Jump to content

SCAM! SCAM! SCAM!


old man emu

Recommended Posts

COVID regulations have brought about a change to an old joke.

 

An old Irish priest was walking past a New York synagogue when an equally old rabbi came down the synagogue steps to the footpath. As he did he moved his right arm over his body, from head to waist, then shoulder to shoulder.

 

"Ah, Rabbi!", called the priest. "Have you converted to the True Faith in your old age?"

"No," replied the rabbi. "I'm just off to do some shopping and was checking that I had everything"

"But you crossed yourself in the Christian way," said the priest.

"No," explained the rabbi. "I was checking. You know - spectacles, testicles, wallet and watch."

 

 

Nowadays, to go to the shops, it's glasses, mask, mobile and list.

  • Like 1
  • Haha 2
Link to comment
Share on other sites

Guys, I don't know what the issue is with spam.. makes me feel wanted when I see a spam email saying something like "Young horny so and sos just waiting for me..." I am sure she is interested in my personality and my body - nothing to do with cash (and I am even sure she does actually exist!".

 

I wholeheartedly concur with Dax re Linux.. In fact, in my early propeller-head days, I contributed to very early Linux development - on my ol' x286 processor, wrote the some of the IP protocol handling (of the TCP/IP protocol) part of the first ISO compliant network stack for Linux. I did a compatibility layer (abstracted out the general functionality of network cards into a callable library, as we called APIs in those days). I couldn't be bothered reverse engineering device drivers for proprietary network cards who wouldn't release their specifications as Microsoft threatened to withdraw support for them on the Windows platform if they did.

 

There is one correction though.. The source code Linux is built on is probably not much younger than Windows (3.0, IIRC,was a complete overhaul where they dumped DOS as the operating system). However, Linux was developed by a raft of volunteers, mainly later year university students, enthusiasts, masters and PhD students, etc. They were under no commercial pressure and was doing it for the love of it. They were interested in putting out cutting edge stuff, rather than getting a product out to market. And Linus Torvalds, who is obsessed (and can be a right arsehole at times), not only coded in those days, but inspected every line of source code everyone wrote for the kernel. I had a few skirmishes with him during that project (by bulletin board and email), and he won most of them. He is a darned clever bloke with an enormous capacity for work - much like Gates, and Jobs.

 

From day 1, Linux was designed to use every available resource of the machine as efficiently as possible. It was a simultaneous multi-processor O/S, whereas Windows was a co-operative multi-processor O/S from day 1. The difference is, the SMP O/S controls how multiple processes execute, whereas the Co-Operative model relies on each app being nice and giving up the CPU for other apps to use. You can see right there, Windows users are going to have a problem if they run a couple of apps that aren't cooperative.

 

The other thing is Linux was designed from the outset to run on any machine.. from a desktop (devices weren't around in those days) to the biggest mainframes. The idea was one code base for the kernel, and then compile it for each platform. Of course, there had to be code specific to each platform, but then that's where Linux Modules come in.. You can on the fly make a change to a module, which affects the O/S in real time - no need to reboot, like you do in Windows.

 

The other thing is that Linux was (and still is) based on Unix system, which conforms to the POSIX standard of operating systems - which is, as I understand, still updated regularly and defines standards of functionality and design to achieve both high performance, and inter-operability. Windoze doesn't quite hit either of these marks (but, in honesty, I think they do better than Apple these days). I used to laugh in the old days when people would buy a multi-processor desktop with lots of memory and stick Windows on it. Windows could only use one CPU and it used something called segmented memory addressing - meaning it could only directly address something like the first 64K of memory (hangover from DOS?) annd from there, the memory would contain pointers to other parts in memory - so every load of a memory location into the processor-set for operation would have multiple hops. Linux was built to address many hundreds of MB, if not GB of RAM (subject to hardware constraints) from day 1.


Speaking of Apple, I am not sure that the iOS is based on Linus - think it's BSD (there are conflicting reports on the web). BSD - Berkley Systems Development, is another OS, that at least wasn't open source, but was free.. I know apple use it for their desktops (or did) and, like everything, nobble it and make it non-cooperative with the outside world (and charge you a fortune for the privilege - they have to pay for that marketing somehow, I guess).

 

I run Linus on my older hardware, but I am typing from a Windoze box, because a) Wine is slow and give me MS Office of LibreOffice anyday (even though I paid £90 for a legit version of it),  b) It has enough hardware spec to overcome Windoze limitations for what I use, and c) It came with it installed, the BIOS has to be cracked, and I am too lazy to bother.

  • Informative 2
Link to comment
Share on other sites

56 minutes ago, Jerry_Atrick said:

I am typing from a Windoze box, because a) Wine is slow and give me MS Office of LibreOffice anyday (even though I paid £90 for a legit version of it),  b) It has enough hardware spec to overcome Windoze limitations for what I use, and c) It came with it installed, the BIOS has to be cracked, and I am too lazy to bother.

b & c would apply to the majority of us for whom a computer isn't a tool to be used in a career. As worthwhile as it might be to the cognoscenti,  a debate about operating systems leaves most of us floundering through lack of knowledge. We are happy for the Gigabyte Gurus to tweak an OS, but just as long as we can make a quick connection to physical attribute appreciation sites we are happy too.

  • Like 1
  • Agree 2
  • Sad 1
Link to comment
Share on other sites

11 hours ago, Jerry_Atrick said:

which is, as I understand, still updated regularly and defines standards of functionality and design to achieve both high performance, and inter-operability.

The linux kernel is updated regularly, at least once a month and system updates come constantly, which you can choose what or what not to install and it all happens in the back ground. Most linux today are what are called rolling upgrades, when a new fully updated system comes along, it installs in the background you never have to do a new full install, same as all updates, you don't have to stop working during any update. You only have to reboot with kernel and full system upgrades, kernels take about a minute to reboot and full system upgrades take a few minutes..

 

Most people seem to think linux distros are for computer nerds, that's not the case the most popular ones are easier to use than windows, they also come with a large amount of software and you have access to tens of thousands of state of the art free software, covering everything you may need or want. I've helped many people switch to linux, from people much older than me and kids, all my grand kids run linux as they can do anything on it, from very advanced games to CCG and it's all free, plus being extremely private, stable and safe.            

  • Agree 1
Link to comment
Share on other sites

I was referring to the Posix standard (which Linux conformed to), rather than Linux itself. Yes, Linux is updated very regularly, but the "kernel" which is the core of the operating system is the important bit, and the creator, Linus Torvalds, still reviews every line of code in it today as he did - 28 years ago..  This thread rekindled my interest a bit and I went to the Linux kernel developers mailing list (still looks like it was designed in the late 80s/early 90s), and I noticed he has really toned down his emails. This may explain it: https://www.newyorker.com/science/elements/after-years-of-abusive-e-mails-the-creator-of-linux-steps-aside

 

2 hours ago, Dax said:

Most people seem to think linux distros are for computer nerds, that's not the case the most popular ones are easier to use than windows,

It does get that reputation from the old days, but with my Ubuntu desktop, I have to admit, it can still use cleaning up for the average user. Unfortunately, unlike cars, where once you learn to drive, you can pretty well drive most even if you can't find the light switch and accidentally switch on the wipers instead of the indicators, it is often a sufficiently different experience between systems so that people using something they are not familiar with - without the benefit of someone else to show them the ropes - end up giving up and going back to the comfort of their Windows system.

 

 

Anyway, back to the scamming..

Edited by Jerry_Atrick
Link to comment
Share on other sites

16 minutes ago, Jerry_Atrick said:

Is that a Chromebook

Probably not. The school supplied laptops have to look up to see the bottom of the barrel, and any software they run is unique to the laptop OS, or has been designed in-house. Even the software for my grandson's homeschooling that he is using on a PC is not very well designed.

  • Informative 1
  • Sad 1
Link to comment
Share on other sites

10 hours ago, Jerry_Atrick said:

It does get that reputation from the old days, but with my Ubuntu desktop, I have to admit, it can still use cleaning up for the average user. Unfortunately, unlike cars, where once you learn to drive, you can pretty well drive most even if you can't find the light switch and accidentally switch on the wipers instead of the indicators, it is often a sufficiently different experience between systems so that people using something they are not familiar with - without the benefit of someone else to show them the ropes - end up giving up and going back to the comfort of their Windows system.

 

Anyone who knows and runs linux knows a windows user can switch from windows to linux and wouldn't even know the difference, with many distros. There are distros that emulate Windows, without the problems. I have people from round the world visiting me through my entertainment and hospitality business, 99% are windows users and most never heard of linux (no one in the last 18 months). When they go to use one of my computers, I just say it's set up differently to what you're used to, point the mouse at the icons in the bottom panel and it tells you what they are and that's the menu button, click that and it opens up all the software already loaded and you only need one click. That's it and the same when I'm introducing someone to linux, after that they have no problems and some of my guests spend weeks here and never realise they are not using windows. There's one called PC linux and a couple of others, they are almost exactly the same in looks and operation as windows, so it's pain in the arse to use compared to a real linux box.

 

Wine is still available and many use it, I use "play on linux" there are a number of linux windows emulators. If you really want to have to a pure windows experience, you can run it in a virtual box along with as many linux distros you want.

 

These links, will show you what I'm talking about and for those who have never seen a linux system, you may be in for a surprise. Of course there are linux distros that are very complicated and technical, but for the average user it's kids play, so simple it will tell you what you need to know if you want and how to do anything you need. Have a quick look and a bit of a read, if you really want to see what;s around in linux flavours, just type in "distro watch" and take it from there.

https://linuxmint.com/

https://www.ubuntupit.com/best-windows-emulators-for-linux-enthusiasts/

https://www.fossmint.com/linux-distribution-for-windows-users/

https://www.ubuntupit.com/best-linux-emulators-for-windows-system/

https://www.techradar.com/best/best-linux-distros-for-windows-users

 

No scams with linux, just freedom to enjoy the world of computing without intrusion into your enjoyment. The internet is an essentials service now, it should be free of intrusion, that will never happen with proprietary systems, they are there primarily to make more money, so we only get what they want us to have as far as security and privacy is concerned and we keep on paying year after year for nothing really that's yours. Thay's why windows, apple, android users are constantly scammed, have to pay for something that is completely unsafe for their privacy and intrusive, I like to choose what I want to look for, or what comes onto my computer and goes out. That's why I use the best there is and it's free.

Link to comment
Share on other sites

You don't have to convert me to Linux and while many desktop distros have come along that improve the user experience, there are legal reasons why they can't purely emulate Windows around patents and trademarks. In fact, for some of the lower level device driver software, Microsoft (I think successfully) sued to have Linux distros remove support. So no distro is going to infringe going forward - they will sail close to the wind, no doubt. Yes.. the experience is far more user friendly and point and click and much more support out of the box (for example, I am not sure as I haven't done a new distro for a few years, but there used to be a requirement to download and install the multi-media codecs (effectively translators between different formats) in Linux because of intellectual property issues. And the codec writers didn't make it easy to install (and the distros wouldn't or couldn't make it easy, either).

 

Don't get me wrong - I would love the world to go Linux - but while consumers buy systems with it pre-loaded and it does the job, it takes someone to whet their appetite to move. The intrusion of commercial systems on their privacy doesn't seem to outweigh the convenience.

 

Also, as Linux has become more popular on the home front, there have been scams and as Linux becomes more popular, there will continue to be scams: https://www.itworldcanada.com/article/cyber-security-today-warning-for-linux-users-fake-verizon-sba-scams-and-canadian-vets-offered-cyber-training/434530

 

Also, many scams come in as email from sites people visit, so to say you won't get scammed on Linux is not true. That Nigerian uncle or whatever will email you whatever system you use - if you visits the right sites, or use the right mail servers, or because they randomly generate addresses and manage to get hold of you. You can set up your own mailserver and anti-virus/malware/spamming software for free, but who can be bothered doing that - you may as well keep your currently ISP/public system (Google, Yahoo, et al) and you will get the same protection whatever system you use (for email borne scams).

 

Yes - you can get software to do virtually anything you want for free on Linux, without any usage restrictions. But most people can also get absolutely free versions of software to do what they want on Windows, too. While you're no doubt a power user in terms of the software you want and areful with the sites you go to, etc, remember, most people aren't and  use their computers- with all the power they have - as little more than internet browsers, emailers. social media, and streaming - maybe some office-type functions thrown in. While hardware vendors continue to ship with Microsoft as standard (and let's face it, most consumers buy off the likes of Harvey Norman or other larger stores), they will buy hardware that is not optimal for the price they have paid. And that hardware comes with Windows pre-installed out of the factory. So, if the average consumer doesn't care too much about the downsides, but worry about using a familiar system to do the basics, they have little incentive to change. That is where Microsoft was smart even before Windows - and with DOS - which was absolutely rubbish.. get it to the masses.. they will stick with it.

 

 

Edited by Jerry_Atrick
Link to comment
Share on other sites

8 hours ago, Jerry_Atrick said:

I am not sure as I haven't done a new distro for a few years, but there used to be a requirement to download and install the multi-media codecs (effectively translators between different formats) in Linux because of intellectual property issues. And the codec writers didn't make it easy to install (and the distros wouldn't or couldn't make it easy, either).

That was ten years ago, everything in linux is automatic as far as drivers go.

 

8 hours ago, Jerry_Atrick said:

Also, many scams come in as email from sites people visit, so to say you won't get scammed on Linux is not true. That Nigerian uncle or whatever will email you whatever system you use - if you visits the right sites, or use the right mail servers, or because they randomly generate addresses and manage to get hold of you.

Your really don't understand linux at all, getting past the desktop and into the system is almost impossible for a scammer, that's why military, off planet and big business use it. Properly set up, which is how most distros come and except for your iP address, which you can change or mask, no one can get at you. You get millions of scams a day with windows, zero with linux, all you could find was something that was addressed many years ago. Sure you can get free software with windows, but its second rate to commercial software and with linux, you get state of the art that's better than commercial stuff on most occasions. I've used Kali to show people how extremely vulnerable their windows system really is and how they deliberately it seems, they leave so many ports and holes in the system.

 

Originally started playing with it to keep my company safe from attacks and the never ending porn and adverts, that was back in 1998 and there was no GUI. When Ubuntu came out with a GIU, business life suddenly started to get better, but very limited and when GNU cash arrived, we dropped windows with the expensive corel draw and haven't looked back. For a couple of years we had a windows box running for what linux didn't provide business wise, but since 2010, never had to use windows again and we deal with people and business that are fully windows without any problems. What we produce is completely compatible with windows, windows does all in its power to not allow linux to be compatible with windows.

 

If you could scam or intrude into a linux box, it would be spread across the globe, but even if someone successfully finds a hole in linux security, its fixed within a couple of hours. With windows or apple, it's swiss cheese security, constantly opening holes and as one is closed after months, many more open because windows and apple are designed to make money and the best way to make more money, is constantly having to upgrade your zeros protection to  zero- protection. You read every minute of the day on windows and apple of the never ending problems intrusions and system collapses along with hours of upgrading so you can't do a thing. Then you find you're hardware is incompatible and you have to spend more money and the cycle starts over again and goes on.

 

All I'm doing is showing people that care about their security and privacy, there are alternatives for what they are fed, extremely easy to use and free. What they do is their business and right. Like the windows phone, windows will go out the back door in the couple of years, business is starting to wake up to the never ending scam windows is and having to pay thousands each year for the inconvenience they suffer using windows.  Anyway it's pretty irrelevant, most humans are adverse to change of any kind and that's what scammers relay upon.

Link to comment
Share on other sites

I'm a Linux convert from way back. I'm no expert computer enthusiast. Just a user. I got fed up with Windows constantly running long automated system upgrades and urgent security patches.... I got fed up with every new version of Windows requiring me to ditch my computer and buy the latest one... Windoze or Window$, just got too annoying and painfully slow.

 

Just as Win has different flavors (eg: Home, Pro, etc), so does Linux. At first that was daunting. So I downloaded a couple of Linux distros onto USB sticks and tried them out. It wasn't hard. They all seem to work very well, right out of the box. A couple of clicks and they install, either beside Win or totally replacing Win. I'm still using old laptops and desktops that are "too slow to run Windows", but work great on Linux.

Link to comment
Share on other sites

56 minutes ago, Dax said:

Your really don't understand linux at all

Dax, sorry mate... read my earlier post/s.. I was one of the original contributors to its network stack (as well as other kernel features) for Linux.. I hate to say it, although I don't spend much time with it lately as I am no longer in software engineering, I probably have seen a lot more of the current  source code of the kernel and modules that is still in operation that you have.. unless you too have contributed to the kernel or could be bothered downloading the source and reading it.. If you have, respect, but to claim it

 

1 hour ago, Dax said:

is almost impossible for a scammer, that's why military, off planet and big business use it

leads me to think that you probably haven't. BTW, they don't use it solely because of its security features - most competing enterprise operating systems at the time were better and faster. They went to it because it was cheap, stable, and supported by literally an army of volunteers and some paid people. And it took a long time for industry and military to move to it.. at lot longer than now almost extinct rivals because of that very reason. As well, big distro firms (such as Red Hat) contribute $$ to it. Having worked on other operating systems as well, Linux was no more secure, no faster, and no better.. .those other operating systems were sold by corporates and they were expensive. Proprietary flavvours of Unix (of which Linux is effectively one), IBM MVS, Unisys, etc, all were very safe, very efficient and high performing. But all were very expensive in comparison.


Also, if you look at the military, big banks, etc., they often use industrial scale Linux distros for their enterprise servers provided (and modified) by specialist companies like Red Hat (look them up). But certianly in Australia, Europe, Middle East, and the USA/Canada, almost all of these companies deploy Windows to the desktop (no doubt you can find a few that have Linux or Apple... but compare the numbers). I hve not worked for a firm or client that runs Linux on the desktop and I have worked with maybe two clients that went Apple, but only because of the CAD system they were using.  So to claim that these institutions (including the military) use Linux is only at the enterprise server level and not the desktop that we are talking about - in general.

 

Also, in case you missed the point, I was agreeing with you that it is a superior operating system to Windows. But it is not perfect and it is not scam-proof..

 

I also know that Linux has vulnerabilities like any other OS.. here are a few on the core: https://www.cvedetails.com/vulnerability-list/vendor_id-33/Linux.html

 

And here's another malware example, but against enterprise servers. https://www.zdnet.com/article/this-linux-malware-is-hijacking-supercomputers-across-the-globe/. Interestingly, it makes the point that the code is small and recursive - one of the other great features of Linux, very little "bloatware".

 

Yes, out of the box, it is far more secure than Windows. But you missed my point.. there are scams (malware) designed for Linux. I just grabbed one. There aren't as many as Windows because there are probably 3 billion more users of Windows than Linux (at the desktop level I am talking about). In addition, it is likely that most Linux users are going to be advanced and thinking more about security than your average joe. And yes, one could argue that  wuth the plethora of web servers and enterprise servers running Linux, these would be a plum target. They are and they get cracked. Famous recent ones were whatsapp, and mostof the recent data breaches.

 

So, if I am going to write some malware (or ransomware), I am not gong to fart around with Linux users because, like you, they are probably going to be smarter anyway and therefore have harder systems, and b) the laws of numbers means when I am sending out my randomly generated email addresses, chances are I am going to hit a windows desktop rather than a Linux (or Apple) desktop. The scam OME posted is operating system agnostic and it is more than likely a spam filter will protect you from them than your OS, so if you are not using an  email client, chances are your Linux box won't save you, but your ISP or gmail/yahoo/outlook.com mail filters may.

 

 

  • Informative 2
Link to comment
Share on other sites

4 hours ago, Jerry_Atrick said:

I also know that Linux has vulnerabilities like any other OS.. here are a few on the core: https://www.cvedetails.com/vulnerability-list/vendor_id-33/Linux.html

Not going to argue with you, those in your link have all been fixed within a day or two of being found, most are many years old and caused no problems as it says, windows has constant ongoing problems every minute of the day. Of course all OS have vulnerability problems and that's natural when writing code as everyone makes mistakes or can miss a glitch, the big difference is with windows they can stay in the system for months or years before Redmond decides to do something about it. With linux, they are mostly found within a few days of release and fixed within a couple of days. That's state of the art, not bloated last century coded junk that will take hours to do the smallest of updates and even then, you've got about 50% chance of it breaking or stuffing something up.

 

Companies are not taking up linux because it's cheap, business, science and military want secure systems, so they are taking it up because it's extremely secure, very stable, easy to use and they can customise it to their hearts content. When you have more than 600 flavours of linux to choose from, you have variety.

 

Yes mac/iOS is built on BSD, which is a unix system, same as linux and google didn't use windows code, instead building android with linux code, which now has around 95% of phones and you can customise it as well. When you add, all computing situations, outside the Win desktop, is all linux. Not because it's cheap, but because it works and can be defined in operation any way you want. Why don't NASA, or aircraft manufactures use windows for all their systems, because linux is light years ahead in state of the art, reliability, security and ease of use.

 

Then we have containers and sandboxes, VM's and loads of other security measures you may get in windows if you pay for them and if you want to really go for it, Kali and other similar distros, cover all the bases with intrusion testing and many other security platforms. People get spammed, scammed and constantly bombarded with advertising because windows relies upon being swiss cheese security. They sell your data to advertisers and use it against you, cant call that state of the art, but primitive and typical of their approach since the inception of windows and will never change. They make so much money out of all the failed anti virus and security junk you have to pay for, that doesn't do the job at all. 

 

By the way, I'm no techie or high end user, just a normal user, my youngest daughter is the computer genius, who now runs my company and uses linux exclusively. Asked her about Kobalos and she says there are a number of way so stop it's entry and close the back doors, she assured me they had done that months ago.

Edited by Dax
Link to comment
Share on other sites

10 minutes ago, Yenn said:

As someone who knows stuff all about computers, what do we need to do to get a Linux system up and running with our existing Windows clad computer?

Download a flavour of linux, I recommend mint for those starting out in linux as it's really easy to use and one of the most popular for newbies. Put it on a USB stick, shut down your computer and then start it from the USB, It will load and you can check it out without installing it. If you want to install it, you can do that from the live session you've been checking out and it will tell you what to do, select install beside windows and then let it do it's thing. When it's done you can continue with the live session, or reboot and up will come a choice of windows or linux.

 

If you load linux first then windows will remove linux during it's installation. Most people who install linux, spend time switching between system until they become familiar with linux and set up the linux software they like using. In the end they realise they no longer go to windows and delete it, which is easy to do and there are tutorials for everything you want to use, from beginners to high end stuff like Blender, inkscape etc, if you're into multi media. You can also run linux in virtual box, to see how it goes and lots of people who don't want to dual boot run linux or windows in a virtaul box, which has no effect on your current system. I've had lots of distros in VB, trying them out and then disposing of them or using them in my systems.

 

If you have an old computer, you can try out linux on that, just have use a 32 bit linux and not 64 bit and there are many of  both.

  • Agree 1
Link to comment
Share on other sites

8 hours ago, Dax said:

Not going to argue with you, those in your link have all been fixed within a day or two of being found, most are many years old and caused no problems as it says,

You'll find most of Windows listed vulnerabilities are very old as well, and they are normally fixed and patched and distributed to their user base in a few days (Linux now provides for auto updates as well, but do get fixes distributed to, or more accurately, adopted by the Linux user base typically takes much longer than a few days). These vulnerabilities have the capability to cause problems, but as I mention, not as many scammers, by a massive margin, are interested in  it. Also, I would dispute that claim, anyway, because one of the problems with Linux is that crackers are usually very adept at hiding their tracks - intrusion detection on Linux is very difficult to to.. If you think about it... most of the data breaches are not found because intrusion detection, but because the data has been "Pwned" and found on the dark web: https://haveibeenpwned.com/ Almost all of these cracks are from Linux enterprise servers and with the best freeware and proprietary systems, the companies had no idea they were breached. So, that claim is, well, useless.

 

 

Note, Electronic Arts had its source code stolen and put on the dark web.. so you can't blame the database service for that breach: https://www.packetlabs.net/stolen-source-code/.

 

This highlights the real issue with most enterprise breaches today - they are not the servers or the desktops themselves - sad to say, but even Windows has a reasonably secure system.. but people, usually through malice or social engineering. Read ISO 27001 for best practice re cybersecurity, and it features heavily.

 

Also, in some ways, it is not the time to fix the vulnerability - it is the time to distribute and get it adopted - in fact scammers often don't know about a vulnerability until it is published and race to get their malware out to take advantage before widespread adoption. Time to fix does not = time to adopt.. This may make some sobering reading: https://www.zdnet.com/article/average-time-to-fix-critical-cybersecurity-vulnerabilities-is-205-days-report/

 

The other important factor is the time from a vulnerability's release to it being found, because scammers and crackers are unlikely to publish then when they find the. Here's a doozy that ran for 10 years before being found earlier this year (I wasn't hunting for it, this thread rekindled an interest so I went to Linux Magazine to check out the latest of what has been happening): https://www.linux-magazine.com/Online/News/Decade-Old-Sudo-Flaw-Discovered/(tagID)/154

 

To exploit this is pretty easy. Use user account craking tools available in Kali-Linus. Secure shell into the box, and launch a heap overflow attack (probably comes with Kali-Linux, as well). You now have full control of the machine. 10 years it took to find. My guess is this has been known for some time amongst the cracking world and probably explains some high profile breaches.

 

8 hours ago, Dax said:

windows has constant ongoing problems every minute of the day.

If we are going to have a rational conversation, let's dispense with the evangelical religious BS, eh? Or provide evidence.. I use Windows every day professionally and personally.  I would say the vast majority of users on here use it.. II you are referring to the collective of billions of users every day for many hours, then yes, between that many, you are going to get issues every minute depending on what people are doing and how they have configured windows. In my case, on Windows Home, I run some heavy lifting analysis software.. and I have not had a problem. Yes, they run slower than they would on Linux, but the blue screen of death as it was called hasn't been seen for a long time. I also run a box with CentOS on it (CentOS is a server flavour of Linux designed for scientific applications). It was a pain to get going on my hardware (about 2 years ago), and it has had to be rebooted a couple of times. I am not saying it is worse than Windows.. it runs heavier duty stuff and is left on all the time, so operating systems bugs (such as queues filling up) are more likely to be come across - whereas my WIndows (Home) box is generally shut down every night unless I am running a long analytics job.

8 hours ago, Dax said:

Of course all OS have vulnerability problems and that's natural when writing code as everyone makes mistakes or can miss a glitch

I will take that as an admission it is not impenetrable, or in other words:

14 hours ago, Dax said:

getting past the desktop and into the system is almost impossible for a scammer,

really means it is difficult (as it is with Windows these days, but not as difficult as Linux), but not nearly impossible, as these vulnerabilities do make it somewhat very possible.

 

8 hours ago, Dax said:

the big difference is with windows they can stay in the system for months or years before Redmond decides to do something about it.

This is clearly BS of the highest order. There have been times where Microsoft have taken time to patch the vulnerability because it occurs in the bowels of what may look like spaghetti code and they are complex fixes. And Linux (or Linux platform products) have also had times where the fix took a while because of complexity. I haven't seen Windows code, so I am only speculating, but given the people who work for Microsoft are employees so come to work to draw a salary of what they do, I am guessing they aren't as rigorous with code quality control as Linus is over Linux kernel stuff anyway, so I am guessing the code base is messier and not as consistent or modular (to use older vernacular of programming). So, in general, it will be quicker to turn around. Remember, Linux us Linus' baby; Windows is Bill Gates' baby and he stopped coding and having quality control over it years ago.

 

Microsoft look at their vulnerabilities in quick time.. They have in the distant past (I would say up to about 2002, which was when they entered the enterprise software market. But, hey, when I said one used to (not currently have to) download codecs for Linux, you went on the warpath of how that was 10 years ago and should not be considered today (even though mine was 3 or 4 years ago).

 

Today, especially, they turn them around as fast as possible, because virtually all the world's enterprises run Windows desktops (I haven't thoroughly researched, but at least I will put some evidence in to back up my claim: "By most accounts, Windows runs on roughly 90 percent of PCs worldwide, with desktop Linux usage accounting for a very low single digit percentage of usage and MacOS making up the rest. In developed markets like the US, the Mac percentage is considerably higher, at around 20 percent. But corporate usage, with the exception of some companies like IBM, is almost all Windows. For most people, Windows is the default choice.": https://www.zdnet.com/article/windows-mac-or-linux-we-compare-the-pros-and-cons-of-these-computing-platforms/. It's not scientific, and the article goes on to day that by choice is a big feature of Windows, which I disagree with.. .so let's trim the number of windows desktop users to 75%.

 

For enterprise users, if vulnerabilities (to scamming) became an issue, they would likely be very concerned about keeping Windows.. And they may look at Linux desktops. And this would cause a hugh risk to Microsoft's most profitable business line - enterprise software. The big selling point of their enterprise software is the tight integration with desktop productivity products, such as MS Office (Word, Outlook, Access, Excel, PowerPoint), Visio, Project, SharePoint, and the like (although SharePoint is technically a server product). This means, corporate users can create those presentations very quickly by getting data from Microsoft Dynamics (their ERP and CRM systems), SQL Server, and a plethora of other places to create those eye catching and compelling sales pitches, marketing pitches or internal management pitches seamlessly. If people move off the desktop, the compelling reason to buy enterprise and Software as a Service (SaaS) products from Microsoft becomes very much less compelling.. and they lose..

 

Also, those annoying updates (which can be switched off) are there to make sure you get your security patches ASAP.. not to protect you but to limit damage from the oft well publicised Microsoft vulnerabilities to protect their reputation. Linux vulnerabilities are publicised amongst the Linux community only.. As the usage base (for consumers) is apparently in the single digits of percentage, that ain't going to sell newspapers or attract viewers.. and we know media is not about community service announcements.

 

So, yes, over a decade ago, they were tardy, but they have cleaned up their app and now they try and get the distribution (or adoption rate) fast, and everyone complains about automated updates. . Today, you may be conflating Microsoft with Apple (but even Apple today take it seriously enough). @nomadpete, please ensure your Linux box is updated regularly.

 

Note, the issue today is not how fast Microsoft or Linux can get their patches out, but how fast they are adopted by the enterprise. Home users can turn off the auto updates (it's easy - set your network settings for your adapter to be metred (or metered I guess as it will be US spelling) and Windows will not auto update. But I would not recommend this.

 

8 hours ago, Dax said:

Companies are not taking up linux because it's cheap, business, science and military want secure systems, so they are taking it up because it's extremely secure, very stable, easy to use and they can customise it to their hearts content. When you have more than 600 flavours of linux to choose from, you have variety.

If I build a flat pack home, or one from scratch, or as in my case, managed a couple of gut-and refurbs, and continue with some heavy-duty DIY, I would not suggest I was an expert in the building industry even though I learned a lot about it. With due respect, because you're a power user and have done some administration of Linux does not make you an expert on the IT industry.  Since we are now talking, "business, science and military", we are moving out of the desktop and small business servers,to enterprise server space (remember the vast majority of enterprises still use Windows for the desktop)

 

I have been working in the IT industry since 1983 and heavily involved in Linux since about 1994 (or even 1993 - would have to check) to about 2012, where I had to stop as I had become somewhat obsessed and risked losing my family. In that time, I helped maybe 30 large organisations (government and private) move their enterprise servers to Linux, where either the project was to move them to Linux, or to implement software that would run on their legacy platform to Linux. And I had recommended not moving to Linux on some occasions where the technical, commercial,  and strategic case did not add up. Famously, in the IT industry a couple of banks, back in 2010 ditched for IBM mainframes running their credit card businesses. The operating system was Z/OS (rebadged MVS) and they cited security and total cost of ownership.

 

Firstly, to suggest that before Linux came along, the other enterprise operating systems and networking systems were not up to the security task is a furphy. It would be negligent, even then, to deploy insecure systems. Linux would have to prove it met the necessary security requirements, but to say they moved to Linux because of it is a joke. The established (but expensive) operating systems were better at virtually everything that Linux did at the time... But they were eye-wateringly expensive.

 

To get Linux through the door, we have to prove:

  • It was technically up to the task. We did a lot of benchmarking across performance, multi-user capability, distributed processing capacity, failover and fault tolerance, and of course, security.
  • We had to overcome the [perceived] risk of adopting an O/S for mission critical systems (commercial and operational) that had a volunteer army for support (BTW, even though we benchmarked commercial organisations against the volunteer army, with the volunteering army always winning by a big margin, this was almost always dismissed)
  • We had to prove there was sufficient skilled and experienced workforce that could be recruited or retained to provide necessary onsite support,enhancement, etc
  • Despite the second point, we had to be able to provide some form of commercially supported version of Linux so that the organisation had comfort of there being a commitment to support it and someone to chase if things went bellyup.
  • We had to prove the business case, or as one IBM Sales Rep put it - "Where's the beef?"

 

In technical benchmarking of the enterprise level platforms, especially in the early days, Linux didn't fare well against most of the others; It did beat Windows NT, which was re-badged, Windows Server, but I would have thought a Commodore 64 would have as well. But against the proprietary flavours of Linux (HP, Sun, etc), IBM, Burrough, DEC (Digitial Electric Corporation - now Acer, I think), Prime (dead as a dodo), and others, it was very ordinarly. And it's implementation of the POSIX standard was, well, amateurish. But, it was acceptable, and some early adopters picked it up as visionaries.

 

It wasn't until Red Hat and SuSE decided to enter the enterprise market and provide paid for distributions complete with annual maintenance fees and support, that Linux in the enterprise started to gain traction Larger enterprises (and mid-size as well) decided  that this was needed. The cost to purchase was very favourable as the pricing was ultra-competitive and of course, it commoditised the hardware market, so those hardware vendors that ran Linux became very competitive, and prices dropped rapidly. These two items, plus the interoperability and the fact that as Linux was free people wanting to develop their careers could do so easily are the main reasons for the widesrepad enterprise adoption.

 

While most small and even mid sized businesses who run Linux (how many do - no idea - and don't forget you can have a Linux box front your network to protect it and still run Windows servers and desktops behind it pretty safely), the larger enterprise adoption is NOT because Linux security was better.. it had to be industrial grade.. but it wasn't necessarily better.

8 hours ago, Dax said:

Yes mac/iOS is built on BSD, which is a unix system, same as linux and google didn't use windows code, instead building android with linux code, which now has around 95% of phones and you can customise it as well. When you add, all computing situations, outside the Win desktop, is all linux. Not because it's cheap, but because it works and can be defined in operation any way you want.

I am not a phone expert; I only use them for making telephone calls, texting and occasionally getting directions. But knowing google (and I have worked alongside them once), they did it because it was ready made and cheap (i.e. free). If it didn't do what they wanted it to do or it was expensive, Google would have looked elsewhere, or made their own. There also seems to be public contention about whether iOS uses Linux, but even if it does, both Android and iOS (if it does)have nobbled it and customised it (changed it) beyond  recognition for the average user. I think you said you upgraded to nitve Linux (some micro-distro, I guess).

 

8 hours ago, Dax said:

Why don't NASA, or aircraft manufactures use windows for all their systems, because linux is light years ahead in state of the art, reliability, security and ease of use.

Well, actually, they do use Windows, but not for their engineering or enterprise systems. But leaving that aside, I haven't argued Linux isn't a better operating system. I have stated it is a that it is better than Windows many times in this thread. Really, get that input valve going, because we are in violent agreement on that point. Is it better than BSD? Maybe.. not sure.. haven't spent any time with it. Is it better than the original enterprise operating systems? It wasn't - it should be by now, for those that still exist. My statement was about general desktop adoption (in the consumer market to be frank) and it is more convenient when it comes preloaded for your average joe and the benefits of the Linux desktop for your average joe does not appear to warrant changing. This is my opinion, but seems to be borne by the facts of estimated worldwide desktop deployment (at least I have pointed to some evidence of this). My other point is that Linux is not almost impossible to crack, and I have provided evidence of that, too. Yes, it is much harder than a Windows home desktop (or pro - can't speak for Server though as I have had nothing to do with it) out of the box. What I didn't mention is that Windows Defender that comes with Windows now does a reasonable job of what it is designed to do, and you can get a plethora of free and paid for security tools to also harden up your Windows desktop. I don't want anyone thinking they can download Ubuntu or mint,start using it and not concern themselves. That is plainly wrong. Though, they can concern themselves, less.. Of course.

 

8 hours ago, Dax said:

Then we have containers and sandboxes, VM's and loads of other security measures you may get in windows if you pay for them

I am not even quite sure of the point you are making. First, you can get free virtualisation containers for Windows (https://www.virtualbox.org/ ) is one and Microsoft provides its own - Hyper-V (Win 10 only). So, you're not quite right, there. And sandboxes and containers are not necessarily security related (at least asI understand them). In fact, virtualisation came about not because of security, but to manage computing resources better and cheaper. I won't go into the details, but it is sort of like Viagra..  designed for one thing but found out to be very good for something else.

 

8 hours ago, Dax said:

People get spammed, scammed and constantly bombarded with advertising because windows relies upon being swiss cheese security. They sell your data to advertisers and use it against you, cant call that state of the art, but primitive and typical of their approach since the inception of windows and will never change. They make so much money out of all the failed anti virus and security junk you have to pay for, that doesn't do the job at all. 

I like those illiterations, but I think you are conflating holes in security with commercial agreements. Most of the advertising you are getting or even data being sold, is through a commercial agreement, if you have done a windows isntall recently, you will notice this in the questions it asks while you have the install. As I said, I agree, Linux doesn't have all that crap - but people don't seem to care that much. When it broke that Apple iPhones were tracking your whereabouts wherever you went and were selling it, a lot of people interviewed and on social media replied along the lines of, "I know I should care, but I love it, so I don't" That is the hedonistic world we live in now..

 

8 hours ago, Dax said:

By the way, I'm no techie or high end user, just a normal user, my youngest daughter is the computer genius, who now runs my company and uses linux exclusively. Asked her about Kobalos and she says there are a number of way so stop it's entry and close the back doors, she assured me they had done that months ago.

That is great.. My son has decided to go the way of @octave's and build his own computer games. This may make your blood boil, but after careful evaluation, he decided Microsoft C# and Unity. I have my doubts, but I am no gaming expoert at all, and he showed my his due diligence, so I am happy.

 

8 hours ago, old man emu said:

Strewth. This thread has more drift applied than a northbound X-air in August winds.

Nah, mate.. A lot of it may sound jibberish, and there is some stouching off topic going on, but we  have been keeping more or less on track with respect to security vulnerabilities and making sure people aren't lulled into false senses of security, regardless of the operating system.

 

[Edit] All of this will become academic anyway as the world moves to a software as a service/platform as a service model...  (well there will be some stalwarts, like me, who will resist....

Edited by Jerry_Atrick
  • Like 1
Link to comment
Share on other sites

Thanks for the history. I do updates (Ubuntu), but still harbour reservations about security (malware, etc). Mostly because there is still a lot of people saying that there's no need for antivirus ware when you run Linux. Obviously every system has its vulnerabilities.  But your last para is totally unfairly intriguing. Care to expand that forecast?

Link to comment
Share on other sites

According to Ubuntu, you probably don't need it:https://help.ubuntu.com/stable/ubuntu-help/net-antivirus.html.en

 

Without doing the research, I honestly couldn't give a recommendation one way or other, but from the above, you can guess which way I would lean. So, unless you extremely fast computing (e.g. algorithmic trading, real time SCADA for your power station, etc) and assuming the antivirus doesn't slow you down to Windows speeds, I would think, it can't hurt, but may help - because even with a low (or rare) risk, you don't want to be the one who gets it. And most attacks will be server level. I wouldn't buy it, though.. there are free antivirus apps for Linux (https://help.ubuntu.com/stable/ubuntu-help/net-antivirus.html.en). Root Hunter (that is not a name an Aussie would dream up for non-adult software), or chkroot would probably be good enough. Your Linux box comes with a lot of stuff already, such as firewall protection, etc.

 

I don't run antivirus on my centOS Linux server as it runs on a physical private network, with a bridge open once a day for about 10 minutes so I can send it data for the day. The firewall makes sure not too much can get through and it doesn't get emails, have any sort of desktop, etc.

 

My last para (software/platform as a service) will probably never happen 100%.. but for average home use, it probably will and for a lot of the desktop type applications (office, email, etc), it already is moving that way for enterprises. I can't speak for Australia, but over here governments and companies are already moving that way. Even the Ministry of Defence is starting to move its non mission critical apps onto the cloud. Banks I have worked with are moving mission critical systems to the cloud. The US DoD and Donald Trump famously got into a war of wards with Amazon Web Services - a huge web-services/cloud platform. I would guess 99% of all web sites (including this one) are on the cloud and not run from the owner/operator's in-house IT infrastructure. Most organisations with over 100 information workers (i.e. sit at a desk) are moving to virtual workstations.. there is a "thin client" at your desk; a low-powered, cheap cut down Linux or Windows box with a very small form factor, but a reasonable graphics card. Hosted on a server is your virtualised Windows desktop. The idea is that you can acces yourdesktop (via a Citrix connector) from this thin client when you're in the office and your home PC/laptop to allow you to work from home.

 

It is not easy to purchase a local copy of Office anymore - Microsoft is getting you to go Officer365- which is their cloud offering. You can access your data and the software from anywhere - with your machine, or someone elses, etc.

 

And the world is becoming increasingly wired. I know Australia is a bit behind the broadband curve, but hyperfast broadband is being rolled out here (well in populated areas - the village I live in won't see it for a few years). And it is not too expensive. Even at full price, 1gb speeds (they say average speed of 900mb) will normally be £63/month but have teaser rates at £37 (I am guessing you need a telephone line rental as well, but this is usually around $10/mo). When these sorts of speeds become ubiquitous, it will be a game changer. Couple that with ever increasing speeds of conventional computing, and now being able to move individual atoms in the design of quantum computing (https://www.ibm.com/blogs/research/2019/10/controlling-individual-atom-qubits/). Quantum computing as a commercial reality is probably years beyond my lifetime away, but when that comes along, well, you won't even wear copmputers, they will be planted in your brain and read your thoughts - and this will interact with remote servers on the other side of the world. Note, Elon Musk is out to control the world, too: https://www.cnbc.com/2020/08/28/elon-musk-demonstrates-brain-computer-tech-neuralink-in-live-pigs.html.

It's not quantum, but is miniature.

 

Imagine the scamming that can be done, then? Scary stuff!

 

 

 

 

 

  • Like 1
Link to comment
Share on other sites

Aah, I hadn't been watching the progress.

Many years ago our office considered cloud based desktop applications but went cold on it. I didn't realise that the latest Windows Office package was cloud based.

You'll probably be aghast to hear  that I recently loaded a shop bought Office onto my wife's laptop. 

Speaking of power stations, when I left a couple of years ago, the SCADA at one of our power stations was still running from a hand wired (8080?) rack mounted two card wire wrapped computer. It had been there since about 1980 when the station was commissioned. We even designed and made our own SMPS. Thankfully it never gave trouble - there was nobody left with the knowledge to attempt a repair, and the power station would have to shut down if the SCADA failed.

 

Meantime at other sites we went modern using SUN boxes at one level of control systems.

 

Your forecast reeks of watching too many Matrix movies

Edited by nomadpete
added vital ramblings
  • Informative 1
Link to comment
Share on other sites

I haven't watched on Matrix movies.. nor since I moved into banking, have I watched movies such as Wolf of Wall Street (Sadly, I haven't graduated from kids animation movies) 😉

 

I have lived through various attempts of moving computing to centralised, remote servers.They called it bureaus in the 80s, outsourcing in the 90s, and something else that I can't even remember in the mid noughties. All ended up in failure because of he cost and service offerings. However, the latest breed of PaaS (platform as a service), aka Web Services are feature rich and now offer a compelling product at realistic prices. Take a look at what you can get for free from Amazon web services - databases, linux (virtual boxes), and a few other things. Look at the other services it offers out of the box - artificial intelligence, big data, analytics,m pre-built apps, and of course, a plethora of platform management tools. The same with Microsoft Azure (but being Microsoft, their freebies are time limited). You can deploy in minutes what would take days or weeks, you don't need floor space and lots of tech staff (you definitely need some).. all of your allocated infrastructure is up and running - no buying in, installing, etc.

 

Also, once you start paying, you only pay for the storage, processing and networking you use. As you grow, it automatically grows with you. You don;t have to worry about failover sites and the like nor buying more capacity should you need it.

 

And you still have complete control of your systems. If you decide you don't want to be on the platform anymore, just copy all your stuff to another platform or to your onsite infrastructure, delete is all, and job done (in theory).

 

There are disadvantages.. I was looking for the article but couldn't find it; however, the US Navy was reportedly using I think it was Amazon Web Services to a point where it became more expansive than if they used it in house. While everything is reportedly secure, I am sure web service company employees have the ability to get to the data if they want to; and it will be interesting to see when, if companies come off it, if the claim to easily get your data is true (I can't see why not, but it will be interesting).

 

6 hours ago, nomadpete said:

t had been there since about 1980 when the station was commissioned. We even designed and made our own SMPS. Thankfully it never gave trouble - there was nobody left with the knowledge to attempt a repair, and the power station would have to shut down if the SCADA failed.

Ouch re failing and shutting the system down... But I like the idea of the the hand wired 808x (I am thinking? early Intel chips - most common were 8086s in those original IBM PCs).

 

Back in the day, we put an Engineering/Work Management system into a nuclear power station here.. Those were the halcyon days... they had almost unlimited budgets. But oneof the reasons for them still running it is because when we replaced our already existing, but heavily customised system that was no longer supported by us, with the current version stock standard, the Nuclear Industry Inspectorate (as it was then called) deemed it a change of operating licence issue. So, in addition to the almost USD$200m (that is right - and in late 90's money) they spent getting out systems into their multiple sites, they had to fork out about £20m in costs to get the change of operating license approved. That is why they still run it.

 

Today, that $200m implementation would cost, I would guess, around $10m (you can see why I moved to banking). But the change to license to operate would cost upwards of £30m for the same change now...

Link to comment
Share on other sites

It was well before IBM made their first desktop PC. The industry in QLD was a strange mix of antiquated (proven, reliable) electronic systems, and cutting edge home designed and manufactured stuff. Great days. Need a device? Nail the exact requirements and reach for the data handbooks and a pencil. Designed from scratch. Prototyped, tested & manufactured in house. I don't think anyone even knows what "component level" means now.  We even designed the first "Digitalker" voice synthesizer to integrate into our private telephone network.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...