Paranoia for Beginners

For discussions about security.
Message
Author
User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#201 Post by Lobster »

NTSC = National Television System Committee?

:) I did not create that directory
or 'Go' or 'Let' or 'Me' and a few others (all empty)

So I should imagine I might actually have been hacked :roll:
The program was also added which would be a real first, creating directories not so much so.

Am I quacking in fear? Sadly no my paranoia is not developed sufficiently :roll:

What I think is far more likely is I inadvertently installed a pet that is expected to do this. Maybe unloaded it in the wrong place or it could be part of another package . . .
Should I be installing forensics? Honeypots? Separate firewall server?
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Dave_G
Posts: 453
Joined: Thu 21 Jul 2011, 13:53

#202 Post by Dave_G »

Lobster,

That is exactly why I asked you jokingly about watching American movies.
NTSC is the TV standard of the USA (amongst others) whilst that of
most of Western Europe is PAL with France being the exception using SECAM.
Ex-soviet states of eastern Europe also still use SECAM (I think).

You say you didn't create the NTSC directory, so unless you installed a pet
that was for video editing/recording/transcoding/watching and created that dir, what other
explanation is there for it?

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#203 Post by Lobster »

what other
explanation is there for it?
tsk tsk
Have you lost all sense of fear and potential interference from 'them'? :roll:
(Govt, hackers from other dimensions, script kiddies, puppy's with rabies, commercial scan bots, the penguin viruses etc . . .) :wink:
Talking of viruses
installed and running this avast virus scanner in Slacko beta 4
http://bkhome.org/blog/?viewDetailed=02494
That should keep the CPU and paranoia ticking over nicely
opted for thorough scan of e v e r y t h i n g
Last edited by Lobster on Sat 24 Sep 2011, 14:04, edited 1 time in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#204 Post by Lobster »

It must be worse than I thought . . . :shock:

Avast found several PHP viruses on my HD (used as a backup)
These were specific to Wordpress and have to run on a server I shouuld imagine.
The viri were PHP Agent-BD -[TH]

Then Avast locked up my computer. Could it have been attacked by a virus?
Enclosed is my frozen screen. :roll:

Given Avast another HD to feed its virus hunting skills.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Dave_G
Posts: 453
Joined: Thu 21 Jul 2011, 13:53

#205 Post by Dave_G »

Lobster,

Are you sure that those php scripts really are "nasties"?
Avast and others often report false positives.

Dave.

Remember, just because you can't see them, it don't mean they aren't after you. :wink:

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#206 Post by nooby »

Lobster, Dave are right. Some or all AV software has at least one or two "false positives" them point out snippets of code that may be examples that somebody has put in to make a point or something. Some joke even.

But I wonder about this one:
Talking of viruses
installed and running this avast virus scanner in Slacko beta 4
http://bkhome.org/blog/?viewDetailed=02494
So is that one then better than the xf-prot that also can be run from Lupu-528?

I mean if I now install Barry's version of Avast would that one not find the build in signatures for Xf-prot and bark loud and even lock the computer or destroy the xf-prot?

Should I uninstall the xf-prot first?

8-bit says
I had read a review of linux antivirus packages and fprot failed to find viruses that Avast found so I installed Avast.
Lobster Barry gave you advice to cut out /sys however one do such things.

I wonder if not all of this is way over my poor head?

So first I uninstall xf-prot and then I install the pet that Barry made.
Then change things like he describe there from that facebook thing?
Hm I barely get what he write.

Should we not have a simple to follow thing on this.
Avast wants my email address for to give a code so it start working?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Dave_G
Posts: 453
Joined: Thu 21 Jul 2011, 13:53

#207 Post by Dave_G »

Lobster,

Keep in mind that AV pgms are not perfect.
Often they see code that could be a risk and flag it.
The fact that ir could be a risk does not mean that it is.

A few years back I made a wget type app for win machines
and many AV pgms marked my pgm as a trojan downloader
simply because I was statically linking to the API call URLDownloadToFileA
which of course is very often used in real trojans.

All I had to do is first get the ProcAdress of the function in the DLL
then load it using LoadLibraryA and it got right past the AV pgm.

I know this is for win32, put the point I'm trying to make is that AV pgms
often flag code as a threat which is not always the case and at the same time
don't properly check for workarounds and stuff can get thru if that
was the writers intention.
The same will apply to Linux.

Dave.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#208 Post by Lobster »

Guys,
Yes I should think the PHP really are viruses/trojans/malware scripts because this is a backup of server material that I know has been compromised.

Some false positives - yes, there is one
EICAR Standard AntiVirus Test File that is in an f-prot file - that is a 'pretend virus' - again a back up . . .

In the preferences of Avast
you just add /sys and /proc
as exclusions - OK done that, running again . . .

I have Nandows 7 (or some such jinx food operating system) on a partition and that is probably infected :cry:
- barely used Nandows 7. Will now just delete.
You know how I think MS Nandows became infected?
Downloaded bit torrents were saved to an NTFS drive
by Puppy - included in the download were malware products designed to go into Windows directories. Oh boy.

So basically the php could run on a linux server and those backups were already compromised - I know that. The eicar is a test. The Windows partition is infected, either that or it slowed down and started behaving strangely just for fun . . .

As a side issue . . . my sister brought her new
Windows 7 powered Asus laptop along.
Somehow Norton virus checker was on there, offering to scan
She hates Norton as it created a year of problems for her
Like a virus it had installed itself and aggressively demanded to scan
Removing it was an exercise in getting her not to strangle the computer
How was it, this had appeared on the desktop without warning or agreement . . . (it was probably a 'free' offer)?
http://puppylinux.org/wikka/VirusScam
Slowly people begin to understand why we use Linux . . .

Puppy is fine. Virus checking continues. Still not scared. What am I doing wrong? 8)
Last edited by Lobster on Thu 29 Sep 2011, 07:21, edited 1 time in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#209 Post by Lobster »

OK guys

Deleted the Winedows 7 contagion - removed from its partition
Did a 'standard' rather than 'thorough' Avast scan (Avast did not crash this time).
Need something new to worry about?
How about a neutrino powered virus from an entangled parallel universe? Perhaps based on the public domain descendant of Stuxnet type viruses?
However hacking computers is so yesterday. How do we influence the machine we are?

Does not bear thinking about? :roll:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#210 Post by Lobster »

How much does it cost to be an elite cracker? $600 for a wifi cracking drone . . .

Look to the skies :roll:
http://www.dailytech.com/Flying+Drones+ ... e22701.htm
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#211 Post by Lobster »

Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#212 Post by Sylvander »

Is it possible/easy to make encrypted calls using Puppy Phone?

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#213 Post by Lobster »

Encrypted calls are coming

. . . meanwhile how many of these tests have you done?
http://article.gmane.org/gmane.linux.kernel/1197924

(that should keep the tin hats happy for a while . . . )
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#214 Post by Lobster »

http://techcrunch.com/2011/10/13/no-nee ... r-citizen/

The UK has more cameras than anywhere. Personally I look forward to open circuit TV access and the ability to monitor suspicious proprietary software engineers and others up to no good . . . :wink:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#215 Post by nooby »

As a continues noob status guy sorry bad grammar there.
I wonder about something that happens almost every day and
several times every day.

I like old mechanical things with no batteries in them.
Clocks that you wind up and them being totally mechanical
no battery warns down and need to be replaced.

So I look for such at Ebay and similar places in my own language.

Take this one from Old Russia? Anlida Alarm Clock.
http://www.ebay.com/itm/ws/eBayISAPI.dl ... 0907058794

When I save the main picture of that one
then it say a script is still running.
Should I stop it or let it continue?
I have no idea what is safest thing to do.

Usually if one don't let it continue and
actually stop it then it does not save.


Now was that a download of a Trojan or Key Spy program on my computer?
What other purpose could such "scrips" have? Where do them end up?

Should I start a new thread about this one? It maybe derail this thread or drown in all the other themes we have here?
Last edited by nooby on Tue 18 Oct 2011, 06:08, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

DPUP5520
Posts: 800
Joined: Wed 16 Feb 2011, 05:38

#216 Post by DPUP5520 »

sorry I haven't read through this whole thread but nooby you can easily encrypt different types of communication such as Skype and Ekiga connections, don't know much about the Puppy Voip client though.
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=69651][b][i]PupRescue 2.5[/i][/b][/url]
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=72178][b][i]Puppy Crypt 528[/i][/b][/url]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#217 Post by nooby »

Encryption is a red herring. Them prepare laws that say that if you encrypt
your messages then the authorities have to be given the keys to it.

Now European Union may accept the law or not but you can be sure of
that if you encrypt your communication then the authorities in Sweden
will see you as someone them need to look into seriously.

Why else would you need such desperate measures them would reason.

That is at least what I have gathered through the years how them think.
I use Google Search on Puppy Forum
not an ideal solution though

DPUP5520
Posts: 800
Joined: Wed 16 Feb 2011, 05:38

#218 Post by DPUP5520 »

nooby wrote:Encryption is a red herring. Them prepare laws that say that if you encrypt
your messages then the authorities have to be given the keys to it.

Now European Union may accept the law or not but you can be sure of
that if you encrypt your communication then the authorities in Sweden
will see you as someone them need to look into seriously.

Why else would you need such desperate measures them would reason.

That is at least what I have gathered through the years how them think.
That's kind of funny considering that Sweden is one of the only countries that has refused to hand over IP addresses to the U.S. government of people using their proxy servers. On the other hand as I said before in another thread not just relying on proxy servers for things like email such as pgp keys or other encryption methods more or less prevents most snooping unless they want to spend months decrypting an email to my wife telling her i need her to buy me some more spices at the commissary before I get home to cook on the grill.
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=69651][b][i]PupRescue 2.5[/i][/b][/url]
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=72178][b][i]Puppy Crypt 528[/i][/b][/url]

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#219 Post by Barkin »

nooby wrote:Encryption is a red herring. Them prepare laws that say that if you encrypt
your messages then the authorities have to be given the keys to it.
In the UK If you don't give the police the key when they ask you can be fined and/or jailed ...
http://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/

e.g. in the UK you could be jailed for not being able to remember a password to encrypted data :shock:

DPUP5520
Posts: 800
Joined: Wed 16 Feb 2011, 05:38

#220 Post by DPUP5520 »

Here in the U.S. they need a warrant for something like that, and well if I just so happen to lose my encryption key cause well I accidentally deleted/lost it well then that's just too bad, one great thing to use for that is one time pads. I'll have alot of these different encryption techniques/programs built into Puppy Crypt when I finally get around to getting out a beta sometime over the weekend hopefully.
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=69651][b][i]PupRescue 2.5[/i][/b][/url]
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=72178][b][i]Puppy Crypt 528[/i][/b][/url]

Post Reply