Gentoo Ransomeware in the wild?

>trying to ransomware linux machines
>when 95% of the people will have stuff back-up'd

are the eastern europeans getting desperate? Is the ransomware market totally saturated?

>install gentoo
>use fireshit+flash with root privileges

The absolute state of gentoofags

...

Posting a meme image is not an argument.

The purpose of ransomware is encrypting user files, not taking over total control of the system, hence why "running as root" is such a bullshit rebuttal to this issue.

If an exploit for Flash or FF exists, running the process as root or not makes no difference for this malware.

...

But in order for the virus to affect linux doesn't it require root privileges?

consider:

It doesn't require it, it's as retarded as saying you need admin privileges on windows in order to become infected via a flash/java/IE/whatever exploit, whatever runs in the payload can add itself to autorun at bootup or many other things

Same goes for loonix

That dude didn't even say why an exploit is not necessary, swfs loaded from the internet don't automagically allow to write wherever they please on the disk or execute shellcode/commands without some sort of vulnerability

just like all those people who let a random program get admin rights despite multiple warnings from windows

It's. An. Administrator.
It. Literally. JUST WERKS when it tries to do naughty things.

You're very stupid and ignorant, you do not need admin privileges to write a persistent malware that lives in the user registry, or drop/exec a binary to temp files, add it to windows autorun, encrypt user files, etc. If you have an exploit and you can deliver a payload it's game over as far as the running user is concerned.

Also, when you load a swf file on your browser, it cannot magically read/write files from your system, execute programs, or other nasty stuff, regardless if you loaded the swf via a browser running as admin or not.

I feel like this thread is full of desktop ricing faggots

>have viroos
>tri maek booffer over flow n sheit
>didn't werk sadface
>test write permissions because you're not autonomous virus
>wtf admin n shit
boom

How will it write be able to write wherever it pleases without a vulnerability?

I don't know, first it would have to elevate it's privileges or something.

You obviously don't know what you're talking about, browsers aren't designed to allow writing to arbitrary files or executing foreign shit just like the vague, nonsensical scenario you're describing. A payload and an exploit are required. You're either baiting or you come fresh off the boat from Sup Forums

java.script.execute("rm -rf /")

just that easy huh?

sudo java.script.execute("rm -rf /")
:^)

t. retarded Sup Forumsirgin

if flash/js had any ability to run commands or write files outside of temp dirs or sandbox you'd be fucked if you got hacked anyway.

rm -rf ~/*

no root needed. it's unlikely anything important that can't be simply reinstalled will be outside ~

How does root/user accounts protect against ransomware? Most of your data is in your home folder and any program you run can ransom it.

Even Sup Forumstards have a deeper understanding about computers than nu-Sup Forums

/gg/ - Technology Generals when? the average IQ of this board would go up like 20 points

>@seznam.cz
Lol, my mother had a mail there, she got hacked and sent spam for months. They give 0 fucks about their service

Install Hardened Gentoo.

Really though. It has a ton of protection against many different vectors of attack.

B-But, Sup Forums told me to install gentoo!

We have /cyb/ and /sec/ for now, I'm not sure if fragmenting the board into more generals would be a good move. What topics would be discussed in a /gg/?

all these and more which take up 50% of the boards traffic

Just need consumerism threads like chinkpads, headphones, watches, etc moved to a /buy/ board.
/ptg/ can go to a work safe /t/ and programming/career threads stay

>running firefox as root

why the fuck should it matter? most people are running a single user with most files in their home folder. rm -rf ~/*. you are a brainlet.

>rm -rf ~/*
Didn't work. Now what?

rm -rf ~/Documents/*
rm -rf ~/Pictures/*
rm -rf ~/Downloads/*
rm -rf ~/Desktop/*

Because its the difference between fucking up a user and fucking up a whole system.

Still doesn't work.
Windows ftw.

ohh noo the ransomware encrypted my /usr/share and all my packages. i have to reinstall. big fucking deal. the fuck are you even talking about? i'd much rather lose my entire system save for my home folder which contains all my files.

he would be just as fucked running firefox without root, whatever virus he was infected with.

inb4
>HURR DURR I KEEP ALL MY FILES IN /opt

>use qubes
>don't care

My backups are outside of my general users access.
I don't understand why you're so upset. Its a common and highly encouraged practice to reduce access to everything unless explicitly needed to reduce attack vectors and damage.

>Its a common and highly encouraged practice to reduce access to everything unless explicitly needed to reduce attack vectors and damage.
you're just avoiding the topic of the thread saying random shit at this point.

see
>he would be just as fucked running firefox without root, whatever virus he was infected with.

No they don't, they just know about ricing it out for the latest AAA game, beta cucks.

>ran flash on firefox as root
>ran software notorious for being a vulnerability filled piece of shit at the highest privilege levell
>got ransomeware'd
true that the root part doesn't matter, but god damn who does this and why

so malware would have persisted and replaced his systems python runtime if he wasnt root?

There's no need to persist after you've encrypted the users' files.

You can also attain persistence on Linux without access to root, a simple modification to your .xinitrc file would be enough

>not using firejail

not replaced his python runtime, but just as easily could have placed something in ~/.kde/autostart or similar or appended to his ~/.profile for persistence

you reddit spacing retard. just stop replying because you refuse to have any conversation other than trying to defend your initial point that you need root to fuck anything up on a linux system.

Once you've infected a user getting root access is trivial. E.g. just alias sudo or run a keylogger.

The linux security model was designed in the 70s for a completely different threat model.

They're fair enough points. Although its trivial to bypass with the right amount of effort, more effort to get to more privileged parts of your system is still a good thing.

geez, i came in part way of this thread and asked a question. Calm down kiddo. I personally never said you need root to fuck up a system, just that reducing privileges where needed makes sense.

>They're fair enough points.
>I personally never said you need root to fuck up a system
fuck off retard. it took you 5 posts of arguing to admit that shit, you were dancing around it.

I haven't even posted 5 times in this thread.

what do you gain out of this

clearly not intellectual discussion about the security model of free posix-likes without needless name calling, that's for sure.

>appended to his ~/.profile for persistence
That's why I put .profile under Git. git status would expose it immediately

>Gento is safer than linux mint

>as sudo
You are the retarded one.

>As sudo

With cgroups it should only see and encrypt your meme folder. Culprit is the flash anyway.

>linux is safer than linux
Really makes... someone else think.

so why are we against containerization again?

Yes they do. Now be a stupid NEET somewhere else.

Most neets are gayming manchildren and Sup Forumsermin only good at using a screwdriver for their latest timewasting rig.

This false flag created by (((redhat + Lennart)))
They are actively trying to attack distributions that do not ship (((systemd))) by default.

Gentoo can use systemd.

There are hacks/exploits/viruses/whatever targeting Linux indirectly. Shitton of services on the internet run on linux. Whenever there is some priv escalation and code execution through Wordpress, it's usually on linux.

Easy, don't run anything as root and use browser that isn't security crap. Whenever running some server, always run it as separate user. You don't even nees chroot (although it's joke on loonix), MAC or AppArmor to mitigate most of the damage. AppArmor is easy to setup for browser to have access only to Downloads directory etc. Probably worth to check.

UNINSTALL GENTOO

>He was running firefox as root, he deserves it
Why the fuck would anybody run a browser as root?

In order for this to happen, you would have to run firefox WITHOUT firejail AND as Root. That is to say, you have to be literally retarded in order for this to happen.

If you run FF through Firejail, then, even if you are running FF as Root, the worst that can happen is that your Downloads folder gets fucked. If you don't run FF as Root, you would have to enter in your admin password in order for anything to harm your system.

Anyone who manages to get ransomware on Linux has to be googling "worst way to run a web browser."

The Apple Macbook Pro with Retina Display doesn't have this problem.

It does if you enter Sudo firefox into your terminal.

>>running firefox as root
>why the fuck should it matter?

bwaAHAHAHAHHA

running anything that isn't strictly administrative on root
even being in x on root
holy fucking jewsus society needs you to die in a fire right now
never post again and kys

how do you migrate to hardened, or do you reinstall everything?

I've run lynx at root when installing arch and xorg wasn't working. I'm probably fucked.

It's only speculation he got it from firefox. Tons of software has vulnerabilities. Awhile back there was a serious vulnerability found in thumbnail viewers of all things. Save a file and just look at the folder containing and your infected. Pdf viewers and medial players are often targets.

Being root is irrelevant if the data you want to protect is running at the same user or if you ever use sudo.

finally, someone said it

lol

Wait, didn't this exact thread happen a few months ago? Is this a dejavu?

Was he running firefox-bin?
There's no way generic exploits would work against a binary compiled with -mtune=native or something similar

>you would have to run firefox WITHOUT firejail AND as Root
Don't most people run firefox without firejail? From what I'm reading it's a separate thing you have to install. And I don't see any reason why you would need to be running as root for this to happen. Even without root, the virus would have full read/write access to his home folder with most of his files. Presuming he was infected via flash, his real crime was running non free, buggy software. I don't have flash installed anymore.
So many brain dead comments like this in the thread. No explanation besides 'it just werks' and 'root is bad!' Root doesn't magically add new browser APIs that allow you to write files to /. There had to be an exploit presumably in flash that allowed file read/write outside of a sandbox in the first place. Running as non-root only protects against infection of other users and boring system configuration/package files. Would make no difference for most people because most just run 1 user with all their files in their home directory.

Pretty sad that barely none of this thread was productive conversation as to what the exploit could have been, or in what application. Most if it is just "NO EXPLOIT!! HE WAS RUNNING IN ROOT SO IT DOESN'T MATTER!! LOONIX IS SECURE FROM EVERYTHING FOREVER!" Haven't seen a thread this dumb in a while.

Is Gentoo actually difficult to install (besides being time consuming)?

Wait a minute, isn't SELinux supposed to fight this exact problem? Don't tell me Gentoo users run a kernel without SELinux and don't bother labeling their files, being such massive tinkerers.

install gentoo

Maybe you could put a program in a control group with only read/write access to one folder, but doesn't no one do that? Right click save/open an image and firefox has full read/write access to your home folder.

NSA's SELinux protects users via another way ;-)

underrated

Keep that tinfoil hat, won't protect you when some dumb process running as your user gets exploited and suddenly has full access to your home directory.
Linux has needed an ACL since forever.

>firefox as root
what
the
fuck?

he should go to jail for that.

SELinux wouldn't mean shit if it's not enforcing

>implying you can compile firefox
you know nothing little nigglet, hes better off cracking the encryption than compiling shitfox

For lulz.

...

>as root