Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)

2012-05-14 Thread Orna Agmon Ben-Yehuda 
1. My parents' Windows machine got infected with a very hard-to-get-rid-of
virus that turned their machine, which was no server at all, into an SMTP
machine, and used it for massive mail operations.

2. When I was a checker for Wikipedia, I could check the IP of registered
users who violated Wikipedia rules (vandalized pages - in particular,
placed the Nazi flag in Jewish pages). I tried to trace the machine they
were using, and file a complaint (or enable others to file a complaint) to
the relevant body: the ISP (in case of a home connection) or the company
whose machine it was. In some of the cases, the vandalizer used compromised
machines - machines that were known to vandalizers to be open for such use.


On Mon, May 14, 2012 at 3:20 AM, Eli Billauer  wrote:

> **
> Indeed, it's wise to have the firewall up.
>
> But what I tried to figure out, was if something real actually happened to
> someone. Port scanning is indeed unpleasant to watch if you're unprotected,
> but would something really happen if you dropped your firewall? Would
> whoever scanned those ports attack a Linux computer?
>
> Not that I volunteer to try that out myself. And still.
>
>
> On 05/14/2012 02:58 AM, guy keren wrote:
>
>
> at least in the past - the risk was real.
>
> when i first connected my computer to the internet via ADSL, and set up
> firewall rules - i was surprised to see that i get many (hundreads) of
> failed network connections from around the world.
>
> what people do, is run software that scans complete address (IP) ranges,
> and attempt to find exploitable services on them.
>
> the solution, on my part, was to close down everything i could at the
> firewall level, and try to keep the open services (e.g. the kernel itself,
> ssh server, etc) updated. keeping things updated was annoying with redhat -
> specifically the distribution updates - and is one of the reasons i
> switched to ubuntu. i tend to keep to the LTS (long term support - 3 years)
> versions of ubuntu - and try to be in long delay after the latest
> distributions - after having the diss-pleasure of upgrading too early to
> 8.04 (or something).
>
> --guy
>
> On 05/14/2012 12:45 AM, Eli Billauer wrote:
>
> Hi,
>
> Since my not-so-updated software versions became an issue in itself
> (somehow I always get that) I wondered: Leave alone the unpleasant
> feeling of knowing your computer *could* be exploited, are there any
> real cases of attacks against personal, non-server Linux machines? The
> need to protect a server or a shared machine is obvious. But when it
> comes to a personal computer, is there any real life justification to be
> anything else than completely indifferent to those risks? Or can we in
> fact take a kibbutz approach of leaving the door open, knowing that we
> may invite someone to break in, but that doesn't really happen?
>
> This is not a question about what can happen, but what really does.
>
> And just to wrap up the original subject: I was reluctant to try
> mail-notification, because my mail filters move around the mails as they
> arrive. So I suspected things would get messy using a tool that
> apparently polls the mail box files directly.
>
> Anyhow, my solution ended up to be the Gnome Integration add on. I also
> installed Mail Tweak, which among others allowed me to set HTML + Plain
> text as the default outgoing mail format.
>
> Eli
>
>
>
> --
> Web: http://www.billauer.co.il
>
>
> ___
> Haifux mailing list
> Haifux@haifux.org
> http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
>
>


-- 
Orna Agmon Ben-Yehuda.
http://ladypine.org
___
Haifux mailing list
Haifux@haifux.org
http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux

Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)

2012-05-14 Thread Eli Billauer 
Two interesting cases indeed, but neither matching my question: The 
first one was a Windows machine and the second we don't know.


Exploiting machines as a platform for your own nasty business is 
probably the most common reason to attack a personal desktop. It's also 
the situation with the least local damage: You fix the problem, 
apologize, and go on with your life. I would say upgrading all the time 
is worse in terms of efforts, and the number of mishaps you're expected 
to have (I'm still working on getting this mail sent out as plain text 
after upgrading my Thunderbird).


   Eli

On 05/14/2012 11:25 AM, Orna Agmon Ben-Yehuda wrote:
1. My parents' Windows machine got infected with a very 
hard-to-get-rid-of virus that turned their machine, which was no 
server at all, into an SMTP machine, and used it for massive mail 
operations.


2. When I was a checker for Wikipedia, I could check the IP of 
registered users who violated Wikipedia rules (vandalized pages - in 
particular, placed the Nazi flag in Jewish pages). I tried to trace 
the machine they were using, and file a complaint (or enable others to 
file a complaint) to the relevant body: the ISP (in case of a home 
connection) or the company whose machine it was. In some of the cases, 
the vandalizer used compromised machines - machines that were known to 
vandalizers to be open for such use.



On Mon, May 14, 2012 at 3:20 AM, Eli Billauer > wrote:


Indeed, it's wise to have the firewall up.

But what I tried to figure out, was if something real actually
happened to someone. Port scanning is indeed unpleasant to watch
if you're unprotected, but would something really happen if you
dropped your firewall? Would whoever scanned those ports attack a
Linux computer?

Not that I volunteer to try that out myself. And still.


On 05/14/2012 02:58 AM, guy keren wrote:


at least in the past - the risk was real.

when i first connected my computer to the internet via ADSL, and
set up firewall rules - i was surprised to see that i get many
(hundreads) of failed network connections from around the world.

what people do, is run software that scans complete address (IP)
ranges, and attempt to find exploitable services on them.

the solution, on my part, was to close down everything i could at
the firewall level, and try to keep the open services (e.g. the
kernel itself, ssh server, etc) updated. keeping things updated
was annoying with redhat - specifically the distribution updates
- and is one of the reasons i switched to ubuntu. i tend to keep
to the LTS (long term support - 3 years) versions of ubuntu - and
try to be in long delay after the latest distributions - after
having the diss-pleasure of upgrading too early to 8.04 (or
something).

--guy

On 05/14/2012 12:45 AM, Eli Billauer wrote:

Hi,

Since my not-so-updated software versions became an issue in itself
(somehow I always get that) I wondered: Leave alone the unpleasant
feeling of knowing your computer *could* be exploited, are there
any
real cases of attacks against personal, non-server Linux
machines? The
need to protect a server or a shared machine is obvious. But
when it
comes to a personal computer, is there any real life
justification to be
anything else than completely indifferent to those risks? Or can
we in
fact take a kibbutz approach of leaving the door open, knowing
that we
may invite someone to break in, but that doesn't really happen?

This is not a question about what can happen, but what really does.

And just to wrap up the original subject: I was reluctant to try
mail-notification, because my mail filters move around the mails
as they
arrive. So I suspected things would get messy using a tool that
apparently polls the mail box files directly.

Anyhow, my solution ended up to be the Gnome Integration add on.
I also
installed Mail Tweak, which among others allowed me to set HTML
+ Plain
text as the default outgoing mail format.

Eli 



-- 
Web:http://www.billauer.co.il
 



___
Haifux mailing list
Haifux@haifux.org 
http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux




--
Orna Agmon Ben-Yehuda.
http://ladypine.org




--
Web: http://www.billauer.co.il

___
Haifux mailing list
Haifux@haifux.org
http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux

Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)

2012-05-14 Thread Nadav Har'El 
On Mon, May 14, 2012, Eli Billauer wrote about "Re: [Haifux] Is the risk real? 
(Was: New mail icon for Thunderbird over Gnome)":
> Exploiting machines as a platform for your own nasty business is
> probably the most common reason to attack a personal desktop. It's
> also the situation with the least local damage: You fix the problem,
> apologize, and go on with your life. I would say upgrading all the

And how exactly do you "fix the problem"? It's not as easy as you think
to clean rootkits, viruses, and so on. Most of the time, you end up
reinstalling the machine - which is anything but easy.

Moreover, it's not easy even *knowing* that you're infected. Most people
will simply never know - they may feel something is a bit strange, but
never know why.

> time is worse in terms of efforts, and the number of mishaps you're
> expected to have (I'm still working on getting this mail sent out as
> plain text after upgrading my Thunderbird).

My update efforts, on Fedora, can be summarized by running "yum update"
every day (not really an effort, can be done automatically), and
"preupgrade" (a full distro upgrade) twice a year. That's it. And I'm
not only better protected, I also have new and improved software all the
time. I don't know why anyone would want look for alternatives.

Nadav.

-- 
Nadav Har'El|Monday, May 14 2012, 
n...@math.technion.ac.il |-
Phone +972-523-790466, ICQ 13349191 |The meek shall inherit the Earth, for
http://nadav.harel.org.il   |they are too timid to refuse it.
___
Haifux mailing list
Haifux@haifux.org
http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux