Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Did I get my system compromised?

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Did I get my system compromised?

#21 Post by bester69 »

LE_746F6D617A7A69 wrote:
bester69 wrote:Whats for you an untrusted site to you??..
Just everything besides debian.org...

... are You surprised?

Life is brutal: the only way to be sure that a new version of some program is not containing unwanted code (a code which was not written by the original authors), is to download the code from GitHub and compile it against Your system - this is the only safe alternative to APT, but of course it's not as convenient.

F.e. I'm using Code::Blocks nightly builds - every single day on various systems - the first thing I do before compiling it from sources, is to verify if the changelogs are reflecting the changes in the code...

If You don't want to spend Your time on such things, or when You're not a developer, then the only way left is to use APT.
ok, man, if we had to think like that, we would go back to window and antivirus.... but yeah, i understand the thing, perhaps linux is vert tricky giving you false sensation of security...

Ive lately seen strange things when using brave and xorg crashes...and I had xorg packages holded to upd1 (for feelings desktop reasons).. so i went in panic mode.. I upgrated all xorg holded packages to last securit updates and I also updated brave to last version.. I have the bad habbit to hold apps and packages when they performance very smooth.. but when time they become secuiry holes i guess.. I was using same brave version since one or two years, so perhaps addons were hijacked..or someone knows my system and how to access throught those holes, so I upgrated brave.. i also changed user password.. dont know if i shoud also update root password...if i see again a strange thing I will enable PTI isolation to close spectre access and modify root password..
I could also restore system with a cloud backup from six or eight months ago..that would be better than reistall, my installation is very customiza and takes many hours to put it as I always have it.. it takes me around two days to have perfect my installation since zero..

One question, If i disable SSH acces, they cant do anything right?. :?: .I meant, they cant login to bash unless they install a troyan client :?:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Did I get my system compromised?

#22 Post by LE_746F6D617A7A69 »

bester69 wrote:One question, If i disable SSH acces, they cant do anything right?. :?: .I meant, they cant login to bash unless they install a troyan client
"They" can log-in using Your Brave browser :lol:
But of course it's impossible, because You have the "latest version" right?
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Did I get my system compromised?

#23 Post by bester69 »

LE_746F6D617A7A69 wrote:
bester69 wrote:One question, If i disable SSH acces, they cant do anything right?. :?: .I meant, they cant login to bash unless they install a troyan client
"They" can log-in using Your Brave browser :lol:
But of course it's impossible, because You have the "latest version" right?
yep,
- last chromium and javascript engine,
- also have gufw firewalled enabled
- purged brave home,
- udated Xorg packages that were holded from ages
- changed user password
- disabled root user access to ssh
- passed chrootkit, rkhunter and lynis (ok, no troyans or rootkits detected)

perhaps the culpier was brave and not discord.. what i dont get is who the hell is tracking and listen my computer and what is he seeking for.. i dont get it. :?

if i detect anything strange again, I will have to add:
- updating kernel
- enable TPI isolation for Spectre
- change root password
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Did I get my system compromised?

#24 Post by stevepusser »

Sigh...your 4.4 kernel hasn't been updated since 2016

Code: Select all

Kernel is Linux 4.4.39-040439-generic #201612151346 SMP Thu Dec 15 18:48:20 UTC 2016 x86_64
Isn't it obvious why the checker keeps giving you a failing grade?

Older apps also weren't built with retpoline compilers, either. :roll:
MX Linux packager and developer

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Did I get my system compromised?

#25 Post by bester69 »

stevepusser wrote:Sigh...your 4.4 kernel hasn't been updated since 2016

Code: Select all

Kernel is Linux 4.4.39-040439-generic #201612151346 SMP Thu Dec 15 18:48:20 UTC 2016 x86_64
Isn't it obvious why the checker keeps giving you a failing grade?

Older apps also weren't built with retpoline compilers, either. :roll:
- I had to go back to old brave Chromium: 80.X (2020/02)..
But I think I wil be able to live with tpi isolation, the important to me was the browser, I usually open 30 tabs and need them be as smooth as possible to work with them..

Updated Kernel 4.4.238 and enables Isolation for Spectre.. microde stopped in 2010 for my CPU so it doesnt matter to updated.. with theses measure I closed five or six holes, still remain the ones that need last microcode and others modern cpus's features..

here, the test.:
Spectre and Meltdown mitigation detection tool v0.43
Kernel is Linux 4.4.238-0404238-generic #202010010635 SMP Thu Oct 1 10:38:44 UTC 2020 x86_64
CPU is Genuine Intel(R) CPU 575 @ 2.00GHz

Code: Select all

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability:  NO 
  * L1 data cache invalidation
    * FLUSH_CMD MSR is available:  NO 
    * CPU indicates L1D flush capability:  NO 
  * Microarchitectural Data Sampling
    * VERW instruction is available:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO):  NO 
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
  * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO 
  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO 
  * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO):  NO 
  * CPU explicitly indicates not being vulnerable to TSX Asynchronous Abort (TAA_NO):  NO 
  * CPU explicitly indicates not being vulnerable to iTLB Multihit (PSCHANGE_MSC_NO):  NO 
  * CPU explicitly indicates having MSR for TSX control (TSX_CTRL_MSR):  NO 
  * CPU supports Transactional Synchronization Extensions (TSX):  NO 
  * CPU supports Software Guard Extensions (SGX):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 0xf family 0x6 stepping 0xd ucode 0xa4 cpuid 0x6fd)
  * CPU microcode is the latest known available version:  YES  (latest version is 0xa4 dated 2010/10/02 according to builtin firmwares DB v130.20191104+i20191027)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
  * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES 
  * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES 
  * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
  * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO 
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES 
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES 
  * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  YES 
  * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  YES 
  * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  YES 
  * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  YES 
  * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)):  NO 
  * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)):  YES 

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface:  YES  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
* Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Kernel has mask_nospec64 (arm64):  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, STIBP: disabled, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES 
    * IBRS enabled and active:  NO 
  * Kernel is compiled with IBPB support:  YES 
    * IBPB enabled and active:  NO 
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO 
  * Kernel compiled with retpoline option:  YES 
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Full retpoline is mitigating the vulnerability)
IBPB is considered as a good addition to retpoline for Variant 2 mitigation, but your CPU microcode doesn't support it

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI):  YES 
  * PTI enabled and active:  YES 
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  NO 
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface:  NO  (Vulnerable)
* Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
* SSB mitigation is enabled and active:  NO 
> STATUS:  VULNERABLE  (Your CPU doesn't support SSBD)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability:  N/A 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTE Inversion)
* Kernel supports PTE inversion:  NO 
* PTE inversion enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: PTE Inversion)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion
* This system is a host running a hypervisor:  NO 
* Mitigation 1 (KVM)
  * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
* Mitigation 2
  * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
  * L1D flush enabled:  UNKNOWN  (unrecognized mode)
  * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
  * Hyper-Threading (SMT) is enabled:  NO 
> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  YES 
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  YES 
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  YES 
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface:  NO  (Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO 
* SMT is either mitigated or disabled:  YES 
> STATUS:  VULNERABLE  (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)

CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* TAA mitigation is supported by kernel:  YES  (found tsx_async_abort in kernel image)
* TAA mitigation enabled and active:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
* Mitigated according to the /sys interface:  UNKNOWN  (Processor vulnerable)
* This system is a host running a hypervisor:  NO 
* iTLB Multihit mitigation is supported by kernel:  YES  (found itlb_multihit in kernel image)
* iTLB Multihit mitigation enabled and active:  NO 
> STATUS:  NOT VULNERABLE  (this system is not running a hypervisor)

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:KO CVE-2018-3639:KO CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:KO CVE-2018-12130:KO CVE-2018-12127:KO CVE-2019-11091:KO CVE-2019-11135:OK CVE-2018-12207:OK
the VULNERABLES ONES, all of them needs a microcode that my cpus seems not be able to operate.
> STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this vulnerability)
> STATUS: VULNERABLE (Your CPU doesn't support SSBD)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
> STATUS: VULNERABLE (Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability)
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Did I get my system compromised?

#26 Post by sickpig »

bester69 wrote:- I had to go back to old brave Chromium: 80.X (2020/02)..
Image
You know you want it

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Did I get my system compromised?

#27 Post by bester69 »

sickpig wrote:
bester69 wrote:- I had to go back to old brave Chromium: 80.X (2020/02)..
Image
You know you want it
dude, if I cant use propertly the browser, then I throught out the computer.... from time to time i will rsync --delete against a recentlly installation the home browser in order to purge it.., perhaps i will try firejail if is see again something strange... that specific brave version I dont want to update work like a charm...
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Did I get my system compromised?

#28 Post by Head_on_a_Stick »

bester69 wrote:microde stopped in 2010 for my CPU so it doesnt matter to updated
Ah, okay, my apologies — it's Intel who are ****ing stupid.

And btw the 4.4 LTS kernel branch is now up to 4.4.240 so you're still behind.
deadbang

User avatar
esp7
Posts: 177
Joined: 2013-06-23 20:31
Has thanked: 2 times
Been thanked: 4 times

Re: Did I get my system compromised?

#29 Post by esp7 »

oswaldkelso wrote:I would suggest you go through this thread and eliminate all the "apps" with no source code before you start blaming "Linux" for being insecure.

http://forums.debian.net/viewtopic.php?f=3&t=124280
:mrgreen:
ThinkPad X220: i5-2520M CPU 2.5GHz - 8GB RAM 1333 MHz - SSD 860 EVO 250GB - Debian - ME_cleaned
ThinkPad X230: i5-3320M CPU 3.3GHz - 8GB RAM 1600 MHz - SSD 860 EVO 500GB - Debian - ME_cleaned

Post Reply