[quote="mikeslr"]
...
Puppy security revolves around its use of compressed files and its operating “entirely
Should I be concerned about virus and malware?
yeah why notWould you call me paranoid???????
... anything else?I happen with puppy to use a sfs file for the save...its read only of course and you can choose not to save at shutdown.... why...well avoids the puppy dirty shutdowns happening which are a pain when sharing with windows and to avoid a messy save after compiling or software testing. I did enough paranoia in the past and they were plotting against me
It has also helped sometimes when the browser gets screwed by some bad javascript.... and I sometimes got this thing where X goes crazy and there are effectively mouse clicks everywhere.... sounds not unlike like what you suffered sylvander one way or the other rather than hacking as such. I also find a messed up mozilla profile tends to persist too...again corrupted by a bad site or some other software glitch.
Discuss security...yeah of course...it is important...just a bit tired of these...'A journalists says we are all going to melt soon' topics...lets keep it a bit real.
Security by obscurity .... nah security by good design.
Someone could always make software that leaves you vulnerable on linux...I was getting a bit concerned about konquerors integration into the desktop...and there are tales of Google chrome not being very descreet either. Webkit being shoved into non web applications...etc.... hopefully the coders are playing safe.
Windows has been cleaned up too... my experience of windows 7 gave me no reason to worry either.
I also started using linux out of curiosity, not because of security issues as they had already been dealt with. In my penguin dabblings I have yet to have had any concerns to deal with..... well one less thing to deal with is nice.
All I really want...is some warm weather .... and me and alanis both need a Rossi ice cream soon... will we last until then?
mike
Me bones need warm & cold too. Hot & cold running water - such a glory of our world, especially when you don't have it. The hot water gushing out of the broken pipes in winter, or what have you. My old bones definitely need some help. Anyway.
I'm sure this has been posted before, but I'll post it because it was what caught my eye when I was worried.
http://krebsonsecurity.com/2012/07/bank ... a-live-cd/
http://krebsonsecurity.com/tag/puppy-linux/
I especially like how well my Puppy does on open wireless now, with Tor, JonDo, or other vpn type things, especially with the updates to Frisbee and Peasywifi.
https://billmullins.wordpress.com/2012/ ... ppy-linux/
We've had significant people in the law enforcement field recommending things like Puppy for banking to handle virus & malware threats for a while now.
I was nervous, at first. But then I had to take some time to learn a bit. The more I learned, the more I started to understand, and the more I could relax about what I should be relaxed about, and the more I could be concerned about what I should be concerned about.
It's definitely a wake-up moment when the Webroot scanning software pushed down from IT at work didn't find something, but your own tiny cd drive system did, but you're safe, and then a couple days later, the IT folks come through - groaning.
I suspect that in the current environment, most of us are only potentials to be used in the attacks on more lucrative targets like ... Target, or whatever. Even though the threats that have come to light lately have been through compromised point of sale systems or tricky phishing attacks which kind of goes back to what mikeb was saying.
Main thing is - Puppy did great by me this year. Yes, I got paranoid and did scans with CLAM & Avira pets sometimes. I'm ok. I've been ok all year. And you know what? Compared to the pay-through-the-nose antivirus software I was paying for a year ago, and my workplace is still paying for, I already know I'm more secure. And I like it.
I'm sure this has been posted before, but I'll post it because it was what caught my eye when I was worried.
http://krebsonsecurity.com/2012/07/bank ... a-live-cd/
http://krebsonsecurity.com/tag/puppy-linux/
I especially like how well my Puppy does on open wireless now, with Tor, JonDo, or other vpn type things, especially with the updates to Frisbee and Peasywifi.
https://billmullins.wordpress.com/2012/ ... ppy-linux/
We've had significant people in the law enforcement field recommending things like Puppy for banking to handle virus & malware threats for a while now.
I was nervous, at first. But then I had to take some time to learn a bit. The more I learned, the more I started to understand, and the more I could relax about what I should be relaxed about, and the more I could be concerned about what I should be concerned about.
It's definitely a wake-up moment when the Webroot scanning software pushed down from IT at work didn't find something, but your own tiny cd drive system did, but you're safe, and then a couple days later, the IT folks come through - groaning.
I suspect that in the current environment, most of us are only potentials to be used in the attacks on more lucrative targets like ... Target, or whatever. Even though the threats that have come to light lately have been through compromised point of sale systems or tricky phishing attacks which kind of goes back to what mikeb was saying.
Main thing is - Puppy did great by me this year. Yes, I got paranoid and did scans with CLAM & Avira pets sometimes. I'm ok. I've been ok all year. And you know what? Compared to the pay-through-the-nose antivirus software I was paying for a year ago, and my workplace is still paying for, I already know I'm more secure. And I like it.
And what makes them experts on security..... though at least in this case its a useful suggestion.We've had significant people in the law enforcement field recommending things like Puppy for banking to handle virus & malware threats for a while now.
Like politicians recommending healthy eating options, sadly often decisions and recommendations are made by those who only have a laymans knowledge of the subject.
Indeed it seems even many system admins still appear to lack any idea of how the vast majority of machines are infected and why of course some are not...glad to be in that minority anyway. If they did it would be happening far far less often.
mike
My stand is that I only do online banking from my home and with my home machine.
I keep my machine lean and clean and even my wife doesn't know the codes to get into the joint account. Mind you she doesn't use computers.
I use Windows most of the time, mainly because my work involves supporting people using it.
Avoiding nasties is mainly about being careful about clicking.
I must admit that I do like a bit of flesh occasionally, but even then you can avoid most of the risk by only using well known sites.
I keep my machine lean and clean and even my wife doesn't know the codes to get into the joint account. Mind you she doesn't use computers.
I use Windows most of the time, mainly because my work involves supporting people using it.
Avoiding nasties is mainly about being careful about clicking.
I must admit that I do like a bit of flesh occasionally, but even then you can avoid most of the risk by only using well known sites.
"Just think of it as leaving early to avoid the rush" - T Pratchett
Ahh reminded of me when still with the defunct Yorkshire Bank that they forced the use of Internet Explorer to initialise the internet banking (not once done as it happens) ..I went to the library to do it as that scum was eradicated many moons ago..... They also used a simple username/password combo to log in. A hackers dream.
I left soon after and been with the co op which have a rock solid system in place that works on any browser. Even if you somehow got compromised it would do no good for the hackers. Regardless of the press, from a users view they are heaven generally.
Case in point... the IT staff or contractors some institutions use are complete security effing idiots.... bit of a naff situation when the user is attempting to be safe and the bunnies in charge are not.. I heard norweigen banks force java for theirs!!! Moral... only deal with banks that understand security.
mike
ps... I am never careful where I browse or click.... and even if I was the family probably are not.... Its important to have a system that can handle that safely. After all most equipment we have around us is designed NOT to explode when used.
I left soon after and been with the co op which have a rock solid system in place that works on any browser. Even if you somehow got compromised it would do no good for the hackers. Regardless of the press, from a users view they are heaven generally.
Case in point... the IT staff or contractors some institutions use are complete security effing idiots.... bit of a naff situation when the user is attempting to be safe and the bunnies in charge are not.. I heard norweigen banks force java for theirs!!! Moral... only deal with banks that understand security.
mike
ps... I am never careful where I browse or click.... and even if I was the family probably are not.... Its important to have a system that can handle that safely. After all most equipment we have around us is designed NOT to explode when used.
Not ALL contractors.Case in point... the IT staff or contractors some institutions use are complete security effing idiots..
I once did a contract for Barclay's Bank which required some Assembler knowledge in which I am limited, but...... On my first day there I found several severe security flaws in the code for ATMs, one of which I only found because I broke the rules and used my own laptop to access the WEB during lunch.
Rules were changed after that - well for me, at least.
My bank uses three? factor security.
Password
A random question from 9 previous supplied
A one time key generated from a supplied fob.
None of these in my mind are particularly secure, though I suspect the password is the most.
The one time key from the fob is (I suspect) purely for the customer's false peace of mind since it has to be either pre-determined or generated using a pre-determined set of rules and not random since the on-line code has to check it.
The 9 questions are the same for everybody so a little research will supply the answer for a hacker.
The password I change during every access and follows a set of rules that only I know and is never written down
"Just think of it as leaving early to avoid the rush" - T Pratchett
well glad you have your head screwed onNot ALL contractors.
. But you finding such problems in the big boys software makes a point in itself. Check out most banks html with a validator... No password for the co op..... interesting choice ...perhaps as much hacking focuses on password cracking through various techniques they felt it was too much of a target...certainly did not feel secure with Yorkshire banks use of it.
Login fo me is
1. account number and sort code...well suppose that like a username
2. 2 random numbers picked from a pin code thats different to the debit card one.
3. random personal question from a selection like yours.
That gets you in.
In order to actually then take money you would have to create a funds transfer...... This cannot be done unless you have the debit card and a reader (and the card PIN number) which you input the code generated on the site and then enter the result from the card reader..... could get tricky for a hacker. They used to require this for ANY transfer but was deemed overkill...why would a hacker want to pay my gas bill
As far as I know the only fraud done on their system was by actual customers who made transfers and then deleted the details and then claimed they had lost money without their consent so got it refunded...now you have to ask to remove transfers on the phone...loophole closed.
On a last note if someone did get through all this and take money the bank would compensate the amount up to 80,000
I sleep ok
mike
Great conversation everybody - thank you!
I actually think Krebs knows his business from his reporting, and I remember going to
http://puppylinux.org/wikka/Security and reading the quote "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppy Linux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'. Source"
So I sat back in my seat and said to myself, hmmm, yea, I am a layman for sure, but these two are definitely less layman than me. So what's really up here? So I had to learn a little, then a little more, then a little more. I'll definitely never be more than a layman, but I got to start to begin to learn about what a layman needs to be concerned about & relaxed about, and why.
[/quote]s... I am never careful where I browse or click.... and even if I was the family probably are not.... Its important to have a system that can handle that safely. After all most equipment we have around us is designed NOT to explode when used.
Yea, I hear you. For myself, I found the suggestions urged me to want to more,and educate myself more, to be able to understand why it was others expressed their recommendations as they did.And what makes them experts on security..... though at least in this case its a useful suggestion. Like politicians recommending healthy eating options, sadly often decisions and recommendations are made by those who only have a laymans knowledge of the subject.
I actually think Krebs knows his business from his reporting, and I remember going to
http://puppylinux.org/wikka/Security and reading the quote "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppy Linux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'. Source"
So I sat back in my seat and said to myself, hmmm, yea, I am a layman for sure, but these two are definitely less layman than me. So what's really up here? So I had to learn a little, then a little more, then a little more. I'll definitely never be more than a layman, but I got to start to begin to learn about what a layman needs to be concerned about & relaxed about, and why.
Yea, maybe - I don't know too many sysadmins except the ones I've worked with. I guess I feel lucky 'cause most have mine have been pretty good, but I've also had those moments where I was trying to explain to an IT assistant that our virus this week is exactly like the one 2 months ago, except that my coworker is talking at the same time saying completely incorrect things, and the IT assistant is like "ya know, I need to go check with Bob on this" and ... and. Then we have the staff doing stuff that is most definitely *not* best practices and they seem surprised when oh gosh, a virus. Sigh. I don't envy anyone trying to deal with this stuff on the job.Indeed it seems even many system admins still appear to lack any idea of how the vast majority of machines are infected and why of course some are not...glad to be in that minority anyway. If they did it would be happening far far less often.
Ya know, this reminds me of my favorite sysadmin who first showed me linux live mini-discs & how to be safer on wifi. He gave me that over-the-glasses look and said "nothing's safer than the wire."My stand is that I only do online banking from my home and with my home machine.
Ya know, one of the things I've loved about Puppy on live cd is knowing I can go to surreptitious websites I was scared to go to before, and then after I have, I just pull the plug, and we're done.I must admit that I do like a bit of flesh occasionally, but even then you can avoid most of the risk by only using well known sites.
Nice! Congratulations, man! That sounds great.left soon after and been with the co op which have a rock solid system in place that works on any browser. Even if you somehow got compromised it would do no good for the hackers. Regardless of the press, from a users view they are heaven generally
[/quote]s... I am never careful where I browse or click.... and even if I was the family probably are not.... Its important to have a system that can handle that safely. After all most equipment we have around us is designed NOT to explode when used.
On my first day there I found several severe security flaws in the code for ATMs, one of which I only found because I broke the rules and used my own laptop to access the WEB during lunch.Ya know, I am beginning to grok this experience of yours, as I grow more educated and confident. Sometimes, I'm like hell no, I am going to try going to this obviously questionable website, because I want to see what happens, and, and I want to see that one particular episode of Penny Dreadful or whatever. And worse. It actually pissed me off, seeing my own credit card details being sold online on rescator, realizing I was now safe enough to be in the place the criminals who could buy my old numbers were in, and I could even buy them back. What a head trip. Knowing I was safer looking myself than the store I happened to shop at.
The 9 questions are the same for everybody so a little research will supply the answer for a hacker.Cheers to you, man! Cheers to you. When I read that, I feel inspired.
certainly did not feel secure with Yorkshire banks use of it.Yea from what I've read, one the vulnerabilities in the iphone celebrity cloud hack in the recent past - the one with Scarlett Johanssen nudies being released (yea you see where my eyebrow rises) revolved around 2-factor authentication but the questions were answered by things you could look up on wikipedia. *awkward* One of the solutions to this problem I read about is answering a question with an answer from another question. Like, what is your paternal grandfather's first name? And you answer, your favorite movie. When it asks you for where you were born, your answer is, your grandpa's name. So elegant, so simple, so much more creatively defiantly brilliant than I am.
On a last note if someone did get through all this and take money the bank would compensate the amount up to 80,000. I sleep okShout out to Yorkshire! My current boss has a Yorkshire accent! Sexy.
Yea - totally. That point when you can rest ok, sleep ok. Getting to that point. Knowing you can rest, not just because of what someone said, but because of facts, facts you've learned. There's that point where you can relax, not because of what people have said, but because you've started to learn what they meant. And then you start to get it. Things start to click, in your head. You start to learn about why best practices are best practices, what it means, where you fit, all that stuff. Knowing you've done what you can.
This road for me so far, has been a real security delight.
Actually this thread seems like a grumbling volcano that gives a rumble now and then
Ok deciphered the quotes
Well indeed... my 12 years of browsing where I like, being able to click on ecard links, using html mail and use internet banking ON WINDOWS without a sniff of a problem was preceded by some considerable research on the subject rather than sticking my short neck out or wearing any tinfoil on my head.
It was all cause and effect stuff...and yes I got all the same infections and problems as everyone else which drove me to find out what the fudge was going on...and this was on 98...I just applied the same gained knowledge to 2000 and XP. Linux..that came later and was a case of 'nothing to do'
I say such endearing comments about 'professionals' since in computer terms I am pretty much the layman and certainly was back then and yet reached a level of security that still seems to elude the majority.
If I am not that smart what does it make them???
Its all seems cloaked with mysticism nowadays as is anything that earns a gold coin or two.....at the time it just took a bit of google searching....
Funny I am having to apply a rpcss.dll hack after years of not bothering as the libraries firewall appears to be not on properly as nothing is strealthed...big hand for 'professionals' there.
All fun and 3D games
mike
Ok deciphered the quotes
Well indeed... my 12 years of browsing where I like, being able to click on ecard links, using html mail and use internet banking ON WINDOWS without a sniff of a problem was preceded by some considerable research on the subject rather than sticking my short neck out or wearing any tinfoil on my head.
It was all cause and effect stuff...and yes I got all the same infections and problems as everyone else which drove me to find out what the fudge was going on...and this was on 98...I just applied the same gained knowledge to 2000 and XP. Linux..that came later and was a case of 'nothing to do'
I say such endearing comments about 'professionals' since in computer terms I am pretty much the layman and certainly was back then and yet reached a level of security that still seems to elude the majority.
If I am not that smart what does it make them???
Its all seems cloaked with mysticism nowadays as is anything that earns a gold coin or two.....at the time it just took a bit of google searching....
Funny I am having to apply a rpcss.dll hack after years of not bothering as the libraries firewall appears to be not on properly as nothing is strealthed...big hand for 'professionals' there.
All fun and 3D games
mike
.rpcss.dll if thats what you meant is the rpc server ...port 135.
shields up provided the info...and the hack once upon a time...you make it point to 0.0.0.0 which effectively disables it but it cannot be removed as the system requires it to run.
you will see it in process explorer at a low level.
It basically advertises what the machine has available to the world.
mike
shields up provided the info...and the hack once upon a time...you make it point to 0.0.0.0 which effectively disables it but it cannot be removed as the system requires it to run.
you will see it in process explorer at a low level.
It basically advertises what the machine has available to the world.
mike
There's always concerned newcomers - I was one of them, I think.Actually this thread seems like a grumbling volcano that gives a rumble now and then
Yea that right there - that right there is something. That. Cheers to that! That is not 'oh I'll pay xyz for security software & I don't know what it's doing' ... or 'oh I don't know anything about that, you figure it out'. I love this, because once you ask should I be concerned, then you start to find out what others think, then you start to find our for yourself, and there's that considerable research drive, those considerable research moments.without a sniff of a problem was preceded by some considerable research on the subject rather than sticking my short neck out
It's just not *enough* for someone to hand you a black box and tell you you're fine. One has to *know*. One's driven to know *how*. For me at least, even though I couldn't understand half the lingo of what was being talked about, I had to start there.
Another priceless thing! Scary - but priceless! I've been lucky to have what seems like some really nice admins,but I still run across trouble sometimes. But you - you worked and learned and reached and learned and reached. Even though, sometimes the only first reach you need is to take that first google search.since in computer terms I am pretty much the layman and certainly was back then and yet reached a level of security that still seems to elude the majority.
I really chuckle now especially because yesterday I was in a gallery of Greek & Roman art, & some jewelry & numismatics were on display. You know - the smallest gold coin was smaller than my pinky fingernail? Isn't that crazy & amazing? Smaller than a sim card.as is anything that earns a gold coin or two.....
Great conversation, folks - I learn a lot from you. Thank you.
Well at least in murga we touch the topics other distros cannot reach
As a parallel...I used to ride moterbikes/drive cars.
I did all the servicing and rebuilding myself. I wanted to KNOW the brakes worked and the engine was not going to blow up on me in the middle of nowhere.
Probably mentioned elsewhere but my security journey started after returning to the uk and using the internet a lot after travelling. Although virii had crept in in Ireland it was a brief encounter...the real poo started in uk.
One main problem was IE crashing / system freezing all the time needing constant resets ...cause...saving lots of bookmarks thats all...a bit crappy I thought.
I tried netscape but it was un runnable for some reason... a forum pointed me towards the emerging firefox... it was a dream...problem pretty much solved. Virii and resets were just a part of windows I thought. Since we used firefox full time I found a tool that would remove IE from 98lite for free .... we were skint at the time....from then on the of causes of infections, since I noticed we had far less problems with them, were discovered and my learning began.
Stability improved...avoid large programs lol...but changing to NT was the real cure.
In short I learned this stuff from actually trying to make the computer run better...improved security was a side effect...was a pentium 2 with PC66 64MB ram so a challenge in itself
If I have gained from playing with linux its a better understanding of operating systems and software....its fun building programs and hacking for example. Have made improvements in terms of running it though never had to make any changes with regard to security.
I also believe knowledge gained here can help people keep their machines running well to then do what they were purchased for which I assume is the ultimate goal which to me will include windows too... sorry never had a mac. It also means, like the vehicle knowledge keeps, running costs to a reasonable level.
sorry for the lifestory just wanted to fill in the picture.
mike
mike
As a parallel...I used to ride moterbikes/drive cars.
I did all the servicing and rebuilding myself. I wanted to KNOW the brakes worked and the engine was not going to blow up on me in the middle of nowhere.
Probably mentioned elsewhere but my security journey started after returning to the uk and using the internet a lot after travelling. Although virii had crept in in Ireland it was a brief encounter...the real poo started in uk.
One main problem was IE crashing / system freezing all the time needing constant resets ...cause...saving lots of bookmarks thats all...a bit crappy I thought.
I tried netscape but it was un runnable for some reason... a forum pointed me towards the emerging firefox... it was a dream...problem pretty much solved. Virii and resets were just a part of windows I thought. Since we used firefox full time I found a tool that would remove IE from 98lite for free .... we were skint at the time
....from then on the of causes of infections, since I noticed we had far less problems with them, were discovered and my learning began.Stability improved...avoid large programs lol...but changing to NT was the real cure.
In short I learned this stuff from actually trying to make the computer run better...improved security was a side effect...was a pentium 2 with PC66 64MB ram so a challenge in itself
If I have gained from playing with linux its a better understanding of operating systems and software....its fun building programs and hacking for example. Have made improvements in terms of running it though never had to make any changes with regard to security.
I also believe knowledge gained here can help people keep their machines running well to then do what they were purchased for which I assume is the ultimate goal which to me will include windows too... sorry never had a mac. It also means, like the vehicle knowledge keeps, running costs to a reasonable level.
sorry for the lifestory just wanted to fill in the picture.
mike
mike