I use this:Originally Posted by OldChap
http://www.newegg.com/Product/Produc...67&ignorebbr=1
and run this on it:
http://puppylinux.org/main/Overview%...%20Started.htm
Works great!
I use this:
http://www.newegg.com/Product/Produc...67&ignorebbr=1
and run this on it:
http://puppylinux.org/main/Overview%...%20Started.htm
Works great!
~ Little Slice of Heaven ~
Lian Li PC-A05NB w/ Gentle Typhoons
Core i7 860 @ 3gHz w/ Thor's Hammer
eVGA P55 SLI
8GB RAM
Gigabyte 7970
Corsair HX850
OZC Vertex3 SSD 240GB
~~~~~~~~~~~~
Sadly, came home from work to a disconnected computer... any ideas on diagnostics? (I have no idea how to tell anything in linux)
I'd start by having a look through the system logs to see if anything shows up. Exactly what to look for I'm not sure.
The logs are in /var/log and are usually text files. If you open them as your regular user you can only read them, not modify them, so it's quite safe. I'd look in the one called "syslog" as well as "dmesg" which can be brought up directly with a console command. Syslog is more likely to have clues than dmesg I suspect.
[SIGPIC][/SIGPIC]
@Otis
Will open syslog for viewing, space bar for next page, b to go back one pageCode:more /var/log/syslog
Will display last 100 lines of syslog and uses more to page thru one page at a time as above.Code:tail -100 /var/log/syslog | more
Will display the dmesg file and display one page at a time.Code:dmesg | more
Look for lines with wlan0 or wlan1 in them.
Bug in Bash shell creates big security hole on anything with *nix in it
A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. ?This issue is especially dangerous as there are many possible ways Bash can be called by an application,? a Red Hat security advisory warned.
The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network?based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.Testing mine now.There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:
If the system is vulnerable, the output will be:Code:env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
An unaffected (or patched) system will output:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case.
EDIT:
Ubuntu server 12.04: Vulnerable
Mint 17 : Vunerable
From command line:
Code:sudo apt-get updateThe above commands patched bash in Ubuntu and Mint.Code:sudo apt-get dist-upgrade
Last edited by PoppaGeek; 09-24-2014 at 09:26 PM.
Many thanks PG
My Biggest Fear Is When I die, My Wife Sells All My Stuff For What I Told Her I Paid For It.79 SB threads and 32 IB Threads across 4 rigs 111 threads Crunching!!
There is some debate about how dangerous this is to someone who just uses Linux, or Mac, to browse the web. I just ran update and moved on to more pressing matters. Such as whether to have 1 or 2 Guinness.
Thanks, PG.
Saw your 25,000,000 boinc milestone.Thanks, PG.
Grats!
It has the potential to be quite dangerous, at least now that it's in the open, but the systems most likely to be attacked are servers (high value targets) not personal computers. If it becomes part of an automated attack suite in conjunction with other attacks to get access to the shell (I'd give it a couple of weeks) then all bets are off and every IP will probably be hit with an attempt, possibly lots of attempts, so getting this fixed should be a high priority. Those running Linux or Mac OS cloud instances should also make sure to keep those updated lest they be compromised and used to launch further automated attacks.
edit: I just received a second update for this, the first one only being less than 12 hours ago.
Last edited by D_A; 09-25-2014 at 06:58 PM.
[SIGPIC][/SIGPIC]
Concern over Bash vulnerability grows as exploit reported ?in the wild? [Updated]
There has been a another update to Bash since my first post. Please update again.A number of security companies are now reporting attacks based on Shellshock that are ongoing. "We?re seeing attackers target the Shellshock vulnerability almost immediately (within 4.5 hours) of it being publicly announced," said Waylon Grange, senior malware researcher at Blue Coat. "Any organizations or users with unpatched Linux servers are vulnerable to hackers running unauthorized code, so it?s very important that organizations download and apply the patch immediately. Blue Coat is already seeing DDOS botnets trying to utilize this vulnerability in their attacks and we expect that traffic to only continue to increase.?
Code:sudo apt-get update sudo apt-get dist-upgrade
Last edited by PoppaGeek; 09-25-2014 at 10:52 PM.
Thanks PG and D_A, is there a good source for emails/feeds on the bug/update errata for *nix? I get ones for MS products but never thought about *nix.
I read Ars Technica daily. They are a good source for things like this and are usually one of the first. They cover a lot of other good topics as well. A very technical, scientific community. They are quoted a lot in the news and media.
Thanks again PG
My Biggest Fear Is When I die, My Wife Sells All My Stuff For What I Told Her I Paid For It.79 SB threads and 32 IB Threads across 4 rigs 111 threads Crunching!!
Never a dull moment in Unix world it seems
A nice example of NASA tech filtering down to other uses. But there is something I do not get. I'll admit a lot gets past me these days but at 1:29 in the video I gotta ask "Why?"
Consider the potential of having a group of autonomous drones protecting your vessel. They detect and respond to other vessels within their designated patrol area according to their set response level. If you include the ability to autonomously acquire and fire on targets, a technology that's been around for a while now both in military and other arenas, and you have your own little Skynet of killer attack boats protecting you 24/7 without needing to stop to rest tired eyes, ringing ears, or empty stomachs.
... unless someone hacks their command and control network (or it glitches) and re-designates you from friend to enemy ... then you're screwed.
[SIGPIC][/SIGPIC]
I get that. It was the laptop in the frame at 1:29. Why run Ubuntu in a VM on a Windows laptop? Why would they not just run it installed? Why a VM on something that seems to me kinda mission critical? I feel I am missing something. These boats outfitted and all are a lot of money. So I do not think it is a money consideration. So is there a reason technically? Or is it the same old crap of "because someone makes more money this way"?
Maybe they just like to play war games while they're waiting for the real thing
Oh I get it. Play CoD on the Windows while harassing local fisherman with a swarm of boats in Linux. Cool!Maybe they just like to play war games while they're waiting for the real thing
Ahh. I missed that. It's probably a special purpose VM, configured to do exactly one thing rather than act like a general purpose OS. Running it as a VM also lets them export it as an image so that that exact configuration can be copied to multiple host machines very easily. There's also the potential security bonus of running wildly different host and client OSs. If an attacker somehow escapes the VM containment it puts them in an OS that will not respond to the same tools. Linux is much friendlier in this context than Windows thanks to the lack of overbearing licence restrictions and authenticity checks which can mess up a Windows VM in a single update and demand a new licence key.
[SIGPIC][/SIGPIC]
Excellent. Thanks.
Makes sense that an enemy would try to hack the attackers.
It's practically a requirement these days. There's been a constant stream of cyber attacks flashing back and forth between China, Iran, the US and Russia for some years. With the rise of combat drones such as the Reaper there has also been development of technology to compromise those drones, even to the point of a counter-drone drone that physically attaches to the combat drone which blocks and overpowers it's command and control signals with a local transmitter. It's the same principle as one radio station being drowned out by a closer one on the same frequency, just a bit fancier. There have already been instances of ground deployed drones going rogue in Iraq and targeting friendly troops, only to be stopped by the requirement for human authorisation to fire. Had the drone been completely autonomous it could have wiped out it's own squad in seconds. Those drones were promptly withdrawn from service and appropriately vanished from the news feeds so we'll never know if it had been compromised by an attacker or if it was just a glitch.
One of the scariest cases I read about was the autonomous weapons platforms used on the South Korean border that can differentiate between a human and an animal from less than 10% discernible body mass. It can pick a person hiding behind a tree all hunched up to look like a dog from the real thing from over a mile away and then determine both where the head is and target it and fire, all in a couple of seconds. Head shots, at a mile, in the dark, explicitly targeting humans, with no interaction from a human controller. If there was ever a more delicious target for military hacking I can't think of it. When these things were first demonstrated one went rogue, spun back towards it's controllers past all the safety limits they'd installed and opened fire. It was only stopped when a wounded officer managed to pull the plug. Most of the people involved died. No civilian news carrier has even found out if it was a software glitch or if North Korean agents compromised the system. Either way, people are dead and the machine does not give a single frack.
The potential for military hardware such as this is huge, but the security challenges are the highest of high stakes. They could save the lives of thousands of military personnel, or could be turned against their military controllers or even the civilian population by cyber terrorists if they are compromised.
We live in both exciting and terrifying days indeed!
[SIGPIC][/SIGPIC]
Thanks. I missed that one myself.Saw your 25,000,000 boinc milestone.
Grats!
I really need more time to keep track of the stats and monitor my crunchers. I had a lot of errors lately and didn't notice them in time.
Posting Permissions
Reply With Quote
Bookmarks