Did I get my system compromised?

If it doesn't relate to Debian, but you still want to share it, please do it here

Did I get my system compromised?

Postby bester69 » 2020-10-18 21:18

I saw today one discord's user has made a capture of my desktop :(

What could it be??.. Ive realised I was using same user password for my user and for discord, perhaps he has been able to remote hack discord password and used to take this capture?.. Ive changed my user password and set two-factor authentification in discord... Dont know, this is sometimes scary, the false security linux give you.. :

Image


its also truth ive opera and brave browsers holded to some outdated versions (Chromium: 80.0.3987.116)..
I hope this has nothing to be with Meltdown/Spectre.. Ive those secuity holes opened cos performances reasons..:

As you can see my system is like a cheese... its has 9 holes :shock:

Spectre and Meltdown mitigation detection tool v0.43
Kernel is Linux 4.4.39-040439-generic #201612151346 SMP Thu Dec 15 18:48:20 UTC 2016 x86_64
Image


Code: Select all
Spectre and Meltdown mitigation detection tool v0.43

Checking for vulnerabilities on current system
Kernel is Linux 4.4.39-040439-generic #201612151346 SMP Thu Dec 15 18:48:20 UTC 2016 x86_64
CPU is Genuine Intel(R) CPU             575  @ 2.00GHz
                                                                                                                                           
Hardware check                                                                                                                             
* Hardware support (CPU microcode) for mitigation techniques                                                                               
  * Indirect Branch Restricted Speculation (IBRS)                                                                                         
    * SPEC_CTRL MSR is available:  NO                                                                                                     
    * CPU indicates IBRS capability:  NO                                                                                                   
  * Indirect Branch Prediction Barrier (IBPB)                                                                                             
    * PRED_CMD MSR is available:  NO                                                                                                       
    * CPU indicates IBPB capability:  NO                                                                                                   
  * Single Thread Indirect Branch Predictors (STIBP)                                                                                       
    * SPEC_CTRL MSR is available:  NO                                                                                                     
    * CPU indicates STIBP capability:  NO                                                                                                 
  * Speculative Store Bypass Disable (SSBD)                                                                                               
    * CPU indicates SSBD capability:  NO                                                                                                   
  * L1 data cache invalidation                                                                                                             
    * FLUSH_CMD MSR is available:  NO
    * CPU indicates L1D flush capability:  NO
  * Microarchitectural Data Sampling
    * VERW instruction is available:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO):  NO
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO
  * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO
  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO
  * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO):  NO
  * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO):  NO
  * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO):  NO
  * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR):  NO
  * CPU supports Transactional Synchronization Extensions (TSX):  NO
  * CPU supports Software Guard Extensions (SGX):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 0xf family 0x6 stepping 0xd ucode 0xa4 cpuid 0x6fd)
  * CPU microcode is the latest known available version:  YES  (latest version is 0xa4 dated 2010/10/02 according to builtin firmwares DB v130.20191104+i20191027)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES
  * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES
  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES
  * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES
  * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES
  * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES
  * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  YES
  * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  YES
  * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  YES
  * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  YES
  * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)):  NO
  * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)):  YES

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Kernel has array_index_mask_nospec:  NO
* Kernel has the Red Hat/Ubuntu patch:  NO
* Kernel has mask_nospec64 (arm64):  NO
* Checking count of LFENCE instructions following a jump in kernel...  NO  (only 8 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  VULNERABLE  (Kernel source needs to be patched to mitigate the vulnerability)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigation 1
  * Kernel is compiled with IBRS support:  NO
    * IBRS enabled and active:  NO
  * Kernel is compiled with IBPB support:  NO
    * IBPB enabled and active:  NO
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  NO
> STATUS:  VULNERABLE  (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Kernel supports Page Table Isolation (PTI):  NO
  * PTI enabled and active:  UNKNOWN  (dmesg truncated, please reboot and relaunch this script)
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO
> STATUS:  UNKNOWN  (couldn't find any clue of PTI activation due to a truncated dmesg, please reboot and relaunch this script)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  NO
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Kernel supports disabling speculative store bypass (SSB):  NO
* SSB mitigation is enabled and active: > STATUS:  VULNERABLE  (Neither your CPU nor your kernel support SSBD)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability:  N/A
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Kernel supports PTE inversion:  NO
* PTE inversion enabled and active:  UNKNOWN  (sysfs interface not available)
> STATUS:  VULNERABLE  (Your kernel doesn't support PTE inversion, update it)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* This system is a host running a hypervisor:  NO
* Mitigation 1 (KVM)
  * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
* Mitigation 2
  * L1D flush is supported by kernel:  NO
  * L1D flush enabled:  UNKNOWN  (can't find or read /sys/devices/system/cpu/vulnerabilities/l1tf)
  * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
  * Hyper-Threading (SMT) is enabled:  NO
> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Kernel supports using MD_CLEAR mitigation:  NO
> STATUS:  VULNERABLE  (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Kernel supports using MD_CLEAR mitigation:  NO
> STATUS:  VULNERABLE  (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Kernel supports using MD_CLEAR mitigation:  NO
> STATUS:  VULNERABLE  (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Kernel supports using MD_CLEAR mitigation:  NO
> STATUS:  VULNERABLE  (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
* TAA mitigation is supported by kernel:  NO
* TAA mitigation enabled and active:  NO  (tsx_async_abort not found in sysfs hierarchy)
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
* This system is a host running a hypervisor:  NO
* iTLB Multihit mitigation is supported by kernel:  NO
* iTLB Multihit mitigation enabled and active:  NO  (itlb_multihit not found in sysfs hierarchy)
> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

> SUMMARY: CVE-2017-5753:KO CVE-2017-5715:KO CVE-2017-5754:?? CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:KO CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO CVE-2019-11135:OK CVE-2018-12207:OK
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1802
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby bester69 » 2020-10-18 21:23

It says I need to enable Kernel mitigation by updating microcode, but i updated microcode and kernel to last version, and set grub like that.:
GRUB_CMDLINE_LINUX_DEFAULT="zswap.enabled=0 zswap.zpool=zsmalloc apparmor=0"

rebooted, and most holes still were there.. :shock: , dont know how to put them all in green. :?:
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1802
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby oswaldkelso » 2020-10-18 21:47

I would suggest you go through this thread and eliminate all the "apps" with no source code before you start blaming "Linux" for being insecure.

viewtopic.php?f=3&t=124280
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
User avatar
oswaldkelso
 
Posts: 1280
Joined: 2005-07-26 23:20
Location: UK

Re: Did I get my system compromised?

Postby LE_746F6D617A7A69 » 2020-10-18 23:28

bester69 wrote:I saw today one discord's user has made a capture of my desktop :(

What could it be??.. Ive realised I was using same user password for my user and for discord, perhaps he has been able to remote hack discord password (...)

In fact You're lucky, because You have just realized that Your system has been compromised - think of of people who have no idea that their flatpak applications can become a security holes ... ;)
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
LE_746F6D617A7A69
 
Posts: 414
Joined: 2020-05-03 14:16

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 02:32

LE_746F6D617A7A69 wrote:
bester69 wrote:I saw today one discord's user has made a capture of my desktop :(

What could it be??.. Ive realised I was using same user password for my user and for discord, perhaps he has been able to remote hack discord password (...)

In fact You're lucky, because You have just realized that Your system has been compromised - think of of people who have no idea that their flatpak applications can become a security holes ... ;)

damn, I should have used flatpak's discord version to get some isolation...
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1802
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby stevepusser » 2020-10-19 04:34

Why are you looking at difficult spectre exploits when you already said you left the door open with duplicate passwords?

Your kernel is not the latest version--it's a 4.4 Ubuntu kernel that was built in 2016, long before anyone knew about these exploits. I have to wonder what version of microcode you're using now.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12136
Joined: 2009-10-06 05:53

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 09:00

stevepusser wrote:Why are you looking at difficult spectre exploits when you already said you left the door open with duplicate passwords?

Your kernel is not the latest version--it's a 4.4 Ubuntu kernel that was built in 2016, long before anyone knew about these exploits. I have to wonder what version of microcode you're using now.

Hi Steve,

im using kernel 4.4.39 and intel-microcode_3.20171117.1-bpo9+1_amd64
but i tried with kernerl 4.4.last and 5.9 plus 2020 stretch's last microcode, and security holes stilll were there when i runned that test again... the log says, i need to install last microcode or something like that to enable kernel mitigation...

Ive read last kernel (5.9) is able to deal with these meltdown/spectre patches and improving performance lost.
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1802
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby Head_on_a_Stick » 2020-10-19 14:12

bester69 wrote:im using kernel 4.4.39 and intel-microcode_3.20171117.1-bpo9+1_amd64

So you're using a kernel and µcode package that were released before Spectre & Meltdown were announced? Are you ****ing stupid?

Use the latest Debian buster kernel and µcode packages to get the full suite of mitigations (they're not fixes).

Then remove all the proprietary shit & anything that's not from the official Debian repositories and change all of your passwords. Or just reinstall from scratch and try to keep your system clean next time.

bester69 wrote:the false security linux give you

Doug Gwyn wrote:Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.

NSA wrote:Security is a state of mind.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12795
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Did I get my system compromised?

Postby LE_746F6D617A7A69 » 2020-10-19 14:41

bester69 wrote:You wont change my mind when I know Im right, Im not an ...

May the Force be with You, bester69 ... :mrgreen:
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
LE_746F6D617A7A69
 
Posts: 414
Joined: 2020-05-03 14:16

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 16:55

damn, again organic portals''s noise is getting to me.. i dont find anywhere to hide myself :? ..they smell blood fresh ,they're everywhere around... in games they give you kicks/bans.. in discord they ban you.. what's going on its really scary.. :cry:
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1802
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 17:01

Head_on_a_Stick wrote:
bester69 wrote:im using kernel 4.4.39 and intel-microcode_3.20171117.1-bpo9+1_amd64

So you're using a kernel and µcode package that were released before Spectre & Meltdown were announced? Are you ****ing stupid?

Use the latest Debian buster kernel and µcode packages to get the full suite of mitigations (they're not fixes).

Then remove all the proprietary shit & anything that's not from the official Debian repositories and change all of your passwords. Or just reinstall from scratch and try to keep your system clean next time.

bester69 wrote:the false security linux give you

Doug Gwyn wrote:Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.

NSA wrote:Security is a state of mind.

My system is perfect , stable and clean like water.. that was that cheesse of software called discord.. is a virus itself....The only propietary software I use is Mega client (always active) and sometimes some wine app I use for a while, like Swat4 game and faststone capture... rest of thing are very ordered , clean and stable, I try to install only debian repository software.. and use snapshots to consolidate stable and clean points... I install a lot of things and then reboot to snapshot stable to start again.. and the software I cant isntall throught debian repositories, i try to use snaps or flatpaks since BTRFS came out I didnt need to reinstall anymore thanks to use of snapshots

My system feels smooth and stable con i enjoy taking good cares of my system installation... i watch out all process and strange things I catch in desktop..and if i detect something bad.. I remind what was last i did, and restore a previously snapshot to fix that condition state..
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1802
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby trinidad » 2020-10-19 17:19

https://cybernews.com/privacy/discord-p ... e-in-2020/

Any gaming protocol that needs to interpret keystrokes into a public facing chat UI can get to you and your xorg.
Compromised? Ummmm... yeah could be.

TC
You can't believe your eyes if your imagination is out of focus.
trinidad
 
Posts: 142
Joined: 2016-08-04 14:58

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 19:05

trinidad wrote:https://cybernews.com/privacy/discord-privacy-tips-that-you-should-use-in-2020/

Any gaming protocol that needs to interpret keystrokes into a public facing chat UI can get to you and your xorg.
Compromised? Ummmm... yeah could be.

TC


Sadly I can only get whole spectre protection by enabling PTI isolation..and my chipset doesnt support reduced performance impact of PTI:
Reduced performance impact of PTI: NO (PCID/INVPCID not supported, performance impact of PTI will be significant)

So, Im will stay like that and be more carefully; my microcode chipset neither gets any longer protection for last security holes..they stopped support in 2010..so i cant get away of any of thoses 8 security holes but the PTI mitigated...

brave browser is protectec against Spectre, so it wasnt the browser the culpier it had to be the discord app :x :
Disable site isolation
Disables site isolation (SitePerProcess, IsolateOrigins, etc). Intended for diagnosing bugs that may be due to out-of-process iframes. Opt-out has no effect if site isolation is force-enabled using a command line switch or using an enterprise policy. Caution: this disables important mitigations for the Spectre CPU vulnerability affecting most computers. – Mac, Windows, Linux, Chrome OS, Android

#site-isolation-trial-opt-out


In resume, it doesnt matter I update to las microcode cos they stopped in 2010 support for my chipset.. and kernel 4.4 do support enabling PTI and Spectre mitigations
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1802
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby sgosnell » 2020-10-19 19:35

I don't think you need to worry about all the security measures as long as you don't run Discord. That appears to be designed mostly for seining up private information from those foolish enough to use it. There are far better messaging apps, and almost all of them are more secure.
Take my advice, I'm not using it.
sgosnell
 
Posts: 906
Joined: 2011-03-14 01:49

Re: Did I get my system compromised?

Postby LE_746F6D617A7A69 » 2020-10-19 19:40

bester69 wrote:brave browser is protectec against Spectre

That's bullshit - it's not the Brave browser which is protected, but it's Chrome/(ium) which is protected - by disabling precision timers for Java (so is Firefox, using the same methods)
And the Brave browser is just a clone of Chrome, excluding proprietary additions to the code, injected by the company behind the Brave browser. That additional closed source code is probably far more dangerous than the spectre/meltdown itself :lol:

bester69 wrote:My system is perfect
Yeah.
Your system has been compromised not because of outdated microcode, but because You are using insecure/untested applications, downloaded from untrusted sites - but yeah, I'm a "portal" :mrgreen:
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
LE_746F6D617A7A69
 
Posts: 414
Joined: 2020-05-03 14:16

Next

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 17 guests

fashionable