Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Alright, I'm basically trying to get an overview about this topic, how widespread it is, and what security implications it has on computer users.
With the recent revelations about NSA massive illegal spying, backdoors, and related stuff I was beginning to wonder... Some pages leaked by Edward Snowden suggest that NSA is capable of infecting computers on the firmware level. This includes BIOS/UEFI, HDD controller firmware, network card firmware, CDROM firmware card reader firmware, and basically any other place inside the computer with NAND flash. This means that no matter how many times you completely format and reinstall the OS you'll always be owned. And traditional anti-virus scans do not detect these backdoors.
So generally how would someone detect this kind of backdoor infection? I am unaware of any anti-virus products that also scan the firmware. Are there any? Obviously it would take a lot of effort to manually perform the scan i.e. read all the firmware and compare it against known clean fingerprints to find out whether it's clean or not.
Another possibility I thought of is scanning for suspicious network traffic. This means running wireshark packet capture on the computer and also at an external device (i.e. router) where the traffic goes through. Then comparing the two captures could reveal hidden packets that don't appear in the local packet capture.
This topic has been opened numerous times on this discussion. I think it would be better to search for them and contribute your thoughts there rather than opening another thread about it. The reality is nobody really knows the reach of the NSA with exception of what the revelations said. I don't think there's much more this thread will contribute to this topic.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by sag47
This topic has been opened numerous times on this discussion. I think it would be better to search for them and contribute your thoughts there rather than opening another thread about it. The reality is nobody really knows the reach of the NSA with exception of what the revelations said. I don't think there's much more this thread will contribute to this topic.
I tend to agree and will add that I don't think the NSA (or MI5/6 over here) is anything one ought to worry about. There's more chance of some random kid in Colorado (as an example) putting some abuse images on your computer and calling a SWAT team than a government agency giving a damn what you get up to.
Deal with the threats you can manage and leave the spy stuff to those with millions in the bank.
If your computer came straight from the factory, was not diverted to one of the special NSA facilities for modification, and you have taken care when flashing any firmware and you take basic security precautions you shouldn't be too worried.
It is true however, that NSA is never not watching, so act as if they are watching.
Also note that a good amount of malware is transmitted through USB sticks. I avoid them completely.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by metaschima
If your computer came straight from the factory, was not diverted to one of the special NSA facilities for modification, and you have taken care when flashing any firmware and you take basic security precautions you shouldn't be too worried.
This is simply not possible in any country aligned with the US. I stand by what I said above but I don't, for a second, think that anyone in a country with treaties with the US can buy anything that isn't in some way controllable by government agencies of the US or their allies. Those not included in "US and allies" are likely to find that China, Japan, Russia et al are capable of much the same.
Edit:
Quote:
Originally Posted by metaschima
Also note that a good amount of malware is transmitted through USB sticks. I avoid them completely.
This is just silly. A USB stick that's "straight from the factory" is as safe as any other device or medium "straight from the factory". You should not use hard drives if you are avoiding USB sticks since anything said about a USB stick could be said equally about a hard drive.
Edit:This is just silly. A USB stick that's "straight from the factory" is as safe as any other device or medium "straight from the factory". You should not use hard drives if you are avoiding USB sticks since anything said about a USB stick could be said equally about a hard drive.
That's not true. See: http://www.linuxquestions.org/questi...at-4175489606/
A USB HDD, as long as it is not really a hacked USB stick inside, is safer than a USB stick. USB sticks run firmware that can be modified and do some very interesting things.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by metaschima
That's not true. See: http://www.linuxquestions.org/questi...at-4175489606/
A USB HDD, as long as it is not really a hacked USB stick inside, is safer than a USB stick. USB sticks run firmware that can be modified and do some very interesting things.
Hard drives have firmware too, you know, and will do more as things like shingled writing come out -- they can also have other circuitry added. As I said if the NSA really do want to monitor you you'll find your motherboard is bugged anyhow. You also should not use any USB device such as mouse or keyboard since they're all capable of doing the job of one another. No two-bit computer criminal is going to infiltrate a USB stick manufacturer just to steal your bank details unless your name is Gates, Ellison or some such.
So, as I said, a USB stick you buy new is as trustworthy as anything else.
If you want to inconvenience yourself due to paranoia then that's up to you but claiming there's something uniquely dangerous about USB drives is FUD pure and simple.
@metaschima: A USB HDD or USB stick is equally harmful. I think you misunderstood that thread and the links provided. USB sticks are more prone to this type of malware because their purpose is transporting data from a device to another device, and thus they are used in this manner in wider scale. And that's why they are discussed.. Replace USB stick with USB HDD wherever you want in those articles.
Just what exactly can infected USB sticks do? I mean ever since the autorun mechanism was disabled there's no more danger of autorun code execution. But still suppose that the USB stick has been hacked at the firmware level. Can it somehow infect the computer by the USB protocol? I hear firewire enables DMA that can be used to gain complete unrestricted access to the machine memory. Can something like this be done with USB?
I don't care for the accusations of FUD against me. You have all the information, you decide for yourself.
I strongly believe (and you might if you actually looked at some of the links) that due to their size, capabilities, and ubiquity USB sticks as opposed to other USB devices are a potent security threat that has reared its ugly head numerous times in the past and will continue to do so. Sure, other devices are possible threats, especially ones specifically designed for it, like the Teensy. I just don't understand why they don't sell in in a USB stick form, so it looks less of a threat.
I will have to unsubscribe from this thread now, because I don't see any future for it. The question is not specific enough, and there is a strong smell of paranoia in the air.
There have been lots of articles about "the Internet of Things," pointing out that the programmable devices ... routers and so-forth ... that make up the Internet's infrastructure can be exploited, and that they are. It's critical to keep these things, also, up-to-date.
But as WE for ARE the NSA itself, I really WATCHING don't YOU think P.S. that there's YOUR LEFT anything SHOE to worry IS UNTIED about ...
Radio monitoring equipment for cross talk may help, monitoring room temerature and casement temperature for anamolies could help. Moving to a solid state non flash memory using optics can subvert EMP and static electricity attacks. Though science fiction, a trained set of nanites could really help in a counter attack.. I have deemed such spying as an attack for the simple reason the data gathered in investigation can be used for attack, prevention and intuitive safe gaurds. Network cards these days are like mini routers they have testing and diagnostic modes. With correct hardware you can flash these cards. Overall, you are not secure and if one organization has such technology it would be nieve to assume others do not. If it is in use - many of us are unaware. It would make news headlines in the instance such tech caused disaster or corruption.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.