Results 1 to 3 of 3
Thread: Security dump
Enjoy an ad free experience by logging in. Not a member yet? Register.
I am going to off-load my security experiences within the past two days to see if it makes sense to anybody.
1) I was poking around and came across some old files for Iceape that I was removing, I no longer use the program. I happened to check my cache in the Firefox folder and found 4 pictures. 3 were of individuals, 2 I recognized from a webcam site I often visit. The third was man I have never seen before sitting at a convoluted workstation with a bottle of Johnnie Walker, exhausted. The fourth picture was a Japanese style multilevel house with a caption which read "Join Us".
I am aware that your cache may store images without your knowledge of why. The images of the two individuals of whose webcams I have visited, were not the angle they projected to the viewers. They were totally different angles, as in uploaded pictures.
One time while on this website a person in the chat said "video trap". Unfortunately I had no idea what he was talking about.
Obviously, I deleted my cache.
2) I had to go into windows to run chkdsk against my offline storage harddrive. I checked the event viewer to see if any messages were generated from the chkdsk.
What I found was more shocking that imagined. There was a remote logon done 2 days ago.
I have not used windows in about 6 months.
So I went into services and disabled anything involving "Remote".
3) Back in Linux, hard drive corrected I fired-up VLC. Again I was shocked. I monitor my cpu on the taskbar. VLC had been using 3/4's processor, suddenly it was only using a fraction of the cpu, and my system is performing like new.
I also monitor netstat, very frequently because for some unknown reason people are always screwing with me. There was one connection which I could not identify (established). Closing the browser (assuming they were tagging html) did not make it go away. After these changes - the ip came in and was immediately terminated.
Surely it is insane to think that a dual-boot with a firewall has a backdoor to Windows. Whether or not VLC factors in, I have no idea.
I absolutely love VLC. After getting current ffmpeg form their website - both VLC and Mplayer will play anything, flawlessly - including .ogg. (oops, except .wmap)
I have no idea how to process this information, and I will not try. Just keeping my eyes open for the next violation. And there will be a next one.
If I have my choice when I die. I will die trying to help somebody, and fighting evil on all fronts.
I am not disparaging any product. I love what I can do with Linux."Wisdom is justified of all her children"
.... as an after-thought. I probably did not need to mention vlc, only that my system was performing a LOT better. Of course this would result in better performance of all processes."Wisdom is justified of all her children"
After days of reflection, and the fact that my firewall is logging rejections from the router to my ip address... I have concluded that my problems seem to be initiated in the router.
The logging of rejections from the router ended on the same day I disabled all remote processes in Windows. (previously mentioned)
If somebody can get into your router, no operating system can be said to be at fault. From your router they can disguise a transaction as being initiated from within. Thus, the iptables firewall denials from my internal network. I think it might be called spoofing.
This can be especially troubling for dual-boot systems. You are in one operating system, while they are breaking into the other and trying to cross-over.
I am a operations "IS" guru - I know how to make computers do what they are designed to do, from an end-user standpoint, eventually.
However, IS/IT security is a very valid discipline which I do not have enough exposure to.
What I like about Linux is iptables. What I found on Windows is that after exhaustive firewall configuration - I caught my firewall vendor transmitting data to marketing firms (two different vendors). Clearly, their emphasis is not solely on security.
My conclusion: The firewall in my router was turned off. I thought this would help reduce network congestion and improve my Internet speed.
I have turned the firewall in my router back on, set it to maximum security and turned on traffic shaping. Thus, I have dual firewalls.
What I found in my routers security logs is that 1/4 of all traffic was inbound. A few Cam sites will not work. However - everything else works just fine. It is refreshing to know that most of the sites I visit are honorable. Nothing needs to come in if your browser initiates the transaction.
Also, My speed has increased. Web pages load so fast it startled me. This is where it stands now. A lot of this type of information you should really keep to yourself because you are telling people your vulnerabilities.
However, I do not operate from a position of fear. The fact is I could do without the Internet altogether. It is a lot of fun though.
Like I said,"for whatever reason - for which I do not care" I seem to be a person of interest. I will let you know of my next great adventure."Wisdom is justified of all her children"