Anything about old PCs, their uses, related OSes and their users
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Special contacts and access to specialized commercial dumpsters yields unique and tremendously
valuable finds in regards to computers as this video reveals: https://www.youtube.com/watch?v=xmvbpoDYhzg
Compared to the above, my finds are insignificant to say the least.
Forgot to add:
Having personal transportation such as a car greatly helps in this regard. I am on foot, so am limited with what I can carry and also how far I can go, however I am quite content with this situation.
Two days ago, I happened to be close to a recycling bin. Saw a power adapter and
decided to leave it alone. Instead picked up a 3G bucket that I can use in my balcony garden to plant some veggies. This is more practical, takes a lot of mental work to make this shift.
A couple of days ago, I found a memory stick in the park while walking the dog. Quite a classy one too, with a lever on the side to make the usb connector pop out. It carried the logo "Knowhow". So I googled them and found out that they are a rather shady lot who work for Currys and PC World. They charge a hefty sum for "setting up" your laptop using this stick. Now I was always under the impression that computers should work out of the box, but what do I know?
They have a very bad reputation (https://www.trustpilot.com/review/www.knowhow.com), which makes me think someone threw out this stick in disgust! When I looked inside, I found just two binary data files and a zipped .exe program. I got rid of them and now I have a nice 32 GB stick for nothing. I'll use it to back up my bigboy partitions (18 GB altogether) as I think I may have mobo trouble on that machine.
"You probably know by now that plugging a random USB into your PC is the digital equivalent of swallowing a pill handed to you by a stranger on the New York subway. But serial hacker Samy Kamkar's latest invention may make you think of your computer's USB ports themselves as unpatchable vulnerabilities—ones that open your network to any hacker who can get momentary access to them, even when your computer is locked."
I presume you are aware insertion of a USB stick is how Stuxnet was introduced to the relative Iranian computer.
Yes, I acted without thinking. Thanks for reminding me. All the same, I doubt if anyone would drop a drive full of malevolent software in a random place just on the off chance that some unknown person with an unknown OS would pick it up out of curiosity and get it to run on their machine.
I regularly get emails from someone called Bernard Wood, each one with a link to something "amazing" that I "just must see". He probably sends out millions of these so he has a good chance of getting lots of people to click on his links. I can easily believe that he's a bad guy, whereas your idea doesn't seem a like a profitable venture at all. Now if that drive had been found in the stairwell of an office building belonging to a big company or the government...
I doubt if anyone would drop a drive full of malevolent software in a random place just on the off chance that some unknown person with an unknown OS would pick it up out of curiosity and get it to run on their machine.
That is why the technique works. You would be suspicious if someone gave it to you, but because you "found" it........
You probably weren't (specifically) the target, anyone would have done. You are aware that there is malware that hides in the headers on USB sticks that cannot be removed by consumer machines???
Last edited by dave@burn-it.co.uk; 08-05-2017 at 01:22 PM.
Just wondering how on a live read only cd boot session that one could could infect a hard drive? Or a laptop or Desktop user computer. By plugging in a suspect pen drive found on the ground?
How is a keylogger gonna get into a read only file system loaded into ram?
I guess I'm dense or something? Just a older citation I go by:
Me? I just eject the cd after it loads and then do my tests on suspect gear.
My operating system is read only loaded in ram. When shut down. Everything done disappears if I do not make a save file. Any changes on mounted usb during a live read only cd session? They stay changed.
Just wondering how on a live read only cd boot session that one could could infect a hard drive? Or a laptop or Desktop user computer. By plugging in a suspect pen drive found on the ground?
How is a keylogger gonna get into a read only file system loaded into ram?
I guess I'm dense or something? Just a older citation I go by:
Me? I just eject the cd after it loads and then do my tests on suspect gear.
My operating system is read only loaded in ram. When shut down. Everything done disappears if I do not make a save file. Any changes on mounted usb during a live read only cd session? They stay changed.
It depends on whether or not you believe BadBIOS exists (or even can, pragmatically, exist...the storage available in the BIOS is very limited). But even that could be circumvented by removing the BIOS battery and "shutting down" by unplugging the power supply - this will drain away what power remains in the PSU, ensuring the BIOS CMOS is wiped clean.
But in any case, USB firmware malware may be impossible to detect and impossible to wipe. Everything the computer uses to investigate or replace the firmware depends upon the currently loaded firmware itself. The computer has no direct access to anything on the USB device. The USB device is fundamentally a small computing device in its own right communicating with the computer via a simple network protocol.
So sure, you can be paranoid and look at that USB device on a LiveCD system with no permanent storage for it to infect. But you'll still never be able to trust that USB device no matter how much you think you have wiped it clean or reset it to factory default.
Have you personally experienced or physically seen any of what you posted?
2nd Edit: Let me rephrase that. Can any Linux Questions forum member seen or experienced compromised usb firmware used to hack into your computer from a remote computer?
Because it sounds like a common thing that happens a lot from what I am reading.
Edit: First time I've read that dd to zeros is useless also.
Following that logic to it's conclusion. Rivjays whole thread is nothing but the possibility of bringing hacked hardware home and going online with it.
Have you personally experienced or physically seen any of what you posted?
2nd Edit: Let me rephrase that. Can any Linux Questions forum member seen or experienced compromised usb firmware used to hack into your computer from a remote computer?
Because it sounds like a common thing that happens a lot from what I am reading.
Edit: First time I've read that dd to zeros is useless also.
Following that logic to it's conclusion. Rivjays whole thread is nothing but the possibility of bringing hacked hardware home and going online with it.
The good news is that since you never use bootable USBs (only actual CD live CDs), and you very likely never transfer any executable files by USB drive, then that particular attack is not a problem. But this still leaves some other USB firmware malware attack types - like acting as a fake keyboard or mouse, or acting as a fake network device (which can then fake web sites or software repositories). But the fake network device attack is something that has been being patched, by making newer network managers NOT automatically connect a wired connection. And fake keyboard/mouse attacks are pretty iffy and run a high risk of the user noticing weird behavior.
But if all that is true, then one shouldn't use usb drives at all, not even the ones you buy in shops. It takes me back to the early 90's when boot sector viruses were rampant, transferred around by floppies.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Personally, from what I have read, I feel fairly safe. Most of the bad USB attacks seem to be along the lines of fake keyboard input and the like which need to be tailored to a specific OS or, even, a specific organisation or even person. Plus there is the cost of something like this versus the benefit. Once a relatively small sum of money has been spent and some infrastructure put in place sending millions of emails out is relatively cost-free whereas each USB device has to be bought, modified and configured adding an awful lot to the cost of possibly compromising a PC to which it is attached.
Sure, certainly don't boot from a random USB stick, don't run anything from it and be a lot more wary of sticks "found" in offices, "free gifts" to your company etc. but I think the USB hacking issue is too small a threat for home users to give much thought to.
...but I think the USB hacking issue is too small a threat for home users to give much thought to.
When I gift files to someone I insist they bring me a new USB stick still in the package or they don't get them. Especially since everyone I know uses Windows and I have no idea what they do or have done on their machine.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by Trihexagonal
When I gift files to someone I insist they bring me a new USB stick still in the package or they don't get them. Especially since everyone I know uses Windows and I have no idea what they do or have done on their machine.
So you know of Windows malware able to autorun under Linux and install BIOS hack from a USB stick with no reprogramming of the USB stick?
If not what are you worried about?
This is exactly the kind of thing I think is overly cautious. By all means, do it, but unless one of your friends knows you run Linux and is willing to spend money on attempting to hack you, with the possibility of no return on investment, I fail to understand what you are worried about.
By the way, the above is not to say that I think there is no possibility of an edge case where an Windows machine becomes infected and due to some configuration or combination of programs being present on a Linux machine it then becomes infected too but unless you've a link to plausible evidence of it happening or even a good logical argument as to how it could happen, I'll treat it as a negligible risk.
But if all that is true, then one shouldn't use usb drives at all, not even the ones you buy in shops. It takes me back to the early 90's when boot sector viruses were rampant, transferred around by floppies.
Well, Russian spies did plant USB thumbdrives in shops around NATO headquarters in Kabul, in hopes that a soldier would buy one of the USB thumbdrives and use it. This attack worked, but think about the effort and expense involved. I wouldn't worry too much about store bought USB drives.
But with used USB thumbdrives, it's a bit of a concern. Some sort of widespread malware could infect all of the suitable USB thumbdrives ever attached to that system. And at least one proof-of-concept demonstration specifically detects when it is loaded on a popular LiveUSB (the Ubuntu default LiveUSB at the time), and also detects whether the bootloader is read soon after powering up. IF it detects this, then it modifies the read image to load the payload into the system. Otherwise, it provides the unmodified files. So, even if you go out of your way to check checksums and do a byte-for-byte scan of the drive contents, you won't see that it has been infected. You'd only detect it if you plugged in the USB drive and then faked what it looks like for the BIOS to boot up the system (reading the bootloader, and then reading the liveUSB image).
How do you practically defend against this? You have to us a judgement call about trust. Where has that USB drive been? For the most part, most people do not actually go around swapping USB drives around. You're likely the second owner of the USB drive, assuming you trust the person giving it to you and that person says they were the only previous owner. So really, it's a question of how the first owner used the USB drive. Was that USB drive used in internet cafes to store personal data? Or was that USB drive used to transfer files around for Windows desktop support? I'd be wary. But for most other cases, what really are the chances that the USB drive encountered a PC with malware to infect it?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.