Gentoo fag gets ransomware'd
Other urls found in this thread:
forums.gentoo.org
bugs.archlinux.org
twitter.com
That's... actually a bit worrying. Nobody there seems to know how he got it, probably not through root firefox.
Lol, if some shitty code monkey in Russia can compromise your system, you think government intelligence agencies can't?
First learn to read nigger
Suspicions are on ADOBE software a non-free program.
Second you can use the most sophisticated software if you don't configure it correctly it's nothing.
Learn to use your tools.
he ran firefox as root
you dont know how retarded that is though because you dont know literally anything or why that would fuck your ass on any system
I was just about to post this.
Faster than me ^^
to be fair I had already read the thread like a week ago lol
at fist I thought it was an april fools joke jesus christ
how
Porn animation flash games. That's why.
porn is truly poison
why do you need root permissions to play porn animation flash games?
he thought he was the one using the backdoor
**ba dum tss*
because you need to be retarded to want to play them in the first place
yeah
Because he wanted to get pozzed? This guy is a bug chaser, duh. Do you seriously believe a Gentoo user did this on purpose? No, it only shows that weirdos who install Gentoo have a higher tendency to be degenerate perverts who secretly want their system penetrated and pozzed.
Why do these people exist?
Maybe they had an issue with the browser and wanted to get to the root of the problem.
...
Running browsers as root isn't the cause here, it's just another symptom.
Carlos!
doesn't sound smart, i don't think any jobless neet will bother paying to have their anim porn folder decrypted.
Or the guy made it up. He's probably mentally ill and made it up for attention.
Gentoo gets a lot of those for some reason.
Textbook example this nutcase, who unfortunately has metastasized on other people's mailing lists now: forums.gentoo.org
mental problem seem to be common among people who don't leave their home.
For what purpose?
user/privilege separation doesn't matter much on desktop linux. A full system compromise from firefox would be easy, even if he wasn't running it as root.
maybe its that not leaving your home is common among people weith mental problems
Gentoo was used for a lot of servers for big corporations at one point. I heard NASCAR used it.
explain?
All of the servers from my parents' company run gentoo. But I'm not sure we can call it a big company.
It probably works on most Linux distributions and isn't limited to Gentoo.
You gotta love the troopers on the Gentoo forums. Someone comes in with this half-baked crazy shit and the guys who are there night and day don't just laugh them out of the park. They actually take the time to address the problems and tell the OPs what they need to do.
all my stuff is in my home dir and malicious code doesn't need root privileges in order to access them
so what's the difference if you as a regular desktop user run firefox as root or not, you're fucked anyway, right?
in light of this event, I started running firefox in a firejail sandbox and installed noscript (I already use https everywhere and ublock)
what else can be done to improve security?
also, should I enable user namespaces in the kernel to use with firejail or not?
it should provide supplementary sandboxing, but enabling user namespaces was insecure in itself and that's why it's disabled in the stock arch kernel
bugs.archlinux.org
Self-destructing cookies is nice.
can I whitelist which cookies not to destroy?
nvm I just found out
how big of a security threat are cookies anyway?
if the browser is compromised, can they be copied and used to gain access to some of your accounts from a different machine?
Cookies could be copied, but they would only work for as long as the session is alive. Also, browsers prevent cross domain cookie access. It would be a pretty significant exploit if anyone found a way to circumvent it.
use µmatrix you pleb
Root privileges just lets you fuck around with some files owned by root (typically important stuff). It opens the window for more fuckery but one doesn't really need root to get ransomware into the system.
not as much as the personal files on in a users home directory
Man, reading about security is getting to me, where literal magic shit is happening in my dreams. I dreamt that a commercial played on the TV as I was working and suddenly my shit displayed a blue octopus with a blue background and a fake search engine called "Deep Blue". It had a lot of Scandinavian-looking text and badly translated English. When you tried to do anything, it would go back to the browser and the tentacles would slowly spin on your screen. I tried to see if it was just a browser thing, kind of like old add-on malware, but it seemed to extend to every connection. I tried w3m, and same thing, but in text mode. It just kept saying "Oops, looks like you've been taken hostage." And then it gave me the key to unlock my shit again, but it said that it's okay because they don't want my money. They just wanted to gather data. It was probably the worst nightmare I've ever had. Nothing worked. No CLI, even the TTY terminals could not be switched to, and when I tried rebooting, my passphrase prompt was the same, as it seemed to have edited /boot. I don't know what it may have wanted in my dream, but it propagated with a simple sound or image. A friend of mine later in that dream told me that he sat down with a can of coke and his laptop camera somehow picked it up on Windows and same shit happened.
Honestly, I know that shit doesn't really happen, at least outside of a lab, but that was seriously terrifying. Well-built ransomware is terrifying.
Addendum: It was honestly a bit scarier when I woke up because I remembered that Deep Blue was that computer that beat Kasparov, but also because it was a powerless experience to a computer. It's like a computer program was telling you that you're its bitch and that even though it just fucked you, that you're lucky and should be thankful for the graciousness of it. Fuck, man. For me that's like rape of the mind.
malware prophet
thanks for the nightmares, user
Just start pulling memory chips out when your 'puter tells you it won't open the pod bay doors.
This is seriously some good material to write a short sci-realism novel about the current state of data collection and digital control.
It probably wasn't from him running Firefox as root, but if he's doing that, think about whatever other retarded shit he's doing.
Probably somebody that blindly stumbled their way through the install and somehow came out with a working system on the other end, but otherwise had 0 Linux or Unix experience. There's literally nobody who knows anything useful about Unix who doesn't know not to run a fucking web browser as root.
It's like asking "why on earth would someone want to be anally gangbanged by people from that bar on the corner when it is well known that people with AIDS frequent there?"
He wanted to get pozzed, he's a bug chaser, there's nothing more to it. This is by far the most reasonable explanation. I mean, do you seriously believe that someone capable of installing Gentoo doesn't know what they are doing?
installing Gentoo is easy as piss, there's literally a step-by-step command-by-command guide
Yes.
So some retard did something retarded and this is news worthy? Are you a shill trying to get everyone off gentoo?
it is, because some other "retards" like me thought that GNU/Linux was safe from ransomware and I didn't even bother to have noscritp installed while browsing shady websites
now I'm aware that there is real danger for GNU/Linux users
from add-on page:
not for long..
is executing firefox under a different account in firejail secure enough?
What is your threat model?
Just keeping firefox up to date is "secure enough"
if you're being targeted by a nation state with a budget, seccomp filtering and namespaces won't help much. (your not)
How do you know I'm not?
Then what are you doing on the Internet you fucking retard? Do you want to get penetrated by hundreds of CIA niggers?
The dumb nigger asked for it.
But user, if I wanted to stand out and be an easy target I'd not use the internet :^)
Good point. Al-Qaeda were able to perform their magnum opus precisely because their members used the banality of American life as a camouflage.
However if you already are targeted then you will far more likely get hunted down while using the Internet. If you're already in hiding then not using it simply means there's nothing to track. Look how long Usama lasted and he was a top target.
It's probably too late for you though, you better start running now.
Alright thanks for the advice.
By the way 9/11 didn't happen.
Of course it didn't, it was transformed into fiction by the media like very other event that didn't happen.
kek
how secure is having user namespaces enabled nowadays though?
they have them disabled in the default Arch kernel config because of some bugs and security issues
bugs.archlinux.org
should I enable them and recompile the kernel or not?
*Unprivileged* user namespaces are bad because they increase kernel attack surface
so should I use them with firejail or not?
Pic related.
/Thread
not an argument
ransomware doesn't need root privileges to encrypt your home directoy where you keep all your fucking stuff anyway
the threat is real no matter how smart you think you are
You're small time, fam.
Randsomware can't defeat a solid backup system. I would treat randsomware exactly as if the HDD failed so I'd enact my backup plan.
This, I've lost count of the number of times... sigh nvm, just see pic-related.
More precisely, like your LUKS header was damaged and you need to reformat and rewrite the disk.
this tbh
privilege escalation isn't needed to fuck desktop users
Don't have any personal or valuable data on anything that is connected to the internet. It's very simple.
You know what is really terrifying? The fact that you identify your whole existence in regards to your computer. Have you tried turning it off and doing some exercise instead or going for a walk (without taking your phone with you)?
Do you really believe this?
Why the fuck would anybody install flash on their system? It's obsolete.
You know what is really naive? The fact that you identify turning off your computer as exiting the matrix. Have you tried thinking about the current state of the world or reading a book (excluding the popular junk)?
Staying at home is an adaptative strategy to deal with the fact that normies are fucking brainwashed idiots. Been that way since the 19th century, with the advent of forced public "schooling" (that which transforms a functional human being into dumb jew cattle).
Normies were pretty much invented in the 19th century when pedagogues, doctors, and psychiatrists imported the statistics' notion of normality into their own fields. But it was only in the 20th century with the birth of the mass media and consumerism that normies lost any will to resist whatsoever and became "the masses". Your real enemy is this latter phenomenon.
Can you clarify your position? You think that people who want to leave the matrix should turn their computers on and keep their spyphones online?
I think we're beyond the point of no return. The matrix is everywhere. To be paranoid is a sane state now. Individual solution are a distraction that don't attack the heart of the problem which is the system itself. But it's the only resistance that as individuals we still have. Anything else is just a spectacle.
Kek'd
This wouldn't have happened if he used Windows 10 with the latest updates.
The security model nowadays is so retarded one wonders if it's not this way by design.