Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
System attacked, Konqueror went on window-popping spree!
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Wed Dec 14, 2011 6:51 pm    Post subject: System attacked, Konqueror went on window-popping spree! Reply with quote

I am seeking to further resolve a few issues with my system and the internet access, that include internet freedom and freedom for activism at that.
But first I wish I could figure out how could something like the following have happened to my Gentoo box.
I don't want to be cross-posting, but there is more to the underlying/related issues that I wish to discuss than this on kde forums:
http://forum.kde.org/viewtopic.php?f=9&t=98169&p=209057
I posted it there bacause I considered it honest to let them know.
Further issues are related to grsecurity/pax hardened Gentoo, counter-SELinux, which I am fully against and have already pleaded, and plead again here with the big Gentoo boys to unselect SELinux, and select grsecurity/pax based config optiona as default selection, in the hardened-sources! Not for me, I do it first thing on my own, but for the newer newbies!
And, further issues are related to getting for oneself true secure free use of computing systems and the internet.
That wouldn't be the case with SELinux, IMHO.
But, let's first find out, possibly by someone more knowledgeable than me, what was it, how it came to happen, that my Konqueror got that mad as in that video. Here's a link to that video again:
http://vimeo.com/33561248
Back to top
View user's profile Send private message
krinn
Advocate
Advocate


Joined: 02 May 2003
Posts: 3917

PostPosted: Wed Dec 14, 2011 8:07 pm    Post subject: Reply with quote

I see 4 things in your video

- a crash browser detection system that query you what to do
- after getting your answer applying it always, but sad for your browser it keep thinking it crash and then reopen another window, hence the loop of opening window browser.
- another stability proof of kde (yeah that's just sarcasm)
- a user that obviously don't know killall command
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Wed Dec 14, 2011 9:57 pm    Post subject: Konqueror "crashes" programaticcaly! Reply with quote

krinn wrote:
I see 4 things in your video

- a crash browser detection system that query you what to do
- after getting your answer applying it always, but sad for your browser it keep thinking it crash and then reopen another window, hence the loop of opening window browser.
- another stability proof of kde (yeah that's just sarcasm)
- a user that obviously don't know killall command

Hi Krinn!
Glad to read from you again!
If only I had been there beside you, back when you wrote on killall, to tell you to be more talkative and tell us (there'll be others reading this) what command I should have issued?! Never mind, I ask you now, do tell us, pls!
And let me mull a little over the other statements you wrote...
You claim Konqueror just crashed and it wasn't an attack?
It never ever crashed to me like that, and I do have very strong suspicion, but that wouldn't necessarily go publicly, well, part of it goes further below, part of it, no names, on precise source of attack, non-tech occasional but obvious and certain circumstances...
Firstly: Has anybody ever had Konqueror crash on them like that?
Secondly: When it crashed, has Konqueror tried to open their provider's login page, and not any other one, and tried to open that page in multiple, probably different, attempts (with different login password...), while it was... crashed...?
The firstly and secondly do contain my assumptions, because I cannot state those as facts...
I could, though, post the entire address which I got in another screencast.
And, it happens to be screencast of about more than three weeks later!
I use my systems daily.
The suspected attacker, back when he was sure he was way more clever and me too stupid, and he is a Gentoo user in a denial detached from reality, a guy from Croatia, and a friend of his, asked what precisely I use on my Gentoo, whether Gnome or KDE base system...
I always compile only one of my systems and clone it onto at least two, at max three other systems based on the same MOBO and same RAID-5 software configuration on the hard disks. (I can search the post where I explained how I clone my systems if anyone is interested. It's somewhere on these Gentoo forums)
I very rarely, almost never use exactly Konqueror to log in at my providers, and lo and behold, I have this Konqueror issue, the issue exactly with the KDE Konqueror program that I so rarely use (Firefox is what I regularly use), on another of my systems... Still.
What I can tell for certain, is that these issues with Konqueror "crashing" in the way in whcih it tries to do something on my provider's login page, very strange kind of crashing, you have to admit!...
What I can tell for certain, is that these issues with Konqueror "crashing" in such fashion, have gone away completely only after I reverted fully to Gentoo Gnu Linux with hardened grsecurity/pax kernel!
That is what I can tell for certain!
I did keep seeing those in at least one month tiime... Sorry I was concentrated on learning how to harden my system and didn't track Konqueror versions... but there could have been more than one Konqueror versions!
Now let me see if I got my other video uploaded with the full adress visible while Konqueror "crashes" programaticcaly.
Was waiting in line (later edit: not anymore):
http://vimeo.com/33685764
(later edit: the better resolution of this one in comparison to the previous video, is just, the previous box could send only 640x480 S-video signal that I captured on my Hauppauge HVR-3000, and only later I found out I could screencast with ffmpeg. no need for a TV-capture card)
I can't pay. Not the government, but the shadowy structures that rule my country, the gov doesn't really rule, or hardly rules, and only in very restricted ways if so...
Not the government, but the shadowy structures that rule my country, made up of the worst former communist regime people (we're talking a generation of killers here) and their offspring, made a poor man out of me. I am banned in my anticommunist activism (they are neocommunists), and I scrape, truly scrape every cent for a living...
Well, one more video is there for the viewing...
What you will see, is something that apparently and clearly resembles, well surely it not only resembles, but is such, I can guarrantee you, a providers' addess...
So, Krinn, what's the command I should have issued?
Back to top
View user's profile Send private message
gerard82
Advocate
Advocate


Joined: 04 Jan 2004
Posts: 2180
Location: Netherlands

PostPosted: Wed Dec 14, 2011 11:18 pm    Post subject: Reply with quote

miroR,
Why don't you check /var/log/auth.log?
It should tell you whether anyone but you logged in.
I have no idea what happened but the change that someone got in soooo remote.
Gerard.
_________________
To install Gentoo I use sysrescuecd.Based on Gentoo,has midori to browse Gentoo docs and mc to browse (and edit) files.
The same disk can be used for 32 and 64 bit installs.
You can follow the Handbook verbatim.
http://www.sysresccd.org/Download
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Thu Dec 15, 2011 1:27 am    Post subject: Reply with quote

gerard82 wrote:
miroR,
Why don't you check /var/log/auth.log?
It should tell you whether anyone but you logged in.
I have no idea what happened but the change that someone got in soooo remote.
Gerard.

It's small hours in Europe... Very tired...
You're right, Gerard, about me should've checked the auth.log
I don't remember now... I might have, and found nothing...
But I still got the logs...
Anyway, later... Now just: good night, clever people!
I know nothing no more...
Back to top
View user's profile Send private message
krinn
Advocate
Advocate


Joined: 02 May 2003
Posts: 3917

PostPosted: Thu Dec 15, 2011 2:03 am    Post subject: Reply with quote

well, this kind of mess could happen in any browser that don't have some kind of check for redundency or cycling, it could happen easy in many conditions, and i've already seen such weirdness with netscape times ago.
and you tell it yourself, you only use it to login at your provider, hence why this is the last page visited and the one that is use.

if it's really an attack, that's a real weak one, let's say at best a denial of service, because i really don't see any break in attempt. as gerard said, watch your log.
but just logic is enough, if he break into your computer just to let you get scary : why using konqueror when he could have even more better results with kde or your system ?
and if he break into your system with malicious mind, why using a pussy browser when you have golden infos into your home directory (as everyone).
next to that why anyone wish to hack your provider account ? like if your provider was dumb enough (and your country laws) not enforcing him to keep logs of host activity. That would be stupid, when you can just use your computer to have the same effect (except your provider log will now only record YOUR host activity).
why all hackers attempt to be as stealth as possible and you just found the only one that does some so many activities that only a blind couldn't see something is going on...

I'm not security expert, so i might be wrong, but honestly, an ssh log with script kiddy attempt would scare me more than your video :)

And for your specific issue, you could have just done any of that :
- /etc/init.d/net.eth0 stop or ifconfig eth0 down to stop someone outside your host attack
- the killall, killall -9 applicationname -> for you it would have just been "killall -9 konqueror", try man killlall
- pidof applicationname to get the pid instead of trying to figure out all of them by copy/paste like you've done, try man pidof
- and any other things you might do as well, depending on your level of crazyness: using a hammer to crush your modem, unplug the cable from your network, kill -9 kdm or X or /etc/init.d/xdm stop, poweroff the computer...

It's not bad that you try to have a better eyes on your host security.
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Thu Dec 15, 2011 2:23 am    Post subject: Reply with quote

Hi Krinn!
I can't go to sleep, but it's passion of little Gentoo Gnu Linux user to blame! Namely, me.
Thanks for profuse and exhaustive advice!
You are most appreciated.
I have no nerve to go into detail now (I am not a healthy person), but will surely be back to read again on killall, actually I would, as you said, "# man killall" and figured it out, an sure the other friends of killall as well.
No, I said, or wanted to say, I rarely use Konqueror! Can't go back and read now, but I use Firefox the most.
That surely, if it was an attack, as I still am inclined to believe, was so poorly performed, because the attacker lost his patience and went noisy...
Krinn, thanks again, can't concentrate now, am not well. Sorry!
God bless all Gentoo and KDE people! And may KDE people improve on their programs, of which I truly like the Konsole very much!
Back to top
View user's profile Send private message
nomilieu
n00b
n00b


Joined: 22 Nov 2011
Posts: 24

PostPosted: Thu Dec 15, 2011 7:36 pm    Post subject: Reply with quote

krinn wrote:
I'm not security expert, so i might be wrong, but honestly, an ssh log with script kiddy attempt would scare me more than your video :)

You must get scared a lot. In my experience, it's impossible to have an internet-facing ssh server that doesn't get the living crap bombarded out of it by unsolicited login attempts.
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Fri Dec 16, 2011 12:37 am    Post subject: The auth.log deleted before the relevant time! Reply with quote

Sorry it took me long to give this matter more attention. I was not well most of this time.
gerard82 wrote:
miroR,
Why don't you check /var/log/auth.log?
It should tell you whether anyone but you logged in.
I have no idea what happened but the change that someone got in soooo remote.
Gerard.

Well, the attacker could have used those stacks and heaps and whatnot that hardened Gentoo discusses...
I am really no expert, but all those Master, Visa, American, and even Sony, and even the US gov claimed how the likelyhood of any security issues is extremely remote, yet they all were hacked into!
I don't see anything suspicious in my auth.log:
http://pastebin.com/yLpx0wDW
The "authentication failure"s and "FAILED LOGIN"s are because I set myself rather complex passwords and I type them blindly. I do type without looking into keyboard anymore... And with passwords those are my typoes.
But... But, why is the auth.log so short? I made some attempts at getting dcron, which I installed lately, but only lately, maybe a week ago (didn't finish doing it, that's why some logs are very bulky still), to cut those logs short, but have a look:
Code:
 # ls -ltrS /var/log/
total 885608
-rw-r--r-- 1 root    root            0 2008-01-04 03:15 mcelog
-rw-rw-r-- 1 portage portage       127 2008-02-29 16:59 eix-sync.log
-rw------- 1 root    root          738 2011-12-08 19:16 mail.log
-rw------- 1 root    root          738 2011-12-08 19:16 mail.err
-rw-r--r-- 1 root    root         2065 2011-08-11 16:20 xdm.log
drwxr-x--- 2 tor     tor          4096 2011-07-05 09:05 tor
drwxrwx--- 2 root    portage      4096 2011-11-07 05:07 sandbox
drwxr-xr-x 3 root    root         4096 2008-01-02 00:20 portage
drwxr-xr-x 2 root    root         4096 2007-04-17 00:39 news
drwxr-xr-x 2 mysql   mysql        4096 2011-11-09 08:58 mysql
drwxr-xr-x 2 root    root         4096 2011-11-24 08:13 cups
drwxr-xr-x 2 root    root         4096 2011-11-08 06:06 ConsoleKit
-rw-r--r-- 1 root    root         5301 2009-10-19 15:45 pm-suspend.log
-rw------- 1 root    root         6225 2011-12-07 11:42 audit.log
-rw-r--r-- 1 root    root        20304 2008-01-03 17:29 Xorg.8.log
-rw-r--r-- 1 root    root        20306 2008-01-03 17:05 Xorg.8.log.old
-rw-r--r-- 1 root    root        30977 2011-12-12 10:04 Xorg.0.log
-rw-r--r-- 1 root    root        31655 2011-12-12 10:03 Xorg.0.log.old
-rw------- 1 root    root        32032 2011-08-27 22:21 faillog
drwxrws--- 3 portage portage     36864 2011-12-07 19:11 portage_logs
-rw-rw---- 1 portage portage     55054 2011-12-07 18:52 emerge-fetch.log
-rw-r--r-- 1 root    root        59986 2010-04-29 12:04 Xorg.1.log.old
-rw-r--r-- 1 root    miro        63982 2011-08-10 20:29 Xorg.1.log
-rw------- 1 root    root        64064 2011-12-12 10:05 tallylog
-rw-r--r-- 1 root    root       106895 2011-12-12 10:05 pm-powersave.log
-rw------- 1 root    root       124820 2011-12-07 23:50 pax.log
-rw------- 1 root    root       182059 2011-12-16 00:04 debug
-rw------- 1 root    root       182485 2011-12-16 00:04 syslog
-rw------- 1 root    root       198443 2011-12-16 00:07 auth.log
-rw-r----- 1 root    root       258306 2011-12-12 10:04 dmesg
-rw-r--r-- 1 root    root       292292 2011-12-12 10:05 lastlog
-rw-r--r-- 1 root    root       392381 2008-02-29 11:48 genkernel.log
-rw-r--r-- 1 root    root       769797 2011-12-12 10:04 rc.log
-rw-r--r-- 1 root    root      1404889 2011-12-15 23:36 slim.log
-rw------- 1 root    root      1750755 2011-12-15 03:16 cron.log
-rw-r--r-- 1 root    root      3369093 2011-06-28 19:48 kdm.log
-rw------- 1 root    root      7533342 2011-12-16 00:04 daemon.log
-rw-rw---- 1 portage portage   7886372 2011-12-08 19:16 emerge.log
-rw------- 1 root    root     12926749 2011-12-11 03:10 debug-20111211.gz
-rw------- 1 root    root     12930965 2011-12-11 03:10 syslog-20111211.gz
-rw------- 1 root    root     15499123 2011-12-11 03:10 kern.log-20111211.gz
-rw-rw-r-- 1 root    utmp     16511232 2011-12-14 18:43 wtmp
-rw------- 1 root    root     42875370 2011-12-16 00:14 kern.log
-rw------- 1 root    root    185610602 2011-12-12 10:03 user.log
-rw------- 1 root    root    290252529 2011-12-16 00:14 grsec.log
-rw------- 1 root    root    304628363 2011-12-16 00:04 messages
 #

