That or some parent will get arrested by Homeland for what their unsupervised child found on some underground site.it's a shame there are jerks out there that would do such petty things. they probably sell it as some type of "service" to.
Serious security breach on Developer Blog
Satellite signal goes far
I noted that MAC addresses to filter out everybody else's traffic can be changed via software on DVB based two way traffic. It is not that hard for a well funded black hacker to capture all traffic via someone else's MAC and decode it remotely. It may be a good idea to ssh to your remote servers and change password. Using secure FTP as needed.
Many of your hosts have been hit, think about it.
Many of your hosts have been hit, think about it.
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
Barry and many of the coders here would class themselves as hackers. However it is used in the sense of a coder. In popular language hacker means someone who is a 'black hat coder' or cracker (breaking systems or into them).
I was recently 'hacking' into one of my own computers - A second hand Mac with password protection . . . that makes me a 'white hat' cracker.
Most of us are probably crackers at some point in our computer usage.
(in my case completely crackers!)
The fact that Barrys sites have been targetted by the insertion of porn links, gives an insight into the motivation and reason. They probably think of it as nothing worse than pasting ads over a disused building.
Let us make some good of this. How can we proactive and supportive?
I was recently 'hacking' into one of my own computers - A second hand Mac with password protection . . . that makes me a 'white hat' cracker.
Most of us are probably crackers at some point in our computer usage.
(in my case completely crackers!)
The fact that Barrys sites have been targetted by the insertion of porn links, gives an insight into the motivation and reason. They probably think of it as nothing worse than pasting ads over a disused building.
Let us make some good of this. How can we proactive and supportive?
-
- Posts: 405
- Joined: Mon 01 Jan 2007, 20:24
- Location: Hayslope, near Middlemarch, Midlands, England
Sometime pretty soon, when a consensus emerges, it would be very helpful if someone could summarize the things us ordinary penguins need to do to protect both ourselves and everyone else we may inadvertently spray crap out to. I guess that it's servers that are most at risk, but as it's so easy to leave a port open (for example) I think we would all value a checklist of what to set in Puppy.
I'm afraid that I am guilty of smug complacency relying on (a) the firewall in my router and (b) "it's Linux so I don't have a problem". Bah, such naive folly!
I recall that Fedora had 2 modes when installing: "Normal" or "SE" where SE is something like "Secure Edition" or "Security Enhanced". Is it time to create an SE Puppy? Or is that only relevant for Servers? Or maybe it's already possible and all that's needed is a bit of RTFM?
Education needed, wanted, and requested. Please!
I'm afraid that I am guilty of smug complacency relying on (a) the firewall in my router and (b) "it's Linux so I don't have a problem". Bah, such naive folly!
I recall that Fedora had 2 modes when installing: "Normal" or "SE" where SE is something like "Secure Edition" or "Security Enhanced". Is it time to create an SE Puppy? Or is that only relevant for Servers? Or maybe it's already possible and all that's needed is a bit of RTFM?
Education needed, wanted, and requested. Please!
Again, this is not a Linux-bug, but a PHP or better application problem.
A firewall or such would not help in this case, because the bugs or better the way things were programmed are an open invitation to do everything on the machine that runs it.
Also note, that this usually just affects Web-applications.
A Desktop-User will not be infected by such mechanisms.
Unfortunately, such things make peole very frighten.
Even my colleage reported, that he found forummessages somewhere else about this "Linux-trojan", which it is definately not.
One thing that is important is, that the firefox-team resolves the problem of 100% processor usage on this file not found error.
This is nasty (though not dangerous in a way that a virus would be installed or so).
Mark
A firewall or such would not help in this case, because the bugs or better the way things were programmed are an open invitation to do everything on the machine that runs it.
Also note, that this usually just affects Web-applications.
A Desktop-User will not be infected by such mechanisms.
Unfortunately, such things make peole very frighten.
Even my colleage reported, that he found forummessages somewhere else about this "Linux-trojan", which it is definately not.
One thing that is important is, that the firefox-team resolves the problem of 100% processor usage on this file not found error.
This is nasty (though not dangerous in a way that a virus would be installed or so).
Mark
another issue is, that still many webhosters use PHP4.
The PHP-group has stopped support for this because version 5 fixed several vulnerabilities.
PHP 4 is officially been announced as dead, and hosters are urgently proposed to drop it.
Unfortunately several old content-management systems that are developed no further, still rely on version4.
So hosters still use that.
Mark
The PHP-group has stopped support for this because version 5 fixed several vulnerabilities.
PHP 4 is officially been announced as dead, and hosters are urgently proposed to drop it.
Unfortunately several old content-management systems that are developed no further, still rely on version4.
So hosters still use that.
Mark
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
psychology of attackers
Something has been missing from this thread. I've held my tongue and lurked, mostly. You are the experts on networks, Puppy software, etc. All I can contribute are observations on the psychology involved in these attacks on the Puppy community. Here's what I think is revealed about the attackers.
1) They're persistent. There has been a pattern of exploits getting increasingly severe over a period of months. (If wingruntled is right, and this is the same bunch, over a very long period.)
2) They're fascinated by Puppy Linux. There's evidence they have been stalking Puppy, studying its software and creator, even learning about the user community, over time. This effort is disproportionate to any possible commercial gain. A distribution which commonly runs things as root represents a challenge, and they must have been frustrated that most of their attacks were shrugged off.
3) They're vulnerable, if exposed. There have been clues pointing in just about every direction, except toward themselves. This looks like deliberate misdirection. The effort put into hiding is a substantial fraction of the total effort. "Previously known as Guest" has seen evidence of real-time monitoring by people, (as well as those IP addresses which could form the basis for a novel). There are patterns here, but the most important is that they are very careful about hiding. Why? If they were planning to announce their exploit to the world I don't think they would be as careful. If they were in a safe haven they wouldn't be as careful. They must fear criminal penalties. Their victims and patsies should all be under different legal systems from the perpetrators.
4) They're immature, and, aside from bragging rights in a closed community, their big motivation is Schadenfreude.
This does not describe a Turkish spam king, who probably hasn't heard of Puppy Linux. It doesn't describe any professional black hat. The market for Puppy hacking skills is still very limited. Where 'bots have been used in these attacks they have had a lot of interactive assistance. The payoff doesn't justify the effort.
This group is small, they are not great intellects. They have spent a lot of time trying to cause trouble before the tools they needed were created by others to attack other systems. (As MU observes, the tools were not specific to Linux. The attackers didn't create them.) They have been using whatever came to hand, and most of it didn't serve their purposes very well, until just recently.
As an example of the importance of a psychological slant, I offer this story about a student who cracked a professor's directory of test material when it was locked down even tighter than Barry's. (Directory 700, files mostly 600.) He created a fake copy of the directory with executable files whose names he guessed. He was able to place it where a common typing error would take the teacher. He used the teacher's habits to trick him into executing a file with his own permissions. He covered the computer activity with fake error messages, indicating typos. He did not crack the entire system, so he didn't have to worry about logs. (In case you're wondering, he was caught when he overreached himself. The administration was not amused, and I was very glad to be innocent, for once.)
The techniques are all ancient now, the thinking is not.
This may stir things up. I hope it will stimulate a shift in perspective. Too much of the response has been simple reaction. The attackers are used to manipulating people, and easily predictable responses will only take us so far.
As for attackers reading this, I think you deserve a share of the angst.
prehistoric
1) They're persistent. There has been a pattern of exploits getting increasingly severe over a period of months. (If wingruntled is right, and this is the same bunch, over a very long period.)
2) They're fascinated by Puppy Linux. There's evidence they have been stalking Puppy, studying its software and creator, even learning about the user community, over time. This effort is disproportionate to any possible commercial gain. A distribution which commonly runs things as root represents a challenge, and they must have been frustrated that most of their attacks were shrugged off.
3) They're vulnerable, if exposed. There have been clues pointing in just about every direction, except toward themselves. This looks like deliberate misdirection. The effort put into hiding is a substantial fraction of the total effort. "Previously known as Guest" has seen evidence of real-time monitoring by people, (as well as those IP addresses which could form the basis for a novel). There are patterns here, but the most important is that they are very careful about hiding. Why? If they were planning to announce their exploit to the world I don't think they would be as careful. If they were in a safe haven they wouldn't be as careful. They must fear criminal penalties. Their victims and patsies should all be under different legal systems from the perpetrators.
4) They're immature, and, aside from bragging rights in a closed community, their big motivation is Schadenfreude.
This does not describe a Turkish spam king, who probably hasn't heard of Puppy Linux. It doesn't describe any professional black hat. The market for Puppy hacking skills is still very limited. Where 'bots have been used in these attacks they have had a lot of interactive assistance. The payoff doesn't justify the effort.
This group is small, they are not great intellects. They have spent a lot of time trying to cause trouble before the tools they needed were created by others to attack other systems. (As MU observes, the tools were not specific to Linux. The attackers didn't create them.) They have been using whatever came to hand, and most of it didn't serve their purposes very well, until just recently.
As an example of the importance of a psychological slant, I offer this story about a student who cracked a professor's directory of test material when it was locked down even tighter than Barry's. (Directory 700, files mostly 600.) He created a fake copy of the directory with executable files whose names he guessed. He was able to place it where a common typing error would take the teacher. He used the teacher's habits to trick him into executing a file with his own permissions. He covered the computer activity with fake error messages, indicating typos. He did not crack the entire system, so he didn't have to worry about logs. (In case you're wondering, he was caught when he overreached himself. The administration was not amused, and I was very glad to be innocent, for once.)
The techniques are all ancient now, the thinking is not.
This may stir things up. I hope it will stimulate a shift in perspective. Too much of the response has been simple reaction. The attackers are used to manipulating people, and easily predictable responses will only take us so far.
As for attackers reading this, I think you deserve a share of the angst.
prehistoric
well all this talk of breachs I went out and installed a security plugin
in firefox called finjan when I went to google to search puppy
forum it said this link was bad http://murga-linux.com/puppy/viewtopic. ... a7b8af387e
can someone tell me if this is a false positive?
in firefox called finjan when I went to google to search puppy
forum it said this link was bad http://murga-linux.com/puppy/viewtopic. ... a7b8af387e
can someone tell me if this is a false positive?
[url=http://hostfile.org/icepak.pet]176 Icewm Themes :!:[/url]
[url=http://tinyurl.com/39fl3x]vlc-0.8.6c-i586.pet[/url]
[url=http://tinyurl.com/2q7cbp]vlc-0.8.6c-i586.pet[/url]
[url=http://tinyurl.com/39fl3x]vlc-0.8.6c-i586.pet[/url]
[url=http://tinyurl.com/2q7cbp]vlc-0.8.6c-i586.pet[/url]
Hacking Toolkit Compromises Thousands Of Web Servers
Hi there, according to this:
Hacking Toolkit Compromises Thousands Of Web Servers
http://www.informationweek.com/news/sho ... =205603044
Hacking Toolkit Compromises Thousands Of Web Servers
http://www.informationweek.com/news/sho ... =205603044
This could be why Puppy web pages are suffering, and also would explain about the Finjan plugin issue that willhunt mentionedIn December 2007, Finjan identified more than 10,000 Web servers infected with a malicious hacking kit called "random js toolkit." In June, the company found an average of 30,000 newly infected malicious Web pages every day -- the result of "random js tookit" -- and the company claims the situation is much worse today.
Barry,
I use wordpress too, and to get rid of all spams I use a custom plugin called "Peter's Custom Anti-Spam". It forces everyone to type in a visually displayed word when posting comments. This saved my wordpress as I had to delete tons of spam everyday.
As I read through, your problem seemed to be more or less a server hack issue, this could save your time and get back your comments though.
I use wordpress too, and to get rid of all spams I use a custom plugin called "Peter's Custom Anti-Spam". It forces everyone to type in a visually displayed word when posting comments. This saved my wordpress as I had to delete tons of spam everyday.
As I read through, your problem seemed to be more or less a server hack issue, this could save your time and get back your comments though.
-
- Posts: 405
- Joined: Mon 01 Jan 2007, 20:24
- Location: Hayslope, near Middlemarch, Midlands, England
Re: psychology of attackers
I agree with most of that except the comment that they are immature and only winning bragging rights/schadenfruede. While this may be true, I suspect a more sinister motivation.prehistoric wrote:All I can contribute are observations on the psychology involved in these attacks on the Puppy community.
It is well known that most spam and phishing is related to organised criminal activity, and that for the teckies willing to do the clever stuff there's money to be made. It seems possible to me that either someone is being groomed/trained, or else they think that they have a new angle - they are certainly very good at masquerading - and are wanting to perfect it somewhere (relatively) harmless. When they are ready they'll launch an attack on a more rewarding target having practiced on us.
Is this plausible?
outbreak
Here's an outbreak just reported:
http://blogs.techrepublic.com.com/tech-news/?p=1887
(This may or may not be related to this discussion.)
But in case you're not aware of it yet, spammers put up pages and links to get high search rating (a Google algorithm uses links to drive up a site in searches). If, for example, many links point to puppylinux.org than to puppylinux.com, puppylinux.org will have the higher placement in search results.
http://blogs.techrepublic.com.com/tech-news/?p=1887
(This may or may not be related to this discussion.)
But in case you're not aware of it yet, spammers put up pages and links to get high search rating (a Google algorithm uses links to drive up a site in searches). If, for example, many links point to puppylinux.org than to puppylinux.com, puppylinux.org will have the higher placement in search results.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].
Although these attacks are seriously annoying....the one good thing is
that they happened before Barry travelled to India.
So hopefully these vermin can be defeated....or better detected.....pretty much once and for all.
I don't know what measures Barry has for emergencies in regard for
someone here to put things to rights......but at least there is now time to
address all these issues.
Of course not everything can be predicted or planned for....but for the spoilers who delight in their moments of glory....now is the time to employ
different tactics.
Pissants like these will always be around....take away their pleasure.
:::::::::::::::::::::::::
When grafitti is around you paint over it quickly.
http://torontograffiti.blogspot.com/200 ... rm_06.html
"
"One of the things we know is that continually removing graffiti and keeping the building up will actually lessen the amount of graffiti the building will get," Bowman says. "In some cases, we've had program member buildings that were hit two or three times in the first two months.
"In a short while, those same buildings may get graffiti once a month and in smaller amounts."
:::::::::::::::::::::::::::::::::
Take the pleasure away by not talking too much about this event on the forum.
The same tactics we used with our beloved Catilyns'? review of Puppy.
Ignore the spoilers......put them in the Naughty Corner.
PM the appropriate people on this forum if we think somethings happening.
Personally in retrospect...the slowing down of this forum lately may have been an indicator.
Let's not live in fear.....while Barry is sorting this out he cannot work
at Puppy with his usual talent.
Don't laugh at this....but maybe Intel could monitor and out this crumb.
They have money, resources etc....why not use them whilst they are
using Barry.
Plenty of talented types here to give advice.
::::::::::::::::::::::::::
Let's not feel insulted in being given advice......no-one here is the ultimate Font of Wisdom.....but we can still gather around the water cooler and have a sip.
http://en.wikipedia.org/wiki/The_Wisdom_of_Crowds
" Four elements required to form a wise crowd
Not all crowds (groups) are wise. Consider, for example, mobs or crazed investors in a stock market bubble. Refer to Failures of crowd intelligence (below) for more examples of unwise crowds. According to Surowiecki, these key criteria separate wise crowds from irrational ones:
Diversity of opinion
Each person should have private information even if it's just an eccentric interpretation of the known facts.
Independence
People's opinions aren't determined by the opinions of those around them.
Decentralization
People are able to specialize and draw on local knowledge.
Aggregation
Some mechanism exists for turning private judgments into a collective decision. "
////////////////////////////
Do what we do best. Keep going...have a laugh together and or at each other. Enjoy our fellowship in the knowledge that Puppy is about more good coding happening than bad....that sometimes there's a Blooper...
but we can most times get around this....that our pleasure is more than their pleasure...So They Lose.
Chris.
that they happened before Barry travelled to India.
So hopefully these vermin can be defeated....or better detected.....pretty much once and for all.
I don't know what measures Barry has for emergencies in regard for
someone here to put things to rights......but at least there is now time to
address all these issues.
Of course not everything can be predicted or planned for....but for the spoilers who delight in their moments of glory....now is the time to employ
different tactics.
Pissants like these will always be around....take away their pleasure.
:::::::::::::::::::::::::
When grafitti is around you paint over it quickly.
http://torontograffiti.blogspot.com/200 ... rm_06.html
"
"One of the things we know is that continually removing graffiti and keeping the building up will actually lessen the amount of graffiti the building will get," Bowman says. "In some cases, we've had program member buildings that were hit two or three times in the first two months.
"In a short while, those same buildings may get graffiti once a month and in smaller amounts."
:::::::::::::::::::::::::::::::::
Take the pleasure away by not talking too much about this event on the forum.
The same tactics we used with our beloved Catilyns'? review of Puppy.
Ignore the spoilers......put them in the Naughty Corner.
PM the appropriate people on this forum if we think somethings happening.
Personally in retrospect...the slowing down of this forum lately may have been an indicator.
Let's not live in fear.....while Barry is sorting this out he cannot work
at Puppy with his usual talent.
Don't laugh at this....but maybe Intel could monitor and out this crumb.
They have money, resources etc....why not use them whilst they are
using Barry.
Plenty of talented types here to give advice.
::::::::::::::::::::::::::
Let's not feel insulted in being given advice......no-one here is the ultimate Font of Wisdom.....but we can still gather around the water cooler and have a sip.
http://en.wikipedia.org/wiki/The_Wisdom_of_Crowds
" Four elements required to form a wise crowd
Not all crowds (groups) are wise. Consider, for example, mobs or crazed investors in a stock market bubble. Refer to Failures of crowd intelligence (below) for more examples of unwise crowds. According to Surowiecki, these key criteria separate wise crowds from irrational ones:
Diversity of opinion
Each person should have private information even if it's just an eccentric interpretation of the known facts.
Independence
People's opinions aren't determined by the opinions of those around them.
Decentralization
People are able to specialize and draw on local knowledge.
Aggregation
Some mechanism exists for turning private judgments into a collective decision. "
////////////////////////////
Do what we do best. Keep going...have a laugh together and or at each other. Enjoy our fellowship in the knowledge that Puppy is about more good coding happening than bad....that sometimes there's a Blooper...
but we can most times get around this....that our pleasure is more than their pleasure...So They Lose.
Chris.
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
attack motivation?
@Caneri, nic2109,
Not really arguing. I said they were already aware they face criminal penalties, if caught. (As for their future, it depends on what they get away with first.) What I was trying to say is that criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.
There is a real wave of spamming attacks taking place all over. (The infoweek article linked above by inged explains a lot about how.) I just found another example, checked the site using wget, and did a Google search for sites mentioning spamming and containing those links; they're widespread, and most are coping poorly. I'm not talking about the forces of darkness behind these.
My comments were about the small group which has been harrassing Barry and others for months, and has now found powerful weapons made available by others. The speed with which they adapt, and evidence of monitoring, suggests human control and a special interest in scoring against Puppy sites. If we can neutralize these people, threats from the general Internet community will propagate much more slowly in our direction. We don't have to catch them, just make them real cautious, make their successes less rewarding, and the effort more like real work. Besides, there is always the chance they will slip up under this kind of scrutiny.
As for countermeasures, If they could hear a group of old timers rhythmically chanting assembly code, from the days before C, they would know they were messing with necromancy and flee. (No, no, don't even consider chanting JCL, your soul is at stake.)
prehistoric
p.s. I have succeeded in provoking a response I was looking for. What does anyone know about member "bear"? Is his post what DSM-IV calls "word salad", or is he simply working in an unfamiliar medium? Check out all his posts!
Not really arguing. I said they were already aware they face criminal penalties, if caught. (As for their future, it depends on what they get away with first.) What I was trying to say is that criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.
There is a real wave of spamming attacks taking place all over. (The infoweek article linked above by inged explains a lot about how.) I just found another example, checked the site using wget, and did a Google search for sites mentioning spamming and containing those links; they're widespread, and most are coping poorly. I'm not talking about the forces of darkness behind these.
My comments were about the small group which has been harrassing Barry and others for months, and has now found powerful weapons made available by others. The speed with which they adapt, and evidence of monitoring, suggests human control and a special interest in scoring against Puppy sites. If we can neutralize these people, threats from the general Internet community will propagate much more slowly in our direction. We don't have to catch them, just make them real cautious, make their successes less rewarding, and the effort more like real work. Besides, there is always the chance they will slip up under this kind of scrutiny.
As for countermeasures, If they could hear a group of old timers rhythmically chanting assembly code, from the days before C, they would know they were messing with necromancy and flee. (No, no, don't even consider chanting JCL, your soul is at stake.)
prehistoric
p.s. I have succeeded in provoking a response I was looking for. What does anyone know about member "bear"? Is his post what DSM-IV calls "word salad", or is he simply working in an unfamiliar medium? Check out all his posts!
Last edited by prehistoric on Tue 15 Jan 2008, 16:07, edited 2 times in total.
How? By rebroadcasting something like this?cthisbear wrote:Ignore the spoilers
Now for some more Ignoring the Spoilers:...one good thing is that they happened before Barry travelled to India ...
Here's your answer:...don't know what measures Barry has for emergencies in regard for
someone here to put things to rights
Reference: http://www.murga-linux.com/puppy/viewto ... 728#166728Raffy wrote:I did not have access to FTP last night
Sorry, but must LOL at that one. BTW, Intel not only has money and resources, but they also have "etc," which includes an unwritten yet very real IOU note from Barry for their "unconditional donation" of the two ClassMate computers.cthisbear wrote:Don't laugh at this....but maybe Intel could monitor and out this crumb. They have money, resources etc....
At least we agree that there's no free lunch.why not use them whilst they are using Barry.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
attack and survival
It's in this sense that I've been quiet about criticisms of the multiple web presence of Puppy Linux. It's a good survival strategy when attacks come, and surely they will.prehistoric wrote:..criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.
..small group which has been harrassing Barry and others for months..
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].
I've gotten hit now. It's not porn, but animie emoctions. There has been some posts that refer to puppy and thus it would explain it, but I know for my site A) I've got no way of removing the icons and B) it's a hhe ole in aceboard that has caused it. My site dosn't use phpbb. It's probaly an SQL or JS injection.
I need help with my forum. [b][u]LINK:[/u][/b][url]http://www.programers.co.nr/[/url]
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
Why not? They didn't change your password on you did they?I've got no way of removing the icons
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]