Jump to content
Reynaldo

Linux & Chromium & Exploits

Recommended Posts

Reynaldo

Perhaps you folks know more than me on this subject, i've found this particular email on my spam that emulates the website of one of the banks on my country, i knew right away that it was a phishing link (years ago my friend did this with facebook and i learnt about it) the thing is i went to the site and wrote fake username and fake password like

 

"myuseris" password "notyours" :P just for the fun of it, anyway that got me thinking, can i actually be exploited via an email with HTML code on it? and if that is so, how much of my system is compromised?

 

Any way to know if chromium is actually being hijacked?

Edited by Reynaldo

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Read this --> Five Things to Know About Linux Security It's a little old, but still accurate.

 

Never say "never", but I've been using Linux as my primary OS for nearly 8 years now. I've NEVER had any issues with malware, browser exploits, virii, root kits, etc. of any type in that time.

 

Here's how I do things...

  • I do NOT have Java installed on my systems anywhere.
  • I use some safeguards in Firefox: Adblock+, NoScript, FlashBlock, BetterPrivacy, DoNotTrackMe, and HTTPS Everywhere.
  • I use a DNS provider (OpenDNS) other than my ISP's.
  • I run chkrootkit and rkhunter at least once a month.
  • I have redundant backups of my entire /home partitions on separate internal hdds and on external media (DVD/RW).
  • I have complete rsync'd /(root) partitions on separate internal hdds.
  • All my browser and email client profiles are stored on a common partition on a separate drive from my OS hdd. Those profiles are constantly backed up (weekly via rsync, and monthly on DVD/RW).

There have been numerous discussions and debates around here regarding viruses in Linux. My research and reading have shown that there are very, very few viruses in the wild that can affect Linux. There have been some laboratory experiments with virii/trojans and Linux, but those tests were done under certain circumstances and always with access to root level permissions. As Brockmeier says in that article above, "Linux doesn't have problems with the same kind of viruses and malware that Windows does." That is the bottom line. The OS is just inherently more secure than MS Windows. Nothing's perfect, but I'd trust my Slackware Linux OS in dangerous shark-infested online waters (such as P2P sites, illegal movie/music downloading sites, pornography sites, etc.) much more than I would my MS Windows 7 (and definitely NOT Win XP), regardless of the 3rd party add-on security applications installed in my Windows.

 

Anyway... hope that helped you a bit, Reynaldo. :)

 

~Eric

  • Like 4

Share this post


Link to post
Share on other sites
sunrat
i went to the site and wrote fake username and fake password like

Now they know your IP address and email.

You should just delete crap like that and ignore it.

  • Like 1

Share this post


Link to post
Share on other sites
Reynaldo

i think they knew my email already.. and my ip is not a problem, i was on the university internet at that moment.

 

Edit: also Eric, thanks, your post are always so informative, just ran Rkhunter and checked all the false positives, one question

is chkrootkit just a bash script?

Edited by Reynaldo

Share this post


Link to post
Share on other sites
securitybreach

Chrootkit is an application but is no longer in the Arch repos as it has not been updated in 5 years. Rkhunter on the other hand, is a good app.

 

http://www.chkrootkit.org/

Share this post


Link to post
Share on other sites
V.T. Eric Layton

Chkrootkit is a command line app only, as far as I know. I still run it (along with RKHunter) because it checks for older hacks that are still viable but not being checked for by RKHunter. Although, I haven't checked on that lately, RKHunter may actually be all you need. :)

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...