Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 28 Nov 2021 20:11:57 +0800
From:      Marcelo Araujo <araujobsdport@gmail.com>
To:        Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com>
Cc:        Stefan Esser <se@freebsd.org>, freebsd-hackers <freebsd-hackers@freebsd.org>
Subject:   Re: Does not appear to be (too) malicious ...
Message-ID:  <CAOfEmZh5tqb-e2vS6HNtiAWjZU3aYaJyJoQnrOQKHprdmLRMBQ@mail.gmail.com>
In-Reply-To: <CAOgwaMspORHAcAKoXbgDEQ1ZFOjSHAJbpPYL67J1dVbYcPHgVA@mail.gmail.com>
References:  <cd41bda5-6a14-c4e2-3d74-b0c5d52480ec@zohomail.com> <05580cd8-1bbf-8783-b190-40d9cdacade6@m5p.com> <CA%2ByoEx881o6frd-zy-rV55xR3vg%2BjugN0ZigdH8nAYGsB6_NfA@mail.gmail.com> <b66c39a4-1836-eab8-db9f-e839d14b13be@freebsd.org> <CAOgwaMspORHAcAKoXbgDEQ1ZFOjSHAJbpPYL67J1dVbYcPHgVA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000d78b7405d1d83b91
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

you all have a lot of free time.

On Sun, Nov 28, 2021, 18:14 Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com>
wrote:

> On Sun, Nov 28, 2021 at 12:17 PM Stefan Esser <se@freebsd.org> wrote:
>
> > Am 28.11.21 um 02:06 schrieb Mario Lobo:
> > > On Sat, Nov 27, 2021, 20:27 George Mitchell <george+freebsd@m5p.com>
> > wrote:
> > >
> > >> On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote:
> > >>> I hacked on the FreeBSD source code to produce a version of the OS
> that
> > >>> cannot be remotely hacked.  Before you tell me that is impossible, =
I
> > >>> have an answer to that response on my FAQ page.
> > >>>
> > >>> If you are interested in checking out my OS, you can find
> instructions
> > >>> on my site's home page:  https://obstoclades.tech/
> > >>>
> > >>> I invite you to check it out.
> > >>>
> > >>
> > >> Hmm, my mother told me never to click on links in strange emails ...
> > >> -- George
> > >>
> > >
> > > curl http://obstoclades.tech
> > [...]
> > >        <p class=3D"red">Connection denied by Geolocation Setting.</p>
> > >        <p><b> Reason: </b> Blocked country: <font color=3D"red">  </f=
ont>
> > </p>
> > >        <p>The connection was denied because this country is blocked i=
n
> > the
> > > Geolocation settings.</p>
> > >        <p>Please contact your administrator for assistance.</p>
> > >      </div>
> > >      <div class=3D"band">WatchGuard Technologies, Inc.</div>
> > >    </div>
> > >  </body>
> > > </html>
> >
> > $ fetch --no-verify-peer -v -o /tmp/obstoclades.html
> > https://obstoclades.tech
> > resolving server address: obstoclades.tech:443
> > SSL options: 82004854
> > Verify hostname
> > TLSv1.3 connection established using TLS_AES_256_GCM_SHA384
> > Certificate subject: /CN=3Dobstoclades.tech
> > Certificate issuer: /C=3DUS/O=3DLet's Encrypt/CN=3DR3
> > requesting https://obstoclades.tech/
> > fetch: https://obstoclades.tech: size of remote file is not known
> > local size / mtime: 34916 / 1638088913
> > /tmp/obstoclades.html                             34 kB  181 kBps    00=
s
> >
> > There is actual contents in this file, and it does not seem to contain
> any
> > malicious parts. It starts with:
> >
> > <!DOCTYPE html>
> > <!--
> >       File:  ObstoClades.html
> >       Copyright (c) 2021 Obsto Clades, LLC
> >  -->
> > <html lang=3D"en">
> >   <head>
> >     <meta charset=3D"UTF-8">
> >     <title>Security is a Joke</title>
> >     <meta name=3D"description"
> >           content=3D"This demonstrates a modified BSD Operating System
> > designed
> > to prevent remote hacking of single-purpose computer systems.">
> >     <link rel=3D"stylesheet" type=3D"text/css" href=3D"/css/obstoclades=
.css"/>
> >     <link rel=3D"icon" type=3D"image/x-icon" href=3D"/favicon.ico"/>
> >     <script
> > src=3D"https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
> > "></script>
> >     <script src=3D"js/obstoclades.js" defer=3D"defer"></script>
> >   </head>
> >
> > And besides the jquery.min.js dowloaded from ajax.googleapis.com only
> the
> > following short and apparently benign script is downloaded as
> > obstoclades.js:
> >
> > /*
> >  * File:  obstoclades.js
> >  * Copyright (c) 2017 Obsto Clades, LLC
> >  */
> >
> > $(document).ready(function()
> > {
> >     var $content =3D $(".content").hide();
> >     $(".img").on("click", function (e)
> >     {
> >         $(this).parent().parent().toggleClass("expanded");
> >         var ttt =3D $(this).parent().children(".tooltiptext");
> >         if ($(this).parent().parent().hasClass("expanded"))
> >         {
> >                 ttt.replaceWith("<span class=3D\"tooltiptext\">Click to
> > close</span>");
> >         }
> >         else
> >         {
> >                 ttt.replaceWith("<span class=3D\"tooltiptext\">Click to
> > open</span>");
> >         }
> >         $(this).parent().parent().next().slideToggle();
> >     });
> >     var textHeight =3D $("#left-side-header-text").height();
> >     $("#old_english_sheepdog").height(textHeight).width(textHeight);
> >     $("#button").click(function()
> >     {
> >         $("#contactus-form").submit();
> >     })
> > });
> >
> > He invites to attack his server using a SSH login with provided
> > credentials,
> > and offers US$1000 for any successful modification of the test server.
> See
> > the following video, which shows that root on the consonle and root via
> su
> > in the SSH session get quite different environments:
> >
> > https://obstoclades.tech/video/demo-video.mp4
> >
> > This looks like a setup with lots of restrictions applied, probably
> noexec
> > mounts of temporary file systems and the like, possibly jails and/or MA=
C
> > restrictions.
> >
> > He thinks that an embedded system configured that way could not be
> > attacked,
> > but explains that his concept is limited to e.g. IoT use cases (what he
> > calls "single-purpose computer system").
> >
> > Anyway, I could not find any malicious content on the web server.
> Accessing
> > with a SSH session (obviously configured to not allow backwards
> tunneling)
> > should also not be too dangerous from a dumb terminal (but beware of
> escape
> > sequence attacks possible with ANSI terminals, e.g. reprogramming of
> > function
> > keys with "ESC[code;string;...p").
> >
> > It looks to me like kind of a honeypot setup gathering attack attempts =
to
> > see whether a throw-away system can withstand them. All attack attempts
> are
> > logged, either to learn how to perform them, or to actually improve the
> > security of his protection concept in case of a successful break-in.
> >
> > Regards, STefan
> >
>
>
> The message above is really a very good one because of its information
> content .
>
> As a response to my message in the following link
>
>
> https://lists.freebsd.org/archives/freebsd-hackers/2021-November/000515.h=
tml
>
> Obsto Clades asked me with a private message , approximately ,
>
> " I am connecting to the web site ... without any such message .
>
> Do you have more information ? " .
>
> I replied , "No ."
>
>
> When the following link ( please notice that  it is  http , not https )
>
>
> http://obstoclades.tech/
>
>
> the response of Firefox ( 57.0.1) is the following :
>
> --------------------------------------------------------
>
> Connection denied by Geolocation Setting.
>
> * Reason: * Blocked country:
>
> The connection was denied because this country is blocked in the
> Geolocation settings.
>
> Please contact your administrator for assistance.
> WatchGuard Technologies, Inc.
>
>
> --------------------------------------------------------
>
>
>
> When the following link ( please notice that  it is  https , not http )
>
>
> https://obstoclades.tech/video/demo-video.mp4
>
>
> the response of Firefox ( 57.0.1) is the following :
>
> --------------------------------------------------------
>
>
> Your connection is not secure
>
> The owner of obstoclades.tech has configured their website improperly. To
> protect your information from being stolen, Firefox has not connected to
> this website.
>
> Learn more=E2=80=A6
>
> Report errors like this to help Mozilla identify and block malicious site=
s
>
>
>
> --------------------------------------------------------
>
>
> In "Learn more ..."
>
> the linked page is
>
>
> https://support.mozilla.org/en-US/kb/error-codes-secure-websites?as=3Du&u=
tm_source=3Dinproduct
> How to troubleshoot security error codes on secure websites
>
>
> There are 2 knobs not copyable :
>
> (1) Go back
>
> (2) Advanced
>
>
> When "Advanced" is clicked ( there is no linked page )  ,
>
> the following message is displayed :
>
>
>
>
> --------------------------------------------------------
>
>
> obstoclades.tech uses an invalid security certificate.
>
> The certificate is not trusted because it is self-signed.
> The certificate is not valid for the name obstoclades.tech.
>
> Error code: SEC_ERROR_UNKNOWN_ISSUER
>
>
> --------------------------------------------------------
>
>
>
> With a knob ( without any linked page ) as follows :
>
>
> "Add Exception ..."
>
>
> with an dialog pane display to add an exception for that page
>
> ( which I did not added because  website owner may correct her/his
> certificate
>
> or configuration of the website ) .
>
>
> With my best wishes for all ,
>
>
> Mehmet Erol Sanliturk
>

--000000000000d78b7405d1d83b91--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOfEmZh5tqb-e2vS6HNtiAWjZU3aYaJyJoQnrOQKHprdmLRMBQ>