Serious security breach on Developer Blog
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
forces of darkness
@kattami,
Have strong evidence this is unlikely to be big forces of darkness.
Is "bear" a prince of insufficient light?
prehistoric
Have strong evidence this is unlikely to be big forces of darkness.
Is "bear" a prince of insufficient light?
prehistoric
blocked
From what I know, it's servage.net that is blocked. And it happened that both puppylinux.org and puppylinux.com are now hosted in servage.all sites on puppylinux is blocked in China
However, there are many other mirror and repository sites:
http://puppyisos.org/
http://puppylinux.ca/
http://s3.amazonaws.com/puppy/index.html
http://mymirrors.homelinux.org/puppy/
(the few that I can recall now, that is).
I hope that distrowatch.com and ibiblio.org are not banned in China.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Psychology of Security
Here's some thought-provoking material from Bruce Scheier.
http://www.schneier.com/essay-155.html
Here's a description of Schneier himself.
http://en.wikipedia.org/wiki/Bruce_Schneier
I first knew about him because of his work in cryptography, back when I was more mathematical than today. His Applied Cryptography is a classic.
When he went into Computer Security as a professional, he had a series of shocks. This formed the basis of his book Secrets and Lies.
The classic example from that book, for me, is the teenage hacker he interviewed. How did he break in?
His book, Beyond Fear is particularly relevant to this discussion, but I have not read it, yet.
Added: For those who think the psychology is off topic, I offer an alternative viewpoint particularly relevant for people who value minimalism in software, as Puppy people do.
http://www.ranum.com/security/computer_ ... index.html
Hope this will shift our thinking in a productive direction.
prehistoric
p.s. Thanks to Flash for straightening me out on the book links. I've also changed them so they take you directly to the author's web pages, instead of Amazon. As my career started before HTML existed, or had anything to link to, I am still learning.
http://www.schneier.com/essay-155.html
Here's a description of Schneier himself.
http://en.wikipedia.org/wiki/Bruce_Schneier
I first knew about him because of his work in cryptography, back when I was more mathematical than today. His Applied Cryptography is a classic.
When he went into Computer Security as a professional, he had a series of shocks. This formed the basis of his book Secrets and Lies.
The classic example from that book, for me, is the teenage hacker he interviewed. How did he break in?
"I called them up and told them I forgot my password."
His book, Beyond Fear is particularly relevant to this discussion, but I have not read it, yet.
Added: For those who think the psychology is off topic, I offer an alternative viewpoint particularly relevant for people who value minimalism in software, as Puppy people do.
http://www.ranum.com/security/computer_ ... index.html
Hope this will shift our thinking in a productive direction.
prehistoric
p.s. Thanks to Flash for straightening me out on the book links. I've also changed them so they take you directly to the author's web pages, instead of Amazon. As my career started before HTML existed, or had anything to link to, I am still learning.
Last edited by prehistoric on Sun 20 Jan 2008, 21:11, edited 1 time in total.
A very dumb question or maybe suggestion:
The story is that I've always fears of puppy running only with a root account, a simple compromise would allow the intruder to take control of everything, which you know what could be done by that.
Also, I think it would be great to have a notification system integrated into puppy: for example if some serious security patches comes up or ... shouldn't we get notified by some applications rather than waiting for us or the user to visit the forums, news, ... sections to find out that we had to update something.
I know that Linux in general is more secure (or at least more securable) than M$, but I think those days of Linux hacking are coming and with this trend we might get caught with our pants down.
Sorry for a rather long post.
PS: I know these kind of topics for sure have been discussed before, but by rising of these kind of treats, shouldn't we put these into the priority of puppy Linux.
The story is that I've always fears of puppy running only with a root account, a simple compromise would allow the intruder to take control of everything, which you know what could be done by that.
Also, I think it would be great to have a notification system integrated into puppy: for example if some serious security patches comes up or ... shouldn't we get notified by some applications rather than waiting for us or the user to visit the forums, news, ... sections to find out that we had to update something.
I know that Linux in general is more secure (or at least more securable) than M$, but I think those days of Linux hacking are coming and with this trend we might get caught with our pants down.
Sorry for a rather long post.
PS: I know these kind of topics for sure have been discussed before, but by rising of these kind of treats, shouldn't we put these into the priority of puppy Linux.
Although I don't know tiddly about the system's architecture, it seems to me that if it's that browser-dependent, then it has serious flaws already.kattami wrote:But minus with tiddlywiki is that per today its only firefox and IE that saves changes to tiddlywiki with no problems, and that some say it gets slow when its big. Opera has a problem with saving to the file and need some extra jar file which may not work. I dont know if Seamonkey is able to save to tiddlywiki.
Any "glitch" like that gives an attacker their entry vector: update method 1 works, update method 2 fails. There's something different about them that the software isn't expecting. The attacker simply analyzes the differences and looks for a way to exploit them.
The fact that some obscure .jar will make Opera work is even more troublesome and has the potential to open another security hole.
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
My site was attacked also and it took my service providers 4 days to work it out, They went out and bought new servers and transfered all my files and folders. Now it up and running perfectly, I have a strong feeling that it was the phpbb forum that i have that was hacked. I think i'll have to change to a different forum, I get tooooooo much porn ads anyways and that really peeves me off. Hope everyone else don't get the hassles that I did. I couldn't even log into my server. And in the end it was 100% offline. I do want to thank all the support from people who were worried.
ttuuxxx
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
ttuuxxx
Since all this hacking started I have been viewing the source code for pages that the Firefox plugin NoScripts red flags. Even though your site is up and running now, I found this line to be a little strange at the very start of your index.
link href="file:///C|/Documents and Settings/sparepc/Desktop/liquid design/project.css" rel="stylesheet" type="text/css"
???
Since all this hacking started I have been viewing the source code for pages that the Firefox plugin NoScripts red flags. Even though your site is up and running now, I found this line to be a little strange at the very start of your index.
link href="file:///C|/Documents and Settings/sparepc/Desktop/liquid design/project.css" rel="stylesheet" type="text/css"
???
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
ya thats a stupid line. I still use Dreamweaver CS3 for my websites, well I took a diploma class in web development and all we learned was Dreamweaver for desktops, and CMS php server-side. Strange we had to learn Microsoft products for the Creative side, and Linux for servers. I would of rather to learn Code 100% but noooo it was like 10%. So I'm teaching myself as I go, but really for websites without a content management system, Dreamweaver is pretty good, and damn Adobe for not porting it to Linux, only apple and windows. grrrrrr
ttuuxxx
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Dreamweaver under WINE
@ttuuxxx,
A friend who teaches classes about internet development also has a Dreamweaver habit that is hard to break. Some weeks ago I sent him a note after I heard that Dreamweaver now works on Linux under WINE. Haven't had a response from him. If you want the reference I can dig it out, but I expect you can find it faster.
prehistoric
A friend who teaches classes about internet development also has a Dreamweaver habit that is hard to break. Some weeks ago I sent him a note after I heard that Dreamweaver now works on Linux under WINE. Haven't had a response from him. If you want the reference I can dig it out, but I expect you can find it faster.
prehistoric
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
If Dreamweaver cs3 and Photoshop cs3 works under wine, I'll format my web development xp PC to puppy this weekend, But first i'll try it on my Fire Hydrant pc, make sure it works fine, better safe then sorry Hmmm I also would need a dvd burning program that removes menus,css, macrovision. Any Ideas? I always copy my kids dvd's because they are really hard on the orginals, so i give them the copies, that way I always have a perfect backup. Since Filezilla already works on puppy as a pet package, thats my favorite FTP program and then Fireftp the Firefox addon, well have to go to work.
ttuuxx
ttuuxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
Do you want a diffrent host for the forum and then just have a page auto refer you or just diffrent forum software?ttuuxxx wrote:\ I think i'll have to change to a different forum, I get tooooooo much porn ads anyways and that really peeves me off
I need help with my forum. [b][u]LINK:[/u][/b][url]http://www.programers.co.nr/[/url]
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
Wow... all of this while I was away????
Whoever did this is weird and mad. Obviously they want to kill Puppy for no reason.
As for security stuff, here is my story:
My website was hacked. The index.html had been changed. THis guy was also attempting to install viruses on me to, with an MP3 virus.
And the system the host was running had PHP safe be on the mode on.
I later found out it was either the control panels fault, or the fact that the server was insecure, and was hacked into.
@BarryK:
Suggestion: maybe use what Xorg's website uses: MoinMoin.
I think it may Servage's end. They had security holes that was never noticed until now.
-------------
As someone said already, it has been a pattern. And as scary as it is, I have came to a conclusion: since Linux is rising, the crackers are rising too. They are interested in Linux now. I have to say, Linux had a victory. Compiz Fusion rocks and everything went wild. And Vista just died. But now, the theory hat a virus can't kill Linux unless under special conditions is put to the test.
And why am I drawing this conclusion? IT is a pattern.
There was another shock at Ubuntu.....
(I was fooling around with Ubuntu for a while....)
On their forums, some crazy dumb people were eager enough to let newbies kill themselves!!!!
(http://ubuntuforums.org/announcement.php?f=13)
Hope there is no more attacks at Puppy anymore.....
jimhap
Whoever did this is weird and mad. Obviously they want to kill Puppy for no reason.
As for security stuff, here is my story:
My website was hacked. The index.html had been changed. THis guy was also attempting to install viruses on me to, with an MP3 virus.
And the system the host was running had PHP safe be on the mode on.
I later found out it was either the control panels fault, or the fact that the server was insecure, and was hacked into.
@BarryK:
Suggestion: maybe use what Xorg's website uses: MoinMoin.
I think it may Servage's end. They had security holes that was never noticed until now.
-------------
As someone said already, it has been a pattern. And as scary as it is, I have came to a conclusion: since Linux is rising, the crackers are rising too. They are interested in Linux now. I have to say, Linux had a victory. Compiz Fusion rocks and everything went wild. And Vista just died. But now, the theory hat a virus can't kill Linux unless under special conditions is put to the test.
And why am I drawing this conclusion? IT is a pattern.
There was another shock at Ubuntu.....
(I was fooling around with Ubuntu for a while....)
On their forums, some crazy dumb people were eager enough to let newbies kill themselves!!!!
(http://ubuntuforums.org/announcement.php?f=13)
Hope there is no more attacks at Puppy anymore.....
jimhap
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
Thanks but my service provider does a good job, Just a change of software I think I need to do. Phpbb just doesn't seem to be safe.bobwrit wrote:Do you want a diffrent host for the forum and then just have a page auto refer you or just diffrent forum software?ttuuxxx wrote:\ I think i'll have to change to a different forum, I get tooooooo much porn ads anyways and that really peeves me off
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
Yes but its what my server host provides me as part of the "FANTISICO" package, Maybe with the newer servers that they just installed that it would be updated, If not i'll just have to change the forum. Probably after the 1st.
ttuuxxx
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
FWIW, phpBB is pretty simple to install by hand. I think you might need to create a mysql database and user for it first, but otherwise it's pretty basic. And the website control panel thing usually has a mysql tool.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
Yes I've installed phpbb before on another server using putty, But my server host does not allow any server side scripting or putty, Basically i can only use fantisico, so my arms are tied, they did say they would let me use it if I sent them a copy of my drivers license and 1 other for of id, it for a security measure.Pizzasgood wrote:FWIW, phpBB is pretty simple to install by hand. I think you might need to create a mysql database and user for it first, but otherwise it's pretty basic. And the website control panel thing usually has a mysql tool.
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)