Black Ops Puppy

[Lobster]

Thanks guys,

Just when you have finished flushing your cookies
and tweaking your foil cap along comes LS0's
Local Shared Object
http://en.wikipedia.org/wiki/Local_Shared_Object

The only solution may be the advice of Hamlet

Get thee to a nunn'ry

or this:
https://addons.mozilla.org/en-US/seamon ... cy&cat=all

[Lobster]

Top Cyber Security Risks
http://www.sans.org/top-cyber-security-risks/

[Lobster]

Password protect GRUB
http://www.makeuseof.com/tag/how-to-pas ... ies-linux/

[clarf]

Password protect GRUB
http://www.makeuseof.com/tag/how-to-pas ... ies-linux/

Nice link Lobster, many Linux Administrators and those people that use Puppy as secured server, will find this information useful.

I must confess that I had to break root passwords in some Linux systems to gain access (because my Consultant/Administrator job of course). I have done it on Oracle Entrepise Linux (RedHat Linux ES), using grub´s boot options to obtain root access.

The steps are very ease to follow (could vary if you try a different distro), they are posted here for illustrative propose and show the need to secure systems in more than one way:

1. Get physical access to the machine (we still need to boot or reset that machine in someway) and hard power-down that machine. Warning some information could be lost and a fschk must be run after gain access to that machine.

2. Power on the server and wait for the grub boot screen to appear. At the selection prompt choose the Linux installation and press the e key to enter edit mode.

3. In the edit mode, grub screen will present a few lines of text (dependent on how grub.conf was edited). Then select the entry that start with "kernel" and press e again, cursor should show up at the end of the "kernel" line.

4. Now type a space character followed by the word "single" (without the quotes). The entry would now be:

Code: Select all

kernel /boot/vmlinuz-2.6.9-34.EL ro root=/dev/hda1 single

If the system requires to enter a root password to log into single-user mode, then append init=/bin/bash after "single". Hit Enter to save the changes.

5. Now press b to boot into Single User Mode. Wait the boot process to finish and you will be logged in as root.

Well, as root user you could change password (could use different ways or just command passwd) and follow Lobster link to secure grub in that machine.

I could not advice about blocking the recovery mode entries, if some goes wrong and we lost root password we still need some way to recover that running system in a short time (recovery time is most valuable variable in a production machine).

A final though if someone has unrestricted physical access, security can´t be granted by any way, because there are other breaking ways, for example mounting Hard Disk on another system and editing the password file. Even a boot password using BIOS is just not enough, BIOS can be reset and any boot password will be lost.

clarf

[clarf]

I use Wifslax a Slackware-based LiveCD to Audit wi-fi networks.

It´s smaller than backtrack and has updated packages, enhanced wireless network cards support and better scripts to automate scanning process.

It´s from Spain then you´ll find a complete Spanish distribution.

http://www.wifislax.com/

There are good audit material from the main site, videos, guides and a big forum are present.

[MrSchism]

I've seen alot of issues brought up, but many of the solutions aren't practical. One of these is not replying to pings. Many servers use pings to validate your connection. Should you stop replying to your pings, server disconnects you. Not the best of ideas.

The best protection exists OUTSIDE of your Puppy. Nothing keeps a dog safer than a barbedwire fence, after all.

The best thing you can do for yourself is get a better switch. Set up the switch with solid access lists and you should be in a bit better of a position.

As for protecting GRUB, you'd be better off with only one OS. By having multiple OSes, you actually run a higher risk of having your system exposed. Just because that nasty worm doesn't feast on your linux files, doesn't mean that it won't see your attached Windows files and chow down. The best way to respond to this: not mounting drives if you don't have to, only having one OS on the computer, and checking your downloads. A more definitive option is to put your OS on a write-only disk to prevent it from being modified. That way, even though your changes made are on your harddrive, reformatting won't cost you the core OS itself.

You can also learn a lot from PenToo, pen-testing Gentoo derivative. I'm waiting for it to go into a full release before I get it.

If you ever get bored, check out group51.org. We're working on all sorts of security projects.

[clarf]

I've seen alot of issues brought up, but many of the solutions aren't practical. One of these is not replying to pings. Many servers use pings to validate your connection. Should you stop replying to your pings, server disconnects you. Not the best of ideas.

I agree with this approach. Some solutions have to be practicals, adding a case study and useful examples If a dog bites you just can´t remove it´s teeths.

But for the common users solutions given in this tread are enough, each solution is practical in the given scenario and context, for example in a Corporative Network you can´t just block ping as MrSchism said before. But in a home network it could be feasible, if home user has connection problems he can reenable ping, something almost impossible in a Coporative Network with hundred of Servers or thousands of clients.

I think the aim in this thread is give useful information and security tips for Puppy users. Although any other additional information is Welcome.

Thanks for the link MrSchism, It could be good to create a research Puppy Black Ops group there.

clarf

[TheProphet]

and a year has almost passed.

Automated NetKill for a setting of "if ping number exceeds 10 per second" from any one source.

Set it way higher for a really controversial webpage that has like three and a half boatloads of hits-per-second, which isn't really in the realm of the "average" end user.

Actually I cheated and skipped from the second page to the last to see what's been got done so far.

And to suggest a name "Backhand" or "slapdown".

Perhaps print a message across the screen of the offending source describing in detail how it's very naughty to muck about with other people's computers.

Several thousand times. Disable all the known escape sequences on the offending device.

[TheProphet]

Or have a built in honey-pot with the suggestion that each user put it somewhere different and rename it, but a folder full of files that sound like goodies in a location that somebody would have to ping till his modem bleeds to break into.

Then each file only have recursive links, file a.jpg would be a compiled link to open b.mp3 which would open c.gif which would open a.jpg.

Which is already in use, just, afaik, not commonly used in a standard distribution.

Then too, just about anybody with the sophistication to hijack computers would be running Linux or OS-X himself.

It just would be plain foolish to start playing games like that from any Microsux platform. Rather like starting a fight by cutting off your own leg.

[Lobster]

this is the major trojan - we have used a jabber client
- what else does it use? Is it used to compromise Linux?
http://securitywatch.eweek.com/trojan_a ... lware.html

[Aitch]

Lobster

see the link in my earlier warning post here

http://www.murga-linux.com/puppy/viewtopic.php?t=46862

at the foot of this page are zeus tracker and blocklist links, but they come up as untrusted links...

http://www.networkworld.com/news/2009/0 ... tml?page=2

Prophet.... devious....but I like the way you're thinking

Aitch

[Trobin]

The Open Source Vulnerability Database claims to document vulnerabilities found by ethical means. I did a quick title search of the data base and got the following:

Linux = 1110 hits
Windows = 1085 hits
Apple = 1001 hits
BSD = 403 hits
Unix = 286 hits

Each hit being the discovery of a vulnerability

http://osvdb.org/

[Anniekin]

[Lobster]

There is a Black ops page on the wiki now
editable and readable by registered users only
http://puppylinux.org/wikka/BlackOps

[kitten]

Perhaps we can learn from this new distro's attempts and approaches. They seem to be doing things that a focused Puplet or .sfs could likely do with a much smaller footprint (paw print.)

Cobelligerents for sure...

http://www.browseanonymouslyanywhere.co ... /docs.html

[kitten]

In the following super secure method, you make a paper key card on your printer. Carried like an extra credit card, it's used to enter a one-time PIN code (4 characters), that expires in say 20 seconds, or some time you set.

Since you enter this PIN code after you've passed the challenge of account username and password, even if your password is compromised, intruder yet needs this physical, wallet card too, to crack in.

If wallet or purse is stolen, this card would be useless unless they also knew your memorized account name and password -- in Linux, this PW can be managed by a PAM module: http://www.kernel.org/pub/linux/libs/pam/

We could use it, or a similar "one-time" PW program, with PAM, in front of a boot into say TrueCrypt, and or KeePass -- to protect a stolen laptop's user data.

My broker issued similar key cards and made them mandatory, once shown that Name&PW, if used alone, can no longer be considered security.

http://www.grc.com/ppp/software.htm offers the PAM integration with this card. Couldn't it be easily adapted for a theoretical Black Ops Puppy?

[Lobster]

Kitten and all special operatives,

I love the password only readable for 20 seconds
option - but I ain't gonna use it.
Maybe if printable on rice paper and I can eat (to save 10 seconds
. . . you never now when Impossible Missions Force (IMF). might be using the latest flying robo spy drone)
http://current.com/items/90105261_us-sp ... w-eyes.htm

This morning (I have had this before)
my computer suddenly turned into a Windows machine
- yes really
AND I was magically infested with virii
that is what it SEEMS happened

In fact it was a redirect of the browser
and then an animated 'Windows page'
with javascript messages of infection
In other words a scam saying my Windows
machine was infected

Only I was running Puppy and had taken my fish oil and other brain vitamins

So I restarted x
and restarted the browser
Now then - because I was running SeaMonkey 2 (beta)
it went to the same scam page

I changed my default browser to the original Seamonkey
(quite happy with that) - which has adblock by default.

cue music
http://www.youtube.com/watch?v=k55NuWQCh78

[Slapdash]

I literally laughed out loud when I went to the wiki and clicked on the 'Black Ops' article and all I got was "You are not allowed to read this page". Figures.

It may be merely a glitch. Then again... how deep does the conspiracy go?

[fyujj]

Hi Lobster. Do you know 20-120 Kg of your fellow sea creatures are sacrificed to get 1Kg of fish-oil?
Besides that, all the pollutants we irrational beings dispose into the sea concentrate there.

You can get much healthier Ω3, Ω6 and other brain vitamins from vegetables, including sea ones.

[fyujj]

I'm not much on conspiracy (rather keep my focus on Light), but this health site seems Puppy friendly.