Re: [gentoo-user] [OT] Being Facebook member: How to anon?
* Dale[2017-10-22 11:53:36 -0500]: Another thought, what about using Tor to make it so it can't track IPs as well? Joost, you have a thought on that? My approach would be the following Default browser should block all things owned by Facebook. Facebook Browser should be routed through TOR, and only used for Facebook. I think that routing your traffic through TOR, or a VPN would achieve the most privacy. You can use a different profile or browser to go to Facebook, but I don't think that alone will stop them from tacking you. Other websites will pull in javascript from Facebook for some type of integration. Even if you're not logged into Facebook I'm sure they're experienced enough to cooralate that "This IP with this OS around this time read this blog about 3D printing, and went to a 3D printing group on Facebook. Probably the same person."
Re: [gentoo-user] vsftpd anonymous upload illegal PORT command
On 08/03/2017 05:13 AM, Walter Dnes wrote: > I'm trying to upload files from an OS/2 VM in machine A to anononymous > upload on another machine on my home LAN. I'm using the allegedly "very > simple" ftpd and getting nowhere, and Google isn't helping. To simplify > things, I built vsftpd without ssl, and iptables is off on both > machines. I don't think it's related to PASV, because the ancient ftp > client on the OS/2 VM doesn't understand the "ftp -p" option. My > /etc/vsftpd/vsftpd.conf file is... > > listen=YES > local_enable=NO > anonymous_enable=YES > anon_upload_enable=YES > write_enable=YES > anon_mkdir_write_enable=YES > anon_root=/home/ftp > pasv_enable=YES > pasv_min_port=3 > pasv_max_port=30100 > port_enable=YES > allow_writeable_chroot=YES > > I successfully log in as user "anonymous", password "anonymous", > execute "bin". When I try uploading a file, I get the 500 PORT error. > Anybody have a working config? Or another simpler ftpd server? > Are you able to upload files from other machines than this particular VM? I don't have any problems uploading using your config. Who owns /home/ftp? I think by default vsftpd will change the owner to root which would cause problems.
Re: [gentoo-user] Re: Choosing between system profiles: hardened and desktop for desktop installation.
On 07/06/2017 12:28 AM, R0b0t1 wrote: > To be fair it is a bit more circuitous on Linux than it is on Windows. > Even if you use (or abuse?) /proc as I outlined in my blurb on > GRsecurity you can't directly cause another process to start executing > your code directly, but you can edit its memory, debug it, and mess > with it in almost every other imaginable way - or you can just find a > way to get the user to execute some other executable you created on > disk. > > On Windows there exists CreateRemoteThread.[1] You can force a > currently loaded process to run whatever code you want. Not sure what CreateRemoteThread has to do with exploitation. You can't inject code in a process with higher privileges than the process you're running as. > You can solve both of these problems with Role Based Access Controls, > if you want to bother setting them up. Otherwise process sandboxing > only applies to resources, not security. Security is a problem that is never completely solved. Sandboxing and RBAC are good mitigations to have in place. If you were able to get code execution within a browser that was sandboxed, you could still interact with the kernel and attempt to exploit it. This is where the kernel patches that grsec provides really help you out. As they make successful exploitation of the kernel more difficult.