This is interesting Web Security?

[M59]

Can't get viruses or malware with Linux.

Raul-02,

Don't want to burst your security bubble, but Linux based operating systems are subject to software hacks, viruses, trojans, backdoors, etc. Please see two articles below. One recent and one 12 years old.
Having spent 20+ years in IT security, the Linux system can be readily ( easily ) accessed by bad actors BUT is not as frequently attacked as other due to the percentage of users is relatively low compared to Windows environments and thus attackers go for the low hanging fruit based on risk/ return.

8 Jul 2022: This 'evasive' new Linux malware creates a backdoor to steal passwords and more

9 Feb 2010: Myth Busting: Is Linux Immune to Viruses? - Linux.com

 

[cqaigy2]

Just incase, FreeBSD based systems aren't immune either.

 

[newbury]

Admittedly Linux PERSONAL systems are rarely attacked.

Can't get viruses or malware with Linux.

But that statement is just wrong. Servers get hit all the time.
Here's another link.
link

 

[M59]

This site https://www.artstation.com/artwork/183V08
I was searching for something online and this site was one of the returns when I logged to it something odd happened.

In the black blank screen before any other images loaded there appeared a white background rectangle (upper central right) with black font print articulating various of my online Gmails and usernames.
I reloaded it a few times and it happened each time.
I logged off and on and it did it again.
I tried a screenshot of the thing and it would not be caught. The rectangle turned black for the screenshot and reappeared afterward for a half second or so. Tries twice, no Joy.

Raul-02,
The referenced web site has several trackers on it ( Facebook and Google ) and numerous cookie droppers that are abusing rights. Several of the trackers are probably logging your open or recently closed windows to create a "finger print " that can be used to track you across multiple sites. For what ever reason, you are probably seeing the collected info.

Any one of these actors can be looking either at open tabs or screens and seeing some of their contents. Hence the list of gmail accts and user names. Try this. Open the gmail site and type in "skippy". You will be asked for a password because there is a gmail acct ( for someone ) using skippy as username. The user name skippy will get stored in my computers memory for a period of time depending upon how I have configured the browser. The benefit of autofill comes back to bite you. Skippy is NOT one of my gmail accts, just a random try.
Also, depending on how your web client is handling memory, many of your recent actions are retained there until you close the application and even then some stuff can be stored until you restart your computer.

Aren't you glad you don't live in the land with the ever seeing eye of the CCP!!

 

[Raul-02]

the Linux system can be readily ( easily ) accessed by bad actors

That's very interesting. One of the problems for malware creators has been the passphrase requirement to operate a new command, another has been whole disk encryption.
Encryption was what got me interested in Linux in the first place. Took me a long while to learn that once an encrypted disk is crashed there is no recovering from initramfis. Ya just better have a backup.
Another problem for them was that the OS they write the code on is some distro of linux and it's hard to build a virus that attacks the OS one is running.
These don't seem to be conventional malware. they look more like high-end attacks for large targets like cloud servers and financial institutions.

 

[Raul-02]

Several of the trackers are probably logging your open or recently closed windows to create a "finger print "

I suspected something like this. But I don't have the tech background to articulate it so well.
I do run a cookie autodelete app that dumps them when I log off of a website. It struggles with NYT cookies and I have to deal with them manually

 

[Raul-02]

the Linux system can be readily ( easily ) accessed by bad actors

That's very interesting. One of the problems for malware creators has been the passphrase requirement to operate a new command, another has been whole disk encryption.
Encryption was what got me interested in Linux in the first place. Took me a long while to learn that once an encrypted disk is crashed there is no recovering from initramfis. Ya just better have a backup.
Another problem for them was that the OS they write the code on is some distro of linux and it's hard to build a virus that attacks the OS one is running.
These don't seem to be conventional malware. they look more like high-end attacks for large targets like cloud servers and financial institutions.

Aren't you glad you don't live in the land with the ever seeing eye of the CCP!!

maybe we already do.

 

[JasperFrank]

If you don't verify the checksum on a disto, and install it, the whole thing could be a key logger. So, as with any thing, the problem is PEBCAK.

 

[/pine]

Almost all web sites (including this one) have third party scripts running...
If you want to see what scripts are running on a particular site...use "NoScript" browser add on...

 

[bmaverick]

Almost all web sites (including this one) have third party scripts running...
If you want to see what scripts are running on a particular site...use "NoScript" browser add on...

Yep, and things don't run well on the site either, darn if you do and darn if you don't.

FF has privacy badger. I can toggle scripts on/off or go advanced and pick and choose what ones to run. Its not 100%, but covers the vast majority of them. Ghostery is another good product too. There are articles on the EFF.org site to help all of us.

Running Linux off of a USB and in VM to make the internet connection is good practice too.