I didn't cut the auth.log so short! I never ever touched it other than for viewing!
Have a look, some of the first things in auth.log, and I gave the entire beginning in the pastebin link above, some of the first lines is tenshi new user!
I do remember installing tenshi only after ovehauling my master system (which I clone onto 2 or 3 more systems) to grsecurity/pax based hardened kernel system!
So the auth.log that was there before is lost!
It was obviously deleted! And I didn't do it, not even by accident! I don't delete my system logs and things by accident. I use Linux since about two years after I started to learn computing from zero some 12 yrs ago, so I use Gnu Linux for rougly ten yrs, and I use Linux almost daily for at least five yrs!
And I am not a lier, I can not prove, but I am not inventing this story!
If anyone of you bigger Gentoo guys finds this interesting (so far no further replies from KDE people), I can go try to find older auth.log files, but I would need some assistence!
On the other hand, maybe someone could point me to where we possibly already have a tutorial that I will need, to go and find those old auth.log files... Let me explain.
When I clone my master system onto other two....
But wait, why explain again, I wrote how I do it, not to teach you more senior Gentoo users, but with newbies in mind, have a look at this what I wrote here:
https://forums.gentoo.org/viewtopic-t-704911-highlight-.html#6794280
And this is the know-how that I am missing:
I need to mount the image of my system partition onto loop file, I know it can be done, but I don't remember how.
Because I have room enough and I don't feel like wasting time with any of the cloned systems to back the old image of the old master systeme onto them, because that alone I am certain I know how to do...
Actually I need a way to get those old auth.log files, and if anyone thinks it's worth it to dig this a little, any other files that prove what happened, and, for us, Gentoo Linux hardened kernel based system users, to be able to better identify possible attacks like this one that I believe with ever more certainty I was under...
Because hardened can log the IP from which the attack was unleashed...
It is likely, it is rather probable that I do have the previous content, the deleted (what else?) content of the auth.log. It depends on the space of time that the attacker did his shameful work though... If he watched for sufficiently long time (say using some of those rootkits that the SELinux and the whole of LSM provide the shameful people hooks for, having NSA in mind only the stupid interest of theirs to spy on people, on any individuals at their will, and the question arises who have the Linux kernel people become if they agreed on the scheme?... see why I am so much against LSM and SELinux?... pls. find about rootkits on SELinux and LSM from say wikipedia, anyone who thinks I am talking nonsense here!)...
(Pertaining to the above digression, the rootkit used against me doesn't necessarily have to do anything with LSM, because I was on vanilla kernel before. Just using this space to raise awareness on what danger is there with our Linux... Let it not be turned into an appliance like any mobile phone of today, that can be listened to by spy people by default! Let's defend the freedom of our Gnu Linux!)
But I was saying, whether I have the deleted (what else?) content of the auth.log depends on the space of time that the attacker did his shameful work... If he didn't rush and, say, prepared his dirty tools to delete the auth.log and actually deleted it very soon after the entries that would betray his moves, tough luck... nothing to be found... But how likely is that?
Anyway, I strongly suspect the entire content at the time of deletion was removed intentionally by the attacker to erase his traces.
Again, when I say, I need a way to get those old auth.log files, I remember using some tool from sysresccd years ago for backing up my system partition, and the tool said that it is better to use gzip for compression than bzip2, because bzip2 had a bug, which prevented the user to get a specific file out of the compressed image, later on.
I mean I think it should be possible to cat those files of mine through a pipe , and mount them on a loop, and get auth.log files and whatever necessary and find out more about the attacker, or no attacker (much less likely, but I still don't state anything, just the increased likelihood there was one, upon these new findings, that is, as already explained above, auth.log missing all the content before installation of hardened and tenshi)...
That would be some effort on my part, but I got this attack (or something else, if I speak formally), that still is a torment to me until it is understood it will be priority on my part to do what is necessary to find an end to this story with sufficient explanation about what really happened.
And I also want to have my systems secure and know them as good user.
Phew!
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Fri Dec 16, 2011 12:44 am    Post subject: Re: The auth.log deleted before the relevant time! Reply with quote

miroR wrote:
...[snip]...
It is likely, it is rather probable that I do have the previous content, the deleted (what else?) content of the auth.log. It depends on the space of time that the attacker did his shameful work though... If he watched for sufficiently long time (say using some of those rootkits that the SELinux and the whole of LSM provide the shameful people hooks for, having NSA in mind only the stupid interest of theirs to spy on people, on any individuals at their will, and the question arises who have the Linux kernel people become if they agreed on the scheme?... see why I am so much against LSM and SELinux?... pls. find about rootkits on SELinux and LSM from say wikipedia, anyone who thinks I am talking nonsense here!)...
(Pertaining to the above digression, the rootkit used against me doesn't necessarily have to do anything with LSM, because I was on vanilla kernel before. Just using this space to raise awareness on what danger is there with our Linux... Let it not be turned into an appliance like any mobile phone of today, that can be listened to by spy people by default! Let's defend the freedom of our Gnu Linux!)
...[snip]...

Some of the best reads I had in recent months:
http://www.crmbuyer.com/story/39565.html
Back to top
View user's profile Send private message
Ant P.
Advocate
Advocate


Joined: 18 Apr 2009
Posts: 2207
Location: UK

PostPosted: Fri Dec 16, 2011 11:49 am    Post subject: Reply with quote

How did some 1990s JavaScript popup spam turn into this conspiracy theory about SELinux?
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Fri Dec 16, 2011 2:04 pm    Post subject: "Conspiracy" against spy agency! Reply with quote

Ant P. wrote:
How did some 1990s JavaScript popup spam turn into this conspiracy theory about SELinux?

I guess you won't deny there's no SELinux, no AppArmor etc. without LSM.
LSM was made to accomodate those, esp. the National Security Agancy's SELinux, right?
Now, I know just wee little on security, only just enough to have my systems secured by programs authored by regular and not spy people...
(I support the need for goverments having spies, but spies are not regular, and don't sell spy programs to me as regular, and leave us a little respite, deliver us from having to pay or support in other ways the goverments spying on us, like they do through mobile phones, leave our Linux free from spy programs made easy on our kernels!)
But I was saying, I know only just enough on security to have my systems secured by programs that regular people made.
I never knew anything more than the names of programs, and only some of the programs, around hardened Gentoo, before I was, probably, attacked, as explained previously. I was widely ignorant on hardened Gentoo untill about three months ago.
So my question to you, Ant P., with all due respect, goes:
How do I possibly make part of this conspiracy against SELinux for which the LSM was introduced into the Gnu Linux kernel, and is still the wrong default, IMHO (destined to torture ignorant newbies, pls. have a look at https://forums.gentoo.org/viewtopic-t-704911-highlight-.html), in the gentoo kernel hardened sources?
What hand could I possibly have had, to be a conspirator, in these articles:
http://en.wikipedia.org/wiki/Linux_Security_Modules#Criticism
http://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm
http://grsecurity.net/lsm.php
Also Dazuko doesn't like it, but the link on wikipedia is dead. I did some research and at the time of this post, this link is alive:
http://web.archive.org/web/20041127050533/http://www.dazuko.org/tgen.shtml
If I couldn't have had a hand in those articles, than, else, in what way am I part of the "conspiracy" against the aforementioned spy agency's SELinux?
###
But other gentle readers, and you are so many on these Forums that are much more knowledgeable than I am, pls. I need an advice on how to recover my older than the current stubbed auth.log file from old backup, as I explained in a previous post!
Else I need hours of search and learn on how to do it... I might not be that well to be able to do so much.
Thanks!
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Fri Dec 16, 2011 2:58 pm    Post subject: Say No! for spy-ready linux! Reply with quote

