Hey Trespasser, Yeah, that's one of the things I look forward to the most when using Linux... not having to worry about all that stuff anymore.. It's great.
With physical access, there's usually no need for a keylogger. Just boot into single-user mode and reset the root password. But that won't work with LUKS. Then you'd need a keylogger
https://l3net.wordpress.com/projects/firejail/ Firejail is a easy to use effective way to harden Linux web facing applications such as browsers, torrent clients etc. If your coming from windows think sandboxie. I know they aren't the same before I get shot down but I think the OP may find this of value https://www.youtube.com/watch?v=xUW0L2Yj_us There is also a good thread in this subforum on firejail
I couldn't find the source of the attack and which type of attack it is, so please disregard that information for now. I remember seeing it somewhere in Bruce Schneider's blog or some sort. Isn't the default option is to "Allow login as root - Yes" and then afterwards "Create a regular user account because it's not safe to use the root account"?
Not even that, but a simple evil-maid would suffice. That's why I keep a backup of both my MBR and /boot partition: # dd if=/dev/sda of=/home/mbr bs=512 count=1 # dd if=/dev/sda1 of=/home/boot bs=512 count=2097152 I then sha512sum these, upload them to numerous places, and hope that I never feel like I need to use them. PS: To find out how many sectors your boot partition has just do: # fdisk -l
i never get any malware using windows, why ith would i get any using linux? only thing i would miss is all the free portable apps on windows side.
This is not strictly pertinent to Arch but Mozilla just closed a zero day vulnerability that exposed Firefox users on Linux to having their passwords stolen. Just looking for some feedback on this from more experienced Linux users. https://goo.gl/cXeLnV On Linux, the crooks went for: Global configuration files such as /etc/passwd. The passwd file no longer stores actual passwords but it lists all user accounts on the computer. Files in user's home directories such as .bash_history,.mysql_history and .ssh files including private keys. Stealing your SSH keys could allow a crook to log directly into all the servers you use regularly. Text files with names containing pass or access. These may contain plaintext secrets such as passwords. All shell scripts. These may contain passwords or other confidential information that is needed to automate access to secure systems and services
This isn't a Linux vulnerability per se, it's a Firefox vulnerability. Web Browsers are probably the worse security whole in a system, and that's why securing them is important. I would never be affected by this vulnerability because I have several add-ons that make it impossible to execute: * RequestPolicy * HTTPS-Everywhere * Disconnect * NoScript * uBlockOrigin * AdblockPlus Not to mention I don't accept cookies by default (not that this is realted to the vulnerability). And not to mention my VPN would make it hard for the attacker to know HOW to get to me. And even if he did, my Firewall would stop him at the moment. Also, these days passwords are store in /etc/shadow and not in /etc/passwd, and having the account name doesn't get an attacker very far, considering you actually know how to make good passphrases. And, even if the attacker did get a hold of the shadow file, the passphrases are hashed and not reversible, except for brute-force. So unless you type "this is my password" by accident on the Terminal and never change your passwords, or actually have your passwords store in text files, you're fine.
So a few days have passed and it seems like there really arent many security tools out there. All I could find was more abd more proof of how linux isnt as secure as people would think...especially without any proper security software. One example i currentky have in a tab opened: https://embed.gyazo.com/c76d9a5e6569ff5407d1c8c774774ee5.png http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/ This also refers to software running on the OS but is part of linux/windows for me. I will just give it a go and play around. Firewall is the most important thing to me and that is very well built-into linux.
Adding to what amarildojr already said: It's a good idea to sandbox Firefox with Firejail (already mentioned above). All profiles include the file /etc/firejail/disable-secret.inc: Code: # HOME directory blacklist ${HOME}/.ssh tmpfs ${HOME}/.gnome2_private blacklist ${HOME}/.gnome2/keyrings blacklist ${HOME}/kde4/share/apps/kwallet blacklist ${HOME}/kde/share/apps/kwallet blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.gnupg blacklist ${HOME}/.local/share/recently-used.xbel You'll see that important files and folders are already blacklisted. I've written my own ~/.config/firejail/myrules.inc file which has the following additional rules: Code: read-only ${HOME}/.config/firejail/* blacklist ${HOME}/.config/autostart blacklist ${HOME}/.kde4/Autostart blacklist ${HOME}/.kde/Autostart blacklist ${HOME}/.wine blacklist ${HOME}/.conky blacklist ${HOME}/.gramps blacklist ${HOME}/.dropbox blacklist ${HOME}/.dropbox-dist blacklist ${HOME}/.dropbox-master blacklist ${HOME}/Dropbox blacklist ${HOME}/.conkyrc read-only ${HOME}/.bashrc read-only ${HOME}/.bash_profile blacklist ${HOME}/.bash_history Firejail is very easy to apply and provides excellent security at the same time.
I wonder why you're using Adblock Plus when uBlock Origin is much more efficient and powerful. I'd also suggest to replace RequestPolicy and Noscript with uMatrix which is more useable and flexible.
This report was discussed in this forum, and all participants agreed that this sort of bug counting is flawed and nonsense. I suggest that you read that thread, particularly posts no. 9, 13, 17 and 18.
I have read enough linux fanboy posts in this forum. And I believe the thread you are refering to is one of them. A lot of people here just see and understand what they want to see and understand. And trying to discuss it with them is like trying to fit a hamburger into a cd player.
uBlockOrigin doesn't block a few tracking things, specially like buttons on the following forum: http://forum.clubedohardware.com.br/ Isn't uMatrix just for Chrome/Chromium? If so, no dice. I won't use, not even Chromium. Not after it pulled a closed-source binary that spied on the user. Seriously? After everything everybody has said to you, you still have that stupidity? Obviously proof and logic doesn't work with you. At least I won't miss you My gosh, for the first time, your quote is accurate!
The general users do not even have read permission for /etc/shadow, so there is no way this type of attack can get the system password. A well-configured firejail without any other security layer, not even an adblock, would have thwarted all of this type of attack.
BTW, umatrix is available for firefox also. https://addons.mozilla.org/en-us/firefox/addon/umatrix/ Agree with you here.
But this bug allows the attacker to execute a java-script within the user's browser and this enables the attacker to "grab" any file on the user's computer, basically working the same way as if you clicked to upload a file to a server. Nice! It seems very good! And it's licensed under GPL so that's also a Plus I'll try it today.
I just created two files--one text, one pdf-- and changed their permission to none--no read, no write, no execute--and then tried them to upload them to a remote server (my website is there) first by browser upload and then via FTP, they both failed.
You don't need any antivirus on GNU/Linux, seriously. 15$ exploit must be a scam. They are selling that kind of stuff for 15.000$ or more.
Yes, that is true. I tried uploading my shadow file to virustotal and it just wouldn't go. I'll test this with more sites to see if some can receive the file. If so, that should be kinda how the attacker was exploiting.