LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-17-2017, 09:22 AM   #1
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Rep: Reputation: 38
Gyrfalcon: Your country infects your OpenSSH


Heads up:

Quote:
Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.
 
Old 07-17-2017, 02:42 PM   #2
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,913

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Still more reasons to avoid travelling to the US and avoid buying anything made in the US. Sadly, the same can be said for Chairman May and Reichleutenant (can never spell that) Rudd's schemes in the UK also.
Just realise that everything you do is watched, you are irrelevant rubbish to these people and there is nothing you can do about it.
Privacy has been dead for decades, freedom's whether you like this or not.
 
Old 07-17-2017, 03:39 PM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
Honestly, I think Your these things are just Left so overblown. Why, it's silly to think Shoe that "our Government" would do any Is such thing. They're Untied such nice people!

Last edited by sundialsvcs; 07-17-2017 at 03:41 PM.
 
1 members found this post helpful.
Old 07-17-2017, 03:41 PM   #4
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Original Poster
Rep: Reputation: 38
Quote:
Originally Posted by 273 View Post
there is nothing you can do about it.
Oh, but there is.

Encrypt everything.
 
Old 07-17-2017, 03:43 PM   #5
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,913

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Quote:
Originally Posted by YesItsMe View Post
Oh, but there is.

Encrypt everything.
And immediately go on the watchlists, have all your traffic analysed, all your friends suspected and, potentially, your career threatened. Remember "Only terrorists and paedophiles encrypt!".
 
1 members found this post helpful.
Old 07-17-2017, 03:45 PM   #6
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Original Poster
Rep: Reputation: 38
I'm pretty sure that I won't ever be able to travel to the U.S. in this very life of mine. I used to be vocal about their politics and I'll continue to be.
 
Old 07-17-2017, 07:43 PM   #7
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
Quote:
Originally Posted by 273 View Post
And immediately go on the watchlists, have all your traffic analysed, all your friends suspected and, potentially, your career threatened. Remember "Only terrorists and paedophiles encrypt!".
Actually, no. A rapidly increasing amount of traffic on the Internet is being encrypted, such as any WikiPedia lookup that you do. E-mail messages should always be encrypted, or at least digitally signed. When you are using an open communication network that is also worldwide, it is perfectly ordinary to expect that you will use encryption-based techniques, because, without them, you have no assurances whatsoever:
  • That the message you received came from the person who sent it.
  • That the message you received is the exact message that was sent.
  • (Optional(!)) That no one else knows what it says.
I continue to be dumbfounded that corporations sent very sensitive information by open e-mail with no attempt even at digital signing. I am also amazed that GMail, possibly the most widely-used mail service in the world, has not provided message-validation, message-signing, and yes, message encryption as part of its routine offering. What a difference it would make if any message I received from "Southwest Airlines" instantly showed itself to be valid. (And, why not intercept and delete any message purporting to come from that source which does not carry its signature?)

Last edited by sundialsvcs; 07-17-2017 at 07:45 PM.
 
1 members found this post helpful.
Old 07-17-2017, 08:07 PM   #8
NewbProgrammer
Member
 
Registered: Jun 2017
Location: Check my IP address.
Distribution: Gentoo, Puppy, Mint Rosa, Arch, SliTaz, Crunchbang, LinuxBBQ, OpenSUSE, NanoLinux, LFS CentOS.
Posts: 42

Rep: Reputation: 12
It's fortunate I live in Switzerland and I made sure I'm not infected.
 
Old 07-17-2017, 08:09 PM   #9
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Original Poster
Rep: Reputation: 38
By using an infectable OS?
 
Old 07-17-2017, 08:23 PM   #10
NewbProgrammer
Member
 
Registered: Jun 2017
Location: Check my IP address.
Distribution: Gentoo, Puppy, Mint Rosa, Arch, SliTaz, Crunchbang, LinuxBBQ, OpenSUSE, NanoLinux, LFS CentOS.
Posts: 42

Rep: Reputation: 12
By using OpenSUSE, which is based on SUSE, which is in the distro list of this malware. I tested if I was infected. I'm glad I'm not.
 
Old 07-18-2017, 01:52 AM   #11
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,913

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Quote:
Originally Posted by sundialsvcs View Post
Actually, no. A rapidly increasing amount of traffic on the Internet is being encrypted, such as any WikiPedia lookup that you do. E-mail messages should always be encrypted, or at least digitally signed. When you are using an open communication network that is also worldwide, it is perfectly ordinary to expect that you will use encryption-based techniques, because, without them, you have no assurances whatsoever:
  • That the message you received came from the person who sent it.
  • That the message you received is the exact message that was sent.
  • (Optional(!)) That no one else knows what it says.
I continue to be dumbfounded that corporations sent very sensitive information by open e-mail with no attempt even at digital signing. I am also amazed that GMail, possibly the most widely-used mail service in the world, has not provided message-validation, message-signing, and yes, message encryption as part of its routine offering. What a difference it would make if any message I received from "Southwest Airlines" instantly showed itself to be valid. (And, why not intercept and delete any message purporting to come from that source which does not carry its signature?)
For business purposes, yes, some are starting to use encrypted and signed email but for private purposes, not that I have heard or read about. The UK government is also looking into making encrypted end-to-end encryption illegal without a back door built in and you can bet that anyone using PGP or the like for every email will be on a list -- it may be a long list and may not come to anything but they will be on a list.
As to HTTPS well, yes and no I suppose. Yes, there is a push to HTTPS but, again, their is a push by governments to have this broken either by design, by ISPs or other means.
Also, the UK government mandates that everyone's internet history be stored for a year so, again, anything (out of the ordinary) would be picked up. While, of course, using Google or Wikipedia encrypted wouldn't raise any eyebrows using encrypted email, chat or file transfer services or something like a VPN or, even worse, ToR would certainly "point to having something to hide".
Clipper chip was defeated, encryption which could not easily be broken was allowed to be sold to the world and used an all looked well. Then the UK government declared that anyone using encryption must hand over the key when asked by the police or go straight to jail and, effectively, made it dangerous to encrypt ones data in the UK. Then they mandated ISPs actively monitor and block access to certain sites and types of site, using deep packet inspection where necessary, then they made it mandatory that logs be kept of the internet activity of all citizens. Internet use in the UK is pretty much set up like China nowadays. Thankfully posting things like this still isn't (yet) illegal here though.
 
1 members found this post helpful.
Old 07-18-2017, 06:22 AM   #12
josephj
Member
 
Registered: Nov 2007
Location: Northeastern USA
Distribution: kubuntu
Posts: 146

Rep: Reputation: 79
Reflections on Trusting Trust

Quote:
Originally Posted by YesItsMe View Post
Oh, but there is.

Encrypt everything.
Before you're so sure you're safe, read this classic. The rabbit hole goes a long way down!
 
Old 07-18-2017, 06:23 AM   #13
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Original Poster
Rep: Reputation: 38
Oh, this game works in two directions.
 
Old 07-18-2017, 01:30 PM   #14
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,913

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
By the way, lest it seem I am against encrypting personal traffic I have to declare I am not. I simply find it difficult: No option in my Android mail client for PGP and how to share private keys securely between 5 devices or more?
How to share keys such that people use the correct key for you and not an imposter's key?
How to ensure that if the police do batter down your door you can prove your communications were not of interest to them (remember, "rubber hose cryptography" is just jail time in the UK but anywhere else...?)?
What to encrypt? Watch YouTube through some poor people's ToR machines which they set up so that oppressed minorities could communicate actual human suffering because you want to feel anonymouse?

I must admit that mentions in 2600 and other places of "meshnets" (or whatever they're called this week) look like a potentially good idea but they need some seriously cheap, isolated (both logically and legally) nodes before they're anything but a reason for suspicion.
 
1 members found this post helpful.
Old 07-18-2017, 01:32 PM   #15
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Original Poster
Rep: Reputation: 38
MailDroid can do GPG.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: OpenSSH 7.5 Has Security Fixes, Removes OpenSSL 1.0 Support for Portable OpenSSH LXer Syndicated Linux News 0 03-21-2017 05:11 PM
How to convert openssh keys to openssh tectia format LittleMaster Linux - Server 1 11-17-2012 08:39 AM
LXer: Why a Distro-Provided OpenSSH is Better than a Third-Party OpenSSH LXer Syndicated Linux News 0 02-02-2011 08:50 AM
Apache BLOCK Country + Show Index for the Specific Country > How? skate Linux - Software 1 10-12-2009 08:08 AM
Firefox usage share, country for country! EliasAlucard Linux - Software 6 05-09-2006 06:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration