Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 18 Apr 2014, 04:46
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Linux Kernel Org Hacked
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Author Message
sszindian


Joined: 24 Apr 2010
Posts: 578
Location: Pennsylvania U.S.

PostPosted: Tue 13 Sep 2011, 21:22    Post subject:  Linux Kernel Org Hacked
Subject description: Time for Puppy to go 'On-Point.'
 

OK boys/girls, it's time for Puppy to put up his ears, go on-point and start taking 'Security' more seriously!!!!
-----------------------------------------------------
According to recent news from:

http://www.theregister.co.uk/2011/08/31/linux_kernel_security_breach/

Updated: Multiple servers used to maintain and distribute the Linux operating system were infected with malware that gained root access, modified system software, and logged passwords and transactions of the people who used them, the official Linux Kernel Organization has confirmed.

The infection occurred no later than August 12 and wasn't detected for another 17 days, according to an email John "'Warthog9" Hawley, the chief administrator of kernel.org, sent to developers on Monday. It said a trojan was found on the personal machine of kernel developer H Peter Anvin and later on the kernel.org servers known as Hera and Odin1. A secure shell client used to remotely access servers was modified, and passwords and user interactions were logged during the compromise.

and there's more at the above link if you want to go read it.
-------------------------------------------------------
If this can be accomplished with the Linux Kernel Org., there is no reason to even think it can't happen to the Puppy community.

Myself, running strictly Linux, no Windows, even my HDD is formatted for Linux Only, have in the past week experienced some odd behavior it started when running one of the more-recent puppy versions...

I run two (2) drives in my system- a regular CD ROM drive and a DVD ROM R/W drive. I very seldom use the CD ROM drive except for duping an occasional CD. The DVD ROM is my main drive where I boot all puppy versions from.

The odd behavior is my CD ROM drive randomly opening and closing, sometimes in the morning, sometimes in the evening but for sure like clock-work every day at various times, it repeats opening and closing 3 or 4 times before stopping and staying open for some time, if I leave it, eventually it will close and repeat the process. I (at the present) do not believe it's a malware on the HDD as I have 3 HDD's... 2 running different versions of Puppy's 1 running JoliOS and the same thing is happening on one of the Puppy HDD's AND the JoliOS HDD (haven't used the 3rd HDD as yet). I am more suspect to a hacker trying to gain access to my system. This behavior has all the symptoms of a VIRUS but a hacker could just as easily replicate the process.

At this time it appears no damage was done to my system or the programs I use and I am still going through files to search for a malware just in case! If the Linux Kernel.org can't figure out what exactly happened to them, I doubt I'll ever find it if it is in fact a malware hopping around between these two HDD's.

About two-years ago when I was running XP Windows, a hacker gained access and 'Flashed My BIOS or motherboard' Nothing would fire that system up again! I actually watched him trying to gain access to my computer for over a week but I had the best AV installed at the time so thought it was kind of funny, 'He Won!' and I learned another good lesson in life! so hackers can cause damage without even gaining access to your system or HDD.

At any rate, I'm still using that version of Puppy, mostly with the CD ROM disconnected completely and trying to find out what's going on. In the meantime, if anyone else is having odd-things happening to their computer, please take the time to post it, maybe a pattern of sorts will help determine exactly whats going on.

One thing for sure, it's not a joke or laughing matter any more, we got to beef-up Puppy somehow.

>>>---Indian------>

_________________
Cloud Computing For Every Puppy (a .pet)
http://murga-linux.com/puppy/viewtopic.php?t=69192
Back to top
View user's profile Send private message 
p310don

Joined: 19 May 2009
Posts: 686
Location: Brisbane, Australia

PostPosted: Tue 13 Sep 2011, 22:53    Post subject:  

Interesting happenings at your place Indian.

Sounds to me like hardware giving you issues...

I have an easy test for you if you like. Put a Puppy CD into your PC, boot it with pfix=ram, so its just Puppy, and let it run for a day. If you still have drive opening and closing issues, I'm gonna say its a hardware issue on your machine, and nothing to worry about, at this stage.

If you wanted to test further, you could add things one at a time to replicate your current setup, web browser, flash etc. If something happens at the instance of installing that one component, then you know that is the security hole.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3251
Location: West Lothian, Scotland, UK

PostPosted: Wed 14 Sep 2011, 05:13    Post subject:  

I had a very similar thing happen a few weeks back.

1. I clicked on a link here at the Puppy forums...
Was taken to a webpage to play a video...
Video began playing.
About 1/3 of the way in, strange things began to happen.
Pmount window opened...
The file system on the Puppy CD-RW was mounted.
A ROX window opened displaying the files on the CD.

2. I closed the Pmount window.
Closed the ROX window.
Opened the drawer of the DVD-RW drive and removed the CD.

3. Multiple Pmount windows began to open one after the other.
Tried closing them down, but more kept on opening.

4. Hit Ctrl+Alt+backspace to drop to a command prompt and entered the command reboot.

5. Once back into Puppy, the problem was still there.
Decided my lupusave [for Lupu-526] had been compromised, so...

6. Rebooted into Wary-513...
Deleted the lupusave in use, and replaced it with a recent backup copy.

7. Rebooted into Lupu-526, and used the new lupusave, and the problem was GONE!
Or at least there were no longer any signs of a problem. Very Happy
Back to top
View user's profile Send private message 
sszindian


Joined: 24 Apr 2010
Posts: 578
Location: Pennsylvania U.S.

PostPosted: Thu 15 Sep 2011, 12:10    Post subject: CD problems!  

p310don:

Yes... I realize it could just be a hardware problem, possibly the CD drive is failing as it is old but, the symptoms for a virus and HD fail are identical so everything must be checked, which I'll be doing, even the BIOS itself! That back-door the kernel.org left open in their builds could give us headaches for some time to come I'm afraid.

"Thanks"

>>>---Indian------>

_________________
Cloud Computing For Every Puppy (a .pet)
http://murga-linux.com/puppy/viewtopic.php?t=69192
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Mon 19 Sep 2011, 23:38    Post subject:  

Sounds like those Linux kernel servers ought to be running OpenBSD, which is protected by a herd of masturbating monkeys. Laughing
Back to top
View user's profile Send private message 
cowboy


Joined: 03 Feb 2011
Posts: 245
Location: North America; the Western Hemisphere; Yonder

PostPosted: Sat 24 Sep 2011, 09:27    Post subject: similar problems  

Sylvander wrote:
I had a very similar thing happen a few weeks back.

1. I clicked on a link here at the Puppy forums...
Was taken to a webpage to play a video...


Sylvander, I had similar difficulties, and I bet we clicked the same link to the same story - one posted where a puppy user was having trouble playing a video from a French TV station?

I also went there, and found that my drives lights kept coming on. C drive would run, then any attached USB drives would light up. Sort of cycling through all my attached peripheral drives. Believe I was running Lucid 5.2.5 at the time. Started over with a new savefile, and the problems stopped. Very odd. Always wondered if there was some sort of a menacing Flash virus there.

_________________
"Never trust a computer you can't throw out a window. - Steve Wozniak
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10662
Location: Arizona USA

PostPosted: Sat 24 Sep 2011, 11:16    Post subject:  

I hate to keep beating a dead horse, but if you guys had been running Puppy from a multisession DVD when you suspected you caught some malware, all you'd have to do to get rid of it, no harm done, is reboot without saving. Smile
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10520
Location: SwedenEurope

PostPosted: Sat 24 Sep 2011, 12:23    Post subject:  

Flash wrote:
I hate to keep beating a dead horse, but if you guys had been running Puppy from a multisession DVD when you suspected you caught some malware, all you'd have to do to get rid of it, no harm done, is reboot without saving. Smile


That is true and sure I can buy some adapter that do allow me to run and external CD or DVD player on my Netbook that is too small to have a standard CD/DVD player in it.

But I hate the sound of things that spin so I place my computer high up on a book shelf hidden so it is barely audible even when the fan starts whining. Smile Burners when they spin can be rather noisy.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3277
Location: Oregon

PostPosted: Sat 24 Sep 2011, 12:25    Post subject:  

Flash,
You better stop beating that dead horse. It just might come back from the dead and stomp you. Laughing
Your case will only help those that do not have a hard drive or USB storage device attached.
If a site is mounting any storage device it finds on your PC, it also has a chance to inject malware to that mounted device.
The best thing is to stay away from sites that try to mess with your PC.

To be truly secure in being set up like you, one would have to remove all storage devices from the PC except for the DVD/CD drive and only attach a storage device long enough to save data that one did not want to be part of their session on a multi-session CD/DVD.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10520
Location: SwedenEurope

PostPosted: Sat 24 Sep 2011, 13:17    Post subject:  

I trust 8-bit on this. I have read a lot about it out of curiosity
and even if that does not make me an expert as I remember
everybody agree with 8-bit on that.

Quote:
Your case will only help those that do not have a hard drive or USB storage device attached.

If a site is mounting any storage device it finds on your PC, it also has a chance to inject malware to that mounted device.
The best thing is to stay away from sites that try to mess with your PC.


But 8-bit you are way too optimistic. The experts says that each week some 10 000 to 100 000 perfectly normal sites that has nothing to do
with places one should not visit them do have injection scripts that
use clever ways of infecting our computers.

if I go to sites about mountain bikes, motor bikes, cars, buying houses buying clothes, food, pizza, kebab, veggie food, organic farming, cities tourist information, whatever. all perfectly normal places

them criminals do place such codes on them by using holes in the htlm so one need to be good at programming to know them have been tampered with.

But you are right that it is even worse if one go to sites that are NSFW and such. But one are not safe if one stay away from the NSFW them tell us.

PCWorld and McAfee and such have been warning and BBC world service their Tech pages.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Sat 24 Sep 2011, 14:23    Post subject:  

I guess there is an inherent risk visiting any web page.
I wonder how much of a shield Google translate would be against
these threats?

For example let's say you happen to be bilingual, then you could use
big brothers translate service.

For example:

http://translate.google.com/translate?hl=en&sl=auto&tl=es&u=http%3A%2F%2Fwww.murga-linux.com%2Fpuppy%2Findex.php

or especially for nooby:

http://translate.google.com/translate?hl=en&sl=auto&tl=sv&u=http%3A%2F%2Fwww.murga-linux.com%2Fpuppy%2Findex.php
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10520
Location: SwedenEurope

PostPosted: Sat 24 Sep 2011, 17:07    Post subject:  

google do warn for some pages. They tell me them have code in them.
So usually I don't go there regardless if I find it interesting.

Say it is a page about atheists and Christians fighting about if Jesus really have exists but some criminal has placed such bad code on it without the
owner realizing it. Then I want to read but not get the bad code.

So I try to find same text on another site them don't warn has that code.

Edit. I know I write bad English but I am more used to read in English
than I am used to read in Swedish so even if I stumble on a lot of English words I do prefer to read in the original English text and not rely on bad translation. I could accept to have a parallel text though. To see the original and only have to look at translation when needed.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Sat 24 Sep 2011, 17:32    Post subject:  

Hi nooby,

Don't worry your English is 1000 times better then my Swedish.

What I meant is that perhaps Google will filter some of the
malicious code when using their translate service as they first read
the original page then parse it to you.

Dave.
Back to top
View user's profile Send private message 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Sat 24 Sep 2011, 17:57    Post subject:  

It could be quite interesting to get one of those malicious webpages
and download it using 'curl' and then analyzing the webpage's source.

I think it would be safe to "get" the webpage as follows:

curl -i -X GET http://The_suspect_page.htm > /some/dir/SomeName.txt

Then reading it with Geany.
I suspect that it would be safe to download the page like that as there is no
web browser involved, but since I don't exactly know the inner workings
of curl and GET, I would appreciate comments from those that know more
about this.

Dave.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10520
Location: SwedenEurope

PostPosted: Sun 25 Sep 2011, 15:15    Post subject:  

yesterday or the day before I mean Friday or Saturday or could it have been Thursday even?
Anyway there was a link to this
http://tuxradar.com/content/bitdefender-antivirus-unices
Now that is very remotely related to linux kernel org but it has to do with security.

Them comparing many different AntiVirus products for Linux.
I fail to find that thread now. Have searched for some 4 hours.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0960s ][ Queries: 12 (0.0059s) ][ GZIP on ]