Did I get my system compromised?

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 20:57

LE_746F6D617A7A69 wrote:
bester69 wrote:brave browser is protectec against Spectre

That's bullshit - it's not the Brave browser which is protected, but it's Chrome/(ium) which is protected - by disabling precision timers for Java (so is Firefox, using the same methods)
And the Brave browser is just a clone of Chrome, excluding proprietary additions to the code, injected by the company behind the Brave browser. That additional closed source code is probably far more dangerous than the spectre/meltdown itself :lol:

bester69 wrote:My system is perfect
Yeah.
Your system has been compromised not because of outdated microcode, but because You are using insecure/untested applications, downloaded from untrusted sites - but yeah, I'm a "portal" :mrgreen:

Whats for you an untrusted site to you??..
.i think you're just being nosense and faithful to your own portal's nature...its very funny and disturbing to watch how once you provoke OP's subtly , they all starts overreacting to crazy loops of rising nostop hate...
Last edited by bester69 on 2020-10-19 21:02, edited 2 times in total.
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1801
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 20:59

sgosnell wrote:I don't think you need to worry about all the security measures as long as you don't run Discord. That appears to be designed mostly for seining up private information from those foolish enough to use it. There are far better messaging apps, and almost all of them are more secure.

Thanks, Im very agree with you.. I used for joining tematic channels and conferences,..the app chats and rooms conferences are wonderfull.. but seems very insecure.
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1801
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby oswaldkelso » 2020-10-19 21:38

You use Debian like a "Windows TM" user. Get hacked like a "Windows TM" user and complain like a "Windows TM"user.

Why??? Because you are a "Windows TM" user. The give away is icons on the desktop (though I'll give you it's a more efficient setup than Gnome!) :lol:

Switch or go back to your true home :twisted:
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
User avatar
oswaldkelso
 
Posts: 1280
Joined: 2005-07-26 23:20
Location: UK

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 22:10

oswaldkelso wrote:You use Debian like a "Windows TM" user. Get hacked like a "Windows TM" user and complain like a "Windows TM"user.

Why??? Because you are a "Windows TM" user. The give away is icons on the desktop (though I'll give you it's a more efficient setup than Gnome!) :lol:

Switch or go back to your true home :twisted:

Oh yeah, Im afraid i summoned all Organic Portals again, they're coming!!! (be like i tell you and submit yourself or i will create a needed atmosfera noise till you're ready to get then ban; this is how they always operate :twisted: )
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1801
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby LE_746F6D617A7A69 » 2020-10-19 22:16

bester69 wrote:Whats for you an untrusted site to you??..
Just everything besides debian.org...

... are You surprised?

Life is brutal: the only way to be sure that a new version of some program is not containing unwanted code (a code which was not written by the original authors), is to download the code from GitHub and compile it against Your system - this is the only safe alternative to APT, but of course it's not as convenient.

F.e. I'm using Code::Blocks nightly builds - every single day on various systems - the first thing I do before compiling it from sources, is to verify if the changelogs are reflecting the changes in the code...

If You don't want to spend Your time on such things, or when You're not a developer, then the only way left is to use APT.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
LE_746F6D617A7A69
 
Posts: 414
Joined: 2020-05-03 14:16

Re: Did I get my system compromised?

Postby bester69 » 2020-10-19 23:14

LE_746F6D617A7A69 wrote:
bester69 wrote:Whats for you an untrusted site to you??..
Just everything besides debian.org...

... are You surprised?

Life is brutal: the only way to be sure that a new version of some program is not containing unwanted code (a code which was not written by the original authors), is to download the code from GitHub and compile it against Your system - this is the only safe alternative to APT, but of course it's not as convenient.

F.e. I'm using Code::Blocks nightly builds - every single day on various systems - the first thing I do before compiling it from sources, is to verify if the changelogs are reflecting the changes in the code...

If You don't want to spend Your time on such things, or when You're not a developer, then the only way left is to use APT.


ok, man, if we had to think like that, we would go back to window and antivirus.... but yeah, i understand the thing, perhaps linux is vert tricky giving you false sensation of security...

Ive lately seen strange things when using brave and xorg crashes...and I had xorg packages holded to upd1 (for feelings desktop reasons).. so i went in panic mode.. I upgrated all xorg holded packages to last securit updates and I also updated brave to last version.. I have the bad habbit to hold apps and packages when they performance very smooth.. but when time they become secuiry holes i guess.. I was using same brave version since one or two years, so perhaps addons were hijacked..or someone knows my system and how to access throught those holes, so I upgrated brave.. i also changed user password.. dont know if i shoud also update root password...if i see again a strange thing I will enable PTI isolation to close spectre access and modify root password..
I could also restore system with a cloud backup from six or eight months ago..that would be better than reistall, my installation is very customiza and takes many hours to put it as I always have it.. it takes me around two days to have perfect my installation since zero..

One question, If i disable SSH acces, they cant do anything right?. :?: .I meant, they cant login to bash unless they install a troyan client :?:
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1801
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby LE_746F6D617A7A69 » 2020-10-19 23:40

bester69 wrote:One question, If i disable SSH acces, they cant do anything right?. :?: .I meant, they cant login to bash unless they install a troyan client
"They" can log-in using Your Brave browser :lol:
But of course it's impossible, because You have the "latest version" right?
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
LE_746F6D617A7A69
 
Posts: 414
Joined: 2020-05-03 14:16

Re: Did I get my system compromised?

Postby bester69 » 2020-10-20 00:26

LE_746F6D617A7A69 wrote:
bester69 wrote:One question, If i disable SSH acces, they cant do anything right?. :?: .I meant, they cant login to bash unless they install a troyan client
"They" can log-in using Your Brave browser :lol:
But of course it's impossible, because You have the "latest version" right?

yep,
- last chromium and javascript engine,
- also have gufw firewalled enabled
- purged brave home,
- udated Xorg packages that were holded from ages
- changed user password
- disabled root user access to ssh
- passed chrootkit, rkhunter and lynis (ok, no troyans or rootkits detected)

perhaps the culpier was brave and not discord.. what i dont get is who the hell is tracking and listen my computer and what is he seeking for.. i dont get it. :?

if i detect anything strange again, I will have to add:
- updating kernel
- enable TPI isolation for Spectre
- change root password
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1801
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby stevepusser » 2020-10-20 02:57

Sigh...your 4.4 kernel hasn't been updated since 2016

Code: Select all
Kernel is Linux 4.4.39-040439-generic #201612151346 SMP Thu Dec 15 18:48:20 UTC 2016 x86_64


Isn't it obvious why the checker keeps giving you a failing grade?

Older apps also weren't built with retpoline compilers, either. :roll:
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12131
Joined: 2009-10-06 05:53

Re: Did I get my system compromised?

Postby bester69 » 2020-10-20 21:43

stevepusser wrote:Sigh...your 4.4 kernel hasn't been updated since 2016

Code: Select all
Kernel is Linux 4.4.39-040439-generic #201612151346 SMP Thu Dec 15 18:48:20 UTC 2016 x86_64


Isn't it obvious why the checker keeps giving you a failing grade?

Older apps also weren't built with retpoline compilers, either. :roll:

- I had to go back to old brave Chromium: 80.X (2020/02)..
But I think I wil be able to live with tpi isolation, the important to me was the browser, I usually open 30 tabs and need them be as smooth as possible to work with them..

Updated Kernel 4.4.238 and enables Isolation for Spectre.. microde stopped in 2010 for my CPU so it doesnt matter to updated.. with theses measure I closed five or six holes, still remain the ones that need last microcode and others modern cpus's features..

here, the test.:
Spectre and Meltdown mitigation detection tool v0.43
Kernel is Linux 4.4.238-0404238-generic #202010010635 SMP Thu Oct 1 10:38:44 UTC 2020 x86_64
CPU is Genuine Intel(R) CPU 575 @ 2.00GHz
Code: Select all
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability:  NO
  * L1 data cache invalidation
    * FLUSH_CMD MSR is available:  NO
    * CPU indicates L1D flush capability:  NO
  * Microarchitectural Data Sampling
    * VERW instruction is available:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO):  NO
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO
  * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO
  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO
  * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO):  NO
  * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO):  NO
  * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO):  NO
  * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR):  NO
  * CPU supports Transactional Synchronization Extensions (TSX):  NO
  * CPU supports Software Guard Extensions (SGX):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 0xf family 0x6 stepping 0xd ucode 0xa4 cpuid 0x6fd)
  * CPU microcode is the latest known available version:  YES  (latest version is 0xa4 dated 2010/10/02 according to builtin firmwares DB v130.20191104+i20191027)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES
  * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES
  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES
  * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES
  * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES
  * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES
  * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  YES
  * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  YES
  * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  YES
  * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  YES
  * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)):  NO
  * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)):  YES

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface:  YES  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
* Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO
* Kernel has mask_nospec64 (arm64):  NO
> STATUS:  NOT VULNERABLE  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, STIBP: disabled, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES
    * IBRS enabled and active:  NO
  * Kernel is compiled with IBPB support:  YES
    * IBPB enabled and active:  NO
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  YES
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Full retpoline is mitigating the vulnerability)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI):  YES
  * PTI enabled and active:  YES
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  NO
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface:  NO  (Vulnerable)
* Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
* SSB mitigation is enabled and active:  NO
> STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability:  N/A
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTE Inversion)
* Kernel supports PTE inversion:  NO
* PTE inversion enabled and active:  YES
> STATUS:  NOT VULNERABLE  (Mitigation: PTE Inversion)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion
* This system is a host running a hypervisor:  NO
* Mitigation 1 (KVM)
  * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
* Mitigation 2
  * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
  * L1D flush enabled:  UNKNOWN  (unrecognized mode)
  * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
  * Hyper-Threading (SMT) is enabled:  NO
> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  YES
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  YES
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  YES
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  YES
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* TAA mitigation is supported by kernel:  YES  (found tsx_async_abort in kernel image)
* TAA mitigation enabled and active:  NO
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
* Mitigated according to the /sys interface:  UNKNOWN  (Processor vulnerable)
* This system is a host running a hypervisor:  NO
* iTLB Multihit mitigation is supported by kernel:  YES  (found itlb_multihit in kernel image)
* iTLB Multihit mitigation enabled and active:  NO
> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO CVE-2019-11135:OK CVE-2018-12207:OK


the VULNERABLES ONES, all of them needs a microcode that my cpus seems not be able to operate.
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1801
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby sickpig » 2020-10-21 06:52

bester69 wrote:- I had to go back to old brave Chromium: 80.X (2020/02)..


Image
You know you want it
User avatar
sickpig
 
Posts: 589
Joined: 2019-01-23 10:34

Re: Did I get my system compromised?

Postby bester69 » 2020-10-21 14:02

sickpig wrote:
bester69 wrote:- I had to go back to old brave Chromium: 80.X (2020/02)..


Image
You know you want it

dude, if I cant use propertly the browser, then I throught out the computer.... from time to time i will rsync --delete against a recentlly installation the home browser in order to purge it.., perhaps i will try firejail if is see again something strange... that specific brave version I dont want to update work like a charm...
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1801
Joined: 2015-04-02 13:15

Re: Did I get my system compromised?

Postby Head_on_a_Stick » 2020-10-22 15:46

bester69 wrote:microde stopped in 2010 for my CPU so it doesnt matter to updated

Ah, okay, my apologies — it's Intel who are ****ing stupid.

And btw the 4.4 LTS kernel branch is now up to 4.4.240 so you're still behind.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12756
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Did I get my system compromised?

Postby esp7 » 2020-10-23 21:39

oswaldkelso wrote:I would suggest you go through this thread and eliminate all the "apps" with no source code before you start blaming "Linux" for being insecure.

viewtopic.php?f=3&t=124280


:mrgreen:
ThinkPad X220: i5-2520M CPU 2.5GHz - 8GB RAM 1333 MHz - SSD 860 EVO 250GB - Debian Stable - ME_cleaned
ThinkPad X230: i5-3320M CPU 3.3GHz - 8GB RAM 1600 MHz - SSD 860 EVO 500GB - Debian Stable - ME_cleaned
User avatar
esp7
 
Posts: 166
Joined: 2013-06-23 20:31

Previous

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable