Find the answer to your Linux question:
Page 1 of 4 1 2 3 4 LastLast
Results 1 to 10 of 38
I have a dual boot system (WinXP / Mandrake 9.2). I was using WinXP the other day and just as i was browsing the internet i got one of those ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2003
    Location
    Cyprus
    Posts
    96

    Security Question!


    I have a dual boot system (WinXP / Mandrake 9.2). I was using WinXP the other day and just as i was browsing the internet i got one of those annoying pop up windows. The thing was that it had the following information in it: my ip address, the os i am running, my isp and even a list of my folders on my C: disk. Is there a way to prevent other people from acquiring the above info or does Linux takes care of this by default in the default installation. I no nothing of Linux security and have no knowledge of programming or scripts.

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    It would be strange if they could not get your IP address. If they didn't have it, they wouldn't be able to serve content to you. However, giving out your IP address isn't dangerous, so that's nothing to worry about. The only way to block it is to rip out your network cable, since without revealing your IP address, you won't be able to contact any servers - that's the point of the IP address. Remember, it is your computer that is contacting theirs since it has opened a pop up.
    Similarly, it's easy to make TCP fingerprinting to find out the operating system. "nmap -O" does the same thing. If you block that functionality, your system wouldn't be a compliant IP node anymore. However, that's not dangerous either - it's just a standard TCP option and can't do you any harm; it doesn't mean that you've been cracked or something.
    In the same way, finding out someone's ISP is just a matter of calling the relevant whois server - whois.arin.net for American nodes, whois.ripe.net for European nodes and whois.apnic.net for Asian nodes. Try running "whois -h whois.ripe.net 82.182.133.20", and you'll see what ISP I have. This is completely impossible to block, since it's not even located at your computer. It's part of the standard internet address block registry that is maintained by the organizations that hand out IP addresses to ISPs.
    All these three can just as easily be done in reverse. It is the simplest thing in the world to present the same information about the people who presented it to you, and it's not illegal or even undesirable. It's not even cracking - it's standard functionlity.

    If there is anything that you could need to worry about, it is the fact that they could display files from your hard drive. However, I believe that is done via a harmless embedded component. In the same way that Explorer (not Internet Explorer, but the Windows graphical shell) embeds file viewer controls via HTML, I'm fairly sure that they can do it too. That doesn't give them any power over your computer, though - the file viewer control only takes commands from you.
    Therefore, I think that all that is completely harmless - just a way of tricking you into buying some worthless home security product by displaying information that seems as if they aquired by cracking your system. I'm not completely sure about that file list, though, so don't take my word on that one.

    In any case, you don't have to worry about that happening on Linux. Of course, the three first points can still be found, since that's basic and completely harmless functionality, but they won't be able to do the fourth one (the file list thing) at all if you're running Linux.

  3. #3
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    To show you, I designed a page myself that does about the same thing, except for the file list. Try it out at http://www.dolda2000.com/~fredrik/info.php.

    It also has an option to let you see its source code, so that you can see how it's done.

  4. #4
    Just Joined!
    Join Date
    Jun 2003
    Location
    Cyprus
    Posts
    96
    Thanks Dolda2000 you've been very helpful as always!!!

  5. #5
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    In fact, I have seen that this kind of fraud is rather common, and I can very well see how it can scare people who don't know this. Therefore, I'm setting this post as sticky so that everyone can see that those things really are harmless.

  6. #6
    Linux Engineer
    Join Date
    Sep 2003
    Location
    Knoxhell, TN
    Posts
    1,078
    on the file list thing:
    i've seen sites that list the contents of your drive (i was using windoze at the time).. at first i thought they had actually retrieved my directory information, but in reality all they had done was to make IE display the info off my drive to me... don't know how it's done, though.. i don't know any html... seem like it would be a simple thing to do, though..

  7. #7
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    It's probably some script engine whose permission blocking is a bit off or anything.

    However, I have seen these sites do actually really bad things. Once, I was going to fix an error on my sister's computer, which is running WinXP, when I also got one of these popups. I clicked it to check what they could do, and they showed me a plethora of like six things, whereof five were completely harmless. However, the sixth was kind of scary; it could actually eject the CD ROM. Of course, I don't know Windows even a tenth as well as I know Linux, but I'm fairly sure that that isn't possible without remote execution of code. Similarly, I have heard reports of porn sites that are capable of installing programs on your computer by surprise (trust me, I haven't seen it myself; I don't even have Windows installed on my computer =) ), which is another thing that has to be impossible without remote execution of code.

    What I am suspecting is that some of these sites are using some of the bugs that have been found in Internet Explorer over the last months, several of which allow for remote execution of code (yes, that would constitute cracking, and is most likely illegal). At least one of them was a vulnerability in the HTML parser, so it is true that you should never trust a system that runs Internet Explorer (or Windows, for that part, considering all the bugs in the DCOM and Messenger services and all others) with any kind of sensitive stuff, if at all.
    It is fully possible for someone to crack your Windoze system just by making you request a HTML page from their server, unless you have fully patched your system, which most people haven't. And even then, I wouldn't bet that there aren't any such bugs that can be exploited, since new such bugs are discovered in more or less every single newsletter I get from SANS each week.

    As far as I have seen, no such bugs has this far been discovered in Mozilla, so even if you want to use Windows instead of Linux, you should install and use Mozilla instead of Internet Explorer if you want to be safe. Actually, you should anyway, since Mozilla is much more standards compliant than Internet Explorer. I warmly recommend MozillaThunderbird for Windows.

  8. #8
    Linux Enthusiast scientica's Avatar
    Join Date
    Sep 2003
    Location
    South- or "Mid-" Sweden
    Posts
    742
    Quote Originally Posted by Dolda2000
    However, the sixth was kind of scary; it could actually eject the CD ROM. Of course, I don't know Windows even a tenth as well as I know Linux, but I'm fairly sure that that isn't possible without remote execution of code. Similarly, I have heard reports of porn sites that are capable of installing programs on your computer by surprise (trust me, I haven't seen it myself; I don't even have Windows installed on my computer =) ), which is another thing that has to be impossible without remote execution of code.
    Sounds to like maybe VBScript, ActiveX (or maybe, but not likley, java). Maybe it's JScript (MS queer version of JavaScript) with an embedded file (some file that might load M$ media player, maybe an empty mp3 or wma file, which maybe is controllable via JScript - wouldn't surprise me if ms is "kind" 'nuff to let JScript do that)
    Most of these modem hijacks are made by luring ppl in to intsalling the software manually, often a nice site that looks 'respectable', they have anice picture of the sw install warning window, and some nice installation instrucions (5-10 steps of click here and there). Just as if it was the flash player they were installing.
    It's not just pr0n sites that uses this kind of scams, even some download sites do/tries to, it doesn't even have to be promisess of unlimited warez access, I've seen sites which make it appear as if it's freeware/shareware apps like winzip the user is downloading, but it might actually be a modem hijacker instead of winzip.



    (btw, I use mozilla Firebird in Windows and linux works like a charm, mozilla fb, not windows )
    Regards Scienitca (registered user #335819 - http://counter.li.org )
    --
    A master is nothing more than a student who knows something of which he can teach to other students.

  9. #9
    Linux Engineer
    Join Date
    Dec 2002
    Location
    New Zealand
    Posts
    766
    its nothign that fancy. if i remember corectly (i used this once to scare my little brother)

    <iframe src="file://localhost/c/" ></iframe>

    if a windows user opens that code it will show their c drive on the page, which looks kinda scary. Its harmless as far as i can tell, and is OS dependant. as u can see, this would do nothing but show up blank for all of you.

  10. #10
    Linux Enthusiast scientica's Avatar
    Join Date
    Sep 2003
    Location
    South- or "Mid-" Sweden
    Posts
    742
    Quote Originally Posted by Hellmasker
    its nothign that fancy. if i remember corectly (i used this once to scare my little brother)

    <iframe src="file://localhost/c/" ></iframe>

    if a windows user opens that code it will show their c drive on the page, which looks kinda scary. Its harmless as far as i can tell, and is OS dependant. as u can see, this would do nothing but show up blank for all of you.
    iirc <iframe src="file://c:/" ></iframe> or <iframe src="c:" ></iframe> should be it, using file://localhost will mostlikley cause an 404.
    [edit]ok it did work with file://localhost (I'm posting from school, they run 2k... :/ )[/edit]
    Regards Scienitca (registered user #335819 - http://counter.li.org )
    --
    A master is nothing more than a student who knows something of which he can teach to other students.

Page 1 of 4 1 2 3 4 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •