LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 10-24-2020, 05:02 PM   #16
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,783

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498

I generally try to ignore his threads, but sometimes I'm weak and get sucked in. But looking at what he claims to have installed, ISTM that Discord is the most likely suspect for the break-in, if it did in fact happen, especially since it seemed to be coincident with being online using the packaged version. In any case, I'm not going near Discord. The risk/reward ratio is way, way out of whack.
 
Old 10-25-2020, 09:14 AM   #17
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,150

Rep: Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167
sgosnell, if this fellow doesn't use a firewall, that's bad enough leaving him open to many kinds of attacks, but usually such a stance (much like his rather silly and risky security vs/ performance stance) is not in a vacuum. It is likely he is so unconcerned about his security that he clicks on any link he is sent. In all likelihood the so-called "hacker" probably sent your acquaintance a link to a graphics file on the would be hacker's own PC which he could then easily see the IP requesting connection. He wouldn't even have to bother sniffing packets. It would be immediately evident and logged. Any of the VNC type apps would accept his victim's IP and deliver his target's desktop just as if he was sitting next to it. This little piggie opened the door for the wolf and it could have happened anywhere. It's NOT Discord's fault. This guy probably doesn't even bother to secure ssh and telnet, LOL.

There is no way to glean someone's IP (first line of attack/defense) directly from Discord. That information is all server side exclusively. However as was pointed out by the earliest network hackers as far back as "Capn Crunch" Phone Phreaks like Draper and Mitnick, social hacking is the greatest attack surface, NOT hardware/software hacking. Not only are people the greatest surface area but as con men from mid 1800s noted (it wasn't P.T. Barnum) "There's a sucker born every minute".

If you're really interested in any person's actual ability to extract your IP from ANY activity do a search for Grabify. I'm reasonably confidant you have at one time visited a website that correctly displayed your IP even though if properly firewalled that is rare. However that begins exactly because you chose to enter or click on a link to their server address. If you're decently firewalled and not just casually, they actually should get no further than the IP of your provider.

I'm very confidant this fellow is nonchalant, low hanging fruit. You might want to convince him to at least visit GRC Shields Up! which is a reverse pen-testing service that will inform you of how secure you are or are not. I posted the name, not a link, so you could see for yourself how safe or not such a service is BEFORE you visit, and so can he if he even cares.

Last edited by enorbet; 10-25-2020 at 09:16 AM.
 
Old 10-25-2020, 10:51 AM   #18
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,783

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
He does not listen to anyone. He has repeatedly been advised to take various methods to secure his system, but he does not take advice. As I said, I have no actual proof of any of his claims, just casually interested in the possibility of an installed package to allow access to a computer. The software is not open, AFAICT, so there is no way of knowing everything that it does. Installing unverified packages is always a security risk, whether or not this particular one has any malware embedded in it.
 
Old 10-25-2020, 06:34 PM   #19
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,150

Rep: Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167
Hello again, sgosnell. I want you to know I really am not trying to belabor the point which is commonly some misguided attempt at imagining winning some perceived argument, it's just that this stuff does fascinate me. Additionally I with some embarrassment aware that I too went through a similar stage of imagining everything that seemed odd was "probably a virus or some hacker". I even recall a time or two actually falling for the gimmick of forwarding AOL emails warning of email delivered hacks and malware that could do ridiculous stuff like wipe your hard drive or change the temperature setting on your fridge (ok that last one was a joke).

Anyway and just FTR it matters only little that Discord is not FOSS. We can know what it is by what it does and doesn't do. We can monitor, for example, with firewall logs, logged "lsof" output and other means at the very least what exactly is accessed on our end.

Over 20 years ago I casually pinged a guy logged into an IRC channel we are on who immediately asked me why I'd pinged him. After explaining I was merely checking out option menues new to me on a graphic IRC app, I asked the obvious" Wow! How did you know and epecially how did you know so quickly!!~?>?>. He explained he had STDOUT scripted to send any such activity to a dot matrix printer he chose exactly because it was both informative and LOUD!. A few years later I learned he was 14 at the time. Guys like this avail themselves of existing tools and create more. If you're gonna "ride bareback" you should at least know the risks. How can one even choose to even semi-responsibly accept consequences if we don't even know what they are? It really isn't difficult to be aware of what's going on within our systems, if we care to look. Linux is very well logged even by default and can be increased. We don't need a dot matrix printer if we just bother to look.
 
Old 10-25-2020, 06:56 PM   #20
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,783

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
I agree with the sentiment, but in reality most users don't know or care about logs. That seems obvious just from reading Linux forums. My aversion to Discord has more to do with its disregard of user privacy as with the possibility of intruding on systems. I just think it's unsavory software, and I won't use it. YMMV.
 
Old 10-26-2020, 03:25 AM   #21
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,809
Blog Entries: 9

Rep: Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637
Quote:
Originally Posted by enorbet View Post
I want you to know I really am not trying to belabor the point which is commonly some misguided attempt at imagining winning some perceived argument...
...but that's exactly what you're doing in most of your posts!
 
Old 10-26-2020, 05:25 AM   #22
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,150

Rep: Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167Reputation: 3167
ondoho I suppose that's only natural that you see me that way because of our differences. However I strongly suspect that you are unaware, whether by conscious or subconscious dismissal, much like the thought processes that people do to justify believing that humans are somehow controlled by the Full Moon, but whichever it is you are apparently unaware of how often I openly admit being wrong or making a mistake. That is not common modus operandi for people who need to win or convince themselves they did. You apparently see me as a typically arrogant American but I think that is way overly generalized. If in fact in some definition of that word I am, then I am SO arrogant I barely care what you think and have zero need to beat you or anyone else at anything.

So you are provably incorrect in your analysis of me. I don't have such needs and that isn't better or worse, it has elements of both like all things, but it's just how I am. I see no problem or shame in being wrong or mistaken. Mistakes are valuable. The only false step, the only regrettable mistake is continuing to be mistaken simply to appear to not having made the first mistake. I embrace mistakes in myself and others. It's what makes conversation valuable. Sorry but I don't fit your pat assessment since "most of my posts" are merely how I see things knowing full well I could easily be wrong, as I am rather often, and I never hide it.

However if after you have actually sampled enough of my posts objectively you still arrive at the same conclusion, then still, neither one of us has actually won anything other than continuing to have the right to come to our own conclusions, which I respect and promote. I often disagree with you but not only do I not need to "beat you", I wish you well.
 
Old 10-26-2020, 09:59 AM   #23
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,492

Rep: Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818
Quote:
Originally Posted by ondoho View Post
^ Yeah, I would take any such thing posted on either DUF or FDN (the 2 debian forums) with two grains of salt.
The DUF site was shut down early this year.
 
  


Reply

Tags
discord, safety, webapp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: 5 of the Best Discord Bots to Improve Your Discord Server LXer Syndicated Linux News 0 07-11-2019 01:21 PM
LXer: Discord at Libreboot Over GNU Withdrawal LXer Syndicated Linux News 0 09-19-2016 05:43 AM
LXer: How to install Discord on Linux LXer Syndicated Linux News 0 09-14-2016 12:34 AM
LXer: Discord At Last! Unix and Linux-y Humor LXer Syndicated Linux News 3 03-01-2009 04:38 AM
LXer: Debian discord over de-classified developer proposal LXer Syndicated Linux News 0 11-04-2008 09:20 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 07:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration