PDA

View Full Version : [all variants] BEWARE of links, etc.



eveg
July 26th, 2011, 02:25 AM
links are not the only way to get malicious code; please read the warnings posted by the forum administrators. [click on forum help, then forum faq. also try security discussions, in main support categories, right under absolute beginner talk.]
i realize this goes without saying to people who know much about computers, but in case you aren't aware, simply clicking on a harmless-looking link can let a cracker(malicious hacker) into your computer. i read a post recently by one of the forum administrators that mentioned there's been a problem here with malicious code.
most people here are probably good people who just want to help, but a few will be giving you 'solutions' to your computer problems that can make your problems much worse, in some cases without your ever knowing it. if you have any questions about what's been suggested, get a second opinion, or 3rd, or 4th...
one thing to look out for is anyone telling you to ignore an error message from your computer, that's a real red flag. and while some legitimate solutions to computer problems do involve turning your computer off and rebooting it, that is also a notorious necessary step in some sorts of cracking. if you have any suspicions about a post, i'd suggest you report the post and let someone official decide if it's malicious.

jtarin
July 26th, 2011, 02:46 AM
You might look at a persons number of post on the forum also.....while not a guarantee it does lend some veracity to their response.

eveg
July 26th, 2011, 02:53 AM
quite.
the link that prompted me to post this was from someone who joined this month and had 3 postss from google--- which would be enough to fool anyone niave]. however, you're right: as i'm pretty sure i've seen written here by someone official, just someone having a lot of beans isn't a guarantee that they know what they're doing and are safe to take advice from; it makes it liklier, but not certain.

eveg
July 26th, 2011, 03:29 AM
i was wondering if there was a list anywhere on the site of warnings, of sites we specifically don't want to click on links from, so if people saw a link to that site they could report the post.
or would it defeat the purpose, as most links are made to look harmless, or even secure, and someone niave might assume a link not on that list was safe?

uRock
July 26th, 2011, 03:41 AM
Moved to "Security Discussions".

uRock
July 26th, 2011, 03:43 AM
You might look at a persons number of post on the forum also.....while not a guarantee it does lend some veracity to their response.

Not always. I take all advice with a grain of salt and a moment of ponderance.

Dangertux
July 26th, 2011, 03:58 AM
i was wondering if there was a list anywhere on the site of warnings, of sites we specifically don't want to click on links from, so if people saw a link to that site they could report the post.
or would it defeat the purpose, as most links are made to look harmless, or even secure, and someone niave might assume a link not on htat list was safe?

Well -- there are blacklists , however the way malware developers work the url never remains for very long.

For a little added security you can check out using public DNS like, Google's nameservers, there are other options, but Google is a big name that everyone can latch on to. The way it works is they try to blacklist entries known for malware (note sometimes Google when searching or using Chrome will let you know a site has been known to have Malware on it). Google usually does a pretty good job at updating this, however as I said before new URLS pop up every day.

IMO the best security you can have is educating yourself. If you're following instructions from ANYWHERE, you really shouldn't just be blindly following them if you don't understand what they do. (Not just what the article or tutorial says they do). IF you are running any type of script, you should verify (by looking at the code) what it does before running it, period.

I have not noticed many individuals if any posting intentionally harmful code on this forum, but I also haven't been scouring the forum looking for it either.

Side note, I don't agree that rebooting a machine is necessarily a tell-tale sign of anything, most exploits do not require a reboot. Some may trigger a reboot due to crashing a particular service, this is common in Windows more then Linux.

Overall, common sense will pay off in the end in combination with best practices.

Thewhistlingwind
July 26th, 2011, 04:00 AM
You might look at a persons number of post on the forum also.....while not a guarantee it does lend some veracity to their response.

Posts don't give much either way to the quality of advice, low post count is an easy way to help spot a troll though.

NetDoc
July 26th, 2011, 04:04 AM
Security is not a product: its a process. As with anything in life, there will always be uncertainties and risks. The ultimate goal of hackers is to make you waste so much time that your life becomes as empty as theirs. Incorporate several layers of security and prepare to be hacked or infected at some time. Just don't let it ruin your fun.

eveg
July 26th, 2011, 04:32 AM
sorry i put this in the wrong place. thanx for moving it. is there any way people new to the forums could have to read something about malicious code, links that masquerade as things they aren't etc. before their account is created? i mean a person could skip it if they were determined to, but if it had a nice big headline like 'for your own safety, read this first', then at least it would help anyone new to computers who had the sense to read it.

d'tux: thanx for your reply. however i can't agree with you about rebooting. i believe it was in the recently published 'ubuntu unleashed' i read that if you suspect your system has been cracked, never just reboot it, because that enables some types of intrusion (things that've been left 'sleeping' as it were, and activate at reboot). [ in some circumstances you can disconnect the suspect machine from the system, but this could warn a cracker that they've been discovered, and prevent catching them. make a full backup (including system logs), and if necessary get a security professional in to see, if possible, how it's been cracked and set a trap for the cracker. (this is from ch 33 of the 2011 edition of ubuntu unleashed, 1st publication date dec. 2010.)]
also, while i quite agree with you about running something you find on the internet, i'm sure respected experts like the authors of the ubuntu linux bible or ubuntu unleashed aren't going to be circulating malicious code. admittedly, better to check the code yourself, but some of the newbies here aren't going to, and while even some books could be a problem (usually carelessly, rather than maliciously, but still...), some others are trustworthy.

Dangertux
July 26th, 2011, 04:54 AM
sorry i put this in the wrong place. thanx for moving it. is there any way people new to the forums could have to read something about malicious code, links that masquerade as things they aren't etc. before their account is created? i mean a person could skip it if they were determined to, but if it had a nice big headline like 'for your own safety, read this first', then at least it would help anyone new to computers who had the sense to read it.

d'tux: thanx for your reply. however i can't agree with you about rebooting. i believe it was in the recently published 'ubuntu unleashed' i read that if you suspect your system has been cracked, never just reboot it, because that enables some types of intrusion(things that've been left 'sleeping' as it were, and activate at reboot). disconnect the suspect machine from the system and make a full backup, and if necessary get a security professional in to see, if possible, how it's been cracked and set a trap for the cracker.
also, while i quite agree with you about running something you find on the internet, i'm sure respected experts like the authors of the ubuntu linux bible or ubuntu unleashed aren't going to be circulating malicious code. admittedly, better to check the code yourself, but some of the newbies here aren't going to, and while even some books could be a problem (usually carelessly, rather than maliciously, but still...), some others are trustworthy.

Well - I am not saying that rebooting can not trigger certain things to happen, it obviously can. However, what I am saying is that if a tutorial suggests rebooting your machine for some reason that it isn't a tell tale sign that it is doing something bad. Rebooting will restart all services on the machine , thus making whatever change was made effective. Granted this is not necessarily required in Linux as often as Windows, however sometimes it is. The same reason that making a change and rebooting works to make good things happen, it can also work to make bad things happen.

As far as setting up a "trap for crackers" and getting security professionals to look at a home system. The writer of that book must have quite a bit of money, as hiring a "security professional" to perform digital forensics on your machine is a tad bit costly. Setting a trap , that's again costly, and 9/10 times going to be ineffective as the odds of a desktop system attracting an APT are highly unlikely. Note, I'm not saying it's impossible. However, most exploitation that occurs on home systems is going to be as much the user's fault as the cracker. Since most "attacks" the average user will encounter require a great deal of interactivity on their part (whether they realize it or not)

That's just my opinion, however a lot of it is based on pretty well known statistics.

jtarin
July 26th, 2011, 09:31 AM
Not always. I take all advice with a grain of salt and a moment of ponderance.If you'll read again....I said, "while not a guarantee,it does lend some veracity"...what that level is I will leave for you to determine.

jtarin
July 26th, 2011, 09:35 AM
Posts don't give much either way to the quality of advice, low post count is an easy way to help spot a troll though.Read above.I said nothing about quality.

Dave_L
July 26th, 2011, 07:13 PM
is there any way people new to the forums could have to read something about malicious code, links that masquerade as things they aren't etc. before their account is created? i mean a person could skip it if they were determined to, but if it had a nice big headline like 'for your own safety, read this first', then at least it would help anyone new to computers who had the sense to read it.

In my opinion, the people most in need of such a warning would be the ones most likely to ignore it.

Dangertux
July 26th, 2011, 07:28 PM
In my opinion, the people most in need of such a warning would be the ones most likely to ignore it.

That is a very true statement and a very good point.

Chayak
July 26th, 2011, 08:06 PM
That is a very true statement and a very good point.

Do not click the dancing bunny link

"Given a choice between dancing bunnies and security, users will pick dancing bunnies every time"

You could install a script in Ubuntu that would pop up a warning every time the user opened a web browser not to click the highly malicious, dangerous, kitten killing dancing bunny with big pointy teeth link. Most users will close the warning window without even reading it and would whine about disabling it since they've seen it a hundred times. Then the day comes when they see:

Click to see the cute dancing bunny! OMG LOL! (http://www.youtube.com/watch?v=XcxKIJTb3Hg)

No matter how much you warn them there's always going to be people who click the link.

uRock
July 26th, 2011, 08:14 PM
Do not click the dancing bunny link

"Given a choice between dancing bunnies and security, users will pick dancing bunnies every time"
Happens every few weeks on FaceScan. A break out of bad links.

emiller12345
July 26th, 2011, 09:14 PM
Something that might be of help here is having a hosts file that contains has a listing of known spam sites and redirects them to 127.0.0.1, the loopback interface. there are many sites that have long lists of known malicious sites that you can use. I would verify that what ever listing you use, you check yourself using a command like:

cat hosts_1_from_internet hosts_2_from_internet | grep "^127\.0\.0\.1" | awk '{print $1" "$2}' | sort | uniq > newhosts
then add those to your own hosts file. Some entries you might not want in there like "127.0.0.1 ubuntuforums.org" so you'll need to remove them manually. It's not a firewall, but it has the potential to help when clicking on links in a browser.

eveg
July 28th, 2011, 04:31 AM
The same reason that making a change and rebooting works to make good things happen, it can also work to make bad things happen.

As far as setting up a "trap for crackers" and getting security professionals to look at a home system. The writer of that book must have quite a bit of money, as hiring a "security professional" to perform digital forensics on your machine is a tad bit costly.

That's just my opinion, however a lot of it is based on pretty well known statistics.


i'm not saying rebooting isn't sometimes necessary for good reasons, just that it's a bit of a red flag--- enough that you should take a close look at what's being suggested and who's suggesting it. [of course, you should always do that. they're not always that obvious about it.] if someone new to the forums offers you a link and wants you to reboot your machine, that looks like 3 strikes to me, and you shouldn't even click on it, to find out that the alleged 'fix' includes rebooting. if you've been niave enough to click on it and you find the link is being used to hide from public view that they're telling you to ignore error messages from your computer, continue what they've told you and then reboot, please do the newbies the kindness of reporting the post.

the ubuntu unleashed author is writing for home and professional users. for instance he goes into detail about setting up servers (among other things), and warns that while ubuntu is comparatively immune to virii, if your server connects to machines using windows, you could pick up virii harmless to you and deveatating to the windows users, so if using ubuntu professionally you should look into virus protection.