|
Special contacts and access to specialized commercial dumpsters yields unique and tremendously
valuable finds in regards to computers as this video reveals: https://www.youtube.com/watch?v=xmvbpoDYhzg Compared to the above, my finds are insignificant to say the least. Forgot to add: Having personal transportation such as a car greatly helps in this regard. I am on foot, so am limited with what I can carry and also how far I can go, however I am quite content with this situation. |
Two days ago, I happened to be close to a recycling bin. Saw a power adapter and
decided to leave it alone. Instead picked up a 3G bucket that I can use in my balcony garden to plant some veggies. This is more practical, takes a lot of mental work to make this shift. |
A couple of days ago, I found a memory stick in the park while walking the dog. Quite a classy one too, with a lever on the side to make the usb connector pop out. It carried the logo "Knowhow". So I googled them and found out that they are a rather shady lot who work for Currys and PC World. They charge a hefty sum for "setting up" your laptop using this stick. Now I was always under the impression that computers should work out of the box, but what do I know?
They have a very bad reputation (https://www.trustpilot.com/review/www.knowhow.com), which makes me think someone threw out this stick in disgust! When I looked inside, I found just two binary data files and a zipped .exe program. I got rid of them and now I have a nice 32 GB stick for nothing. I'll use it to back up my bigboy partitions (18 GB altogether) as I think I may have mobo trouble on that machine. |
Quote:
Wickedly Clever USB Stick Installs a Backdoor on Locked PCs "You probably know by now that plugging a random USB into your PC is the digital equivalent of swallowing a pill handed to you by a stranger on the New York subway. But serial hacker Samy Kamkar's latest invention may make you think of your computer's USB ports themselves as unpatchable vulnerabilities—ones that open your network to any hacker who can get momentary access to them, even when your computer is locked." I presume you are aware insertion of a USB stick is how Stuxnet was introduced to the relative Iranian computer. |
Yes, I acted without thinking. Thanks for reminding me. All the same, I doubt if anyone would drop a drive full of malevolent software in a random place just on the off chance that some unknown person with an unknown OS would pick it up out of curiosity and get it to run on their machine.
I regularly get emails from someone called Bernard Wood, each one with a link to something "amazing" that I "just must see". He probably sends out millions of these so he has a good chance of getting lots of people to click on his links. I can easily believe that he's a bad guy, whereas your idea doesn't seem a like a profitable venture at all. Now if that drive had been found in the stairwell of an office building belonging to a big company or the government... |
Quote:
You probably weren't (specifically) the target, anyone would have done. You are aware that there is malware that hides in the headers on USB sticks that cannot be removed by consumer machines??? |
Just wondering how on a live read only cd boot session that one could could infect a hard drive? Or a laptop or Desktop user computer. By plugging in a suspect pen drive found on the ground?
How is a keylogger gonna get into a read only file system loaded into ram? I guess I'm dense or something? Just a older citation I go by: https://krebsonsecurity.com/2012/07/...omment-page-1/ Me? I just eject the cd after it loads and then do my tests on suspect gear. My operating system is read only loaded in ram. When shut down. Everything done disappears if I do not make a save file. Any changes on mounted usb during a live read only cd session? They stay changed. |
Quote:
But in any case, USB firmware malware may be impossible to detect and impossible to wipe. Everything the computer uses to investigate or replace the firmware depends upon the currently loaded firmware itself. The computer has no direct access to anything on the USB device. The USB device is fundamentally a small computing device in its own right communicating with the computer via a simple network protocol. So sure, you can be paranoid and look at that USB device on a LiveCD system with no permanent storage for it to infect. But you'll still never be able to trust that USB device no matter how much you think you have wiped it clean or reset it to factory default. |
Have you personally experienced or physically seen any of what you posted?
2nd Edit: Let me rephrase that. Can any Linux Questions forum member seen or experienced compromised usb firmware used to hack into your computer from a remote computer? Because it sounds like a common thing that happens a lot from what I am reading. Edit: First time I've read that dd to zeros is useless also. Following that logic to it's conclusion. Rivjays whole thread is nothing but the possibility of bringing hacked hardware home and going online with it. |
Quote:
The good news is that since you never use bootable USBs (only actual CD live CDs), and you very likely never transfer any executable files by USB drive, then that particular attack is not a problem. But this still leaves some other USB firmware malware attack types - like acting as a fake keyboard or mouse, or acting as a fake network device (which can then fake web sites or software repositories). But the fake network device attack is something that has been being patched, by making newer network managers NOT automatically connect a wired connection. And fake keyboard/mouse attacks are pretty iffy and run a high risk of the user noticing weird behavior. |
But if all that is true, then one shouldn't use usb drives at all, not even the ones you buy in shops. It takes me back to the early 90's when boot sector viruses were rampant, transferred around by floppies.
|
Personally, from what I have read, I feel fairly safe. Most of the bad USB attacks seem to be along the lines of fake keyboard input and the like which need to be tailored to a specific OS or, even, a specific organisation or even person. Plus there is the cost of something like this versus the benefit. Once a relatively small sum of money has been spent and some infrastructure put in place sending millions of emails out is relatively cost-free whereas each USB device has to be bought, modified and configured adding an awful lot to the cost of possibly compromising a PC to which it is attached.
Sure, certainly don't boot from a random USB stick, don't run anything from it and be a lot more wary of sticks "found" in offices, "free gifts" to your company etc. but I think the USB hacking issue is too small a threat for home users to give much thought to. |
Quote:
|
Quote:
If not what are you worried about? This is exactly the kind of thing I think is overly cautious. By all means, do it, but unless one of your friends knows you run Linux and is willing to spend money on attempting to hack you, with the possibility of no return on investment, I fail to understand what you are worried about. By the way, the above is not to say that I think there is no possibility of an edge case where an Windows machine becomes infected and due to some configuration or combination of programs being present on a Linux machine it then becomes infected too but unless you've a link to plausible evidence of it happening or even a good logical argument as to how it could happen, I'll treat it as a negligible risk. |
Quote:
But with used USB thumbdrives, it's a bit of a concern. Some sort of widespread malware could infect all of the suitable USB thumbdrives ever attached to that system. And at least one proof-of-concept demonstration specifically detects when it is loaded on a popular LiveUSB (the Ubuntu default LiveUSB at the time), and also detects whether the bootloader is read soon after powering up. IF it detects this, then it modifies the read image to load the payload into the system. Otherwise, it provides the unmodified files. So, even if you go out of your way to check checksums and do a byte-for-byte scan of the drive contents, you won't see that it has been infected. You'd only detect it if you plugged in the USB drive and then faked what it looks like for the BIOS to boot up the system (reading the bootloader, and then reading the liveUSB image). How do you practically defend against this? You have to us a judgement call about trust. Where has that USB drive been? For the most part, most people do not actually go around swapping USB drives around. You're likely the second owner of the USB drive, assuming you trust the person giving it to you and that person says they were the only previous owner. So really, it's a question of how the first owner used the USB drive. Was that USB drive used in internet cafes to store personal data? Or was that USB drive used to transfer files around for Windows desktop support? I'd be wary. But for most other cases, what really are the chances that the USB drive encountered a PC with malware to infect it? |
Quote:
|
It gives a new perspective on ebay usb drive listings. That is for sure.
Govt sponsored attacks are within the realm of being affordable . So luck of draw does apply I guess. I thanked a user for educating me on a question I asked. I probably will never see bad usb on the Mexican border. |
Quote:
Make Your Own Bad USB If that's not enough just google USB exploits+Linux. It shows "About 540,000 results". I don't use Linux, only BSD. The people I know don't know enough about hacking to prevent themselves from being hacked, much less compromise me by intention. It's that very fact that makes me leery of accepting any USB device from them that isn't brand new and still in the package. IMO there is no such thing as "overly cautious" when it comes to computer security, but you Admin your system as you see fit and I will continue to do the same. |
Quote:
Also why are you more likely to know what Linux users are doing - in fact since most Linux software is written by amateurs it is more likely that it hasn't gone through rigorous testing. |
Quote:
So, again, your "security procedures" seem pointless. And, again, while there may be an outside chance that it may be possible for a piece of Windows malware to be hooked onto my an autorun process on Linux (or BSD, etc.) the chances are so remote and the chances of it not being detected by somebody who has likely shut off any "autorun" processes anyhow so low it's really not a viable concern. It's like worrying about catching AIDS from a door handle -- sure if you want to wear disposable gloves and go through complex procedures every time you use a door on the off chance you may suffer a one in a million infection go ahead. IsaacKuo: DO you have an article explaining the bootloader infection? As it stands I don't think it does what the description you gave suggests it does. i.e. I don't think that something will autorun from a USB drive and infect a Linux bootloader regardless of what it's installed on. I'm also doubtful that something which infected the bootloader of a USB drive attached to a system with malware installed would survive that USB stick being dd'd with another image. Perhaps I'm missing something but there seems to be a disconnect between what has been achieved and how and what is being perceived. |
Quote:
Quote:
|
Quote:
|
Quote:
I'm not going to debate the issue for the sake of argument, I already said you Admin your system as you see fit and I will continue to do the same. If you think it's not a threat then so be it. What you eat don't make me fat. |
Quote:
https://arstechnica.com/information-...ces-turn-evil/ The thing you're missing is that BadUSB doesn't autorun anything on the Linux computer. It autoruns the USB device's firmware on the USB device itself, which you simply can't avoid doing and still have a functional USB device. Remember that a USB device is fundamentally a small computer which communicates with your computer via a simple networking protocol. So when the computer requests a bit of data from a USB drive's flash memory, the computer has no direct access to the flash memory hardware. It must request that data from the USB device's little computer, and the USB device returns that data - or, if the firmware is so programmed to - modified data. So, instead of returning the legitimate Ubuntu install file, it returns an infected Ubuntu install file. When it decides to, in order to try and escape detection from paranoid users. |
Quote:
Quote:
I'm actually finding it difficult to even find an example of badusb in action. To be more on topic I think that the chances of a USB stick picked up second hand causing any issues is a lot less than that of getting a bed-bug infestation from an old PC case or an old laptop having a catastrophic battery failure. The risks are so minimal, especially given that this is for use in old PCs running Linux, that I think it's a waste of money not to use an old USB drive "just in case". |
@dave: Anyone who, with malevolent intent, left a drive lying about in the park for a random person to pick up would make sure that any software it carried would run under Windows. Because the chances of that person using anything other than Windows on a PC are vanishingly small. Linux malware would only be used to target a specific person who was known to be a Linux user.
Of course different rules apply in offices. A lot of office servers run Linux even if the desktop machines don't, so putting Linux malware on such a drive and leaving it lying around in the building (or gifting it as a commercial freebie) would make a lot of sense. In any case, I'm not planning to boot from this drive. I have a couple of shop-bought 8GB drives that I use for installation images. What I intend to do with this much larger drive is to tar up my four main Bigboy partitions (Crux, LFS, Debian and home/documents) and copy them onto Littleboy for safety in case I run into serious mobo trouble (see my posts in the hardware forum for accounts of recent misbehaviour). In my fstab, usb drives are user-mountable, which means automatic noexec. |
Quote:
|
I said that most modern malware is NOT OS dependant and would likeley attack using machine level code - and even if it didn't actually affect Linux, it would still be passed on , like Typhoid Mary did all those years ago.
|
As a general rule, the more icky stuff you can handle in dumpster diving, better will be your finds. If you can't handle icky stuff, then you must not be diving.
Open and spilled coffee cups are normal, as are used and sometimes even soggy clothes. Some cut open the garbage bags inside the dumpster, if this is done, then can expect to find even hair, used tissue papers etc., to say the least. Once I even came across two used condoms in one dumpster. Just left that dumpster alone the moment I saw it and then moved on. As a general rule, if there is open food in the dumpster, I just leave it for the birds in an open area. There are even reports of folks finding abandoned pets etc., in dumpster. So, be prepared for all these. My worst nightmare is finding human body parts, if ever something like this happens it is best to call the cops. These are just some of the common sense things I have learned in regards to dumpster diving in residential area. Now in regards to IT items, most are thrown as the owner gets a new one or is moving etc., Also, these items are usually dirty and need some cleaning as I have mentioned before. I have found only one USB key and it has a key chain that is badly rusted, so figure this was the reason it was thrown. My hair dryer is very useful for cleaning insides of abandoned old computers of all the dirt. For the finer areas I use a tooth pick. Presently tho, I haven't dumpster dived in almost 4 weeks now due to swollen feet. However this got me into gardening, sprouting and microgreens. Had a very nice harvest of brown lentils microgreens that will last me for two weeks or so just now. Also growing sunflower seed sprouts and flax seed sprouts. Have a tomato plant and bean plant growing in my garden. Have several starter seedlings growing, will see how they come out. I still have a lot to learn about gardening, sprouting and microgreens. Also, plan to learn about fermented foods in the future. Thanks to my old computer and the net, that I was able to minimize mistakes in my trials and learn more efficiently so far. Some have great experience and were kind enough to share some tips with me. The one thing I need now are grow lights which I have to buy. I am sharing this as life is a balance and helps to use old computer parts in garden also. The cardboard boxes of old computers and IT parts can be added to the compost bin, I also add pieces of these to pots. That way these are recycled. The screws, damaged cables etc., can be used to stake plants. The glass plate from printers are extremely useful to cover pots with seedlings that need to be kept outside (indoors they become leggy and then slowly die). It is vital to avoid toxic IT parts in garden tho, unless it is a flower pot. At this point I welcome any other creative suggestions from folks about using old IT parts for gardening, specially in containers. Thanks in advance. Edited to add: I just found these, need to explore more: https://en.wikipedia.org/wiki/Comput..._garden_design http://lifehacker.com/5888532/how-to...ze-your-garden Edited again to add : There are those good with IT and also a very intense green thumb. These folks are using computers very nicely to grow plants. Here are some related images that give good ideas: http://tinyurl.com/yb94u4cp |
This article was written around the P2 era, so presently this is considered as old computer.
This article shows the vital role Linux plays in agriculture: http://www.linuxjournal.com/article/3292 I hope to benefit from the connection between old computers, linux and plants a bit. When looking for used IT items, I will also look for some plants that I can collect and eat. Will watch this video in future and learn from it: https://www.youtube.com/watch?v=dabvs-jriL8 At this point, I am going to stop exploring old computers for their own sake for sometime. I am going to accept an old computer as a complete tool for eg., like a swiss knife and explore its applications more. This is a new mindset, costs nothing, so will see what I can get from it. |
Nice Life Hacks here, some can be used with old IT stuff as well - http://tinyurl.com/yddxjs6w
|
Member response
Hi,
Quote:
Most virus are blindly passed between users who fail to use proper security techniques. Be it via a browser or even sneaker net. Have fun & enjoy! :hattip: |
Quote:
|
And your point is?? Is it that MS tell people not to download untested versions???
|
Quote:
MS don't test or care any more than anyone else making software. |
Well what a surprise!!
If you are overriding the built in protection and using untested sources for updates you need the check you don't get burned. That applies to just abut ANY product you could name. |
New tech is addictive and seems to have a hypnotic effect as per this video
below: http://www.amtvmedia.com/how-the-int...-brain-damage/ Using an older PC in a limited manner is a very good option to avoid this tech addiction. In this regard, Sugar seems interesting: https://en.wikipedia.org/wiki/Sugar_(software) However, if one works in IT or related areas, then staying for long with older PCs that are like dinosaurs are a big no no. Here is are some IT career related articles that show what is in demand currently: http://www.zdnet.com/article/open-so...and-than-ever/ http://windowsitpro.com/open-source/...continues-grow http://www.zdnet.com/article/securit...it-in-infosec/ Talk of such old computers there too much in such circles is a big no no, except as a passing interest in antiques. |
Windows 10 strikes again. Daughter unplugged headphones from her laptop and it won't switch to the speakers. Wife always has the opposite issue with hers. Don't know how they managed to screw up something that simple.
|
^ well, it could've happened with any gnu/linux.
the difference is, on linux you're able to fix it without voodoo. |
Yes, that is likely to be a hardware or BIOS problem not the OS.
|
This is a nice way to improve older PC performance, can be tried with a less
recent graphics card also: http://www.techarp.com/articles/rene...force-gt-1030/ |
Quote:
Sorry, I posted in the wrong thread and can't seem to delete it. I replied in the correct thread that sound works when booting a live linux distro so hardware/bios tests fine, it seems to be a known issue with Windows 10 judging from the number of google search hits on the issue. |
An older PC with one of this distros below on it must be perfect for a kid to learn on:
https://opensource.com/article/17/9/linux-kids |
Likely End of Solaris Line
http://windowsitpro.com/software-dev...d-line-solaris For related reference: https://en.wikipedia.org/wiki/Solaris_(operating_system) |
Any place I knew running Slowaris replaced it with deadrat already.
|
Even if you manage to run Linux or BSD on an old machine, the web is not adapted and compatible with old machines.
|
Quote:
Under linux and BSD you can still run modern browsers. |
Quote:
|
Quote:
You do not have to be using small, faster, perhaps even older software to run into bad design. Likewise, running the very newest, bloated, slowest modern application does not make you immune. |
Quote:
|
| All times are GMT -5. The time now is 02:07 PM. |