root mode: heresia? ... and more largely security

Non release banter
User avatar
francois
Contributor
Contributor
Posts: 5083
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#16 by francois » 25 Jan 2016, 11:43

I have always had backups of the essential stuff on usb key and on external hdd.

Since a month I have decided to use in root mode the normal user to start google-chrome:
su -c google-chrome guest
Voltaire: Le mieux est l'ennemi du bien.

aus9

Re: root mode everywhere: heresia?

Post#17 by aus9 » 25 Jan 2016, 12:09

well let me be more un-nice.

There are enough idiots in this world without me or you adding to them. If you ever do a OH&S course....workplace safety there is a rule.....spot the hazard and prevent it. If the hazard can not be prevented, reduce it.

1) Why not take that little extra bit of time to login as guest. Naturally I use a changes cheatcode and I change my passwords but that brings me to point 2

2) I whistle dixie to keep the tigers out of Australia......AHA you say....you idiot.....there are no tigers there.....to which I reply .....see I am effective.

I hope (2) gives you laugh. another way of saying it ......each to their own....but I still recommend that you login as guest and harden your passwords

My final point is.......I am not a security expert ....I think Donald may be much better than me.....but its risky to say....I have process X or Y and have a false sense of security. The only thing I can say is.....it takes time for someone to crack my root pw.

Have a look at how long it takes for john-the-ripper to break simple passwords or passwords with few characters.

User avatar
francois
Contributor
Contributor
Posts: 5083
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#18 by francois » 25 Jan 2016, 12:29

Look at what markds had to say about Linux and security:
http://old.slax.org/forum.php?action=vi ... ntID=36246
If you're using your linux as a workstation where is off when you're not using it as opposed to "always on" when you run it as a server, then you're _relatively_ safe. Malware and spyware very _seldom_ come packaged for unix. The threads you read on packaging modules with trojans was just one example of the few instances that your unix could be compromised. The fact that you can control and easily identify what programs open which ports and just as easily shut them down is a big plus point. You can't do that as easily with Windows. In fact you'd be hard pressed to figure out which program is doing what on Windows. In my numerous years of experience, the base problem with security in unix stems from the machine being run as a server, where for the majority of the time its on, its unattended. You don't realise its under attack and when the attacker gets through, he has several hours to cover his tracks and create a back door for him to come back. Unlike Windows, this back door in unix is relatively easy to find and remove. In the last 5 to 6 years I think there has been only like 2 viruses that run on unix and these have been really low payload viruses - I believe the term used was "written for fun".

With a router in the middle, where you have a firewall and subsequent NAT in place, you're relatively safe. Any ports that are open need to be mapped at the router end as well. Running as a normal user is also a good idea but doesn't necessarily mean you're safe. Hackers for unix will try to exploit services that are started as a root user so that if that service breaks, they have root priviledges and there are a whole lot of services started as root, whether you login as root or not. If you're really, really paranoid, then run tools like SATAN/SAINT, Tripwire, chkrootkit every now and then and make sure your kernel and apps get patched, especially if you're running your machine as a server. If you have a router with a firewall, NAT in place and you don't visit stupid warez and porn sites and don't open rubbish attachments in your email, you as safe as safe can be.

For security concerns you're best off worrying about your network. A MITM attack could expose all your passwords, intimate conversations, etc and it doesn't matter if you're on slax or window, logged in as root or a normal user. I see so many wireless routers that run with no security or really silly WEP 64/128 bit encryption which takes under 5 minutes to crack and no MAC filtering (note : mac filtering is a really lame means of security, but it is an additional hurdle that can deter hackers). Once a hacker has found their way into your network, he is on the same "wire" as you, which means he can easily steal information from you with a MITM attack. People are so concerned about securing their machine, they forget about securing their network which is ultimately the source of most attacks.

Get a linksys/cisco router, run WPA2 with either Radius (if you can set it up) or at least TKIP, THEN also include MAC filtering. WPA with MAC filtering is enough to put any hacker off. Why you may ask? Because WPA isn't easy to crack, it all depends on the pass phrase you put in. So long as your phrase isn't some silly sequence of numbers that anyone will think of or a phrase that common, chances are the effort put into crack it will not be worth the effort.

I mentioned in another thread that hackers look at WEP (with or without MAC filtering) as a DARE to crack them. Its as if the owners are telling the hacker, "my system is sooooo secure I dare to use only WEP because you can't hack in!". If hackers see WPA security on a router, they tend to walk away (maybe as a mark of some kind of respect since the user knows how to use good security measures), unles they are being paid an obsene amount to crack it.


And a lot more in the above thread.
Voltaire: Le mieux est l'ennemi du bien.

aus9

Re: root mode everywhere: heresia?

Post#19 by aus9 » 25 Jan 2016, 14:17

at the risk of flogging a dead horse, security is always at risk when we have a false sense of security. The fact that you know about router security is a good thing but I have actually seen a rootkit in action. I am not trying to say that somehow my poop doesn't stink because it does.

I hope you will take this as advice but don't let your guard down just because in the past you have not seen something.

Ok my uncle advice cum rant is completed and I am glad you are not too upset at me.

donald
Full of knowledge
Full of knowledge
Posts: 1224
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: root mode everywhere: heresia?

Post#20 by donald » 25 Jan 2016, 18:25

Personally I don't care that much about security on an end-users box!..why?
NOTE:I'm not talking about servers and / or Privacy.
First of all, I only care about my Files, whatever they may be, but not for the system.
Restoring a suspicious system takes less than 10 min.
Now Security:
1) If I gain physical access to your box...you have lost.
2) Guest or Root...If you store (critical) Files in your (Guest) Home Folder I won't
need root power to obtain them..and if I'm able to access your running box,you might be already logged in..same user rights for me..
3) I won't invest time to crack your box just to watch you playing Solitair or to
obtain the Pw for your porn account.
4) buying Linksys/cisco routers (same is true for other Brands) has been proven
to give a false sense of security.There are (always) hardcoded, hidden Logins
and fixed Passwords.(debugging accounts..LOL)
One of those have recently been found and reported to the manufacturer.
What did they do? ...did they fix it?...NO..they have hidden it better..LOL
and so on...(I better sit on my hands now)
...simply do not have any files on your box which make me able to steal your money
thats all, no one is interested in your cats/dogs/baby pictures

as i said-- single end user box-- :crazy:

User avatar
brokenman
Site Admin
Site Admin
Posts: 5576
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: root mode everywhere: heresia?

Post#21 by brokenman » 25 Jan 2016, 21:22

If hackers see WPA security on a router, they tend to walk away (maybe as a mark of some kind of respect since the user knows how to use good security measures), unles they are being paid an obsene amount to crack it.
How times change. WPA is only as strong as the key you use for it. It`s a ten minute job with the right equipment and the wrong key. I don`t run as root, but not for any other reason than I sometimes need to save myself from myself. Late nights, bad habits and all that.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
francois
Contributor
Contributor
Posts: 5083
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#22 by francois » 25 Jan 2016, 22:40

Aus:
false sense of security

markds in another post of the thread cited, says essentially the same as you:
Sentences like this give a false sense of security and should be avoided. Slax if anything is just as vulnerable if not more so than any other machine. Just because no one is having trouble with it (mainly because of how it is used as a personal workstation and not really a server) does not make it less vulnerable.

... I would say I've very suprised that Guy had malware within minutes of going on the internet with ubuntu, unless of course he clicked on something he shouldn't have. Malware doesn't just appear, you have to have it put on your machine. This happens in a few ways, you click on something you shouldn't have, you accept files that you shouldn't have and run them ...

francois cited above:
I have always had backups of the essential stuff on usb key and on external hdd.
I do no click on something I shouldn't, I have a router, I do not have windows on my linux boxes, but above all I use my linux boxes essentially to play with linux without relying on them for my essential infos

Maybe I should scratch my head for my vulnerabilities according to well know security measures.

@aus: could you claim to be safer than I am yet? :wink:
Voltaire: Le mieux est l'ennemi du bien.

aus9

Re: root mode everywhere: heresia?

Post#23 by aus9 » 25 Jan 2016, 23:04

@francois

This is not a competition and I was hoping to avoid any claims of being security expert. Maybe I am reading you wrong and maybe you are actually seeking relief from anxiety from the days you were on Windows?

User avatar
phhpro
Full of knowledge
Full of knowledge
Posts: 545
Joined: 10 Nov 2013, 20:35
Distribution: .

Re: root mode everywhere: heresia?

Post#24 by phhpro » 25 Jan 2016, 23:45

...
Last edited by phhpro on 04 Feb 2016, 03:34, edited 1 time in total.

donald
Full of knowledge
Full of knowledge
Posts: 1224
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: root mode everywhere: heresia?

Post#25 by donald » 26 Jan 2016, 01:07

Friends, what are you afraid of?
Take all precautions you can think of, but don't believe you're safe.
You have no control of Hardware which needs a Firmware.
Every software contains bugs -- People are paying thousends of dollars
for 0-Day-Exploids, how to protect?
When you click a button say cancel, does it really cancel something?
Even the "mouse over" function (HTML) can trigger unwanted actions, even more
invisible overlay buttons etc.
Have you ever noticed how many scripts are running in the background when you visit
a normal Webpage?
I once used a Tool called Ether-Ape iirc, which gave a nice overview of how many
servers you were talking to when connected to a webpage.Might be 10 or more for
a single page.What do one know about all this servers, what do they deliver and
what does your Browser do with this code?
WIFI Passwords lol, capture the 4-Way-Handshake..go to some *.onion Page and pay $1
your box may need Years to decrypt, a bot-net some hours.(Rainbow tables etc)

I will stop here, before you get bored (or paranoid)
Relax and think about:
If you would get some malware or being hacked, does your box explode
and burn down the House?..NO...so what..
8)

fullmoonremix

Re: root mode everywhere: heresia?

Post#26 by fullmoonremix » 26 Jan 2016, 20:46

Salutations... :good:

IMHO... here is no utopia or panacea. However... my money says "secure by design" weeds out the script kiddies.
It's also frustrates the pros. Porteus does not run as root while connected online (the typical distro default).

It also is "live" and modular (compressed). That at least rules out persistent malicious code.
Also it can boot from an ISO image. That at least rules out boot sector compromises.

However... :unknown: without kernel patching (eg. Pax) and sandboxing (eg. Adeos nanokernel)...
there is the problem of fault tolerance in the presence of compromised (inferior?) code and/or RAM exploits.

MITM (NSA?) is easily shut down with a properly configured TOR.

Best Regards... :beer:

User avatar
phhpro
Full of knowledge
Full of knowledge
Posts: 545
Joined: 10 Nov 2013, 20:35
Distribution: .

Re: root mode everywhere: heresia?

Post#27 by phhpro » 26 Jan 2016, 23:54

...
Last edited by phhpro on 04 Feb 2016, 03:34, edited 1 time in total.

fullmoonremix

Re: root mode everywhere: heresia?

Post#28 by fullmoonremix » 27 Jan 2016, 00:23

Salutations... :good:


IMHO... :oops:
(Again...) there is no contingency utopia or panacea. In any case... as my old man used to say... "it beats a blank".
Life is short... so time is always better spent being proactive instead of taking a critique with more that a grain of salt.

I myself will never sign up for any argument that suggests... "nothing can be done therefore we should do nothing". :x
Taken to it's absurd extreme "we will all die at the end of our lives therefore we should not live". Better to rage against the dark than to fear it.

Consider this...
The Guardian also published a 2012 NSA classified slide deck, entitled "Tor Stinks", which said: "We will never be able to de-anonymize all Tor users all the time", but "with manual analysis we can de-anonymize a very small fraction of Tor users"
A late 2014 report by Der Spiegel using a new cache of Snowden leaks revealed, however, that as of 2012 the NSA deemed Tor on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as OTR, Cspace, ZRTP, RedPhone, Tails, and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."
In December 2015, Daniel Ellsberg (of the Pentagon Papers),[158] Cory Doctorow (of Boing Boing),[159] Edward Snowden,[160] and artist-activist Molly Crabapple,[161] amongst others, announced their support of Tor.
In June 2013, whistleblower Edward Snowden used Tor to send information about PRISM to The Washington Post and The Guardian.

Best Regards... :beer:
Last edited by fullmoonremix on 29 Jan 2016, 15:23, edited 2 times in total.

User avatar
francois
Contributor
Contributor
Posts: 5083
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#29 by francois » 28 Jan 2016, 04:59

@aus9:
There is no fault, not competition here. We are debating. :D

@all:
Do not tell me that there is not wisdom in markds writings about the router and the mac addresses, to which you add a wpa password so long that it will take 200 hundred years to decipher.

What about as a password:
Comment allez-vous monsieur R4pap0rt?

Usually you have to be able to connect directly to the Ethernet of the router to have access to the router admin program. WiFi is not enough.

And only connect yourself to internet when needed and do not go on non secure site.

Try to break my system it you want. Root our non root user.
Voltaire: Le mieux est l'ennemi du bien.

donald
Full of knowledge
Full of knowledge
Posts: 1224
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: root mode everywhere: heresia?

Post#30 by donald » 28 Jan 2016, 06:04

^
Usually you have to be able to connect directly to the Ethernet of the router to have access to the router admin program. WiFi is not enough.
Simply not true
... and do not go on non secure site.
How will one know if a site is unsecure before visiting..and even a "secure" site
has mostly no control over the delivered ads which may contain the malware.

One do not need to know the plain text PW
After decrypting the 4-Way-Handschake you have something like this.
D11CF64F6BCA6E67D2F4A6FF7A
and it give you access.
Another snip from a WPS hack using Reaver:
.....
[+] Trying pin 29922581
[+] WPS PIN: '29922581'
[+] WPA PSK: nekg-hdcb-hu9e
[+] AP SSID: 'xxxxxxx'
.....
took about 1 Hour...and it is not the "real" PW.
Try to break my system it you want
No I don't want to.
But If you want to invite someone else..post yout IP and Router model.
Seriously...DON'T

Post Reply