Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)
1. My parents' Windows machine got infected with a very hard-to-get-rid-of virus that turned their machine, which was no server at all, into an SMTP machine, and used it for massive mail operations. 2. When I was a checker for Wikipedia, I could check the IP of registered users who violated Wikipedia rules (vandalized pages - in particular, placed the Nazi flag in Jewish pages). I tried to trace the machine they were using, and file a complaint (or enable others to file a complaint) to the relevant body: the ISP (in case of a home connection) or the company whose machine it was. In some of the cases, the vandalizer used compromised machines - machines that were known to vandalizers to be open for such use. On Mon, May 14, 2012 at 3:20 AM, Eli Billauer e...@billauer.co.il wrote: ** Indeed, it's wise to have the firewall up. But what I tried to figure out, was if something real actually happened to someone. Port scanning is indeed unpleasant to watch if you're unprotected, but would something really happen if you dropped your firewall? Would whoever scanned those ports attack a Linux computer? Not that I volunteer to try that out myself. And still. On 05/14/2012 02:58 AM, guy keren wrote: at least in the past - the risk was real. when i first connected my computer to the internet via ADSL, and set up firewall rules - i was surprised to see that i get many (hundreads) of failed network connections from around the world. what people do, is run software that scans complete address (IP) ranges, and attempt to find exploitable services on them. the solution, on my part, was to close down everything i could at the firewall level, and try to keep the open services (e.g. the kernel itself, ssh server, etc) updated. keeping things updated was annoying with redhat - specifically the distribution updates - and is one of the reasons i switched to ubuntu. i tend to keep to the LTS (long term support - 3 years) versions of ubuntu - and try to be in long delay after the latest distributions - after having the diss-pleasure of upgrading too early to 8.04 (or something). --guy On 05/14/2012 12:45 AM, Eli Billauer wrote: Hi, Since my not-so-updated software versions became an issue in itself (somehow I always get that) I wondered: Leave alone the unpleasant feeling of knowing your computer *could* be exploited, are there any real cases of attacks against personal, non-server Linux machines? The need to protect a server or a shared machine is obvious. But when it comes to a personal computer, is there any real life justification to be anything else than completely indifferent to those risks? Or can we in fact take a kibbutz approach of leaving the door open, knowing that we may invite someone to break in, but that doesn't really happen? This is not a question about what can happen, but what really does. And just to wrap up the original subject: I was reluctant to try mail-notification, because my mail filters move around the mails as they arrive. So I suspected things would get messy using a tool that apparently polls the mail box files directly. Anyhow, my solution ended up to be the Gnome Integration add on. I also installed Mail Tweak, which among others allowed me to set HTML + Plain text as the default outgoing mail format. Eli -- Web: http://www.billauer.co.il ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Orna Agmon Ben-Yehuda. http://ladypine.org ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)
Two interesting cases indeed, but neither matching my question: The first one was a Windows machine and the second we don't know. Exploiting machines as a platform for your own nasty business is probably the most common reason to attack a personal desktop. It's also the situation with the least local damage: You fix the problem, apologize, and go on with your life. I would say upgrading all the time is worse in terms of efforts, and the number of mishaps you're expected to have (I'm still working on getting this mail sent out as plain text after upgrading my Thunderbird). Eli On 05/14/2012 11:25 AM, Orna Agmon Ben-Yehuda wrote: 1. My parents' Windows machine got infected with a very hard-to-get-rid-of virus that turned their machine, which was no server at all, into an SMTP machine, and used it for massive mail operations. 2. When I was a checker for Wikipedia, I could check the IP of registered users who violated Wikipedia rules (vandalized pages - in particular, placed the Nazi flag in Jewish pages). I tried to trace the machine they were using, and file a complaint (or enable others to file a complaint) to the relevant body: the ISP (in case of a home connection) or the company whose machine it was. In some of the cases, the vandalizer used compromised machines - machines that were known to vandalizers to be open for such use. On Mon, May 14, 2012 at 3:20 AM, Eli Billauer e...@billauer.co.il mailto:e...