Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 30 Oct 2014, 12:46
All times are UTC - 4
 Forum index » Off-Topic Area » Security
So you think Linux is safe?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Author Message
2byte

Joined: 09 Oct 2006
Posts: 357

PostPosted: Thu 27 Jun 2013, 11:22    Post_subject:  So you think Linux is safe?
Sub_title: Read this and despair
 

Special Report: U.S. cyberwar strategy stokes fear of blowback

http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510

Quote:
Reuters reviewed a product catalogue from one large contractor, which was made available on condition the vendor not be named. Scores of programs were listed. Among them was a means to turn any iPhone into a room-wide eavesdropping device. Another was a system for installing spyware on a printer or other device and moving that malware to a nearby computer via radio waves, even when the machines aren't connected to anything.
There were tools for getting access to computers or phones, tools for grabbing different categories of data, and tools for smuggling the information out again. There were versions of each for Windows, Apple and Linux machines.

_________________

Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 27 Jun 2013, 12:29    Post_subject:  

Good that you told us. We have to encourage the devs
to look into it and see if there is any way to improve Puppy
if it is vulnerable in same way or worse. Due to how different it is
maybe their general ways to approach standard Linux maybe their
script has not inclided Puppy on the other hand if we are number ten
most popular they include Puppy differences in the script.

If standard Linux do this.
If Puppy Linux ask for help from operator Smile

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3387
Location: Oregon

PostPosted: Fri 28 Jun 2013, 02:06    Post_subject:  

I recently visited a web site that downloaded a partial file to /tmp before I caught it.
It was an EXE file and I assume it was an attempt to infiltrate Windows.
I cannot remember the site. But the appearance of an unrequested file got to me.

Also, at a site called 4Shared, I tried to download a game tar.gz file.
The site wanted me to download and run a file downloader that happened to be an EXE file.

And when I did a search of their site for the game file name, I was told it did not exist!

So what has happened to you lately that you would consider suspicious?
Back to top
View user's profile Send_private_message 
Sylvander

Joined: 15 Dec 2008
Posts: 3472
Location: West Lothian, Scotland, UK

PostPosted: Fri 28 Jun 2013, 03:30    Post_subject:  

8-bit wrote:
So what has happened to you lately that you would consider suspicious?

See:
Was I hacked?
Back to top
View user's profile Send_private_message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Fri 28 Jun 2013, 04:08    Post_subject:  

Sylvander wrote:
8-bit wrote:
So what has happened to you lately that you would consider suspicious?

See:
Was I hacked?


Just remember that we're all on the network, so it's important to look, sound, and smell good at all times.
Back to top
View user's profile Send_private_message 
Sylvander

Joined: 15 Dec 2008
Posts: 3472
Location: West Lothian, Scotland, UK

PostPosted: Fri 28 Jun 2013, 04:46    Post_subject:  

jpeps wrote:
Just remember that we're all on the network, so it's important to look, sound, and smell good at all times.

Huh?! Confused
I don't understand.
Which network are we all on?
Back to top
View user's profile Send_private_message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Fri 28 Jun 2013, 10:32    Post_subject:  

Sylvander wrote:
jpeps wrote:
Just remember that we're all on the network, so it's important to look, sound, and smell good at all times.

Huh?! Confused
I don't understand.
Which network are we all on?


wireless

http://www.csmonitor.com/Science/2010/0520/Homeland-Security-wants-to-turn-your-cell-phone-into-a-smell-phone

Incidentally, this same chip is being developed for marketing data by tracking physiological responses.
Back to top
View user's profile Send_private_message 
linuxbear

Joined: 18 Apr 2009
Posts: 621
Location: Las Vegas, Nevada, USA

PostPosted: Fri 28 Jun 2013, 14:52    Post_subject:  

... might be true, but it is not that easy to get in my system. My router does not broadcast it's name and protected by a complex password.

my user account is protected by a complicated password
my important personal files are encrypted and my machines are turned off daily
Back to top
View user's profile Send_private_message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Tue 02 Jul 2013, 05:06    Post_subject:  

linuxbear wrote:
... might be true, but it is not that easy to get in my system. My router does not broadcast it's name and protected by a complex password.

my user account is protected by a complicated password
my important personal files are encrypted and my machines are turned off daily


LB wifi has 5 methods to broadcast identification. Disabling SSID is a waste of a cycle. Did you address the other 4?

