Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Dec 2014, 03:46
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Hacking data
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 3 of 3 Posts_count   Goto page: Previous 1, 2, 3
Author Message
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sun 14 Jul 2013, 09:27    Post_subject:  

Semme wrote:
Hey, I've laid you the groundwork.. the GUI's are out there..


OK Semme, I appreciate it. This is worth putting in the time to get to know how to use the program.

I liked this explanation for how HTTPS works

1. put the "Thing" in the box, and lock it with your padlock.
2. send the locked box to the other party.
3, they put their padlock on the loop also (so that there are two locks on it), and return the double-locked box to you
4. You remove your padlock, and return the now singly-locked box to them
5. they remove their own lock and open the box.

With encryption the locks and keys are math, but the general concept is vaguely like this.
Back to top
View user's profile Send_private_message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Mon 15 Jul 2013, 23:05    Post_subject:  

This question may seem obvious to some but I would like to be quite certain and remove any doubt. Bits and bytes travel in mysterious ways.

Say you spend the day browsing a broad range of websites exposing your system to whatever is out there. The read-write USB is plugged for the duration of the session. At the end of the session you remove the stick and do not permit the OS to save RAM to the stick.

Is there any way a snooper could write and save data to your stick during the session without your knowledge? I ask because the orange box appears about once an hour. stating 'saving RAM to savefile' Has any data been saved if the stick is removed before the black screen saving routine at shutdown?
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 751

PostPosted: Mon 15 Jul 2013, 23:51    Post_subject:  

Edwardo wrote:
... the orange box appears about once an hour. stating 'saving RAM to savefile' Has any data been saved if the stick is removed before the black screen saving routine at shutdown?

Your system , including any newly added data/software/malware, is being saved to the stick when you see that message.
On puppy it is possible to switch off those intermittent auto-backups and decide at shutdown whether to save or not ...
http://www.google.com/cse?cx=015995643981050743583%3Aabvzbibgzxo&q=kiosk&sa=Search&cof=FORID%3A0&siteurl=www.wellminded.com%2Fpuppy%2Fpupsearch.html&ref=&ss=1636j747498j5#gsc.tab=0&gsc.q=do%20not%20save%20savefile%20shutdown%20close
save interval zero (only saves to USB at closedown).gif
 Description   no intermittent auto-save of savefile
 Filesize   28.61 KB
 Viewed   541 Time(s)

save interval zero (only saves to USB at closedown).gif


Edited_times_total
Back to top
View user's profile Send_private_message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Tue 16 Jul 2013, 00:07    Post_subject:  

Barkin wrote:
Your system , including any added malware, is being saved to he stick when you see that message.
On puppy it is possible to switch off those intermittent auto-backups and decide when closing whether to save or not ...
http://www.google.com/cse?cx=015995643981050743583%3Aabvzbibgzxo&q=kiosk&sa=Search&cof=FORID%3A0&siteurl=www.wellminded.com%2Fpuppy%2Fpupsearch.html&ref=&ss=1636j747498j5#gsc.tab=0&gsc.q=do%20not%20save%20savefile%20shutdown%20close


Thanks for clearing that up, Barkin.

Now, if an attacker wishes to write & save to the stick, where is his data going, to RAM or can he bypass RAM and access the stick directly?
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 751

PostPosted: Tue 16 Jul 2013, 07:03    Post_subject:  

Edwardo wrote:
Now, if an attacker wishes to write & save to the stick, where is his data going, to RAM or can he bypass RAM and access the stick directly?

If the savefile has heavy encryption then I don't think it is possible to modify its contents directly (i.e. the "bypass RAM" scenario).

If you run from a live CD/DVD which is not the rewritable type then it is physically impossible to modify the data on it.
Back to top
View user's profile Send_private_message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Thu 18 Jul 2013, 00:41    Post_subject:  

Barkin wrote:
Edwardo wrote:
Now, if an attacker wishes to write & save to the stick, where is his data going, to RAM or can he bypass RAM and access the stick directly?

If the savefile has heavy encryption then I don't think it is possible to modify its contents directly (i.e. the "bypass RAM" scenario).

If you run from a live CD/DVD which is not the rewritable type then it is physically impossible to modify the data on it.


OK. At present only the save file is encrypted by bcrypt (read-write USB). 1. As bcrypt encrypts only the savefile can data be written to a part of the disk that is not encrypted? 2. If the whole disk is encrypted say with Truecrypt, does this prevent data being written?
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 751

PostPosted: Thu 18 Jul 2013, 01:13    Post_subject:  

Edwardo wrote:
OK. Only the save file is encrypted (read-write USB).


It is possible to get USB sticks / SD cards which are write protected (they have a tiny switch on the side) so behave like a read-only CD/DVD.

Edwardo wrote:
1. Can data be written to that part of the disk that is not encrypted? 2. If the whole disk is encrypted say with Truecrypt, would this prevent data being written?


If someone has remote access to your computer they can do pretty much what they want, the firewall should prevent that, there is website called "Shields Up" which will check your firewall ... http://grc.com/x/ne.dll?bh0bkyd2

To change the contents of an encrypted file the attacker would have to have access to it and to the password.
Back to top
View user's profile Send_private_message 
greengeek

Joined: 20 Jul 2010
Posts: 2753
Location: New Zealand

PostPosted: Fri 19 Jul 2013, 03:59    Post_subject:  

I think it is also worth remembering that the internet (and router protocols) were developed to serve the purposes of the American military. Any data you send, encrypted or not, can be saved and decoded by many, many people in a variety of different organisations, everywhere throughout the data chain.

And any operating system can be hacked to include trojans, data echoing software and keyloggers that could trap your info before it even gets encrypted.

If you are wanting to hide data from your neighbour, encryption may be useful, but anything you transfer via the internet is an open book to governments, police and military establishments. If they want your data they will get it.
Back to top
View user's profile Send_private_message 
Jasper


Joined: 25 Apr 2010
Posts: 1204
Location: England

PostPosted: Fri 19 Jul 2013, 06:04    Post_subject:  

Hi,

If any reader, who is not using Opera and who does not have an exceptionally wide screen, can read this without using their horizontal scrollbar - please be so kind as reply stating your browser(s) and setting(s) that make such viewing possible.

SeaMonkey, Qt-Web, slimboat and dillo are of personal interest.

My regards
Back to top
View user's profile Send_private_message 
greengeek

Joined: 20 Jul 2010
Posts: 2753
Location: New Zealand

PostPosted: Fri 19 Jul 2013, 12:11    Post_subject:  

Hi Jasper - I am using Seamonkey version 2.13.1

I have no idea which settings to list - as far as I am aware my settings are default. I am viewing on a netbook with 1024x600 res. I have noticed from time to time that some threads appear very wide, but have never understood why (except in some cases where there is a large pic to view...)
Back to top
View user's profile Send_private_message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sat 20 Jul 2013, 07:48    Post_subject:  

Firefox Jasper. This page is fine. The previous page of this thread goes way out east to who knows where. Saludos Señor.
Back to top
View user's profile Send_private_message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sat 20 Jul 2013, 08:25    Post_subject:  

greengeek wrote:
I think it is also worth remembering that the internet (and router protocols) were developed to serve the purposes of the American military. Any data you send, encrypted or not, can be saved and decoded by many, many people in a variety of different organisations, everywhere throughout the data chain.

And any operating system can be hacked to include trojans, data echoing software and keyloggers that could trap your info before it even gets encrypted.

If you are wanting to hide data from your neighbour, encryption may be useful, but anything you transfer via the internet is an open book to governments, police and military establishments. If they want your data they will get it.


I agree greengeek. When I got the Puppy ISO a few weeks ago the most important problem was instantly solved from the very first boot. Since that time I've had fun poking around security sites finding out stuff I never knew existed. The savefile is encrypted despite containing nothing except system settings. The memory stick itself never resides in its slot except at boot up.

greengeek I am not concerned with governments etc. More with malicious snoopers, sniffers, hackers and crackers.

This for example: http://blogs.computerworld.com/19551/wifi_routers_oldies_are_goodies

It may be that WPS is not disabled on some newer routers after going through the disabling motions. I get the impression even when WPA2-AES is enabled with a strong password on those routers a simple WPS PIN crack is doable. One of my routers has the WPS button on the back. Before reading about this I didn't give it a thought.

Anybody try this out?
https://www.cloudcracker.com/

PS greengeek after some thought are you suggesting these government data chain bodies have found some way to magically shorten crack times from a million years? If so the router may be the culprit. Did they crack bcrypt yet? They appear to have problems with Truecrypt. Maybe this is just publicity, I do not know. Please correct me if wrong. They will of course get the passphrase if they want it badly enough by brute force but not the same kind of brute force we talk about here.

I think I would like a job of some sort in the Wi-Fi Alliance association. The possibilities are endless with their certification of poor design.

