Mailinglist Archive: opensuse (911 mails)

< Previous Next >
RE: Re: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs


-----Ursprüngliche Nachricht-----
Von: Greg Freemyer
Gesendet: Do. 24.12.2015 19:45
An: opensuse ,
Betreff: Re: [opensuse] Have I been hacked or visited? seccheck and rkhunter
outputs

On Thu, Dec 24, 2015 at 8:56 AM, Patrick Shanahan wrote:
* stakanov@xxxxxxxxxx [12-24-15 07:18]:
[...]
Somebody who does not want to use "remote" at all. What can he do to
un-install every remote package. The problem is that if you un-install
openssh a lot of applications of kde seemed to complain.
[...]

So don't "uninstall", just don't open the firewall ports.

No open ports, no external access. Now only physical access is a problem.


For completeness:

A modern malware attack often uses a reverse tunnel.

ie. malware gets on the machine via a phishing attack or an infected website.

Once on your machine it establishes outbound connections to a command
and control site that tells it what to do.

No inbound connections are needed so a traditional firewall blocking
incoming posts has no effect.

I would guess the majority of infections today happily ignore inbound
firewalls.

Greg
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx



-----Ursprüngliche Nachricht Ende-----

thank you Greg.
Given that I am visiting certain websites in a predictable pattern, what would
be the best way to come to safer browsing. I got rid of "unbound" javascript
using noscript in a very selective matter, I eliminated the use of flashplayer.
Firefox seems to be less "safe" because the lack of a sandbox. But also
chromium has security holes in a astonishing rhythm. I tried time ago to
confine FF with apparmor but that was a no go, for some reason the program
seems to have changing requirements quite often.
What could I do to harden my system. Would in your opinion SE linux be a
possibility? Or is this snake oil? Or impossible to handle for a mortal?
Just to know how to get to a better level of security.
My enhancement request as a feature would be a easy to setup method for
activating dnssec. At least I would have a slightly higher possibility to
understand when I am deviated to a mirrored site. Currently in my homestead I
am warned by my tor browser (tor browser package) that my connection is
filtered and that he has to use a obfs connect to be able to work. Which I can
confirm, some websites that work here at my parents in Germany would not even
load in Belgium. So they use a transparent dns-proxy (as I do use already free
dns servers). VPN to anonimizing services either cannot be established at all
or is interrupted continuously, dying with time-out.
All this is unpleasant.
I would also be curious to understand why we do not use https and ftps connects
for our repos. Is there a specific reason? Sure, you say that the pgp signature
is enough, but I argue that knowing when you do connect and the knowledge of
packages charged may lead to very personalized strategies. So, since there are
all these activities on https everywhere, how come we do not use out of the box
dnssec and https (maybe even tlsa).

P.S. I tried to eliminate the .mozilla to see if this would fix the mp3
playing issues, but found that one of the libraries where set property to root.
Is that normal? It somewhat astonished me because it is user-stuff.




---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen!
http://email.freenet.de/basic/Informationen


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups