From nobody Sun Nov 28 15:00:48 2021 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6D5D518A8DA6 for ; Sun, 28 Nov 2021 15:01:33 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-vk1-xa2b.google.com (mail-vk1-xa2b.google.com [IPv6:2607:f8b0:4864:20::a2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J2BWx2KFsz4l1Q; Sun, 28 Nov 2021 15:01:33 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: by mail-vk1-xa2b.google.com with SMTP id s17so9241498vka.5; Sun, 28 Nov 2021 07:01:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C6vbNk87x7x39iVpUmYIA/BImeiMK9whx/63TzWn9gw=; b=LjJYPFgL5BuGxdsboQbT9j82F+eVBeMZiB22lFg5AioYmE7S8KQQiAul9nDQfm/m/2 XksGPGf4//HlSQScKk6finJbILqB8YmSIh4jjN86nCv7SfKYAF3zgalWOUXL71AFKiph ct3CbySvQL+20ogtt+cG0psR4c9hRgTRUESG5nmil7cy0V8yDeLNgk+QbWtKnYxPBtKG +ee+85YE/3gPxQKp+YOIee/nbA/z1YPyCHwh1NWHxTTtsCDq9ZY+dEGvBIE9erLVkeym ZxB5c8XWV3LvEWLvi9jql1gcxCoQvOPF3JEdRqSvL62meeM/AB9NNzFSxGfD0x90hSub fv5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C6vbNk87x7x39iVpUmYIA/BImeiMK9whx/63TzWn9gw=; b=ugwVQe3aqsDeDO6YPP/4C0rkjKFgMqPk63AC/Glfig0dlR1c2tnuxmVoRdLniYgHKZ 82Dgiyo1Dqh6nF6ob6m95uyfXxMYHP0hhiJ/TE0c8Fs66xIdDlOuf3djKIWJ5fY62e0g EZ9ZHlJLnQ2yX7lFQhbTPAbjIKJHSNXZmAUdEgpF3SJgJmUEpd+EalMjM1WgpFochu5y QKG8lBPJ2kyarLuXIPr5h7tCyUhXDyScTUcn1YhK88Y2yUV5DScgcAJYvHd1idb0NnB4 ZWl7B+1PdFtqg1PESMymnzSbVcPEHULcg7JKqibIpsz4+ieMgIMsMCJDuG0AWSR7AfDI 0NCw== X-Gm-Message-State: AOAM5320u8YRU78y6W1oPZcULqx3I0N22Rlg65apaDG0LAYhOVEaBIqF eAFvMx5COjGXb2NqoC7eww3i0IK7dxaMOcIFqcrUiH/s0Rc= X-Google-Smtp-Source: ABdhPJwl9v+wS2Wp2Qf5ol2/0m7R0ZX+shNVq+DMeVCIgH2+1gXr/axIxJBDizgCrRCKYnRsOAK9SYqYcgUhABQheak= X-Received: by 2002:a05:6122:16a3:: with SMTP id 35mr30424665vkl.11.1638111686161; Sun, 28 Nov 2021 07:01:26 -0800 (PST) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 References: <05580cd8-1bbf-8783-b190-40d9cdacade6@m5p.com> In-Reply-To: From: Mehmet Erol Sanliturk Date: Sun, 28 Nov 2021 18:00:48 +0300 Message-ID: Subject: Re: Does not appear to be (too) malicious ... To: araujo@freebsd.org Cc: Stefan Esser , freebsd-hackers Content-Type: multipart/alternative; boundary="00000000000028040705d1da99c8" X-Rspamd-Queue-Id: 4J2BWx2KFsz4l1Q X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: Y --00000000000028040705d1da99c8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Nov 28, 2021 at 3:12 PM Marcelo Araujo wrote: > you all have a lot of free time. > > Actually "no" . I am retired now and I am not working for anyone , because (1) health conditions , (2) to know too much , no one is liking to see me around her/him with fear "He may become boss instead of me" or "I may be regarded weak when he work in here" ( <--- These are experimental results , not assumptions ) <----- This is absolute nonsense because I never wanted to be a "boss" or "degrader of the people" , but a "scientist" for solving computing problems encountered by the people since 1970 having a root since 1965 . I am still studying very hard up to mostly morning 2.00 to 3.00 . My most important ( let's say it ) "hobby" is to help to the people to solv= e their problems such ( to prepare software to solve research problems such data analysis of PhD theses or more advanced researches , to develop "knowledge system design and management" software , to try to develop a "research analysis" software , ... Now I will start to develop a new operating system with a permissive license such as BSD , etc. , to be able to handle ( not "Very" , but ) "Large scale software stacks" because at present there is no such an operating system . My multimedia ( data , information , knowledge ) system ( its PhD thesis name is : A multi-media Information management system ) has hit an internal limit(s) of both FreeBSD and Linux and it is not possible to continue to develop it any further because I could not find why the program is wiped away from the screen without leaving even a simple message . Logging is not usable because the last part is completely missing . Debugging is impossible because a few minute run is using approximately entry-exit pairs reaching at least 500 hundred millions excluding mouse interrupts , run is based on recursive entries of a body running correctly with a very large number of re-entries . To be able to continue , it is necessary to to have a NEW operating system able to manage such large systems : Because : (1) Used compilation . linking , and execution models are not suitable for such large systems , (2) There is a need to distribute computations over systems . Existing systems are no more than , approximately , NFS . (3) The present models are not able to find error sources when they occur . used debugging models can only be used on small systems . They are not able to detect errors in a large distributed system , (4) Present time hardware is designed for a single user , connected with a network facility . They are not secure , and it is not possible to generate a very secure system . The need is to design a new hardware computing system being able to support software running over it . . . . . . And many more completely "CRAZY" ideas about " ... software development " ... . . . . . It is possible to see that there is NO FREE and WASTABLE TIME ... Trying to help people is important for me because I gained my knowledge solely based on work and help from my predecessors . Now it is the time to pay back their contributions to newcomers when I am able to do it and have sufficient ability for it . The state is this . With my best wishes for all . Mehmet Erol Sanliturk > On Sun, Nov 28, 2021, 18:14 Mehmet Erol Sanliturk > wrote: > >> On Sun, Nov 28, 2021 at 12:17 PM Stefan Esser wrote: >> >> > Am 28.11.21 um 02:06 schrieb Mario Lobo: >> > > On Sat, Nov 27, 2021, 20:27 George Mitchell >> > wrote: >> > > >> > >> On 11/27/21 17:40, Obsto Clades via freebsd-hackers wrote: >> > >>> I hacked on the FreeBSD source code to produce a version of the OS >> that >> > >>> cannot be remotely hacked. Before you tell me that is impossible,= I >> > >>> have an answer to that response on my FAQ page. >> > >>> >> > >>> If you are interested in checking out my OS, you can find >> instructions >> > >>> on my site's home page: https://obstoclades.tech/ >> > >>> >> > >>> I invite you to check it out. >> > >>> >> > >> >> > >> Hmm, my mother told me never to click on links in strange emails ..= . >> > >> -- George >> > >> >> > > >> > > curl http://obstoclades.tech >> > [...] >> > >

Connection denied by Geolocation Setting. >> > >

Reason: Blocked country: >> >> >

>> > >

The connection was denied because this country is blocked = in >> > the >> > > Geolocation settings.

>> > >

Please contact your administrator for assistance.

>> > > >> > >
WatchGuard Technologies, Inc.
>> > > >> > > >> > > >> > >> > $ fetch --no-verify-peer -v -o /tmp/obstoclades.html >> > https://obstoclades.tech >> > resolving server address: obstoclades.tech:443 >> > SSL options: 82004854 >> > Verify hostname >> > TLSv1.3 connection established using TLS_AES_256_GCM_SHA384 >> > Certificate subject: /CN=3Dobstoclades.tech >> > Certificate issuer: /C=3DUS/O=3DLet's Encrypt/CN=3DR3 >> > requesting https://obstoclades.tech/ >> > fetch: https://obstoclades.tech: size of remote file is not known >> > local size / mtime: 34916 / 1638088913 >> > /tmp/obstoclades.html 34 kB 181 kBps 0= 0s >> > >> > There is actual contents in this file, and it does not seem to contain >> any >> > malicious parts. It starts with: >> > >> > >> > >> > >> > >> > >> > Security is a Joke >> > > > content=3D"This demonstrates a modified BSD Operating System >> > designed >> > to prevent remote hacking of single-purpose computer systems."> >> > >> > >> > >> > >> > >> > >> > And besides the jquery.min.js dowloaded from ajax.googleapis.com only >> the >> > following short and apparently benign script is downloaded as >> > obstoclades.js: >> > >> > /* >> > * File: obstoclades.js >> > * Copyright (c) 2017 Obsto Clades, LLC >> > */ >> > >> > $(document).ready(function() >> > { >> > var $content =3D $(".content").hide(); >> > $(".img").on("click", function (e) >> > { >> > $(this).parent().parent().toggleClass("expanded"); >> > var ttt =3D $(this).parent().children(".tooltiptext"); >> > if ($(this).parent().parent().hasClass("expanded")) >> > { >> > ttt.replaceWith("Click t= o >> > close"); >> > } >> > else >> > { >> > ttt.replaceWith("Click t= o >> > open"); >> > } >> > $(this).parent().parent().next().slideToggle(); >> > }); >> > var textHeight =3D $("#left-side-header-text").height(); >> > $("#old_english_sheepdog").height(textHeight).width(textHeight); >> > $("#button").click(function() >> > { >> > $("#contactus-form").submit(); >> > }) >> > }); >> > >> > He invites to attack his server using a SSH login with provided >> > credentials, >> > and offers US$1000 for any successful modification of the test server. >> See >> > the following video, which shows that root on the consonle and root vi= a >> su >> > in the SSH session get quite different environments: >> > >> > https://obstoclades.tech/video/demo-video.mp4 >> > >> > This looks like a setup with lots of restrictions applied, probably >> noexec >> > mounts of temporary file systems and the like, possibly jails and/or M= AC >> > restrictions. >> > >> > He thinks that an embedded system configured that way could not be >> > attacked, >> > but explains that his concept is limited to e.g. IoT use cases (what h= e >> > calls "single-purpose computer system"). >> > >> > Anyway, I could not find any malicious content on the web server. >> Accessing >> > with a SSH session (obviously configured to not allow backwards >> tunneling) >> > should also not be too dangerous from a dumb terminal (but beware of >> escape >> > sequence attacks possible with ANSI terminals, e.g. reprogramming of >> > function >> > keys with "ESC[code;string;...p"). >> > >> > It looks to me like kind of a honeypot setup gathering attack attempts >> to >> > see whether a throw-away system can withstand them. All attack attempt= s >> are >> > logged, either to learn how to perform them, or to actually improve th= e >> > security of his protection concept in case of a successful break-in. >> > >> > Regards, STefan >> > >> >> >> The message above is really a very good one because of its information >> content . >> >> As a response to my message in the following link >> >> >> https://lists.freebsd.org/archives/freebsd-hackers/2021-November/000515.= html >> >> Obsto Clades asked me with a private message , approximately , >> >> " I am connecting to the web site ... without any such message . >> >> Do you have more information ? " . >> >> I replied , "No ." >> >> >> When the following link ( please notice that it is http , not https ) >> >> >> http://obstoclades.tech/ >> >> >> the response of Firefox ( 57.0.1) is the following : >> >> -------------------------------------------------------- >> >> Connection denied by Geolocation Setting. >> >> * Reason: * Blocked country: >> >> The connection was denied because this country is blocked in the >> Geolocation settings. >> >> Please contact your administrator for assistance. >> WatchGuard Technologies, Inc. >> >> >> -------------------------------------------------------- >> >> >> >> When the following link ( please notice that it is https , not http ) >> >> >> https://obstoclades.tech/video/demo-video.mp4 >> >> >> the response of Firefox ( 57.0.1) is the following : >> >> -------------------------------------------------------- >> >> >> Your connection is not secure >> >> The owner of obstoclades.tech has configured their website improperly. T= o >> protect your information from being stolen, Firefox has not connected to >> this website. >> >> Learn more=E2=80=A6 >> >> Report errors like this to help Mozilla identify and block malicious sit= es >> >> >> >> -------------------------------------------------------- >> >> >> In "Learn more ..." >> >> the linked page is >> >> >> https://support.mozilla.org/en-US/kb/error-codes-secure-websites?as=3Du&= utm_source=3Dinproduct >> How to troubleshoot security error codes on secure websites >> >> >> There are 2 knobs not copyable : >> >> (1) Go back >> >> (2) Advanced >> >> >> When "Advanced" is clicked ( there is no linked page ) , >> >> the following message is displayed : >> >> >> >> >> -------------------------------------------------------- >> >> >> obstoclades.tech uses an invalid security certificate. >> >> The certificate is not trusted because it is self-signed. >> The certificate is not valid for the name obstoclades.tech. >> >> Error code: SEC_ERROR_UNKNOWN_ISSUER >> >> >> -------------------------------------------------------- >> >> >> >> With a knob ( without any linked page ) as follows : >> >> >> "Add Exception ..." >> >> >> with an dialog pane display to add an exception for that page >> >> ( which I did not added because website owner may correct her/his >> certificate >> >> or configuration of the website ) . >> >> >> With my best wishes for all , >> >> >> Mehmet Erol Sanliturk >> > --00000000000028040705d1da99c8--