@billauer.co.il wrote: Indeed, it's wise to have the firewall up. But what I tried to figure out, was if something real actually happened to someone. Port scanning is indeed unpleasant to watch if you're unprotected, but would something really happen if you dropped your firewall? Would whoever scanned those ports attack a Linux computer? Not that I volunteer to try that out myself. And still. On 05/14/2012 02:58 AM, guy keren wrote: at least in the past - the risk was real. when i first connected my computer to the internet via ADSL, and set up firewall rules - i was surprised to see that i get many (hundreads) of failed network connections from around the world. what people do, is run software that scans complete address (IP) ranges, and attempt to find exploitable services on them. the solution, on my part, was to close down everything i could at the firewall level, and try to keep the open services (e.g. the kernel itself, ssh server, etc) updated. keeping things updated was annoying with redhat - specifically the distribution updates - and is one of the reasons i switched to ubuntu. i tend to keep to the LTS (long term support - 3 years) versions of ubuntu - and try to be in long delay after the latest distributions - after having the diss-pleasure of upgrading too early to 8.04 (or something). --guy On 05/14/2012 12:45 AM, Eli Billauer wrote: Hi, Since my not-so-updated software versions became an issue in itself (somehow I always get that) I wondered: Leave alone the unpleasant feeling of knowing your computer *could* be exploited, are there any real cases of attacks against personal, non-server Linux machines? The need to protect a server or a shared machine is obvious. But when it comes to a personal computer, is there any real life justification to be anything else than completely indifferent to those risks? Or can we in fact take a kibbutz approach of leaving the door open, knowing that we may invite someone to break in, but that doesn't really happen? This is not a question about what can happen, but what really does. And just to wrap up the original subject: I was reluctant to try mail-notification, because my mail filters move around the mails as they arrive. So I suspected things would get messy using a tool that apparently polls the mail box files directly. Anyhow, my solution ended up to be the Gnome Integration add on. I also installed Mail Tweak, which among others allowed me to set HTML + Plain text as the default outgoing mail format. Eli -- Web:http://www.billauer.co.il ___ Haifux mailing list Haifux@haifux.org mailto:Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux -- Orna Agmon Ben-Yehuda. http://ladypine.org -- Web: http://www.billauer.co.il ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)
On Mon, May 14, 2012, Eli Billauer wrote about Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome): Exploiting machines as a platform for your own nasty business is probably the most common reason to attack a personal desktop. It's also the situation with the least local damage: You fix the problem, apologize, and go on with your life. I would say upgrading all the And how exactly do you fix the problem? It's not as easy as you think to clean rootkits, viruses, and so on. Most of the time, you end up reinstalling the machine - which is anything but easy. Moreover, it's not easy even *knowing* that you're infected. Most people will simply never know - they may feel something is a bit strange, but never know why. time is worse in terms of efforts, and the number of mishaps you're expected to have (I'm still working on getting this mail sent out as plain text after upgrading my Thunderbird). My update efforts, on Fedora, can be summarized by running yum update every day (not really an effort, can be done automatically), and preupgrade (a full distro upgrade) twice a year. That's it. And I'm not only better protected, I also have new and improved software all the time. I don't know why anyone would want look for alternatives. Nadav. -- Nadav Har'El|Monday, May 14 2012, n...@math.technion.ac.il |- Phone +972-523-790466, ICQ 13349191 |The meek shall inherit the Earth, for http://nadav.harel.org.il |they are too timid to refuse it. ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
[Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)
