Backdoor?
This is about a security problem I have encountered using either Linux Mint 19.1 or Ubuntu 18.04 LTS. Long story, short I ended up tracking newly created processes in my system. One day I discovered unexpected uses of screenshot every 10 minutes (process name: gnome-screenshot, parent pid=1). At the exact same time, wireshark showed me packet transfers to either 104.198.143.177 or 104.197.3.80 (connectivity-check.ubuntu.com). NetworkManager was the process which sent the packets and this functionality was enabled by a package called network-manager-config-connectivity-ubuntu.
Can we conclude this functionality is an issue? The good news is Network Connectivity Checking can be turn off in Ubuntu 18.04 LTS omgubuntu. |
Damn, that's frightening. Network connectivity checking I get, but why the need for a screenshot? I'd be searching for a new distro, posthaste. Oh wait, I no longer use Linux.
|
And people complain about Windows phoning-home......
|
I use Linux everywhere, but I stopped using anything Ubuntu based LONG ago. I do not trust them.
|
Quote:
|
Quote:
|
Quote:
|
Quote:
as for the backdoor could it be systemd that is the problem? |
Quote:
|
Sending screenshots from your PC to some one "out there somewhere" ??
That sounds like Panic Button to me... |
Oh my, this seems to be a rather frightful behavior. Do we know anything about how it works or how it sends the screenshots for once? There are many here who use Ubuntu and Ubuntu-based distros, and although I personally don't use it, I don't speak for the others, should they know about this too?
(I wonder if distros like Trisquel would even be affected, considering that their first policy is to make everything free as in freedom) |
Quote:
I did not find a, "Did you find this post helpful? section that I could click. So, I just wanted you to know that your post was very helpful to me. I am starting to use Ubuntu and I do want to know what security issues, and other issues related to Ubuntu, in order to know the downside, and benefits, of Ubuntu and how to correct the issues that need corrected. Keep us informed of any other issues that we need to be concerned about. |
whois says:
NetRange: 104.196.0.0 - 104.199.255.255 NetName: GOOGLE-CLOUD Comment: ** The IP addresses under this netblock are in use by Google Cloud customers ** |
A source code analysis in this post : https://forum.mxlinux.org/viewtopic....481509#p481509
|
Quote:
Quote:
|
All times are GMT -5. The time now is 06:59 PM. |