing for now . . .

Puppy Linux
Organically based
:lol:
[url=http://www.adobe.com/flashplatform/]adobe flash is rubbish![/url]
My Quote:"Humans are stupid, though some are clever but stupid." http://www.dependent.de/media/audio/mp3/System_Syn_Heres_to_You.zip http://www.systemsyn.com/

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#129 Post by Lobster »

Was amused by this, which I think explores our ability to live in fantasy paranoia's of our own construction . . .
http://www.murga-linux.com/puppy/viewto ... 624#517624

Barry seems to be playing with new ideas . . .
http://bkhome.org/blog/?viewDetailed=02239

Once upon a time (and this is a true story)
I used Windows XP.
I tended to use my computer, installing much freeware
and all kinds of dubious freebies.

I had virus protectors that would report each other as viruses
(Now now boys)
I had ad blockers that were being targeted by the malwarians.

Security was impossible
and the whole edifice collapsed

Fortunately I was also able to boot from Knoppix installed Debian
and had been learning about Linux by lurking on the Simple forum of a little known Puppy Linux.

So whilst repairing my familiar system I started to make more use
of these penguin wares.

Being weaned into fear by Redmond I was amazed that
Linux users took risks that I did not even contemplate.

They installed software from complete strangers without scanning
for malware
They connected to IRC
They ran without firewalls - well Puppy did.
They felt safe. 8)

Eventually my attitude began to change
When you can set up a running OS in 3 minutes (that was my time for setting up a new Puppy in those early days)
what did it matter if anything suspicious happened?

As soon as packages were available I would try them
I was prepared to be 'hacked', compromised etc . . .
Never happened.

Eventually the Whining Windows were closed.

I now know were the risks are
They are in the browser, social networks and Cloud infrastructure
being imposed by 'security experts'
- possibly on secondment at Sony . . .

Even Sony can not keep our data secure - aren't they the company using root kits as a 'feature'?
http://www.guardian.co.uk/technology/ga ... -hack-sony

Puppy is your best friend
Be happy
Last edited by Lobster on Thu 05 May 2011, 09:05, edited 1 time in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#130 Post by Lobster »

Malicious programmers focus on smartphones, tablets
http://www.physorg.com/news/2011-05-mal ... blets.html
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#131 Post by Lobster »

Sometimes (it is a wrench but it has to be done)
I leave my computer :shock:

During these returns to reality
I wonder if my computer has been secretly conspiring with the
hordes of non-existent root hunting bot nets out to demolish
my penguin ways . . .

A thought and question:
If I press ctrl + alt + backspace before leaving cyber world
(and then type 'xwin' on my return)
am I any safer? 8)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#132 Post by Aitch »

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
DVWA is available either as a package that will run on your own web server or as a Live CD
http://www.randomstorm.com/dvwa-security-tool.php

or, if you're really serious,.....

http://www.youtube.com/watch?v=76y9gTE1 ... ature=fvwp

There's something to try vulnerabilities with and test security!

Aitch :)


nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#134 Post by nooby »

Blue screen of Death and Black screen of death and now this Java White Screen of death.

When do we get a proper Chrome Shining Armor screen of Death :)

okay back on topic. How do I know if my puppie use that kind of vulenrable Java. Is there not two versions of java. Sun has one of them and the other are ???
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#135 Post by Lobster »

:)

Most Puppys do not use java
http://www.javatester.org/version.html

Also no mention of the java malware running on Linux.
Maybe if you try really hard you could get it running in Wine . . .

Maybe if you are really good you can worry about this bad bunny
http://www.sophos.com/en-us/press-offic ... bunny.aspx
8)

I wonder if LibreOffice has made that bad buny redundant? :wink:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#136 Post by Aitch »

Cross OS java botnet is not the only one that'll catch a lot of people out

Skype for MAC is the latest, and the nasties 'could' transfer to any connected user, or online contact!

http://www.net-security.org/secworld.php?id=10992

Aitch :)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#137 Post by nooby »

Doesn't some Dev program need java? Maybe it was the Android dev program in Wine that needed java or was it some music program. I do remember somebody told me I needed java? Not sure though.-
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#138 Post by Aitch »

I only use it because I'm on ebay a lot :wink:

However, I do find it helps rendering speeds with some sites - other than that....can't say I use it for anything else that I'm aware of...

Aitch :)

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#139 Post by Lobster »

Just tried this as suggested by szzindian
http://ip-check.info/?lang=en

My tin foil hat is not gonna save me :cry:

this might be a solution? :)
http://anonymous-proxy-servers.net/
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#140 Post by Aitch »

Lobster/others

If you're a FF user also try these https addons

https://www.eff.org/https-everywhere
HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
https://addons.mozilla.org/en-US/firefo ... ch-plugin/
DuckDuckGo now operates a Tor exit enclave
http://www.gabrielweinberg.com/blog/201 ... clave.html

Else try Sandfox

http://igurublog.wordpress.com/download ... t-sandfox/
Sandfox runs programs within sandboxes which limit the programs’ access to only the folders you specify. Programs and their child processes, like Firefox plugins, Flash, and Java, are only able to access files within the sandbox. Sandfox supports the use of custom profiles which determine what folders and files are included in each program’s sandbox, and includes default profiles for Firefox, Skype, and Google-Earth. Sandfox can create separate sandboxes for each program, or can run multiple programs in one sandbox. Programs are run in a chroot jail as a normal user, providing a substantial level of security. Sandfox is designed to be very easy to use. It handles the details for you while still giving you the ability to construct custom sandboxes easily.
Aitch :)

Post Reply