A question greengeek. If the ISO download from the repository is good how can the trojans etc be planted on a finalized CD? Do you trust the ISO?

My greatest love is reading history back to the mythology, and there we see the trust factors operating among the great players.
Back to top
View user's profile Send_private_message 
greengeek

Joined: 20 Jul 2010
Posts: 2753
Location: New Zealand

PostPosted: Sat 20 Jul 2013, 15:11    Post_subject:  

Edwardo wrote:
This for example: http://blogs.computerworld.com/19551/wifi_routers_oldies_are_goodies
Hi Edwardo, thanks for the link. Very interesting reading

Quote:
government data chain bodies have found some way to magically shorten crack times from a million years? If so the router may be the culprit.
I don't have the information to know the answer, but I have read that password cracking software (and the hardware to crunch the numbers) is currently available, especially at a mil level. If a router opens a doorway for the data to be snooped then I feel confident that storage of the data and cracking of the encryption is a real possibility.

Quote:
If the ISO download from the repository is good how can the trojans etc be planted on a finalized CD? Do you trust the ISO?
Firstly - just because the md5 matches does not mean the iso is "good". It means that the iso matches what the developer intended. So the question becomes - do you trust the developer? Some isos contain fragments of the developers personal data - usually this is a result of inexperience on the part of the person doing the remaaster / reconfigure / recompile or whatever. However it is possible that a developer could deliberately include portions of code that could have an undesirable effect. Who would know?

For example: what if a dev accidentally left part of a browsing history file in the .mozilla/profile file? Or something that tracked a previous session? (I've accidentally made that mistake myself - and recorded my Puppy forum activities into a history file that was available to future users...). There could easily be something in a history file that could bring the end user to the attention of authorities. Some would say this is only a remote possibility but anything seems possible when you consider how many agencies are trying to investigate our data streams.

Secondly - after Puppy is loaded from the iso into the memory it runs in RAM and can (theoretically) be infected in RAM. Those infections could theoretically load themselves to any thumbdrives you happened to have plugged at any time during that session. The Wikipedia entry concerning the Stuxnet virus gives a good insight into how removable drives can be a vector for ongoing damage.

I'm not saying Puppy is capable of being infected - I'm just saying I don't know of ways to PREVENT it being infected. I'm certain there are brainboxes out there who would easily have enough skill to create havoc on any operating system - especially where the users are trusting.

The good thing about puppy is that it strives to be small and to include efficient code that doesn't carry any excess fat. That in itself has to contribute somewhat to code safety.

In my opinion it is likely that the smallest iso is likely to carry the least risk - purely because it becomes more difficult to include code that is intentionally dangerous, or code/programs that are unintentionally poor quality and therefore likely to provide "backdoors and sidedoors". (But still - small size is no GUARANTEE of safety)

I avoid puppies that require java for exactly this reason. They seem bloated for no good reason. (some would say that my concern about java is unfounded - but even if my fear is irrational it is one I cannot shake off. No java for me...)
Back to top
View user's profile Send_private_message 
Edwardo

Joined: 26 Jun 2013
Posts: 42

PostPosted: Sat 20 Jul 2013, 20:56    Post_subject:  

Good points.

Here http://www.belkin.com/us/support-article?rnId=75 take a look at the language used by Belkin wrt WPS.

At the bottom of the page they state:

"You should have successfully disabled the Wi-Fi Protected Setup™ (WPS) feature of your router now".

I may be getting a bit picky here but language is language. Using the subjunctive tense (Condition: future or contrary to fact (§§ 516. b, c, 517) is not exactly inspiring when describing methods to prevent the lock picker picking your locks. I don't think so Mr. Belkin.

I wonder if there's a market for OS Certificates along the lines of factory router Certificates. Say the system authors sign off the distro with a Certificate and distribute it on sealed disks. The authors would be sole distributors, An inexpensive insurance policy backs up the validity of claims made by the Certificate with appropriate terms. If it were proven later to contain harmful code the courts would award punitive damages, costs etc.

A wireless card here: "The card has a small operating system, a CPU, memory, and an SD slot. When inserted into a laptop, it hijacks the TCP/IP stack, so the card can enforce policies" http://www.infoworld.com/d/security-central/sprint-alcatel-lucent-introduce-security-card-546

Could the attacker hijack the highjacked stack I wonder?
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 3 of 3 Posts_count   Goto page: Previous 1, 2, 3
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1028s ][ Queries: 12 (0.0051s) ][ GZIP on ]