FC3 - broken into?

Fri Feb 18 06:40:40 UTC 2005

On Thursday 17 February 2005 11:15 am, Temlakos wrote:
> Those non-work-related pictures you mentioned, if they are showing up on
> the screensaver, must be in a directory that the screensaver is
> configured to point to for screenshots. The XScreenSaver system always
> reserves a source for pictures that some screen saver routines work on.
> This can be a shot of the current screen, or one particular graphic, or
> a randomly-picked graphic in a directory of graphics or symbolic links
> to graphics.
>
> To get rid of the inappropriate pictures, you need to find out where
> they are stored. Bring up your Screensaver Preferences dialog
> (Preferences->Screensaver if you're using GNOME) and go to the Advanced
> tab. You will see a static box labeled "Image Manipulation." I would
> guess that you have a box checked that reads "Choose Random Image:" with
> a field below it naming a directory. That directory is where those files
> are stored. First, eliminate the directory from that Image Manipulation
> setting--get it to grab desktop images only for the time being. Second,
> go to the directory that was named and throw everything in it into the
> trash. And if it's symbolic links, you'll need to track them down and
> throw them away. (Trust me: you do /not/ want pictures such as you
> described on a work computer! That's a sexual-harassment lawsuit waiting
> to happen.)
>
> If that is not what you find, then someone has indeed installed a
> different screensaver on your system, or else a slideshow viewer
> pointing to a folder containing the inappropriate graphics. This is why
> I never do updates as root--I always give the superuser password to an
> application I know and trust which requests it, and I do all my business
> while logged in as any user /but/ root.
>
> Now as to how to keep the barn door locked: My first impression is that
> you need to enable the system firewall, even if you /do/ have a
> corporate firewall. Redundancy never hurts in security. Of course, you
> need to make sure you know what TCP and UDP ports have to be open for
> certain network processes to run. As long as you open those ports (as
> source /and/ as destination, to be safe) and restrict this to the
> subnetwork you have in your enterprise, your computer should be safe
> even if someone compromises the corporate firewall--or is making
> mischief inside the enterprise and hence already inside the firewall.
> Search on the word "iptables" for more information. (The iptables system
> and syntax took a long time for me to learn, until now I have a system
> that is /very/ particular about what transactions it allows, even
> between computers on my own network.)
>
> Temlakos
>
> Pat Pleate wrote:
> > Sorry about the last entry - I hit Enter too quickly.
> > I just installed FC3 a couple of days ago.  We have a
> > corporate firewall between our company and the
> > "outside world", so I left my the PC on but logged off
> > for the night.  I logged in as my own account this
> > morning (which may be root equivalent, but I don't
> > know yet, I'm learning) and ran today's updates
> > (Thurs. 2/17).  About 5 - 10 minutes later during the
> > time the updates were downloading/installing, I turned
> > around from my other workstation checking e-mail and
> > noticed that the FC3 screensaver was not legit - the
> > pictures were not work-related, i.e. nude women.  I
> > suspect that my PC may have been broken into.  I
> > looked at all the screensaver pics and didn't find any
> > nude women photo shots.  I'm very suspicious of this
> > and would like some assistance from the experts.  What
> > should I be checking for in the Linux world that would
> > be suspicious?  I can easily find my way through
> > Novell and Windows, but don't have much background in
> > the Linux world and am humbly asking for your
> > assistance.  Thanks in advance and have great day.
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Take Yahoo! Mail with you! Get it on your mobile phone.
> > http://mobile.yahoo.com/maildemo

Hi All,

great post Temlakos. People like you and others here make this place great to 
visit. Security and fallbacks for it are important Cheers.

Mark Sargent.