Since a lot of people seem to be reading this topic, and it's not ignorant people, but the middle class of the knowledgeable of the world who read this, I would like to use this opportunity to denounce as harsh my claim I made about Linus Thorvalds here:
http://stream.aljazeera.com/story/americas-spies-taking-twitter
I do write a little impulsively and without sufficient and thorough understanding at times.
I can see more clearly now, that SELinux was at first rejected by Linux Thorvalds, pls. refer to:
http://en.wikipedia.org/wiki/Linux_Security_Modules#History
The following is bird's view guesswork (I am making conclusions from distant but solid-to-probable premises), I have no inside information.
If someone as big as NSA wants to have a hand in your projects, and they sure have the means to make you accept their partnership, it is possible that the kernel people resisted as much as they could, but couldn't any longer.
Hey, SELinux is *not* in the kernel, but is built on a modules framework, the LSM, that doesn't have to be built at all, IIUC!
It is possible that the only way Linus could continue under possible pressure is to allow for a module for SELinux, and that he didn't have a choice.
Still, in my opinion, but it's a user's view, as I already stated many times, I have no programmimg experience of any significance, but I clearly understand there is gynormous spying under way on the internet (Google, Facebook...), along with cellphones being spy-ready worldwide...
In my opinion, SELinux is bad. Stay away from it, anybody!
As usual, the good people of the world will be up against the dirty capital...
I can't figure out the mechanisms, but money and corruption will sure have a role in there.
It is sad that probably no distribution other than LinuxfromScratch, Gentoo, and a few more, will be free from hooks for the goverments to spy on you, people. And for them to get access to your boxes, they don't care if they allow rootkit hooks for the benefit of true criminals...
That will be very sad, that Linux distros, those for the newbies, will mostly be spy-ready...
Let's have a sanctuary that will not be spy-ready in our Gentoo Gnu Linux!
Back to top
View user's profile Send private message
kimmie
Guru
Guru


Joined: 08 Sep 2004
Posts: 531
Location: Australia

PostPosted: Fri Dec 16, 2011 3:43 pm    Post subject: Reply with quote

Somebody is pulling my plu..
Back to top
View user's profile Send private message
tomk
Administrator
Administrator


Joined: 23 Sep 2003
Posts: 7219
Location: Sat in front of my computer

PostPosted: Fri Dec 16, 2011 4:10 pm    Post subject: Reply with quote

Moved from Gentoo Chat to Networking & Security as it fits better here.
_________________
Search | Read | Answer | Report | Strip
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Sat Dec 24, 2011 5:23 am    Post subject: Konqueror still going window-popping! Reply with quote

There is more.
I don't want to be told off for cross-posting so pls. have a gander:
http://forum.kde.org/viewtopic.php?f=18&t=98169&p=209728#p209728
But I will add the link to the 3rd instalment video:
"Was I under attack? (Konqueror going beserk) 3"
http://vimeo.com/34150417
Sooo, anyone else to say: No to spy-ready linux!
Or am I imagining?
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Sun Jan 01, 2012 8:03 am    Post subject: Being clickjacked! Any more attack-denying sceptics? Reply with quote

In the first place, people, start thinking about saying: No to spy-ready Linux! And raising awareness! Before it gets to be your turn to be spied upon (if it isn't already)!
In the second place: Happy New Year to all Gentooers round the world!
(And Merry Christmas, but I'm a little late on that one...)
There's more development. I believe my suspicions were unfortunately well founded all along.
I was being repeatedly clickjacked in the period of at least 20 hours up untill a while ago.
I have screencasts that pretty clearly show it.
I can't go back to find weeks old screencasts how I was, I know now better about it after this current experience, how I was clickjacked on Facebook (and worse --Facebook are really scam, sorry to have to say that). I can't go and search those, since I spent all the time I can afford right now on the video that is already on Vimeo, waiting in line, but which I had maybe better put on Youtube, to get HD (minimal: 1080x864, but Vimeo reduces it to 640x480 which is poor, since that same HD usually gets me 1024x720 on Youtube)...
I have to post this now, not to lose what I wrote. Can edit it later.
Here are the videos, is, actually, here is, because it's the same video, on Vimeo, and on Youtube:
http://vimeo.com/34423611 640x480 (this is the later edit)
http://www.youtube.com/watch?v=Rt_ptstGg9M 1024x720 (recommended, this is my later edit)
This is a little bigger than me. I think I'm still fairly safe thanks to normal people who gave us grsecurity and pax, and I continue to strongly distrust and advise against LSM and SELinux.
But this is time-consuming on me...
Any advice, from people who truly know much more than I can fathom in this field, will be most welcome!
Back to top
View user's profile Send private message
Jimini
Guru
Guru


Joined: 31 Oct 2006
Posts: 543
Location: Göttingen, Germany

PostPosted: Sun Jan 01, 2012 10:51 am    Post subject: Reply with quote

I had some difficulties to figure out the problem between the smalltalk here - but to cut a long story short: I experienced a similar behavior of konqueror some time ago. When I opened the program, it kept opening new windows without end. I Solved it by installing dolphin (konqueror seems to depend on that package in some way). You may also take a look at https://bugs.kde.org/show_bug.cgi?id=242970 .
I hope this helps, if not, I apologize for not reading the whole bunch of postings in this thread.

Best regards,
Jimini
_________________
"The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu)
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Sun Jan 01, 2012 7:44 pm    Post subject: Was clickjacked on Tor browser, so your help is partial Reply with quote

Jimini wrote:
I had some difficulties to figure out the problem between the smalltalk here - but to cut a long story short: I experienced a similar behavior of konqueror some time ago. When I opened the program, it kept opening new windows without end. I Solved it by installing dolphin (konqueror seems to depend on that package in some way). You may also take a look at https://bugs.kde.org/show_bug.cgi?id=242970 .

I did.
Jimini wrote:
I hope this helps, if not, I apologize for not reading the whole bunch of postings in this thread.

Best regards,
Jimini

Sure useful. Thank you!
It's just that I didn't touch Konqueror since the post above dated: "Sat Dec 24, 2011 6:23 am", that is for a week. And got another spate of attack on me, whether it be of little significance or not...
I was clickjacked on my Tor browser working from USB pendrive, and *not* from /opt/firefox/whatever
Thanks, but this is just some partial help in the matter.
Still I have to tell you, regardless, that allowing a spy-ready kernel to go mainstream, which Linux users at large seem to be willing to do, is by no means small talk.. Pls., if you are willing to label this claim of mine that I just wrote, an exaggeration, in that case, first go and read what I wrote and especially whom I cited and what pages I linked to on the matter. Thank you!
Free Linux, and not spy-ready Linux, is, it should be, essential, vital...
Best regards!
Miroslav Rovis
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Mon Aug 27, 2012 12:56 pm    Post subject: Isn't that Linux Going Surveillance-Ready? Reply with quote

I thought a lot about this issue.
Upon plain addition of Tor to my USB Sysresccd pen drive which I wanted to write about, because I am committed to supporting true open source and still the most important piece of such software in the world is GNU Linux kernel, and nothing in the world of Linux computer users can work truly well without good GNU Linux kernel...
...Committed to supporting true open source, or should I have said simply in moral and addictive need of it, for having reaped its benefit in my life as GNU Linux user...
So...
Upon adding, and writing about on sysresccd.org Forums, Tor browser funcionality to my Francois Dupoux's System Rescue CD USB Gentoo based pendrive, I was banned, apparently by him, and my text there deleted.
That you can all see in the video:
EDIT (some two hours later):
"Surveillance-ready Linux? 1, sysresccd.org, Banned? From, Screen 2012-08-23 23h"
https://vimeo.com/48282458 (or, same video:
https://www.youtube.com/watch?v=CdEOKGP-Ftw )
(part 1 titles reworded)
"Surveillance-ready Linux? 2, Revive the Issue, Try, Screen 2012-08-26"
https://vimeo.com/48302991 (or, same video:
https://www.youtube.com/watch?v=eXtZqTYOSHY )
(part 2 shows I try and raise the issue here on Gentoo Forums)
EDIT finished.

My suspicion is very strong, that NSA isn't doing it for other but for the purposes clearly expressed by the title that I would like to rename this thread into ( Isn't that Linux Going Surveillance-Ready? ).

As you can also clearly see, my single big complaint to you big Gentoo guys, is expressed there, in my text, as well.
For the sake of new Gentooers, I'll post the relevent lines again here:
Code:
I am still amazed how:

http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml
Code:
... how they land SELinux on unsuspecting users as if it wasn't surveillance-ready, which it is, just like Windoze or Mac and things.
This is my big complaint with Gentoo, which I otherwise like very much.
The good one is, in my opinion, grsecurity. Not SELinux!


I would be happy if I could post more on the issue, so my text, that was stupidly, IMHO, banned from Sysresccd.org, is not lost.
However, I do not want to enter conflicts and/or be banned from forums.gentoo.org for merely being a person who with sufficient understanding, IMHO, grouses about what you big Gentoo guys, know so much better about, and so much more about... But maybe decide to fail to defend us and maybe decide to land that enemy thing on us users... anyway...
Please don't!
Because: no! it is not in the interest of Your Nation, who I geatly admire, and truly feel for all the wrongs that happen in your Nation, as well as applaud all the good things that happen with You.

Give me some feedback here, to let me know if I am welcome at all with this topic on this forum! Thank you!
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Thu Nov 22, 2012 10:21 am    Post subject: Reply with quote

New development, documented screencast and cellphone footage.
Unprepared, unexpected, my opinion expounded:
Was I under attack? 5, being clickjacked or worse
https://www.youtube.com/watch?v=vXzxKMNoM3w
A lot of work.Tired.
The system, / that contains /usr and /var on /dev/md1 raid5 will be dd'ed and kept.
You big guys, more knowledgeable than me, don't you find this interesting?
And, IMO, fighting censorship is good in its own right!
But I might be off for hours now.
Dead tired.
Cheers!
Back to top
View user's profile Send private message
DaggyStyle
Advocate
Advocate


Joined: 22 Mar 2006
Posts: 4883

PostPosted: Thu Nov 22, 2012 2:43 pm    Post subject: Reply with quote

wild guess, replace the mouse and keyboard.

I had a mouse who's scroll roller got fucked up and that caused strange behavior on the screen.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
ProjectFootball
Back to top
View user's profile Send private message
Etal
Veteran
Veteran


Joined: 15 Jul 2005
Posts: 1639

PostPosted: Thu Nov 22, 2012 4:51 pm    Post subject: Reply with quote

I had a problem that caused Konqueror to spawn tons of pop-up windows all of a sudden, but that was years ago. Maybe it's the resurfacing of an old bug?

https://bugs.kde.org/show_bug.cgi?id=59571
https://bugs.kde.org/show_bug.cgi?id=89512
https://bugs.kde.org/show_bug.cgi?id=88488
_________________
“And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.”– Hillary Clinton, Jan. 21, 2010
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Thu Nov 22, 2012 10:09 pm    Post subject: Reply with quote

Thanks, DaggyStyle (I remember, vaguely, I read some useful tips somewhere from you, and your icon is great!) and thank you, Etal.
I only came to let you know that I'm unwell again (nothing serious, but it keeps me out), and in bed, and cannot reply properly.
Allow more delay, pls.
Back to top
View user's profile Send private message
miroR
Apprentice
Apprentice


Joined: 05 Mar 2008
Posts: 260

PostPosted: Fri Nov 23, 2012 5:36 am    Post subject: Reply with quote

Too few tries for a monkey to write a Bible...
I mean, there are too many things to coincide for either SELinux to by not a spying device, just as there are too many things to coincide for my system not to be under attack.
Let me explain the monkeys and the Bible.
There was an experiment by some clever atheists the methods and the scope of which was to prove that there was no God.
And they ventured out and gave computers to monkeys (to prove that all is accidental, and so accidentally the world came out of nothing).
But days and months went on, and monkeys didn't produce any output with their keyboard input that had any meaning whatsoever in any in the least longer strings of characters.
Go watch the video dear visitors (and have a look at how NSA is spying on US Americans:
https://www.eff.org/nsa-spying and relate that article to this thread you're reading, and then report the attack on GNU Linux by the NSA worldwide, pls.!)...
But itching me at this current time is, again:
go and watch the video dear visitors, the link I gave above and give again now:
Was I under attack? 5, being clickjacked or worse
https://www.youtube.com/watch?v=vXzxKMNoM3w
Accidentally there my keyboard and/or mouse got so clever as those monkeys never in weeks and months time became!
Accidentally there my keyboard and/or mouse got so clever!
How accidentally!
Ehrmm... Ehrmm... Obviously there is no God...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum