Jump to content

Linux & Chromium & Exploits


Reynaldo

Recommended Posts

Perhaps you folks know more than me on this subject, i've found this particular email on my spam that emulates the website of one of the banks on my country, i knew right away that it was a phishing link (years ago my friend did this with facebook and i learnt about it) the thing is i went to the site and wrote fake username and fake password like

 

"myuseris" password "notyours" :P just for the fun of it, anyway that got me thinking, can i actually be exploited via an email with HTML code on it? and if that is so, how much of my system is compromised?

 

Any way to know if chromium is actually being hijacked?

Edited by Reynaldo
Link to comment
Share on other sites

V.T. Eric Layton

Read this --> Five Things to Know About Linux Security It's a little old, but still accurate.

 

Never say "never", but I've been using Linux as my primary OS for nearly 8 years now. I've NEVER had any issues with malware, browser exploits, virii, root kits, etc. of any type in that time.

 

Here's how I do things...

  • I do NOT have Java installed on my systems anywhere.
  • I use some safeguards in Firefox: Adblock+, NoScript, FlashBlock, BetterPrivacy, DoNotTrackMe, and HTTPS Everywhere.
  • I use a DNS provider (OpenDNS) other than my ISP's.
  • I run chkrootkit and rkhunter at least once a month.
  • I have redundant backups of my entire /home partitions on separate internal hdds and on external media (DVD/RW).
  • I have complete rsync'd /(root) partitions on separate internal hdds.
  • All my browser and email client profiles are stored on a common partition on a separate drive from my OS hdd. Those profiles are constantly backed up (weekly via rsync, and monthly on DVD/RW).

There have been numerous discussions and debates around here regarding viruses in Linux. My research and reading have shown that there are very, very few viruses in the wild that can affect Linux. There have been some laboratory experiments with virii/trojans and Linux, but those tests were done under certain circumstances and always with access to root level permissions. As Brockmeier says in that article above, "Linux doesn't have problems with the same kind of viruses and malware that Windows does." That is the bottom line. The OS is just inherently more secure than MS Windows. Nothing's perfect, but I'd trust my Slackware Linux OS in dangerous shark-infested online waters (such as P2P sites, illegal movie/music downloading sites, pornography sites, etc.) much more than I would my MS Windows 7 (and definitely NOT Win XP), regardless of the 3rd party add-on security applications installed in my Windows.

 

Anyway... hope that helped you a bit, Reynaldo. :)

 

~Eric

  • Like 4
Link to comment
Share on other sites

i went to the site and wrote fake username and fake password like

Now they know your IP address and email.

You should just delete crap like that and ignore it.

  • Like 1
Link to comment
Share on other sites

i think they knew my email already.. and my ip is not a problem, i was on the university internet at that moment.

 

Edit: also Eric, thanks, your post are always so informative, just ran Rkhunter and checked all the false positives, one question

is chkrootkit just a bash script?

Edited by Reynaldo
Link to comment
Share on other sites

V.T. Eric Layton

Chkrootkit is a command line app only, as far as I know. I still run it (along with RKHunter) because it checks for older hacks that are still viable but not being checked for by RKHunter. Although, I haven't checked on that lately, RKHunter may actually be all you need. :)

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...