Bitcoin Forum
November 11, 2024, 09:40:35 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Semi-Related: How difficult is it to "hack into" a default ubuntu install?  (Read 2559 times)
gigabytecoin (OP)
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 16, 2011, 09:08:32 AM
Last edit: June 16, 2011, 09:29:07 AM by gigabytecoin
 #1

I figured you coding types would know best...

How difficult is it to "hack into" a default ubuntu install that is connected to the internet 24/7 from behind a router.

Is it even possible at all? If there are no remote login programs enabled by default? (I am not even sure if there are any, I am more of a windows user.)
 - Worried Paranoid Bitcoin Holder
BubbleBoy
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250



View Profile
June 16, 2011, 10:36:20 AM
 #2

Very hard to estimate, it depends on who you are dealing with. I've had a Debian server rooted simply because it was running a vulnerable exim package for which no fix was available at the time. I required mail receive capability, so without watching Full Disclosure 24h/day or running an IPS there's no way I could have prevented it.
If you are talking about a desktop machine and local attacks, the attack surface is huge. For example someone might send you a crafted pdf that smashes KDE/Gnome when it tries to generate a thumbnail. Someone might send you a crafted USB stick that smashes the userland file system driver or even the kernel when plugged into a port.
A headless machine that's not listening to any ports and it's not used is probably secure, even if connected to the internet. Anything else, it depends who you are dealing with and how far they are willing to go (find new exploits, compromise other devices with which you exchange physical media etc.)

BTW, I bet there are many programs listening to outside connections on your Ubuntu machine. Use this command to list them:
Code:
netstat -plnt

Anything with 0.0.0.0:[portno] or :::[portno] as local bind address is a potential remote vulnerability.

                ████
              ▄▄████▄▄
          ▄▄████████████▄▄
       ▄██████▀▀▀▀▀▀▀▀██████▄
     ▄████▀▀            ▀▀████▄
   ▄████▀                  ▀████▄
  ▐███▀                      ▀███▌
 ▐███▀   ████▄  ████  ▄████   ▀███▌
 ████    █████▄ ████ ▄█████    ████
▐███▌    ██████▄████▄██████    ▐███▌
████     ██████████████████     ████
████     ████ ████████ ████     ████
████     ████  ██████  ████     ████
▐███▌    ████   ████   ████    ▐███▌
 ████    ████   ████   ████    ████
 ▐███▄   ████   ████   ████   ▄███▌
  ▐███▄                      ▄███▌
   ▀████▄                  ▄████▀
     ▀████▄▄            ▄▄████▀
       ▀██████▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████▀▀
              ▀▀████▀▀
                ████
MIDEX
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂ GET TOKENS ▂▂▂▂
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂
BLOCKCHAIN BASED FINANCIAL PLATFORM                                # WEB ANN + Bounty <
with Licensed Exchange approved by Swiss Bankers and Lawyers           > Telegram Facebook Twitter Blog #
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1022

No Maps for These Territories


View Profile
June 16, 2011, 10:42:26 AM
 #3

The most exploited vulnerabilities these days are not the 'front entrances' such as ssh and other open ports, which you can indeed shut out with a router/firewall (as long as there are no other compromised systems within your local network), but people browsing.

Usually by directing people to a site by some other means (ie, "spear fishing")

Flash exploits, Java exploits, browser exploits, and so on. The attack surface of a browser is huge.

Ubuntu is pretty bare by default network service-wise, so I wouldn't worry about that too much (just check with netstat -anp what is open to the outside). But preferably don't browse the internet on it, or do so with a severly restricted account Smiley


Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
June 16, 2011, 10:50:35 AM
 #4

It has always perplexed me that the bitcoin core users seem to prefer ubuntu/debian over Redhat/Fedora/CentOS linux when they are supposedly "security conscious" elites of some sort ....

... industrial users who "need" security go the enterprise RH, Novell, suse linux direction not the other way ... just saying, seems weird.

For example, btw, has anybody got bitcoin 0.3.23.beta to build on fedora 15? (or any recent non-debian *nix derivative for that matter?)

wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1022

No Maps for These Territories


View Profile
June 16, 2011, 10:57:31 AM
 #5

It has always perplexed me that the bitcoin core users seem to prefer ubuntu/debian over Redhat/Fedora/CentOS linux when they are supposedly "security conscious" elites of some sort ....

... industrial users who "need" security go the enterprise RH, Novell, suse linux direction not the other way ... just saying, seems weird.

For example, btw, has anybody got bitcoin 0.3.23.beta to build on fedora 15? (or any recent non-debian *nix derivative for that matter?)
Let's please sooo not start a distribution fight. There are many places on the internet where one can find the advantages and disadvantages of every single Linux distribution. The guy was asking about Ubuntu, nothing else. Start your own thread Tongue

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
Martin P. Hellwig
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
June 16, 2011, 11:17:36 AM
 #6

It has always perplexed me that the bitcoin core users seem to prefer ubuntu/debian over Redhat/Fedora/CentOS linux when they are supposedly "security conscious" elites of some sort ....

... industrial users who "need" security go the enterprise RH, Novell, suse linux direction not the other way ... just saying, seems weird.

*ahem* (FreeBSD user) ducks for cover, waiting for an OpenBSD user to reply.. :-)
gigabytecoin (OP)
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 16, 2011, 11:25:25 AM
 #7

Very hard to estimate, it depends on who you are dealing with. I've had a Debian server rooted simply because it was running a vulnerable exim package for which no fix was available at the time. I required mail receive capability, so without watching Full Disclosure 24h/day or running an IPS there's no way I could have prevented it.
If you are talking about a desktop machine and local attacks, the attack surface is huge. For example someone might send you a crafted pdf that smashes KDE/Gnome when it tries to generate a thumbnail. Someone might send you a crafted USB stick that smashes the userland file system driver or even the kernel when plugged into a port.
A headless machine that's not listening to any ports and it's not used is probably secure, even if connected to the internet. Anything else, it depends who you are dealing with and how far they are willing to go (find new exploits, compromise other devices with which you exchange physical media etc.)

BTW, I bet there are many programs listening to outside connections on your Ubuntu machine. Use this command to list them:
Code:
netstat -plnt

Anything with 0.0.0.0:[portno] or :::[portno] as local bind address is a potential remote vulnerability.

What if the Ubuntu install is behind a router that isn't forwarding any ports to the machine? I can get by with only 8 connections...
BubbleBoy
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250



View Profile
June 16, 2011, 12:18:23 PM
Last edit: June 16, 2011, 09:33:25 PM by BubbleBoy
 #8

You might be committing the classic error of mistaking a NAT device for a firewall. Are you sure the router has plug-and-play port forwarding disabled, which can allow any buggy application to listen to external ports ? Are you sure all devices behind the router are secure ? Are you sure the router isn't susceptible to CSRF attacks where by simply viewing an apparently innocuous page, the router can be remotely controlled to forward ports ? Are you sure the router software itself doesn't have remote vulnerabilities ? Can you guarantee that the heuristics employed by the NAT software for some protocols (DNS, FTP etc.) don't expose you to outside attack (hint: they open ports) ?

As I've said, it depends who you are dealing with, and as suggested above, local/browser/social engineering exploits are the most common.
Anyway, I am always available to audit the security of any bitcoin high roller. Just PM me and I'll send an automated security scan tool that can put you mind at ease once and for all  Grin

                ████
              ▄▄████▄▄
          ▄▄████████████▄▄
       ▄██████▀▀▀▀▀▀▀▀██████▄
     ▄████▀▀            ▀▀████▄
   ▄████▀                  ▀████▄
  ▐███▀                      ▀███▌
 ▐███▀   ████▄  ████  ▄████   ▀███▌
 ████    █████▄ ████ ▄█████    ████
▐███▌    ██████▄████▄██████    ▐███▌
████     ██████████████████     ████
████     ████ ████████ ████     ████
████     ████  ██████  ████     ████
▐███▌    ████   ████   ████    ▐███▌
 ████    ████   ████   ████    ████
 ▐███▄   ████   ████   ████   ▄███▌
  ▐███▄                      ▄███▌
   ▀████▄                  ▄████▀
     ▀████▄▄            ▄▄████▀
       ▀██████▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████▀▀
              ▀▀████▀▀
                ████
MIDEX
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂ GET TOKENS ▂▂▂▂
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂
BLOCKCHAIN BASED FINANCIAL PLATFORM                                # WEB ANN + Bounty <
with Licensed Exchange approved by Swiss Bankers and Lawyers           > Telegram Facebook Twitter Blog #
Timo Y
Legendary
*
Offline Offline

Activity: 938
Merit: 1001


bitcoin - the aerogel of money


View Profile
June 17, 2011, 08:06:13 AM
 #9

Flash exploits, Java exploits, browser exploits, and so on. The attack surface of a browser is huge.

The problem is that using the bitcoin client on a system without a browser is extremely cumbersome - I make most payments by copy+pasting bitcoin addresses from the web, so a browser is a must.

On the machine where I run bitcoin, I removed all plugins and add-ons from firefox and activated NoScript in addition to switching off javascript.  Anything else I can do to reduce the attack surface?

GPG ID: FA868D77   bitcoin-otc:forever-d
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
June 17, 2011, 09:14:54 AM
 #10

It has always perplexed me that the bitcoin core users seem to prefer ubuntu/debian over Redhat/Fedora/CentOS linux when they are supposedly "security conscious" elites of some sort ....

... industrial users who "need" security go the enterprise RH, Novell, suse linux direction not the other way ... just saying, seems weird.

For example, btw, has anybody got bitcoin 0.3.23.beta to build on fedora 15? (or any recent non-debian *nix derivative for that matter?)
Let's please sooo not start a distribution fight. There are many places on the internet where one can find the advantages and disadvantages of every single Linux distribution. The guy was asking about Ubuntu, nothing else. Start your own thread Tongue


Okay then, as far as ubuntu goes, I wouldn't put more than about 3 btc on any ubuntu machine ... it is gui-bloated bunch of crap. If you must, use ubuntu server and strip out any network capable apps and forget about running a browser in same account as wallet or even on same machine ...

... happy? Only windows would be a worse option.

(Linux user since '96.)

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!