0 Members and 2 Guests are viewing this topic.
Quote from: Redchief on July 31, 2017, 04:29:41 PMComputer is patched but what about this infected drive I need to recover data from?Thanks,ShannonI am unsure how to do it. It is likely you can use a "sandbox" to open the usb stick in and inspect the files.Update -It has some methods how to here - https://security.stackexchange.com/questions/67001/how-to-use-a-found-usb-key-safely
Computer is patched but what about this infected drive I need to recover data from?Thanks,Shannon
Hello,glad you happy and feeling comfortable in knowing your system is patched. Issues on Linux get patched much quicker than Windows, with update regularly.Generally at computer, to make a small routine, basic checks like above.Do Systemback backup and ISO backup before is any kind of problem, such as hardware issues.Do data back up often add any new files copy/paste it to portable hdd or usb stick.Not to use usb you found, not to loan it.The advanced users will know more efficient checks and detailed than I do.If there is malware designed for Linux mostly it will not run at Windows7, and those huge numbers of Windows malware, virus mostly wont affect Linux.I don't know if maybe some it can be multi-platform.If you happy now with the update patch, can you click modify and choose SOLVED please.
This particular bug is just that. A bug. It was discovered largely because of the other software involved. There is not any malware in the other software just a Debian system vulnerability to the other software whereby malware could be written to control the desktop GUI (denial of service vulnerability) If you are upadated via the Lite updater I'm sure you are fine. It was discovered precisely in the way you discovered it, loss of GUI control. The vulnerabitily was patched in less than week. It was never malware, just a potential vulnerability that allowed for the possibility of a denial of service hack.TC
Yes it is preinstalled. There is some info here about it and dependencies on it. https://askubuntu.com/questions/794588/how-to-remove-imagemagick-without-breaking-its-dependencies
Fresh reinstall from DVD with updates. This package is pre-installed in synaptic. My guess may be off but believe this malware can leave code on hdd the stays there after reinstall. When first compromised had fresh updates also.Hmm.Thank you.Quote from: trinidad on July 30, 2017, 10:56:00 AMhttps://www.debian.org/security/2017/dsa-3914This is a modern (recently discovered hack) that was not possible on older versions of Deb. As systems evolve new features new ways to compromise them evolve as well. The best reason to run stable systems linked to the security update path. LL has a simple efficient update application. Don't disable it. TC
https://www.debian.org/security/2017/dsa-3914This is a modern (recently discovered hack) that was not possible on older versions of Deb. As systems evolve new features new ways to compromise them evolve as well. The best reason to run stable systems linked to the security update path. LL has a simple efficient update application. Don't disable it. TC
Hello,check after a while for new updates, regularly do updates.Menu>System>Resource usageObserving the activity for "command", Time+, cpu usage, memory usage, to do this with no Firefox/browser and no web apps open, observe few minutes, repeat with web apps open, report back any unusual observances/the details of command being used, and % of resource use.Hold down Ctrl and Alt keys press T (ctrl+alt+t) to open your terminal.enter thisCode: [Select] sudo ufw status verbosedoes the reply confirm UFW is running with these settings ? -Code: [Select]Status: activeLogging: on (low)Default: deny (incoming), allow (outgoing), disabled (routed)New profiles: skipIf no enter into your terminal -Code: [Select]sudo ufw enablerepeatCode: [Select] sudo ufw status verboseIf UFW firewall is not enabling correctly report back this details.If yes close terminal and check this - Menu>Settings>Firewall Configurationtab "log" look for unusualtab "Report" application column, does it show imagemagic ?If it shows in application column imagemagic , report back port number and protocol it is using.It shall match from Resource Usage and application column, if only resource usage and not report UFW needs adjusting the logging to high to find its port use and protocol. Then we to block/deny it next.
sudo ufw status verbose
Status: activeLogging: on (low)Default: deny (incoming), allow (outgoing), disabled (routed)New profiles: skip
sudo ufw enable
Hello Shannon,I dont know if it is preinstalled, it does come with openshot I installed. It has info here of the patches for it, https://usn.ubuntu.com/usn/usn-3363-1/If you have used Menu>Install Updates it should be patched, you can check the updates and do a file search for the file names on the link.Recommended check you Firewall rules Menu>All>Firewall Configuration delete any rules shown under "rules tab" it should be blank, unless you chose to add a rule. If you didnt choose to add a rule or agree to a rule it is the classic definition of a backdoor, delete it.Don't need to buy new hdd for this, unless you want a new one.