Re: Is my box compromised?
- From: Bit Twister <BitTwister@xxxxxxxxxxxxxxxx>
- Date: Sun, 7 Mar 2010 18:28:21 +0000 (UTC)
On Sun, 07 Mar 2010 17:52:07 +0100, userid wrote:
I'm running Mint 8, an Ubuntu derivate. I've tested the firewall on a
couple of security sites and it looked ok.
Yes, sounds like front door secured and backdoor left unlocked.
Black hats have moved from web side attacks to web client exploits
and through downloaded media files (flash, pdf, gif, MP3, WMA, WMV, MP2,...)
Ubuntu - as far as I understand ;) - uses a mixed policy: you log in as
a normal user but, using the same password, you may become a sudoer.
Yes, seen that policy. Instead of having to crack user and root passwords,
cracker just needs to crack one password. :(
I normally browse with user account (apparently, by default, there's no
Hmmm, try these three commands in a terminal.
grep browser /etc/passwd
grep root /etc/passwd
But, shouldn't you see these popups every time, then?
They popped up just once,
Yep, to further hinder Anti-virus vendors from getting their hands on
a copy of malware, the infected site can keep a record of ip addresses
and not attempt to serve malware to an already logged ip address.
I was thinking to the mechanics of someone using my box as a proxy.
Think of a proxy as a software router which redirects traffic.
Normally it is transparent to the user.
Does it make any sense that _my_ browser pops something up?
Depends on the malware's design/goal in life. If it needs to click a
window or enter data, then yes.
Or, should it be invisible?
Well designed malware will keep it's activity hidden as much as possible.
Thank you very much for these suggestions, I would try them. I just
think though that a separate account to browse is far too complicate to
me, since I need it to work. It would be an endless switching
Hehehe, maybe a 5 line change, max, to /etc/sudoers
a little script that does a
qdbus org.kde.kwin /KWin org.kde.KWin.setCurrentDesktop 3 > /dev/null
xterm -e sudo /bin/su -l browser_login_id
and a desktop shortcut which runs script. Click shortcut, desktop switches
to desktop window 3 and launches log in into browser_login_id.
Above qdbus command assumes your running KDE4.x as desktop manager.
~browser_login_here/.bash_profile has something like
/bin/rm -rf .mozilla .macromedia
tar -xpvf $HOME/firefox.tar > /dev/null 2>&1
That assumes you have already tar'ed up .mozilla and .macromedia into
Upside, poisoned cache, cookies, memory, dns cache are deleted upon exit.
Downside to above is bookmarks are also deleted.
Not a problem for me. I keep urls with keyword hints in an ascii file.
I have a script to grep the file. example
$ urls bash doc
http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html ! basic shell bash doc
http://gentoo-wiki.com/MAN_bash ! documentation
http://cfaj.freeshell.org/shell ! bash script tips usage doc
http://tldp.org/LDP/abs/html/index.html ! bash script advanced documentation
http://mywiki.wooledge.org/BashFAQ/050 ! bash script variable expansion doc
- Re: Is my box compromised?
- From: usrID
- Re: Is my box compromised?
- Prev by Date: Re: Is my box compromised?
- Next by Date: Re: Is my box compromised?
- Previous by thread: Re: Is my box compromised?
- Next by thread: Re: Is my box compromised?