hecking around.... means making vast changes with scant regard for ones own safety. If in doubt use hacking instead.
After all computer usage can be 'risky' and 'dangerous' just like hang gliding and bomb defusing.
mike
How secure is Puppy?
greengeek wrote:And before anyone starts telling me that the autism/mercury link has been disproven - do more research and look at it with an open mind.
http://en.wikipedia.org/wiki/Thiomersal_controversy#Scientific_consensuswikipedia.org/Thiomersal_controversy wrote:Further evidence of the scientific consensus includes the rejection of a causal link between thiomersal and autism by multiple national and international scientific and medical bodies including the American Medical Association, the American Academy of Pediatrics, the American College of Medical Toxicology, the Canadian Paediatric Society, the U.S. National Academy of Sciences, the Food and Drug Administration, Centers for Disease Control and Prevention, the World Health Organization, the Public Health Agency of Canada, and the European Medicines Agency.
A 2011 journal article reflects this point of view and described the vaccine-autism connection as "the most damaging medical hoax of the last 100 years".
http://whatstheharm.net/vaccinedenial.htmlwhatstheharm.net/vaccinedenial wrote:Influenced by those who believe childhood vaccines might cause autism, Katie's mother felt extreme guilt over vaccinating the autistic child. This led to a depression, and the death of the child at her mother's hands. Read more & more
hmm only cases of polio are from the vaccine?
witnessed onset of temperature fits after the measles vaccine and with that one the odds of having a bad reaction to the vaccine are about the same as that of having a bad reaction to the disease itself.
The point really is about blindly carrying on doing something just because it was ok to do so at some point...every habitual action should be scrutinised occasionally.....like christmas and changing clocks twice a year.
mike
witnessed onset of temperature fits after the measles vaccine and with that one the odds of having a bad reaction to the vaccine are about the same as that of having a bad reaction to the disease itself.
The point really is about blindly carrying on doing something just because it was ok to do so at some point...every habitual action should be scrutinised occasionally.....like christmas and changing clocks twice a year.
mike
-
darry1966
Ah no I really wouldn't know where to start I'll leave that skillful people.mikeb wrote:Oh you should.... hecking around th eregistry is fun...its amazing what can be done in there.
Hacking windows generally...I got a 17GB install of 7 down to under 4. One bonus of windows is millions of users which means a huge pool of smart people contributing improvements and fixes to microsofts bunnies and then a massive pool of funky software to run on it. Non of this waiting for some demi-god to approve some minor adjustment.
mike
-
bark_bark_bark
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
various tools ... one removed uneeded fonts (they are huge), a mass clean up of updates, a tool that restored/made hard links that get lost along the way, junkware, ....so a mixture of stuff...just looked at what was taking up space and googled for any info related to dealing with it.
Anyway this is way of topic and we are not in the off topic area.
mike
ps though the original protagonist(s) seem to have left the building.
Guess we are toooo insecure...
Anyway this is way of topic and we are not in the off topic area.
mike
ps though the original protagonist(s) seem to have left the building.
Guess we are toooo insecure...
Hi folks, I've been a windows xp refugee for the last 6 months or so & don't have much experience, but I have been trying to follow the "best practices" as mentioned on the wiki & some guidelines from here. It's worked out pretty well for me, I'm pretty happy.
At work yesterday we were dealing with a Win32/Sality variant & it got onto some of our windows 7 machines, including the one at my desk. I have been using a Slacko live cd & other times a live usb at home, and I take them to work & reboot with them if I'm going to do any banking or anything. I was a little concerned about the usb drive. I try not to mount it, just in case. Yea, it was fine.
Six months since starting to use Puppy, so far so good. For what it's worth.
At work yesterday we were dealing with a Win32/Sality variant & it got onto some of our windows 7 machines, including the one at my desk. I have been using a Slacko live cd & other times a live usb at home, and I take them to work & reboot with them if I'm going to do any banking or anything. I was a little concerned about the usb drive. I try not to mount it, just in case. Yea, it was fine.
Six months since starting to use Puppy, so far so good. For what it's worth.
Yea, could be. Me, I'm just a new guy & don't know much, but I'm trying to be careful and learn.
This afternoon this was all on my mind a lot & I thought well let's find out what happens if I throw caution to the wind. Now keep in mind, this isn't a 'I'm being hacked my some nefarious baddie' situation, it's just an ordinary office virus situation. But. I quizzed my IT people about how it was going, what it was doing. It turned out that if you were running a Windows os & had the seed autorun.inf file on your harddrive somewhere, if you mounted any other drive, the autorun would jump to that new drive. Then when you reboot, the autorun on your harddrive would dump its payload of a lot of other files, increasing with every reboot.
Okay. So I know my local machine is infected with the autorun and at least 29 other files spawned from it. And the network is potentially unsafe too. I shut off my machine at work. Plug in my usb Puppy, and boot up with it. I don't mount my usb drive. I mount the hard drive of this work machine. Can I see the autorun.inf? Yep. Right there. Did I delete it? No. I mount my usb. I wait a minute or two. Look again. Is anything hidden making its way onto the usb? Not that I can see.
So I shut down, take my bootable usb out. Reboot into windows 7 from hard drive that I know is infected. After boot up, I plug the usb back in. Now I know what to expect, because the IT guys told me that yes, it has been propagated onto a couple of our linux & unix platforms by people in windows who went to look at those platforms & mounted those drives. The platforms weren't 'infected' so much as they were just transmitting something someone else 'could' be infected by. I remember a little about reading something about this, so I'm curious what'll happen. I'm booted into windows, I see it recognizes my usb as a removable drive. Now I know, I'm asking for trouble. I look. Are there any unfamiliar files? No. Not yet. I spend all day doing work, the usual work. Mounting network drives here and there, using files, deleting files, leaving my mounted usb open to the network and the internet - exactly *not* best practice.. At the end of the day I look with windows explorer into my mounted usb. Is autorun.inf containing the payload sitting in there? Yep, it sure is. Did it replicate or dump payload in any way? No.
I shut down & go home. I boot up Puppy from the usb with the virus seed on it, on this laptop with no hard drive. The little autorun.inf seed is still there. I open it as text to make sure it's what I think it is, and when I see it is, I close it & delete it. I load and run Clam & then Avast. No problem. I look around in the file structure. Seems alright. I shut down (no save file) & take it to my other machine with xp still on it & run windows malicious software removal tool (which was the only thing that caught our virus presence at work, humorously) ... nothing. Right now, I'm feeling pretty ok. This little pup is cleaner than my machine at work. If the worst came to the worst, I can just boot from cd & reformat the entire usb from that, then add my favorite .pets & scripts & I know where they all are. Folks here can talk about a lot of things I don't understand, so this is just my own experience. But so far - no big deal.
By the way, I really like that challenge of putting a machine out there for people to try to mess with. I have a laptop here I'd put up to that challenge. It's fan just died a bit ago & I should replace it before all that, but it'd be fun to see what happens.
This afternoon this was all on my mind a lot & I thought well let's find out what happens if I throw caution to the wind. Now keep in mind, this isn't a 'I'm being hacked my some nefarious baddie' situation, it's just an ordinary office virus situation. But. I quizzed my IT people about how it was going, what it was doing. It turned out that if you were running a Windows os & had the seed autorun.inf file on your harddrive somewhere, if you mounted any other drive, the autorun would jump to that new drive. Then when you reboot, the autorun on your harddrive would dump its payload of a lot of other files, increasing with every reboot.
Okay. So I know my local machine is infected with the autorun and at least 29 other files spawned from it. And the network is potentially unsafe too. I shut off my machine at work. Plug in my usb Puppy, and boot up with it. I don't mount my usb drive. I mount the hard drive of this work machine. Can I see the autorun.inf? Yep. Right there. Did I delete it? No. I mount my usb. I wait a minute or two. Look again. Is anything hidden making its way onto the usb? Not that I can see.
So I shut down, take my bootable usb out. Reboot into windows 7 from hard drive that I know is infected. After boot up, I plug the usb back in. Now I know what to expect, because the IT guys told me that yes, it has been propagated onto a couple of our linux & unix platforms by people in windows who went to look at those platforms & mounted those drives. The platforms weren't 'infected' so much as they were just transmitting something someone else 'could' be infected by. I remember a little about reading something about this, so I'm curious what'll happen. I'm booted into windows, I see it recognizes my usb as a removable drive. Now I know, I'm asking for trouble. I look. Are there any unfamiliar files? No. Not yet. I spend all day doing work, the usual work. Mounting network drives here and there, using files, deleting files, leaving my mounted usb open to the network and the internet - exactly *not* best practice.. At the end of the day I look with windows explorer into my mounted usb. Is autorun.inf containing the payload sitting in there? Yep, it sure is. Did it replicate or dump payload in any way? No.
I shut down & go home. I boot up Puppy from the usb with the virus seed on it, on this laptop with no hard drive. The little autorun.inf seed is still there. I open it as text to make sure it's what I think it is, and when I see it is, I close it & delete it. I load and run Clam & then Avast. No problem. I look around in the file structure. Seems alright. I shut down (no save file) & take it to my other machine with xp still on it & run windows malicious software removal tool (which was the only thing that caught our virus presence at work, humorously) ... nothing. Right now, I'm feeling pretty ok. This little pup is cleaner than my machine at work. If the worst came to the worst, I can just boot from cd & reformat the entire usb from that, then add my favorite .pets & scripts & I know where they all are. Folks here can talk about a lot of things I don't understand, so this is just my own experience. But so far - no big deal.
By the way, I really like that challenge of putting a machine out there for people to try to mess with. I have a laptop here I'd put up to that challenge. It's fan just died a bit ago & I should replace it before all that, but it'd be fun to see what happens.
Oh yes I forgot that business where Windows is set to try and run anything it finds on removable media...another amazingly stupid idea from the security masters of redmond.
I can imagine the scene in a MS meeting..'Hey guys I got this great idea.......'
Never let businessmen and salesmen even try to be engineers....
By the way like other security holes its possible to fix it.... settings and/or a small registry change closes that hole...
Hmm I wonder if rox's single click approach could be classed as insecure..I have accidentally run stuff on several occasions... changed to double click in the end for consistency with other systems and to avoid family confusion.
mike
I can imagine the scene in a MS meeting..'Hey guys I got this great idea.......'
Never let businessmen and salesmen even try to be engineers....
By the way like other security holes its possible to fix it.... settings and/or a small registry change closes that hole...
Hmm I wonder if rox's single click approach could be classed as insecure..I have accidentally run stuff on several occasions... changed to double click in the end for consistency with other systems and to avoid family confusion.
mike
Not sure it's called geolocation, but yes, you're right, micko did really put a switch in. But let's not take it as an act of generosity - it is not. As a matter of fact, it makes things much, much worse. What was previously hidden as a crappy, little secret (and for a good reason), now has become an embarrassment for Puppy Linux and the community. An ugly genital wart exposed for everyone to see. It doesn't change the fact, that an innocent novice user is being ambushed, trapped, hoodwinked into an web connection of which he has no knowledge. It might take him years before he becomes aware of it and learns how to use the switch.Smithy wrote:Well if geolocation data is considered so, then yes it could be. But micko put a switch in, and others remove the line out of firewall state and pup control panel.
But the Seven Poster was suggesting that puppy linux could be used as a zombie to attack, possibly without the user's knowledge
I must have missed that part, but I did notice, some of his comments were impolite and rude. Something that goes in stark contrast with the spirit of this forum. Hopefully, it was a bad choice of words, not an intent to be rude. On the other hand, to quote Oscar Wilde: "A true gentleman never hurts unintentionally."
Between ourselves, I too tend to think, we *are* complacent about the above, particular feature. It's been tolerated for too long. What needs to be done to get the crap out of Puppy/Woof? Putting in switches, as folks in your country love to say is like putting lipstick on a pig.And poster also considered that Puppy Linux users are a bit complacent about these things.
Well that is not the case, all the bits and the brains are here on the forum to get a fairly robust system that doesn't get in the way.
Nice. Makes sense.autorun.inf files are not executed
Yea I think here we used to have - what's it called, plug-n-play? - disabled, not sure what happened. Rox seems ok for me, it's unfamiliarity helped me be careful. Oh and I should say - I wouldn't suggest to just do what I did. Here, the guys were sitting right next to me all afternoon, fixing one bit of stuff after another. We were keeping each other updated and grumbling all afternoon.Oh yes I forgot that business where Windows is set to try and run anything it finds on removable media
You are a true Gentleman Anikin.
And I appreciate that you were very annoyed about the ican fiasco.
And your input is vital about flags and any other stuff.
But you still use Puppy I guess? Hope you do.
Anyways after ripping out that bit, putting in no script, bark bark bark's xpi specials tips (ask him) and a few firewall presets that won't even let you get on the internet if you go to extremes, what's left?
The rest of the internet and other weak systems I would say.
I would hazard a guess the billion or so password harvests didn't come from Puppy.
Mike B, have you managed to grab that text file from Garibielli's computer yet?
And yes, it is always a bit daft when an erroneous click brings up three (or more) instances of the same program. Just a quirk, liveable.
Back to the Question. How secure is Puppy?
And I appreciate that you were very annoyed about the ican fiasco.
And your input is vital about flags and any other stuff.
But you still use Puppy I guess? Hope you do.
Anyways after ripping out that bit, putting in no script, bark bark bark's xpi specials tips (ask him) and a few firewall presets that won't even let you get on the internet if you go to extremes, what's left?
The rest of the internet and other weak systems I would say.
I would hazard a guess the billion or so password harvests didn't come from Puppy.
Mike B, have you managed to grab that text file from Garibielli's computer yet?
And yes, it is always a bit daft when an erroneous click brings up three (or more) instances of the same program. Just a quirk, liveable.
Back to the Question. How secure is Puppy?
Last edited by Smithy on Thu 21 Aug 2014, 21:31, edited 1 time in total.
ah I just realised what you were asking and no... I would not have a clue about how to do that and suspect it borders on the impossible... emailing viruses is much much easier.Mike B, have you managed to grab that text file from Garibielli's computer yet?
I might grumble about puppy but never on the grounds of insecurity.
plug and play...thats the hardware detection...
no this is the bit where it whizzes past you going through every file on a usb stick to see if it can run anything and will give it a go while you sit there and watch your system melt...turning it of is obscure but a bit of googling will find the answers.... you can have it auto open the folder but not try and run anything or simply not respond at all and you click on the drive to get access.
mike
Oh! *That!!* Yes I've experienced that! Man I hate that! That darned thing used to drive me nuts! Yes, I get you. Such a relief to turn it off. I still remember the earlier days when I plugged something into windows xp and it would *only* ask me oh, would you like to run this, open this with windows explorer, save this, show you a picture, or what? And I thought well that's nice, it's trying to be helpful, But uugghhh - the running through every folder? No thank you.. It's nice to have options to turn it off. I just want it there so in a minute or two I can go find something on it or save something to it, thank you. One of the things I like about Puppy security is that it doesn't automatically mount drives, unless you specifically ask it to, but it will show you that they are there. Of course in my first month I couldn't figure out if a drive was mounted or not, but that was because I was ignorant, right?no this is the bit where it whizzes past you going through every file on a usb stick to see if it can run anything and will give it a go while you sit there and watch your system melt
Back when xp was ending support, both my gf & I were looking around. She liked LPS, especially at work because her work folks were like not even noticing that um, yea, support ending, hello! She was able to do a lot. A *lot* of what she needed to do. But when we were working with Puppy, she liked it more. Because LPS didn't give her the choice to mount a harddrive or not, and how and when. It wouldn't display hard drives at all. But once she knew what she was doing with Puppy, the control was in her hands, and she knew what she was doing. It was perfect. Learning, and control.
Actually I think the real question is have "Smithy" and "anakin" been able to yet. This *is* an open source do-ocracy, after all. Right? I've been touching this for 6 months, but I see those guys have been around longer than me. Okay. Cool, I like that. And there's always someone around longer than oneself. At the same time, I already know what Attack Pup is, and I've seen that there are youtube tutorials on how to use nmap, metasploit, and several other things in Attack Pup that I sure as hell don't know how to use. Yes I see Backtrack exists, and I see Kali exists & people are working with them. Awesome. That being said, I have not seen anywhere on the internet where two people offered up their machines to be audited by anybody and everybody, until now right here. That being said, I kind of thought folks would be jumping at the chance to try to audit these machines, especially the folks bringing up the topic of worries about security. Not seeing that yet, though.Mike B, have you managed to grab that text file from Garibielli's computer yet?
Well, one might perceive things that way, but for me, that is just ... ummm ... not so much that way, as it is a service to me, and my girlfriend too. Personally I'm grateful to mick01 for his extensive work and expertise - I and my girl are benefiting from him every day. So. At this time in my life, I like to use open wifi networks, and I like them to be stable. Sometimes if it's good, I'm fine. But if it's not good, I can establish a static IP address, and that helps. What's the first step in doing that, when I'm on an unsecured open wifi network, like a coffee shop or a market or a pubic university network? Find out what the external IP address is of whatever the hell network I've connected to. Please take note, that's not "my" IP address, that's the IP address of the network and router I have voluntarily accessed. Then, I need to find out more information, like my subnet mask, etc. Never mind the mac address of my wifi card or whatever that actually *is* local to this particular machine I'm typing on now. If I've offered up my machine to be audited, would you prefer to audit a machine with a static ip address, or a dynamic one? If my ip address details changed in the middle of a hack because I was walking between buildings or a rainstorm happened and a different ap was more available, how would that affect an attack or audit in progress?micko did really put a switch in. But let's not take it as an act of generosity - it is not. As a matter of fact, it makes things much, much worse. What was previously hidden as a crappy, little secret (and for a good reason), now has become an embarrassment for Puppy Linux and the community. An ugly genital wart exposed for everyone to see.
Yea exactly - each and every day, when we hear of xyz being breached, it's not Mr. John Smith in Austin Texas USA, it's not not Ms. Austri Toivonnen in Finland or Norway. It's the stores and the banks that are being breached. Hacks to their credit card reader machines, hacks to this or that, etc. A *lot* is going on.I would hazard a guess the billion or so password harvests didn't come from Puppy.
When you look at it structurally, from a practical design perspective, there is no use in expending a lot of energy to hack one single persons system, unless you're after what is only on their system and no where else. The vast majority of hacks now aren't to individuals, but are to overarching systems. But. Some users fall victim to stuff that makes them vulnerable to being used in attacks on resource-rich targets. As individual users, we still have a responsibility to care for ourselves & stuff in general. So part of me doing my job is to make it as hard as I can for criminals or anybody else to use my stuff to make trouble. So, I'm learning about that. I have a lot to learn.
At the same time, I went to work today with my Puppy usb and on my lunch hour helped my network guys to delete stuff from our system that was really irritating them for about four days now. That may seem ho-hum boring to some people, it might not smell right to some folk, but it wasn't to the guy next to me or my boss.
I think my simplistic comparison is that Windows is /was inherently insecure by default and has to be made secure and linux is the opposite...ie secure until you decide to do otherwise.
As for autoscan...thats real good fun with a crammed full 1TB drive....unless you need a sleep. I also noticed a nice slowdown in booting when one is attached compared to linux. Indeed.... nothing mounted until asked I used to dislike but then realised the protective beauty of such. Especially on say a laptop where the drive can snooze away saving itself and the battery.
When booting pup for example the window's partition is effectively absent....just feels better that way.
As for the topic.... I believe a large percentage of puppy users are BECAUSE of security...and have enjoyed it ever since... it comes free with the free OS.... thats a bargain in anyones book
mike
As for autoscan...thats real good fun with a crammed full 1TB drive....unless you need a sleep. I also noticed a nice slowdown in booting when one is attached compared to linux. Indeed.... nothing mounted until asked I used to dislike but then realised the protective beauty of such. Especially on say a laptop where the drive can snooze away saving itself and the battery.
When booting pup for example the window's partition is effectively absent....just feels better that way.
As for the topic.... I believe a large percentage of puppy users are BECAUSE of security...and have enjoyed it ever since... it comes free with the free OS.... thats a bargain in anyones book
mike
Mike B, have you managed to grab that text file from Garibielli's computer yet?
Apologies to forum member Galbi (not Garbielli lol).Actually I think the real question is have "Smithy" and "anakin" been able to yet. This *is* an open source do-ocracy, after all. Right? I've been touching this for 6 months, but I see those guys have been around longer than me.
You're quite right Stray Dog, I would have a bash at it, but I wouldn't know how to hack in, would need a howto, so I deferred to Mike B and possibly other seasoned linux experts who could possibly do it. I guess it is very hard and not woith the effort. Impossible is an encouraging word
Tick.Well it sounds like you have got a good little system for cleaning up, which is Puppy as a Swiss Army Knife is great at, but my point was that with Puppy as the system, one wouldn't have to do a lot of that.At the same time, I went to work today with my Puppy usb and on my lunch hour helped my network guys to delete stuff from our system that was really irritating them for about four days now. That may seem ho-hum boring to some people, it might not smell right to some folk, but it wasn't to the guy next to me or my boss.
Of course it depends on the types of databases being computed and whether that system could be ported, imported or otherwise. And that is a risk for some companies.
I do love speeding up comps tho'
Windows is good, but for certain things Puppy just absolutely flies. Especially 'dem bones 'dem customised barebones.