Hi, Since my not-so-updated software versions became an issue in itself (somehow I always get that) I wondered: Leave alone the unpleasant feeling of knowing your computer *could* be exploited, are there any real cases of attacks against personal, non-server Linux machines? The need to protect a server or a shared machine is obvious. But when it comes to a personal computer, is there any real life justification to be anything else than completely indifferent to those risks? Or can we in fact take a kibbutz approach of leaving the door open, knowing that we may invite someone to break in, but that doesn't really happen? This is not a question about what can happen, but what really does. And just to wrap up the original subject: I was reluctant to try mail-notification, because my mail filters move around the mails as they arrive. So I suspected things would get messy using a tool that apparently polls the mail box files directly. Anyhow, my solution ended up to be the Gnome Integration add on. I also installed Mail Tweak, which among others allowed me to set HTML + Plain text as the default outgoing mail format. Eli On 05/13/2012 08:40 PM, Oron Peled wrote: On Sunday, 13 בMay 2012 19:22:20 Eli Billauer wrote: Hello all, I've finally started working with Thunderbird under Linux (FC12, with Thunderbird 3.0.7). The old settings were migrated perfectly, If your "new" one is 3.0.7, I am afraid to ask what was the old ;-) $ rpm -q thunderbird thunderbird-11.0.1-1.fc15.i686 As you can see I use a pretty old Fedora (F15, plan to upgrade directly to F17, before F15 is EOL). Still, using a network-facing application which did not get any security updates for several years, is... (ok, let's call it brave, not to be offensive...) and all is working fine. Well, there's a thing I miss. In Windows, there used to be an icon when new mail has arrived. This icon doesn't show up on Linux. Obviously in Linux its a separate application (which is hopefully slimmer, since it runs all the time). IIRC, Gnome used to have a nice applet called "mail-notification": http://www.nongnu.org/mailnotify This supported multiple accounts/mailboxes/protocols, etc. I believe you can find it pre-packaged even for your pre-historic Fedora. Cheers, -- Web: http://www.billauer.co.il ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
Re: [Haifux] Is the risk real? (Was: New mail icon for Thunderbird over Gnome)
at least in the past - the risk was real. when i first connected my computer to the internet via ADSL, and set up firewall rules - i was surprised to see that i get many (hundreads) of failed network connections from around the world. what people do, is run software that scans complete address (IP) ranges, and attempt to find exploitable services on them. the solution, on my part, was to close down everything i could at the firewall level, and try to keep the open services (e.g. the kernel itself, ssh server, etc) updated. keeping things updated was annoying with redhat - specifically the distribution updates - and is one of the reasons i switched to ubuntu. i tend to keep to the LTS (long term support - 3 years) versions of ubuntu - and try to be in long delay after the latest distributions - after having the diss-pleasure of upgrading too early to 8.04 (or something). --guy On 05/14/2012 12:45 AM, Eli Billauer wrote: Hi, Since my not-so-updated software versions became an issue in itself (somehow I always get that) I wondered: Leave alone the unpleasant feeling of knowing your computer *could* be exploited, are there any real cases of attacks against personal, non-server Linux machines? The need to protect a server or a shared machine is obvious. But when it comes to a personal computer, is there any real life justification to be anything else than completely indifferent to those risks? Or can we in fact take a kibbutz approach of leaving the door open, knowing that we may invite someone to break in, but that doesn't really happen? This is not a question about what can happen, but what really does. And just to wrap up the original subject: I was reluctant to try mail-notification, because my mail filters move around the mails as they arrive. So I suspected things would get messy using a tool that apparently polls the mail box files directly. Anyhow, my solution ended up to be the Gnome Integration add on. I also installed Mail Tweak, which among others allowed me to set HTML + Plain text as the default outgoing mail format. Eli On 05/13/2012 08:40 PM, Oron Peled wrote: On Sunday, 13 בMay 2012 19:22:20 Eli Billauer wrote: Hello all, I've finally started working with Thunderbird under Linux (FC12, with Thunderbird 3.0.7). The old settings were migrated perfectly, If your new one is 3.0.7, I am afraid to ask what was the old ;-) $ rpm -q thunderbird thunderbird-11.0.1-1.fc15.i686 As you can see I use a pretty old Fedora (F15, plan to upgrade directly to F17, before F15 is EOL). Still, using a network-facing application which did not get any security updates for several years, is... (ok, let's call it brave, not to be offensive...) and all is working fine. Well, there's a thing I miss. In Windows, there used to be an icon when new mail has arrived. This icon doesn't show up on Linux. Obviously in Linux its a separate application (which is hopefully slimmer, since it runs all the time). IIRC, Gnome used to have a nice applet called mail-notification: http://www.nongnu.org/mailnotify This supported multiple accounts/mailboxes/protocols, etc. I believe you can find it pre-packaged even for your pre-historic Fedora. Cheers, -- Web:http://www.billauer.co.il ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux ___ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
