LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 07-25-2017, 03:30 PM   #901
rvijay
Member
 
Registered: Aug 2003
Location: Quebec, Canada
Distribution: Debian HD install of Knoppix 5.0.1
Posts: 921

Original Poster
Blog Entries: 24

Rep: Reputation: 64

Special contacts and access to specialized commercial dumpsters yields unique and tremendously
valuable finds in regards to computers as this video reveals:
https://www.youtube.com/watch?v=xmvbpoDYhzg

Compared to the above, my finds are insignificant to say the least.

Forgot to add:
Having personal transportation such as a car greatly helps in this regard. I am on foot, so am limited with what I can carry and also how far I can go, however I am quite content with this situation.

Last edited by rvijay; 07-25-2017 at 05:58 PM.
 
Old 07-30-2017, 07:30 AM   #902
rvijay
Member
 
Registered: Aug 2003
Location: Quebec, Canada
Distribution: Debian HD install of Knoppix 5.0.1
Posts: 921

Original Poster
Blog Entries: 24

Rep: Reputation: 64
Two days ago, I happened to be close to a recycling bin. Saw a power adapter and
decided to leave it alone. Instead picked up a 3G bucket that I can use in my balcony garden to plant some veggies. This is more practical, takes a lot of mental work to make this shift.
 
Old 08-05-2017, 11:31 AM   #903
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,385
Blog Entries: 9

Rep: Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893
A couple of days ago, I found a memory stick in the park while walking the dog. Quite a classy one too, with a lever on the side to make the usb connector pop out. It carried the logo "Knowhow". So I googled them and found out that they are a rather shady lot who work for Currys and PC World. They charge a hefty sum for "setting up" your laptop using this stick. Now I was always under the impression that computers should work out of the box, but what do I know?

They have a very bad reputation (https://www.trustpilot.com/review/www.knowhow.com), which makes me think someone threw out this stick in disgust! When I looked inside, I found just two binary data files and a zipped .exe program. I got rid of them and now I have a nice 32 GB stick for nothing. I'll use it to back up my bigboy partitions (18 GB altogether) as I think I may have mobo trouble on that machine.
 
Old 08-05-2017, 12:18 PM   #904
Trihexagonal
Member
 
Registered: Jul 2017
Location: Land of 1000 Nights
Distribution: FreeBSD, OpenBSD and Solaris
Posts: 195

Rep: Reputation: 222Reputation: 222Reputation: 222
Quote:
Originally Posted by hazel View Post
They have a very bad reputation (https://www.trustpilot.com/review/www.knowhow.com), which makes me think someone threw out this stick in disgust!
Or pwn your box.


Wickedly Clever USB Stick Installs a Backdoor on Locked PCs

"You probably know by now that plugging a random USB into your PC is the digital equivalent of swallowing a pill handed to you by a stranger on the New York subway. But serial hacker Samy Kamkar's latest invention may make you think of your computer's USB ports themselves as unpatchable vulnerabilities—ones that open your network to any hacker who can get momentary access to them, even when your computer is locked."


I presume you are aware insertion of a USB stick is how Stuxnet was introduced to the relative Iranian computer.
 
Old 08-05-2017, 01:09 PM   #905
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,385
Blog Entries: 9

Rep: Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893
Yes, I acted without thinking. Thanks for reminding me. All the same, I doubt if anyone would drop a drive full of malevolent software in a random place just on the off chance that some unknown person with an unknown OS would pick it up out of curiosity and get it to run on their machine.

I regularly get emails from someone called Bernard Wood, each one with a link to something "amazing" that I "just must see". He probably sends out millions of these so he has a good chance of getting lots of people to click on his links. I can easily believe that he's a bad guy, whereas your idea doesn't seem a like a profitable venture at all. Now if that drive had been found in the stairwell of an office building belonging to a big company or the government...
 
Old 08-05-2017, 01:16 PM   #906
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 601

Rep: Reputation: 172Reputation: 172
Quote:
I doubt if anyone would drop a drive full of malevolent software in a random place just on the off chance that some unknown person with an unknown OS would pick it up out of curiosity and get it to run on their machine.
That is why the technique works. You would be suspicious if someone gave it to you, but because you "found" it........

You probably weren't (specifically) the target, anyone would have done. You are aware that there is malware that hides in the headers on USB sticks that cannot be removed by consumer machines???

Last edited by dave@burn-it.co.uk; 08-05-2017 at 01:22 PM.
 
Old 08-05-2017, 02:08 PM   #907
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 17
Posts: 5,842
Blog Entries: 21

Rep: Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921
Just wondering how on a live read only cd boot session that one could could infect a hard drive? Or a laptop or Desktop user computer. By plugging in a suspect pen drive found on the ground?

How is a keylogger gonna get into a read only file system loaded into ram?

I guess I'm dense or something? Just a older citation I go by:

https://krebsonsecurity.com/2012/07/...omment-page-1/

Me? I just eject the cd after it loads and then do my tests on suspect gear.
My operating system is read only loaded in ram. When shut down. Everything done disappears if I do not make a save file. Any changes on mounted usb during a live read only cd session? They stay changed.
 
Old 08-05-2017, 02:57 PM   #908
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,349
Blog Entries: 8

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Quote:
Originally Posted by rokytnji View Post
Just wondering how on a live read only cd boot session that one could could infect a hard drive? Or a laptop or Desktop user computer. By plugging in a suspect pen drive found on the ground?

How is a keylogger gonna get into a read only file system loaded into ram?

I guess I'm dense or something? Just a older citation I go by:

https://krebsonsecurity.com/2012/07/...omment-page-1/

Me? I just eject the cd after it loads and then do my tests on suspect gear.
My operating system is read only loaded in ram. When shut down. Everything done disappears if I do not make a save file. Any changes on mounted usb during a live read only cd session? They stay changed.
It depends on whether or not you believe BadBIOS exists (or even can, pragmatically, exist...the storage available in the BIOS is very limited). But even that could be circumvented by removing the BIOS battery and "shutting down" by unplugging the power supply - this will drain away what power remains in the PSU, ensuring the BIOS CMOS is wiped clean.

But in any case, USB firmware malware may be impossible to detect and impossible to wipe. Everything the computer uses to investigate or replace the firmware depends upon the currently loaded firmware itself. The computer has no direct access to anything on the USB device. The USB device is fundamentally a small computing device in its own right communicating with the computer via a simple network protocol.

So sure, you can be paranoid and look at that USB device on a LiveCD system with no permanent storage for it to infect. But you'll still never be able to trust that USB device no matter how much you think you have wiped it clean or reset it to factory default.
 
Old 08-05-2017, 07:28 PM   #909
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 17
Posts: 5,842
Blog Entries: 21

Rep: Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921Reputation: 2921
Have you personally experienced or physically seen any of what you posted?

2nd Edit: Let me rephrase that. Can any Linux Questions forum member seen or experienced compromised usb firmware used to hack into your computer from a remote computer?

Because it sounds like a common thing that happens a lot from what I am reading.

Edit: First time I've read that dd to zeros is useless also.

Following that logic to it's conclusion. Rivjays whole thread is nothing but the possibility of bringing hacked hardware home and going online with it.

Last edited by rokytnji; 08-05-2017 at 07:35 PM.
 
Old 08-05-2017, 08:08 PM   #910
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,349
Blog Entries: 8

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Quote:
Originally Posted by rokytnji View Post
Have you personally experienced or physically seen any of what you posted?

2nd Edit: Let me rephrase that. Can any Linux Questions forum member seen or experienced compromised usb firmware used to hack into your computer from a remote computer?

Because it sounds like a common thing that happens a lot from what I am reading.

Edit: First time I've read that dd to zeros is useless also.

Following that logic to it's conclusion. Rivjays whole thread is nothing but the possibility of bringing hacked hardware home and going online with it.
Here's a description of BadUSB: https://www.wired.com/2014/10/code-p...le-usb-attack/

The good news is that since you never use bootable USBs (only actual CD live CDs), and you very likely never transfer any executable files by USB drive, then that particular attack is not a problem. But this still leaves some other USB firmware malware attack types - like acting as a fake keyboard or mouse, or acting as a fake network device (which can then fake web sites or software repositories). But the fake network device attack is something that has been being patched, by making newer network managers NOT automatically connect a wired connection. And fake keyboard/mouse attacks are pretty iffy and run a high risk of the user noticing weird behavior.
 
Old 08-06-2017, 06:34 AM   #911
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,385
Blog Entries: 9

Rep: Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893Reputation: 1893
But if all that is true, then one shouldn't use usb drives at all, not even the ones you buy in shops. It takes me back to the early 90's when boot sector viruses were rampant, transferred around by floppies.
 
Old 08-06-2017, 06:47 AM   #912
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,367

Rep: Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258
Personally, from what I have read, I feel fairly safe. Most of the bad USB attacks seem to be along the lines of fake keyboard input and the like which need to be tailored to a specific OS or, even, a specific organisation or even person. Plus there is the cost of something like this versus the benefit. Once a relatively small sum of money has been spent and some infrastructure put in place sending millions of emails out is relatively cost-free whereas each USB device has to be bought, modified and configured adding an awful lot to the cost of possibly compromising a PC to which it is attached.
Sure, certainly don't boot from a random USB stick, don't run anything from it and be a lot more wary of sticks "found" in offices, "free gifts" to your company etc. but I think the USB hacking issue is too small a threat for home users to give much thought to.
 
Old 08-06-2017, 07:26 AM   #913
Trihexagonal
Member
 
Registered: Jul 2017
Location: Land of 1000 Nights
Distribution: FreeBSD, OpenBSD and Solaris
Posts: 195

Rep: Reputation: 222Reputation: 222Reputation: 222
Quote:
Originally Posted by 273 View Post
...but I think the USB hacking issue is too small a threat for home users to give much thought to.
When I gift files to someone I insist they bring me a new USB stick still in the package or they don't get them. Especially since everyone I know uses Windows and I have no idea what they do or have done on their machine.
 
Old 08-06-2017, 07:38 AM   #914
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,367

Rep: Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258Reputation: 2258
Quote:
Originally Posted by Trihexagonal View Post
When I gift files to someone I insist they bring me a new USB stick still in the package or they don't get them. Especially since everyone I know uses Windows and I have no idea what they do or have done on their machine.
So you know of Windows malware able to autorun under Linux and install BIOS hack from a USB stick with no reprogramming of the USB stick?
If not what are you worried about?
This is exactly the kind of thing I think is overly cautious. By all means, do it, but unless one of your friends knows you run Linux and is willing to spend money on attempting to hack you, with the possibility of no return on investment, I fail to understand what you are worried about.
By the way, the above is not to say that I think there is no possibility of an edge case where an Windows machine becomes infected and due to some configuration or combination of programs being present on a Linux machine it then becomes infected too but unless you've a link to plausible evidence of it happening or even a good logical argument as to how it could happen, I'll treat it as a negligible risk.
 
Old 08-06-2017, 07:52 AM   #915
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,349
Blog Entries: 8

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Quote:
Originally Posted by hazel View Post
But if all that is true, then one shouldn't use usb drives at all, not even the ones you buy in shops. It takes me back to the early 90's when boot sector viruses were rampant, transferred around by floppies.
Well, Russian spies did plant USB thumbdrives in shops around NATO headquarters in Kabul, in hopes that a soldier would buy one of the USB thumbdrives and use it. This attack worked, but think about the effort and expense involved. I wouldn't worry too much about store bought USB drives.

But with used USB thumbdrives, it's a bit of a concern. Some sort of widespread malware could infect all of the suitable USB thumbdrives ever attached to that system. And at least one proof-of-concept demonstration specifically detects when it is loaded on a popular LiveUSB (the Ubuntu default LiveUSB at the time), and also detects whether the bootloader is read soon after powering up. IF it detects this, then it modifies the read image to load the payload into the system. Otherwise, it provides the unmodified files. So, even if you go out of your way to check checksums and do a byte-for-byte scan of the drive contents, you won't see that it has been infected. You'd only detect it if you plugged in the USB drive and then faked what it looks like for the BIOS to boot up the system (reading the bootloader, and then reading the liveUSB image).

How do you practically defend against this? You have to us a judgement call about trust. Where has that USB drive been? For the most part, most people do not actually go around swapping USB drives around. You're likely the second owner of the USB drive, assuming you trust the person giving it to you and that person says they were the only previous owner. So really, it's a question of how the first owner used the USB drive. Was that USB drive used in internet cafes to store personal data? Or was that USB drive used to transfer files around for Windows desktop support? I'd be wary. But for most other cases, what really are the chances that the USB drive encountered a PC with malware to infect it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to establish "ssh" trusted hosts between PCs with non-root users? rainman1985_2010 Linux - General 3 09-10-2011 11:11 PM
what is all this OSes khodeir Linux - General 3 02-24-2009 05:43 PM
Alien OSes sancho5 Linux - General 3 01-26-2006 09:36 PM
Three OSes - Is it possible? Jongi Linux - General 9 05-20-2005 12:21 PM
Different OSes SnowSurfAir Linux - Software 10 04-17-2004 10:42 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 10:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration