(old)Puppy Linux Discussion Forum

For those not adopting the 'back to modem' or 'always off' internet connection
methodology, here is how flash, available in Puppy and PDF,
also available, is the new point of attack . . .

http://www.anewmorning.com/2011/02/17/a ... fographic/

Frets, threats and solutions to the usual drop point . . .

Puppy Linux
Securing your PC

Polygraph Technician: This is a control question, a riddle really. How would you say would be the easiest way to take a weapon away from a Grammaton Cleric?
Brandt: [speaks into Preston's ear] You ask him for it.

That is from the film 'Equilibrium' with its outrageous but fun Gun-Fu

Let us apply it to the current time . . .
Them - How do you find out what people are doing and thinking?
Puppy Whisper - You ask them.


Simple really. Facebook rises. Is insecure. Job done.
The new generation shares and blogs without privacy concerns.
Transparency is the new norm. Are you raising suspicion by not having a social network account?

bacofoil = proprietary tinfoil used by tin hats

I am a great believer in preemtive paranoia.
Get them before they are after you.

Of course I am not crazy enough to implement this system which
I call the 'triple dorje' but the idea may be sound:

This is the system I would implement if I ran out of bacofoil.
Requires 3 computers. Each connected to the router, each secure.
Maybe it could be done with Virtual Box.
I would then swap between the three computers, perhaps generating spurious
noise from two machines . . .
Yeah too crazy - I know . . .

But maybe it is possible to write a macro that simulates
usage, whilst implementing an underlying 'world domination communication' node . . .

This week we got line crackle and had to have a new line installed to the telegraph poles (still used in parts of London) This carries both the telephone line and broadband. Our old line was about 30 years old and exposed to the elements and had corroded. It all sounded very plausible. Probably because it was.
Come to think of it we are one of the few streets that does not have cable. Why? Must find more bacofoil whilst I contemplate the answer . . .

Being truly paranoid one has to worry about operating systems one is not even running

This on security breach on Android OS
http://techcrunch.com/2011/03/05/androi ... -response/

Eventually I intend to be running Android or its descendent as a brain implant,
so am a little concerned at the remote kill precedent - a good thing for now . . .

Puppy Linux
Organically based

Electromagnetic pulses can fry our electronics temporarily.
A multisession Puppy can get us up and running again
with our data intact.
Would hard drives and solid state devices survive?
http://www.puppylinux.com/multi-puppy.htm

Something for you to worry about:
http://www.darkreading.com/vulnerabilit ... DR_APP_SEC

I quite like the sound of drive by malware.
Does this mean hackers in cars checking out the wifi connections?
I do occasionally run my eeepc from wifi and now have another wifi connected PC,
with which yesterday. I turned the firewall off.
Tsk tsk - so reckless . . .

I know most paranoids are too fearful to trust the excellent Lastpass
http://lastpass.com/

so here is how to implement a secure password,
http://www.columnfivemedia.com/wp-conte ... SSWORD.png

that should keep you happy in between tinfoil origami classes

Lobster wrote:Being truly paranoid one has to worry about operating systems one is not even running

This on security breach on Android OS
http://techcrunch.com/2011/03/05/androi ... -response/

Eventually I intend to be running Android or its descendent as a brain implant,
so am a little concerned at the remote kill precedent - a good thing for now . . .

Puppy Linux
Organically based

Was amused by this, which I think explores our ability to live in fantasy paranoia's of our own construction . . .
http://www.murga-linux.com/puppy/viewto ... 624#517624

Barry seems to be playing with new ideas . . .
http://bkhome.org/blog/?viewDetailed=02239

Once upon a time (and this is a true story)
I used Windows XP.
I tended to use my computer, installing much freeware
and all kinds of dubious freebies.

I had virus protectors that would report each other as viruses
(Now now boys)
I had ad blockers that were being targeted by the malwarians.

Security was impossible
and the whole edifice collapsed

Fortunately I was also able to boot from Knoppix installed Debian
and had been learning about Linux by lurking on the Simple forum of a little known Puppy Linux.

So whilst repairing my familiar system I started to make more use
of these penguin wares.

Being weaned into fear by Redmond I was amazed that
Linux users took risks that I did not even contemplate.

They installed software from complete strangers without scanning
for malware
They connected to IRC
They ran without firewalls - well Puppy did.
They felt safe.

Eventually my attitude began to change
When you can set up a running OS in 3 minutes (that was my time for setting up a new Puppy in those early days)
what did it matter if anything suspicious happened?

As soon as packages were available I would try them
I was prepared to be 'hacked', compromised etc . . .
Never happened.

Eventually the Whining Windows were closed.

I now know were the risks are
They are in the browser, social networks and Cloud infrastructure
being imposed by 'security experts'
- possibly on secondment at Sony . . .

Even Sony can not keep our data secure - aren't they the company using root kits as a 'feature'?
http://www.guardian.co.uk/technology/ga ... -hack-sony

Puppy is your best friend
Be happy

Malicious programmers focus on smartphones, tablets
http://www.physorg.com/news/2011-05-mal ... blets.html

Sometimes (it is a wrench but it has to be done)
I leave my computer

During these returns to reality
I wonder if my computer has been secretly conspiring with the
hordes of non-existent root hunting bot nets out to demolish
my penguin ways . . .

A thought and question:
If I press ctrl + alt + backspace before leaving cyber world
(and then type 'xwin' on my return)
am I any safer?

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
DVWA is available either as a package that will run on your own web server or as a Live CD

http://www.randomstorm.com/dvwa-security-tool.php

or, if you're really serious,.....

http://www.youtube.com/watch?v=76y9gTE1 ... ature=fvwp

There's something to try vulnerabilities with and test security!

Aitch

Blue screen of Death and Black screen of death and now this Java White Screen of death.

When do we get a proper Chrome Shining Armor screen of Death

okay back on topic. How do I know if my puppie use that kind of vulenrable Java. Is there not two versions of java. Sun has one of them and the other are ???

Most Puppys do not use java
http://www.javatester.org/version.html

Also no mention of the java malware running on Linux.
Maybe if you try really hard you could get it running in Wine . . .

Maybe if you are really good you can worry about this bad bunny
http://www.sophos.com/en-us/press-offic ... bunny.aspx


I wonder if LibreOffice has made that bad buny redundant?

Cross OS java botnet is not the only one that'll catch a lot of people out

Skype for MAC is the latest, and the nasties 'could' transfer to any connected user, or online contact!

http://www.net-security.org/secworld.php?id=10992

Aitch

Doesn't some Dev program need java? Maybe it was the Android dev program in Wine that needed java or was it some music program. I do remember somebody told me I needed java? Not sure though.-

I only use it because I'm on ebay a lot

However, I do find it helps rendering speeds with some sites - other than that....can't say I use it for anything else that I'm aware of...

Aitch

Just tried this as suggested by szzindian
http://ip-check.info/?lang=en

My tin foil hat is not gonna save me

this might be a solution?
http://anonymous-proxy-servers.net/

Lobster/others

If you're a FF user also try these https addons

https://www.eff.org/https-everywhere

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

https://addons.mozilla.org/en-US/firefo ... ch-plugin/

DuckDuckGo now operates a Tor exit enclave

http://www.gabrielweinberg.com/blog/201 ... clave.html

Else try Sandfox

http://igurublog.wordpress.com/download ... t-sandfox/

Sandfox runs programs within sandboxes which limit the programs’ access to only the folders you specify. Programs and their child processes, like Firefox plugins, Flash, and Java, are only able to access files within the sandbox. Sandfox supports the use of custom profiles which determine what folders and files are included in each program’s sandbox, and includes default profiles for Firefox, Skype, and Google-Earth. Sandfox can create separate sandboxes for each program, or can run multiple programs in one sandbox. Programs are run in a chroot jail as a normal user, providing a substantial level of security. Sandfox is designed to be very easy to use. It handles the details for you while still giving you the ability to construct custom sandboxes easily.

Aitch