Re: [gentoo-user] [OT] Being Facebook member: How to anon?

2017-10-23 Thread Jeriko One 

* Dale  [2017-10-22 11:53:36 -0500]:


Another thought, what about using Tor to make it so it can't track IPs
as well?  Joost, you have a thought on that? 


My approach would be the following
Default browser should block all things owned by Facebook. 
Facebook Browser should be routed through TOR, and only used for Facebook.


I think that routing your traffic through TOR, or a VPN would achieve
the most privacy. You can use a different profile or browser to
go to Facebook, but I don't think that alone will stop them from tacking
you. Other websites will pull in javascript from Facebook for some type
of integration. Even if you're not logged into Facebook I'm sure they're
experienced enough to cooralate that "This IP with this OS around this
time read this blog about 3D printing, and went to a 3D printing group
on Facebook. Probably the same person."

Re: [gentoo-user] vsftpd anonymous upload illegal PORT command

2017-08-03 Thread Jeriko One 


On 08/03/2017 05:13 AM, Walter Dnes wrote:
>   I'm trying to upload files from an OS/2 VM in machine A to anononymous
> upload on another machine on my home LAN.  I'm using the allegedly "very
> simple" ftpd and getting nowhere, and Google isn't helping.  To simplify
> things, I built vsftpd without ssl, and iptables is off on both
> machines.  I don't think it's related to PASV, because the ancient ftp
> client on the OS/2 VM doesn't understand the "ftp -p" option.  My
> /etc/vsftpd/vsftpd.conf file is...
> 
> listen=YES
> local_enable=NO
> anonymous_enable=YES
> anon_upload_enable=YES
> write_enable=YES
> anon_mkdir_write_enable=YES
> anon_root=/home/ftp
> pasv_enable=YES
> pasv_min_port=3
> pasv_max_port=30100
> port_enable=YES
> allow_writeable_chroot=YES
> 
>   I successfully log in as user "anonymous", password "anonymous",
> execute "bin".  When I try uploading a file, I get the 500 PORT error.
> Anybody have a working config?  Or another simpler ftpd server?
> 

Are you able to upload files from other machines than this particular
VM? I don't have any problems uploading using your config.

Who owns /home/ftp? I think by default vsftpd will change the owner to
root which would cause problems.

Re: [gentoo-user] Re: Choosing between system profiles: hardened and desktop for desktop installation.

2017-07-06 Thread Jeriko One 
On 07/06/2017 12:28 AM, R0b0t1 wrote:
> To be fair it is a bit more circuitous on Linux than it is on Windows.
> Even if you use (or abuse?) /proc as I outlined in my blurb on
> GRsecurity you can't directly cause another process to start executing
> your code directly, but you can edit its memory, debug it, and mess
> with it in almost every other imaginable way - or you can just find a
> way to get the user to execute some other executable you created on
> disk.
> 
> On Windows there exists CreateRemoteThread.[1] You can force a
> currently loaded process to run whatever code you want.

Not sure what CreateRemoteThread has to do with exploitation. You can't inject 
code in a process with higher privileges than the process you're running as.

> You can solve both of these problems with Role Based Access Controls,
> if you want to bother setting them up. Otherwise process sandboxing
> only applies to resources, not security.

Security is a problem that is never completely solved. Sandboxing and RBAC are 
good mitigations to have in place. If you were able to get code execution 
within a browser that was sandboxed, you could still interact with the kernel 
and attempt to exploit it. This is where the kernel patches that grsec provides 
really help you out. As they make successful exploitation of the kernel more 
difficult.