Steps for enhancing security I can take in Puppy 5.2?

For discussions about security.
Message
Author
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#21 Post by nooby »

CLAM01 thanks that was very interesting to read.
Sadly I am not really on that level but as far as I get it
that seems to be the way it does work.

That could also explain why some have decided to never have
a pupsave file. Them either remaster until them get a puppy that
works as them wanted and then never have to use a pupsave file again.

Them use sfs files to have flexibility of choices without needing
to load all of these at once. So them can load them on fly when needed.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#22 Post by Lobster »

CLAM01 thanks that was very interesting to read.
Have added it here to replace Nathans comments which were getting a little long in the tooth [so to speak] 8)
http://puppylinux.org/wikka/security

. . . there are new ways to strengthen security . . .
Yes you can compile a firewall for obsolete hardware
but even better for barely released hardware
Will your cluster of rotating firewalls have the power of Pi?
http://puppylinux.org/wikka/PARM

Expect some ultra security devices to emerge for RPi.
I may have to build a fire wail . . . :roll:
Basically this is a call out device for anyone trying to quantum hack
from another dimension . . . allowing them access
http://tmxxine.tumblr.com/post/11569525 ... algorithms
[My imaginary psychiatric team have been notified - virtual medication expected shortly . . .] :shock:
Last edited by Lobster on Thu 17 Nov 2011, 03:22, edited 1 time in total.
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#23 Post by CLAM01 »

Lobster,

Oh, No! I was just spraying thoughts around when I wrote the above explanation of puppy-root. Had I imagined it might become engraved in electronic stone I would have tried to organize myself, be coherent, write real sentences, try to maybe make better sense...

I will try to do that, as soon as I can get to it. When I manage to I will post you the organized version to put wherever it may be helpful.

User avatar
russoodle
Posts: 707
Joined: Fri 12 Sep 2008, 17:36
Location: Down-Under in South Oz

#24 Post by russoodle »

I wouldn't worry, Clam01.....seems perfectly articulate to me and an excellent, helpful explanation, thank you :)
[i][color=Green][size=92]The mud-elephant, wading thru the sea, leaves no tracks..[/size][/color][/i]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#25 Post by nooby »

CLAM01 I agree with Russ that it is rather easy to follow your thoughts.

But being as deep into Nooby Land as I am I still wonder about this:

When I am booting in frugal on NTFS hdd then that HDD also has a lot of
Win7 Registry and such. Okay them gave it another name. Anyway.

Most likely the intruder don't expect to find Puppy but either WinXP or WinVista or Win7 or soon Win8. or maybe Ubuntu or Linux Mint.

So what is most likely them do? Download a thing that key log what I write so them can get my login to the bank? Log in to email and forums and
that way them get to know as many password patterns as possible
that I make use of. Then them set up some kind of hidden things.

But as you point out. As soon as I shut down or reboot all that is lost
unless I do something that makes it go into pupsave?

But while I am active them have plenty of time to record every password that I use?


So if Puppy was not root then them had to use Sudo or Su or
some other trick to get into the computer?

How much more effective are that protection?

Now to something related. dpup5520 wants to build a puppy rescue
CD that is as hardened as possible so that could be worth lookin into.

Do a search for him and his puprescue
I use Google Search on Puppy Forum
not an ideal solution though

postfs1

#26 Post by postfs1 »

To reedit up to date.
Last edited by postfs1 on Mon 28 Mar 2016, 01:45, edited 1 time in total.

User avatar
str4y
Posts: 42
Joined: Mon 01 Aug 2011, 22:59
Location: No. California
Contact:

No hiding BT, sorry. But Transmission has encryption...

#27 Post by str4y »

DPUP5520 wrote:There is a way to easily encrypt and hide torrent transmissions, unfortunately you cannot do it with Transmission as far as I know however I intentionally left the bit-torrent client in PuppyCrypt unsecured in order to divert illegal intentions.
Um, not to discourage folks from coming up with Puppy versions, but I don't think I'll be adding yours to the longish list of ones I try out-- based on this logic you put forth re "order to divert illegal intentions".. I moreso concur with the sentiment of another post, whereby my default is to use encryption wherever possible. It's just a matter of principle-- entities just don't need to be sniffing my crap, though yes, it's all legal. (I really like the HTTPS-Everywhere campaign https://www.eff.org/https-everywhere , and am glad to see it catching on (Goog being the tipping point I suppose, but why do I want to connect securely to Goog when I don't trust them? I remember yelling at my Big Name stockbroker years ago, 'WTF is with the "Some Elements Unencrypted" on pageload??') It's especially key for me as I only have net access over public wifi's!
I haven't time to find/give all the links to discussions about how bittorrent is practically impossible to do anonymously (torproject.org somewhere, certainly), as I just happened upon this thread while searching for a newish release of Transmission.. but gave up after being long out of Spare Time whilst reading threads like this one. So here's a snap from my version 2.30b for which I had a .pet laying around. The encryption referred to is of the data between peers.. I don't think communication with the tracker is generally encrypted (depends on the tracker.. run Azureus for a dizzying array of config options) but absolutely, your IP is never hideable, and the MPAA or whoever can and does send well-paid posers out to build up their databases with whomever connects with them as peer. But please, elaborate on this "easily encrypt and hide".. especially the latter.

http://imageshack.us/photo/my-images/510/trans23.png

In this process, I'm reminded of never having succeeded in searching for a good blocklist source. Any ideas?

EDIT: image doesnt seem to work, trying it as a Url for you to click..

DPUP5520
Posts: 800
Joined: Wed 16 Feb 2011, 05:38

#28 Post by DPUP5520 »

str4y It matters not to me whether people test anything I put out or not, I do it for myself and share with others if they want to try it. Encryption doesn't really do anything for you at all anymore when it comes to most service providers due to methods that have come out to detect bit-torrent traffic even while encrypted plus it doesn't hide your IP address from the swarm.
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=69651][b][i]PupRescue 2.5[/i][/b][/url]
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=72178][b][i]Puppy Crypt 528[/i][/b][/url]

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#29 Post by CLAM01 »

nooby,
In puppy, since your puppy-root account is your user account what you have exposed to the internet is your user account only. Your pup-save file is your puppy-user "home" space. Anything that downloads and installs to your pup-save installs to your /home/user account. If something installs to your /mnt/home it installs outside of puppy. /mnt/home is the disk partition you run your puppy system in. If you run your puppy system in /sda1 (or sda2 if you have a manufacturer's partition first) where your MicroSoft system resides your MicroSoft system files are around your puppy folder (if you isolate your puppy system in its own folder) or around your puppy files (pup-save, puppy-sfs and z-sfs, or woof-build-number folder).

Normally nothing should download to, or install, to your /mnt/home, outside of your puppy ram/swap-system and your pup-save file. On regular HD frugal install puppy systems files land in, install in and add changes in your pup-save as you browse or work, so when your system saves at the end it only checks for loose ends, erases /tmp files and so forth. With SDHDs and flash-drive puppies the files hold in ram and modify your pup-save only periodically (like early linux systems normally did). Thus, it should be impossible for any more on your computer than your pup-save files to be messed with or messed up.

But do not count on this. Assume it should be so, but expect that someone may find a way to get around it. The "development" of intrusion techniques today is like the rabbit in the famous race story, with the tortoise being Moore's Law's development of chip power and speed. And we seem to be in a period right now when the intruder-rabbit is up and running.

The nearest there is to a 'su' or 'sudo', to get to a puppy's root is the update white and black (and sometimes pink and maybe other color) listing system. This system adds information to your pup-save. The information is mostly switch info. It is read at start-up, use A. before B, ignore C etc.

Until you remaster your puppy the not used and ignored remains in your pup-main-sfs. If you change your mind you can bring ones back, and, if you clear out your pup-save the original pup-main content files will be written into it. You will get rid of what you don't want, but you will have to re-customize, add again pets you had added, etc. You can get around doing all of this by setting your puppy up to suit yourself, saving it and before exposing it, copy all the files to a back-up file in your /mnt/home, or another partition. Then when you wipe your pup-save file's contents, if you think something might have been added, or become corrupted, you can copy your back-up files and start again mostly where you were.

You also want to put all your personal files in one or two over-all files in your pup-save root (puppy-root) file, so you can move those out to park in your /mnt/home (or another partition) before you wipe out your pup-save.

Theoretically your intrusion dangers should be less than with other systems. To lessen them more I recommend, rather than downloading to /root/spot or anywhere else, to set your browsers to download to /tmp, or a /tmp/downloads file you make in /tmp. You have to remember to move files you want from /tmp to other folders in before you shut down. Otherwise what you have downloaded will go with your shutting down.

Your most likely sources of infections in puppies are the builds, themselves. Things that may be included by a puppy or puplet builder, or may be in or get into files built in or built with. These include things you may have in your system when you remaster your puppy. Back-doors and remotely controllable programs are among things that can be installed as parts of systems. Monitoring systems, for instance, are everywhere. A common one is a test-ping for net connection, which pings computers a domain connected to the USA's CIA. All the system does, as far as I know, is ping, but every network card having a unique mac address, the system is an available for tracking, if such should be needed. Included in common net-connection programs, the system is incorporated in puppies.

Your next most likely source of infections is what is downloaded with what you download. Intruders seem to be making great progress in this area right now, working out new and better ways to get things into computers and working for them. Putting their own systems on your system appears to be easier than taking over your system, and, if they are in your system, it gives them access to all the files on your system. You don't need to crack passwords and install a rootkit if you can, instead, simply install your own little system and with it open the root files of the host computer's main system. I am chasing what appears to be a new one of these, that puppy seems to be susceptible to, right now.

As they say, you can't ever be too careful, and even being too careful doesn't always work.

User avatar
Ray MK
Posts: 774
Joined: Tue 05 Feb 2008, 09:10
Location: UK

#30 Post by Ray MK »

Hi

"You don't need to crack passwords and install a rootkit if you can, instead, simply install your own little system and with it open the root files of the host computer's main system. I am chasing what appears to be a new one of these, that puppy seems to be susceptible to, right now"

That sounds a little worrying - should we be concerned?

Do we know how to protect against such a method?

Surely Puppy's smallish size, must make it difficult to conceal something
undesireable in the download.

Would we have similar concerns when using Puppy on an Arm Processor?

My questions probably show my ignorance regarding these matters,
however it does beg the question - Are we safe?

Best regards - Ray
[b]Asus[/b] 701SD. 2gig ram. 8gb SSD. [b]IBM A21m[/b] laptop. 192mb ram. PIII Coppermine proc. [b]X60[/b] T2400 1.8Ghz proc. 2gig ram. 80gb hdd. [b]T41[/b] Pentium M 1400Mhz. 512mb ram.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#31 Post by Lobster »

should we be concerned
We should be interested.
Where I live there are crazy people, people with guns, gangs and a police station big enough to house the KGB.

Not everyone is out to get me.

Same with security. Just because Flash is a universal browser programming language or javascript or HTML5. does not mean having to use a Tor browser and wear garlic around my neck for vampires.

Vampires may exist but chances are not worth the cost in silver bullets.

I value the input of black, gray and white hat security experts and even the hat less.
I will also run as root. I will use a major browser and I will be safe.

Thanks guys
Be safe. Feel secure
Use Puppy
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#32 Post by nooby »

Clam thanks for all the know how in that post.
Sadly I am not on the level needed to implement
that know how. I wild guess that I get most of
what you say but not being savvy enough to set it up
in practice. One need to have a talent for to be organized.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
str4y
Posts: 42
Joined: Mon 01 Aug 2011, 22:59
Location: No. California
Contact:

#33 Post by str4y »

DPUP5520 wrote:str4y It matters not to me whether people test anything I put out or not, I do it for myself and share with others if they want to try it. Encryption doesn't really do anything for you at all anymore when it comes to most service providers due to methods that have come out to detect bit-torrent traffic even while encrypted plus it doesn't hide your IP address from the swarm.
I don't care what you don't care about-- I was simply trying to warn innocent people off your contributions because you aren't making any sense. What you just responded with doesnt fit with what I was responding to initially:

"There is a way to easily encrypt and hide torrent transmissions"

MAYBE YOU LEFT OUT A "no" IN THERE? Makes for a super confusing forum experience. Did you read my post fully? I mean, ok, i type 70wpm so I type more than most folks, but I'm just putting out thoughts completely for a more comprehensible reading experience. Sorrrrrryy!

Pay attention-- you just responded with a defensive tone that ~"gosh, it's impossible to be sneaky with bittorrent" when I just said the same freaking thing in the post you were responding to. And I still dont understand your original statement that set me off-- that disabling encryption on your distro is to "divert illegal intention"?? Quite nonsensical. We should all be pushing for strong encryption for all our communications, even when all the contents are legal (as in my case). Why would you argue against this?

Post Reply