Re: Does not appear to be (too) malicious ...
- In reply to: Marcelo Araujo : "Re: Does not appear to be (too) malicious ..."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 28 Nov 2021 15:00:48 UTC
On Sun, Nov 28, 2021 at 3:12 PM Marcelo Araujo <araujobsdport@gmail.com> wrote: > you all have a lot of free time. > > Actually "no" . I am retired now and I am not working for anyone , because (1) health conditions , (2) to know too much , no one is liking to see me around her/him with fear "He may become boss instead of me" or "I may be regarded weak when he work in here" ( <--- These are experimental results , not assumptions ) <----- This is absolute nonsense because I never wanted to be a "boss" or "degrader of the people" , but a "scientist" for solving computing problems encountered by the people since 1970 having a root since 1965 . I am still studying very hard up to mostly morning 2.00 to 3.00 . My most important ( let's say it ) "hobby" is to help to the people to solve their problems such ( to prepare software to solve research problems such data analysis of PhD theses or more advanced researches , to develop "knowledge system design and management" software , to try to develop a "research analysis" software , ... Now I will start to develop a new operating system with a permissive license such as BSD , etc. , to be able to handle ( not "Very" , but ) "Large scale software stacks" because at present there is no such an operating system . My multimedia ( data , information , knowledge ) system ( its PhD thesis name is : A multi-media Information management system ) has hit an internal limit(s) of both FreeBSD and Linux and it is not possible to continue to develop it any further because I could not find why the program is wiped away from the screen without leaving even a simple message . Logging is not usable because the last part is completely missing . Debugging is impossible because a few minute run is using approximately entry-exit pairs reaching at least 500 hundred millions excluding mouse interrupts , run is based on recursive entries of a body running correctly with a very large number of re-entries . To be able to continue , it is necessary to to have a NEW operating system able to manage such large systems : Because : (1) Used compilation . linking , and execution models are not suitable for such large systems , (2) There is a need to distribute computations over systems . Existing systems are no more than , approximately , NFS . (3) The present models are not able to find error sources when they occur . used debugging models can only be used on small systems . They are not able to detect errors in a large distributed system , (4) Present time hardware is designed for a single user , connected with a network facility . They are not secure , and it is not possible to generate a very secure system . The need is to design a new hardware computing system being able to support software running over it . . . . . . And many more completely "CRAZY" ideas about " ... software development " ... . . . . . It is possible to see that there is NO FREE and WASTABLE TIME ... Trying to help people is important for me because I gained my knowledge solely based on work and help from my predecessors . Now it is the time to pay back their contributions to newcomers when I am able to do it and have sufficient ability for it . The state is this . With my best wishes for all . Mehmet Erol Sanliturk > On Sun, Nov 28, 2021, 18:14 Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> > wrote: > >> On Sun, Nov 28, 2021 at 12:17 PM Stefan Esser <se@freebsd.org> wrote: >> >> > Am 28.11.21 um 02:06 schrieb Mario Lobo: >> > > On Sat, Nov 27, 2021, 20:27 George Mitchell <george+freebsd@m5p.com> >> > wrote: >> > > >> > >> On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote: >> > >>> I hacked on the FreeBSD source code to produce a version of the OS >> that >> > >>> cannot be remotely hacked. Before you tell me that is impossible, I >> > >>> have an answer to that response on my FAQ page. >> > >>> >> > >>> If you are interested in checking out my OS, you can find >> instructions >> > >>> on my site's home page: https://obstoclades.tech/ >> > >>> >> > >>> I invite you to check it out. >> > >>> >> > >> >> > >> Hmm, my mother told me never to click on links in strange emails ... >> > >> -- George >> > >> >> > > >> > > curl http://obstoclades.tech >> > [...] >> > > <p class="red">Connection denied by Geolocation Setting.</p> >> > > <p><b> Reason: </b> Blocked country: <font color="red"> >> </font> >> > </p> >> > > <p>The connection was denied because this country is blocked in >> > the >> > > Geolocation settings.</p> >> > > <p>Please contact your administrator for assistance.</p> >> > > </div> >> > > <div class="band">WatchGuard Technologies, Inc.</div> >> > > </div> >> > > </body> >> > > </html> >> > >> > $ fetch --no-verify-peer -v -o /tmp/obstoclades.html >> > https://obstoclades.tech >> > resolving server address: obstoclades.tech:443 >> > SSL options: 82004854 >> > Verify hostname >> > TLSv1.3 connection established using TLS_AES_256_GCM_SHA384 >> > Certificate subject: /CN=obstoclades.tech >> > Certificate issuer: /C=US/O=Let's Encrypt/CN=R3 >> > requesting https://obstoclades.tech/ >> > fetch: https://obstoclades.tech: size of remote file is not known >> > local size / mtime: 34916 / 1638088913 >> > /tmp/obstoclades.html 34 kB 181 kBps 00s >> > >> > There is actual contents in this file, and it does not seem to contain >> any >> > malicious parts. It starts with: >> > >> > <!DOCTYPE html> >> > <!-- >> > File: ObstoClades.html >> > Copyright (c) 2021 Obsto Clades, LLC >> > --> >> > <html lang="en"> >> > <head> >> > <meta charset="UTF-8"> >> > <title>Security is a Joke</title> >> > <meta name="description" >> > content="This demonstrates a modified BSD Operating System >> > designed >> > to prevent remote hacking of single-purpose computer systems."> >> > <link rel="stylesheet" type="text/css" href="/css/obstoclades.css"/> >> > <link rel="icon" type="image/x-icon" href="/favicon.ico"/> >> > <script >> > src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js >> > "></script> >> > <script src="js/obstoclades.js" defer="defer"></script> >> > </head> >> > >> > And besides the jquery.min.js dowloaded from ajax.googleapis.com only >> the >> > following short and apparently benign script is downloaded as >> > obstoclades.js: >> > >> > /* >> > * File: obstoclades.js >> > * Copyright (c) 2017 Obsto Clades, LLC >> > */ >> > >> > $(document).ready(function() >> > { >> > var $content = $(".content").hide(); >> > $(".img").on("click", function (e) >> > { >> > $(this).parent().parent().toggleClass("expanded"); >> > var ttt = $(this).parent().children(".tooltiptext"); >> > if ($(this).parent().parent().hasClass("expanded")) >> > { >> > ttt.replaceWith("<span class=\"tooltiptext\">Click to >> > close</span>"); >> > } >> > else >> > { >> > ttt.replaceWith("<span class=\"tooltiptext\">Click to >> > open</span>"); >> > } >> > $(this).parent().parent().next().slideToggle(); >> > }); >> > var textHeight = $("#left-side-header-text").height(); >> > $("#old_english_sheepdog").height(textHeight).width(textHeight); >> > $("#button").click(function() >> > { >> > $("#contactus-form").submit(); >> > }) >> > }); >> > >> > He invites to attack his server using a SSH login with provided >> > credentials, >> > and offers US$1000 for any successful modification of the test server. >> See >> > the following video, which shows that root on the consonle and root via >> su >> > in the SSH session get quite different environments: >> > >> > https://obstoclades.tech/video/demo-video.mp4 >> > >> > This looks like a setup with lots of restrictions applied, probably >> noexec >> > mounts of temporary file systems and the like, possibly jails and/or MAC >> > restrictions. >> > >> > He thinks that an embedded system configured that way could not be >> > attacked, >> > but explains that his concept is limited to e.g. IoT use cases (what he >> > calls "single-purpose computer system"). >> > >> > Anyway, I could not find any malicious content on the web server. >> Accessing >> > with a SSH session (obviously configured to not allow backwards >> tunneling) >> > should also not be too dangerous from a dumb terminal (but beware of >> escape >> > sequence attacks possible with ANSI terminals, e.g. reprogramming of >> > function >> > keys with "ESC[code;string;...p"). >> > >> > It looks to me like kind of a honeypot setup gathering attack attempts >> to >> > see whether a throw-away system can withstand them. All attack attempts >> are >> > logged, either to learn how to perform them, or to actually improve the >> > security of his protection concept in case of a successful break-in. >> > >> > Regards, STefan >> > >> >> >> The message above is really a very good one because of its information >> content . >> >> As a response to my message in the following link >> >> >> https://lists.freebsd.org/archives/freebsd-hackers/2021-November/000515.html >> >> Obsto Clades asked me with a private message , approximately , >> >> " I am connecting to the web site ... without any such message . >> >> Do you have more information ? " . >> >> I replied , "No ." >> >> >> When the following link ( please notice that it is http , not https ) >> >> >> http://obstoclades.tech/ >> >> >> the response of Firefox ( 57.0.1) is the following : >> >> -------------------------------------------------------- >> >> Connection denied by Geolocation Setting. >> >> * Reason: * Blocked country: >> >> The connection was denied because this country is blocked in the >> Geolocation settings. >> >> Please contact your administrator for assistance. >> WatchGuard Technologies, Inc. >> >> >> -------------------------------------------------------- >> >> >> >> When the following link ( please notice that it is https , not http ) >> >> >> https://obstoclades.tech/video/demo-video.mp4 >> >> >> the response of Firefox ( 57.0.1) is the following : >> >> -------------------------------------------------------- >> >> >> Your connection is not secure >> >> The owner of obstoclades.tech has configured their website improperly. To >> protect your information from being stolen, Firefox has not connected to >> this website. >> >> Learn moreā¦ >> >> Report errors like this to help Mozilla identify and block malicious sites >> >> >> >> -------------------------------------------------------- >> >> >> In "Learn more ..." >> >> the linked page is >> >> >> https://support.mozilla.org/en-US/kb/error-codes-secure-websites?as=u&utm_source=inproduct >> How to troubleshoot security error codes on secure websites >> >> >> There are 2 knobs not copyable : >> >> (1) Go back >> >> (2) Advanced >> >> >> When "Advanced" is clicked ( there is no linked page ) , >> >> the following message is displayed : >> >> >> >> >> -------------------------------------------------------- >> >> >> obstoclades.tech uses an invalid security certificate. >> >> The certificate is not trusted because it is self-signed. >> The certificate is not valid for the name obstoclades.tech. >> >> Error code: SEC_ERROR_UNKNOWN_ISSUER >> >> >> -------------------------------------------------------- >> >> >> >> With a knob ( without any linked page ) as follows : >> >> >> "Add Exception ..." >> >> >> with an dialog pane display to add an exception for that page >> >> ( which I did not added because website owner may correct her/his >> certificate >> >> or configuration of the website ) . >> >> >> With my best wishes for all , >> >> >> Mehmet Erol Sanliturk >> >