Further, passwords cannot resist the efforts of a skilled attacker with good cracking tools. 12 digit passwords yield in seconds. It's almost trivial.
Back to top
View user's profile Send_private_message 
linuxbear

Joined: 18 Apr 2009
Posts: 621
Location: Las Vegas, Nevada, USA

PostPosted: Tue 02 Jul 2013, 15:02    Post_subject:  

I am aware that someone with good skills can get in. That's why everything important is encrypted and the machine is completely scrubbed with bleachbit at least 3 times a week.
Back to top
View user's profile Send_private_message 
Moose On The Loose


Joined: 24 Feb 2011
Posts: 529

PostPosted: Wed 03 Jul 2013, 11:05    Post_subject:  

8-bit wrote:

So what has happened to you lately that you would consider suspicious?


1) On a Windows-7 machine, I installed the latest updates by leaving it on with that process going for the night. The next morning, the machine ran really .... really .... slow and would not get on a network no matter what I tried. I rolled back to a restore point and it was back to normal. It makes me suspect someone has figured out how to pretend to be Microsoft.

2) I have had quite a few cases of seeing something like a picture with a link that said "something.jpg" or an audio file that says it is "something.wav" that in fact leads to a something.exe. I think that is above "suspicious" and more like "obviously"

3) A while back there was a "political add" that pretended to be a local news story. It qualifies as a mind virus but is worth mentioning because it showed a method. It used one of the IP to location services and some javascript to make it always dated yesterday and be from the (your town) Express. It contained links that it invited you to click on that it claimed where to the newspaper's site but in fact took you to a server run by the political group. The same method could be used to make it appear some local folks want you to click on the thing that put the virus on your computer.
Back to top
View user's profile Send_private_message 
redandwhitestripes

Joined: 02 Jan 2009
Posts: 124

PostPosted: Tue 16 Jul 2013, 08:36    Post_subject:  

[quote="Edwardo"]
linuxbear wrote:
...
Further, passwords cannot resist the efforts of a skilled attacker with good cracking tools. 12 digit passwords yield in seconds. It's almost trivial.


Not the full picture. You need to define "skilled attacker" and "good tools". Brute force attacks can be resisted with a password mixing case, numbers and punctuation.

In the same way anyone's property can be broken into with enough resources, I guess the same holds true for networks, but if you follow simple steps such as using a decent firewall, WPA2 encryption if possible and using strong passwords and up to date software, you have a good chance of holding out against most hackers IMHO.
Back to top
View user's profile Send_private_message 
wibble


Joined: 10 Jul 2013
Posts: 77

PostPosted: Tue 16 Jul 2013, 13:09    Post_subject:  

If someone with the skills and tools and time wants to then sure its possible. But consider how often that will happen... The probability unless you are a political dissident, or subject to a government or corporate investigation are pretty slim.

now improving security to prevent everyday exploits from script kiddies and mail-ware that makes a whole lot of sense. Linux is pretty secure as long as precautions are taken, firewall ect..

I would sweat more on a windows box to be honest. There is a lot more development of exploits for that platform just because of the shear amount of users.

If you think 12 character password strings are bad... IBM mainframes have a maximum length of 8... and also cannot contain spaces or special characters. So from a security point of view they are far more vulnerable platforms when connected to the Internet.

The really scary one for me is wireless, there are so many potential holes and exploits that are inbuilt into the standard. I would not trust it for my sensitive data. And once the 'Internet of things' takes off you will have an even larger problem.

That said I think as time goes on and Linux gets more acceptance there will be more tools and exploits developed for the platform - look at Zeus you don't even need to have a great deal of technical skill to use it.

However I really would like to be able to password the system, I noticed I could do that with attack puppy. would be nice to have that ability with precise.
Back to top
View user's profile Send_private_message 
Sky Aisling


Joined: 27 Jun 2009
Posts: 909
Location: Port Townsend, WA. USA

PostPosted: Thu 08 Aug 2013, 02:29    Post_subject: So you think Linux is safe?
Sub_title: Hand of Thief
 

“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux

http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/

Edited_time_total
Back to top
View user's profile Send_private_message 
Ibidem

Joined: 25 May 2010
Posts: 502
Location: State of Jefferson

PostPosted: Thu 08 Aug 2013, 02:55    Post_subject: Re: So you think Linux is safe?
Sub_title: Hand of Thief
 

Sky Aisling wrote:
http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/

https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/
Quote:
Secondly, since Linux is open source, vulnerabilities are patched relatively quickly by the community of users. Backing this up is the fact that there aren’t significant exploit packs targeting the platform. In fact, in a conversation with the malware’s sales agent, he himself suggested using email and social engineering as the infection vector.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1226s ][ Queries: 12 (0.0360s) ][ GZIP on ]