Found this thread about what I would call "spyware" on LinuxQuestions.org and wondering what to make of it:
https://www.linuxquestions.org/question ... ost5952234
This is very disturbing - I think? - where to post?
- Captain Brillo
- Posts: 106
- Joined: Mon Jan 07, 2019 12:29 am
This is very disturbing - I think? - where to post?
GAFA-free zone
Re: This is very disturbing - I think? - where to post?
Post of the truth was edited and removed because it violates forum rules. Peace.
Last edited by Mauser on Wed Jan 23, 2019 1:09 pm, edited 2 times in total.
I am command line illiterate. I copy & paste to the terminal. Liars, Wiseguys, Trolls, and those without manners will be added to my ignore list.
Re: This is very disturbing - I think? - where to post?
That's not spyware. That's a hack.Captain Brillo wrote: ↑Tue Jan 22, 2019 10:49 pm Found this thread about what I would call "spyware" on LinuxQuestions.org and wondering what to make of it:
https://www.linuxquestions.org/question ... ost5952234
HP 15; ryzen 3 5300U APU; 500 Gb SSD; 8GB ram
Aspire V5-571; CPU Intel I3; 500 GB SSD; Intel 2nd Gen Graphics; 8 GB Ram
Aspire XC-866; i3-9100; UHD 630; 8 GB ram; 1TB HDD
In Linux, newer isn't always better. The best solution is the one that works.
Aspire V5-571; CPU Intel I3; 500 GB SSD; Intel 2nd Gen Graphics; 8 GB Ram
Aspire XC-866; i3-9100; UHD 630; 8 GB ram; 1TB HDD
In Linux, newer isn't always better. The best solution is the one that works.
- Auro Kumar Sahoo
- Posts: 357
- Joined: Sun Jan 21, 2018 8:54 am
Re: This is very disturbing - I think? - where to post?
Please be assured if you are using MX linux. MX is the system you can trust.
If the post is right it may be due to some additional ppa the user may installed there in ubuntu and as of here in mx you are not to worry about it as mx is not supporting Ubuntu ppas and we at MX always say that to new users not to add any ubuntu ppa in MX.
addition to that i always say to install packages from mx repository and while browsing internet never install any add-on of Firefox blindly and enable GUFW firewall that comes with MX.
If the post is right it may be due to some additional ppa the user may installed there in ubuntu and as of here in mx you are not to worry about it as mx is not supporting Ubuntu ppas and we at MX always say that to new users not to add any ubuntu ppa in MX.
addition to that i always say to install packages from mx repository and while browsing internet never install any add-on of Firefox blindly and enable GUFW firewall that comes with MX.
Wallpapers for mx : https://www.flickr.com/photos/aurokumar ... 2672882131 & page2
MX help : https://mxlinux.org/manuals/
दुर्लभम् हि सदा सुखम् ||{Ramayan २-१८-१३}
To be happy always is something which is difficult to achieve.
MX help : https://mxlinux.org/manuals/
दुर्लभम् हि सदा सुखम् ||{Ramayan २-१८-१३}
To be happy always is something which is difficult to achieve.
Re: This is very disturbing - I think? - where to post?
I concur, but there are exceptions. I personally wouldn't trust Deepin. I added add-ons to Firefox with my eyes wide open.Auro Kumar Sahoo wrote: ↑Wed Jan 23, 2019 12:06 am Please be assured if you are using MX linux. MX is the system you can trust.
If the post is right it may be due to some additional ppa the user may installed there in ubuntu and as of here in mx you are not to worry about it as mx is not supporting Ubuntu ppas and we at MX always say that to new users not to add any ubuntu ppa in MX.
addition to that i always say to install packages from mx repository and while browsing internet never install any add-on of Firefox blindly and enable GUFW firewall that comes with MX.
I am command line illiterate. I copy & paste to the terminal. Liars, Wiseguys, Trolls, and those without manners will be added to my ignore list.
Re: This is very disturbing - I think? - where to post?
I never have been able to get a decent install of *buntus - and I tried a lot of them from back when they first started, they were giving away their CD/DVD's by the dozens (so you would hook others on their distro, I'd guess). They always crashed on me or fouled up something I had on my computer. The response from others was that it was the brand of computer I was using, but that changed several times, so I don't think that was the problem. I haven't tried out *buntus since, and that's been several years. Now, with that post on LQs, I'm glad I don't!
Re: This is very disturbing - I think? - where to post?
Here is the explanation : https://www.omgubuntu.co.uk/2017/09/dis ... untu-17-10Captain Brillo wrote: ↑Tue Jan 22, 2019 10:49 pm Found this thread about what I would call "spyware" on LinuxQuestions.org and wondering what to make of it:
https://www.linuxquestions.org/question ... ost5952234
Re: This is very disturbing - I think? - where to post?
.
Without disparaging the LQ reporter, I'm explaining that s/he (and we) must not "blame" Ubuntu nor LinuxMint nor the "network-manager-config-connectivity" mechanism.
correlation should not imply causation
Based on the OP's description, yes, screenshotting malware is apparently piggybacking the root-permissioned "network-manager-config-connectivity" process, using that as an exfiltration vector, but...
You can (and I did) audit the sourcecode of the Ubuntu-supplied package
to confirm that Ubuntu ---------} does not "maliciously tamper with" {-----------
the network-manager-config-connectivity-ubuntu code provided by the upstream (gnome,RedHat) maintainers.
I have inspected the code for each of these versions
(FWIW, in case you're curious to inspect the patchesets firsthand ~~ it only involves a quick, ten-minute reading)
v1.10.6-2ubuntu1.1
v1.12.4-1ubuntu1.2
v1.12.6-0ubuntu3
.
You can audit the upstream-supplied "network-manager-config-connectivity" sourcecode
to learn, firsthand, that:
* it doesn't depend on gnome-screenshot
* it doesn't check whether gnome-screenshot is installed
* it doesn't know/care about gnome-screenshot, period
Although its code is a bloated 40MB bowl of spaghetti (and you're welcome to dig further), by skimming & grepping the codebase I found that its attention to assessing the runtime display environment is solely limited to checking available row/column dimensions prior to painting its TUI dialog(s). This functionality (calculation of available character columns, given a specified window width + font) would not be useful toward serving as a component within a screencapture mechanism (surreptitious, or otherwise).
re: the advice presented in the linked article, "turn off the captive-portal-detection mechanism when not needed"
Bear in mind that your modern "web browser" likely has its own, inbuilt "ping-a-server becuz captive-portal-detection" mechanism, as well as inbuilt screenshotting (and "sharing"!) functionality, and (v55 firefox onward) the browser can be launched "headless"... what could possibly go wrong, eh?
Without disparaging the LQ reporter, I'm explaining that s/he (and we) must not "blame" Ubuntu nor LinuxMint nor the "network-manager-config-connectivity" mechanism.
correlation should not imply causation
Based on the OP's description, yes, screenshotting malware is apparently piggybacking the root-permissioned "network-manager-config-connectivity" process, using that as an exfiltration vector, but...
You can (and I did) audit the sourcecode of the Ubuntu-supplied package
to confirm that Ubuntu ---------} does not "maliciously tamper with" {-----------
the network-manager-config-connectivity-ubuntu code provided by the upstream (gnome,RedHat) maintainers.
I have inspected the code for each of these versions
(FWIW, in case you're curious to inspect the patchesets firsthand ~~ it only involves a quick, ten-minute reading)
v1.10.6-2ubuntu1.1
v1.12.4-1ubuntu1.2
v1.12.6-0ubuntu3
.
You can audit the upstream-supplied "network-manager-config-connectivity" sourcecode
to learn, firsthand, that:
* it doesn't depend on gnome-screenshot
* it doesn't check whether gnome-screenshot is installed
* it doesn't know/care about gnome-screenshot, period
Although its code is a bloated 40MB bowl of spaghetti (and you're welcome to dig further), by skimming & grepping the codebase I found that its attention to assessing the runtime display environment is solely limited to checking available row/column dimensions prior to painting its TUI dialog(s). This functionality (calculation of available character columns, given a specified window width + font) would not be useful toward serving as a component within a screencapture mechanism (surreptitious, or otherwise).
re: the advice presented in the linked article, "turn off the captive-portal-detection mechanism when not needed"
Bear in mind that your modern "web browser" likely has its own, inbuilt "ping-a-server becuz captive-portal-detection" mechanism, as well as inbuilt screenshotting (and "sharing"!) functionality, and (v55 firefox onward) the browser can be launched "headless"... what could possibly go wrong, eh?