WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Iffy BashBugs!  (Read 4113 times)

Offline osicore

  • Newbie
  • *
  • Posts: 8
Iffy BashBugs!
« on: February 10, 2015, 09:11:23 AM »
I was wondering what everyone else thought of all the leak's in the news about the state of spying going on in the online world?

For those who missed it, Google paid Mozilla 6 Million to include there tracking cookie's into the FireFox browser, Mozilla has then split from Google moving over to Yahoo in another lucrative deal, so I guess the real question is how could anyone miss out on the fact that the Government's spying program's highlighted in the press - seemed to focus exclusively on poor old Mozilla...

If you think google has been kindly removed from your default firefox install, you might want to download the latest version and type about:config and then search for the keyword "google" in the search pane provided.. See that little bit all about JSON & jQuery plugin's from Google, in-case you missed the epic naming convention it went Fox-Acid & Squeaky Dolphin

Now has anyone - ie: all us developers out there ever heard of an operating system called "Dolphin?"

The answer to that is yes indeed, it was the codename for Mozilla's flag-ship product "FireFox OS" for Mobile Phones!

So I guess the question to the CoreLinux dev's is how long they'll tollerate shipping the firefox browser with Google's JSON & jQuery intact, wouldnt it be better to go backwards and use a lightweight browser such as Dillo or dPlus? Granted the web-would look funky but I'd rather look at pages that dont render correctly than have some huge search giant stealing every single browser cookie and then making a mint selling it on.

Mozilla for there part under enormous presure to satisfy it's consumer base went the extra mile, they removed the DoD Certificates from the Mozilla browser, but in retrospect, that is going to solve absolutely nothing and just to prove the point of the larger issue.

Because it seems to me that if you goto the spy agency homepage and use Certificate Viewer Plus the spying birds (pun intended) prefer to use there own signer aka: Equifax CA.

Oh and in other news, in case you missed it, the newer Android OS from google codenamed Lollipop now ship's with SELinux enhancements enabled by default, what does this mean for you the end user, it means you can no longer Liberate your operating system and the default Java Engine was updated from Dalvik to ART which means when you go and treat yourself to another £600 buck's expensive crap spy phone you can look forwards to it being LOCK-ed in to Google for all time!

What is Prism? Well I've spent a great deal of time thinking about that issue and can hopefully clear the air and dispel some hokum and doubt's. What is a Prism54? It was a chipset manufactured by Intersil that was an open-source SoC or System on Chip - and the firmware for that particular device is - <~ ARM

So is Java - really evil I hear you ask, saddly it's looking that way - https://www.gnu.org/software/librejs/

I work as a freelance developer in my spare time and have encountered numerous question's from concerned customers about the issue in general, the answer to that is if you like your Liberty and you like your freedom, perhaps you need to start looking at alternative browsers, because the last time I checked with the Microsoft Certificate Store certmgr.exe the certificates that where em-bedded with Windows 8 and 10 where not only out of date - they where invalid! Showing up as "No Liability Accepted!"

Oh and with regards to the ShellShock bash bug, that would be the very same Bug that now ships by default in the latest "android OS" from Google!

Food for thought!
« Last Edit: February 10, 2015, 09:17:17 AM by osicore »

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11938
Re: Iffy BashBugs!
« Reply #1 on: February 10, 2015, 10:05:45 AM »
Hi osicore
So I guess the question to the CoreLinux dev's is how long they'll tollerate shipping the firefox browser with Google's JSON & jQuery intact, wouldnt it be better to go backwards and use a lightweight browser such as Dillo or dPlus?
I don't know how familiar you are with Tinycore, but it does not get "shipped" with any web browsers. If you want a web browser, you
select which one you want from the repository and install it.

Offline osicore

  • Newbie
  • *
  • Posts: 8
Re: Iffy BashBugs!
« Reply #2 on: February 10, 2015, 10:22:02 AM »
Is dillo in the repository?

More to the point is JRE - the Java Runtime Environment?

I dont know about you, but seeing the Bash-Bug still operating in the ASH - Android Shell along with Javascript is like looking at a matador waving a red flag at a bull. Hey, china, hey lizard squad - Look at that! There just asking for the horns!

Cisco can't preach considering they where the one's who sold china the great firewall in the first place..

I guess the issue at heart now more than anything else is trust and now that it's gone, from NetScape of all Browser vendors, then I guess people are never going to look at the technology the same way ever again!

If they've got basestation's to intercept handset's and trust me they do they buy most of it from China, then doesnt it also stand to reason that a 128kb .js self replicating bug, that exploits the vulnerabilities of Bash would spread like wildfire over those handsets across every single telecommunications network at the speed of sound. Congrats - what an epic way to write an application!

But never fear the end user who's device has suddenly become virus laden with Ransomware can soon bypass the security contexts to fix it, by plugging it into there Windows PC and using the proprietary ADB debugging bridge...

That would be a slick move considering Windows itself uses Javascript as part of the active desktop!
« Last Edit: February 10, 2015, 10:44:42 AM by osicore »

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 15028
Re: Iffy BashBugs!
« Reply #3 on: February 10, 2015, 11:21:37 AM »
If you want something small you could try the fifth web browser extension.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11938
Re: Iffy BashBugs!
« Reply #4 on: February 10, 2015, 11:27:55 AM »
Hi osicore
Is dillo in the repository?
There are currently two versions available in TC4.

Offline osicore

  • Newbie
  • *
  • Posts: 8
Re: Iffy BashBugs!
« Reply #5 on: February 10, 2015, 11:52:31 AM »
@ Rich & Juanito thx, i'll go take a peek, glad to know it's in there.

 I'll go lookie ("whilst I'm silently contemplating dd if=/emulated/sdcard0/boot of /Windows/System32 | >boot.ini")

##if=contacts where 'contacts'=outlook.exe;
##then func.spread && if=contacts where 'contacts'=droid then func.doublespread;
##@echo-off if exist C:\Windows\System32 then echo"Google wants your Children!" && pause 5 then echo"Take it like a man!";

« Last Edit: February 10, 2015, 12:23:08 PM by osicore »

Offline osicore

  • Newbie
  • *
  • Posts: 8
Re: Iffy BashBugs!
« Reply #6 on: February 12, 2015, 04:44:01 AM »
Oh well out of extreme boredom I find myself resurecting ancient technology from back in the 1990's, thing's that most people have never heard of, the whole world is not just Microsoft, Apple, Google & Linux!

Used to be a time you could execute the Amiga research Operating System but those day's appear to be dissappearing, as AROS is now partly Linux and as to the concept that many eye's make all bug's shallow, I dont buy that for a minute considering it took them "four" years to tell anyone that there secure sockets where dribbling a nasty disease all over the place!

Thankfully for those of us who still love the command line, there are plenty of alternatives, I wont mention what they are because the last thing you want is a load of "jar-head's" on steroid's going can we put back-door's in it?!?

Jolix - now there's a blast from the past && After-Dark!

It's worth reflecting that most of the guy's who programmed the beginning's of the Web where actually adverse to the idea of encryption in any form to begin with, because they originally said, "it made them uncomfortable", well I can agree there, the whole issue of not being able to trust your own secure sockets would make anybody uncomfortabe.

The best bit is what's slowly leaking out now in the news, that the advertising agencies, the marketing profiteers, etc where all granted immunity from prosecution by the west wing. That's like giving a load of guy's who've been against free software from the very beginings of there advertising and marketing astro-turfing, a free license to get away with being as evil as they like!

Then when it comes out in the wash that the majority of the afore mentioned companies are happily evading paying taxes, they wonder how that happened?! Kind of a no-brainer, when they're very actions gave them the free license to do it and get away with it!

As for the GTK & the GNU that GNU License is getting to be a bit of a Joke if people can suddenly come along and start putting (dot) Net into Linux and it's worth reflecting that every single time the GTK toolkit advances, all the libraries behind it "dont" then they all play catch the rainbow. Then the end user's play patch the broken held libraries because the maintainers coulnt be bothered to make sure that there awesome update went smoothly for everybody. As they say "Gnome is Not Unix" but then Gnome isnt a Disk Operating System (DOS) either. I can't help but wonder how many developers just threw up there hands in disgust and walked right out the door!

If you wanna make sure your disk's are clean a low level format with LILO seem's to be the way to go, no incorretly reported missing drive space, like what you get if you update to SVhost & Service Pack 3 and with respect to the whole privacy debate, if your machine isnt connected to the world wide web - isnt that "privacy" enough?
« Last Edit: February 12, 2015, 05:14:20 AM by osicore »

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: Iffy BashBugs!
« Reply #7 on: February 12, 2015, 06:53:31 AM »

Whatare you talking about? Can you summarize in two sentences?
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline osicore

  • Newbie
  • *
  • Posts: 8
Re: Iffy BashBugs!
« Reply #8 on: February 12, 2015, 08:03:35 AM »

Whatare you talking about? Can you summarize in two sentences?

Yeah, pretty much, people think finding vulnerabilities in other peoples system's is fun & cool...

But how's this for fun & cool, it cost's people there Job's and it cost's people there lives.

The maintainer of ProFTP is a good example, when he got sued by various oorperations for leaving them all vulnerable, after a load of nerd published the vulnerability in his software he went home put a noose around his neck and threw himself off a chair when he realised he was financially ruined!

Then there's Han's reiser and reiserFS, his wife nagged him day in and day out about how his filing system would never be popular, so he went and fetched an axe from the shed and after he'd decapitated her he fetched the shovel and buried her!

I wonder how many people lost there Job because of a vulnerability, that someone else kept there mouth's closed over!

Did Snowden do the right thing telling everybody that Google had turned into a huge unstoppable search giant, that was screwing everybody? Well it's easy to elaborate and see how some people make there money in the software industry!

That about sum's it up in three sentances!

Perhaps we should all just take a moment for reflection, that after iBM/OS2 Warp Microsoft does a runner with the source and up pop's 95, 98 & NT - then to compound it further, they say we're not putting bug's in OpenSSL, well that's "good" to know, considering there own UNICOS system that runs on those ever so expensive CRAY mainframes is maintained by Linux!
« Last Edit: February 12, 2015, 08:11:47 AM by osicore »

Offline osicore

  • Newbie
  • *
  • Posts: 8
Re: Iffy BashBugs!
« Reply #9 on: February 12, 2015, 09:23:26 AM »
That would be those systems that they have to justify the spending of billion's of dollars on to break "encryption" and that would be the very same "encryption" that protects those very system's from other people bypassing the "encryption" to over load the heatsink and turn 20 Billion Dollars of equipment into a pile of smoldering plastic!

Offline osicore

  • Newbie
  • *
  • Posts: 8
Re: Iffy BashBugs!
« Reply #10 on: February 13, 2015, 06:14:48 AM »
I really wish I could be at Stanford University the home of (TCPCRYPT) today to listen like a fly on the wall, guess I'll just have to wait for the youtube video.

If we where all using ubiquitous encryption at the packet layer and across the platforms, cyber-crime become's a mute point because the criminals wouldnt be able to break in and steal anything worth having.

Good to see that VISA & Mastercard are going to be there too.. I hope they push the issue that if they like being able to use there credit card to make an online purchase, it's the encryption that stop's a criminal stealing your card details!


How did Sony die? Was it heart-bleed? Was it Shell-Shock? Or was it just the fact that Microsoft write's rubbish software?!

We'll never know, but one thing I've always pondered is who feed's the Government the line of crap that these are emerging technologies? Emerging? They've been around since the 70's and it's somehow emerging, only now?!
« Last Edit: February 13, 2015, 06:29:55 AM by osicore »

Offline osicore

  • Newbie
  • *
  • Posts: 8
Re: Iffy BashBugs!
« Reply #11 on: February 15, 2015, 07:30:09 AM »
I must have missed the part where ANSI ISO/IEC 17024 turned into POSIX ISO/IEC 17024!

Hybrid Kernels are a "Marketing Gimmick" according to "Linus Torvalds" that must be why every Open Source project such as DragonFly, BeOS & Haiku are all trying to embrace ANSI Standards.. With things like the "HAMMER" & "Zune" filing system's.

An then the world wake's up to the fact that the "Hybrid Kernel" & the "Hybrid Filing System", is hacking the crap out of everybody!
« Last Edit: February 15, 2015, 07:56:02 AM by osicore »