gtechn
Posts: 70
Joined: Thu Jan 07, 2016 5:32 pm

New Pi Malware is here

Thu Jun 08, 2017 2:23 pm

[mod fixed link]

https://www.bleepingcomputer.com/news/s ... i-devices/

Apparently this one mines for a certain cryptocurrency. Hopefully everyone has updated. Maybe the Raspberry Pi needs a real, official Software Updater tool (which is semi-automatic, similar to Ubuntu's)?

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17751
Joined: Sat Jul 30, 2011 7:41 pm

Re: New Pi Malware is here

Thu Jun 08, 2017 2:30 pm

I've just this moment added a new security page to the documentation...

https://www.raspberrypi.org/documentati ... ecurity.md
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

BMS Doug
Posts: 3820
Joined: Thu Mar 27, 2014 2:42 pm
Location: London, UK

Re: New Pi Malware is here

Thu Jun 08, 2017 2:38 pm

This relies on the user making their Pi accessible from the internet without changing the default user name and password.

There is no security update possible that will prevent people accessing your Pi if you make it accessible from the internet with the default user name and password.
Doug.
Building Management Systems Engineer.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17751
Joined: Sat Jul 30, 2011 7:41 pm

Re: New Pi Malware is here

Thu Jun 08, 2017 3:08 pm

BMS Doug wrote:This relies on the user making their Pi accessible from the internet without changing the default user name and password.

There is no security update possible that will prevent people accessing your Pi if you make it accessible from the internet with the default user name and password.
Indeed. Hence the page in the documentation on security. This is an educational rather than a technical issue.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

User avatar
mikerr
Posts: 2465
Joined: Thu Jan 12, 2012 12:46 pm
Location: Up north , UK
Contact: Website

Re: New Pi Malware is here

Fri Jun 09, 2017 10:08 pm

Nice to see "Make sudo require a password" on there

Passwordless sudo has long been raspbian's weakest feature, and I don't think it helps newbies that much either.
Android app - Raspi Card Imager - download and image SD cards - No PC required !

User avatar
Paul Webster
Posts: 681
Joined: Sat Jul 30, 2011 4:49 am
Location: London, UK

Re: New Pi Malware is here

Sat Jun 10, 2017 8:24 am

jamesh wrote:I've just this moment added a new security page to the documentation...

https://www.raspberrypi.org/documentati ... ecurity.md
In the section about making sud-ouest require a password, it is worth noting that having a RPi directly accessible from Internet is not the only way that this can cause a problem.
For example - following instructions on a web site about how to do something might involve running a script that uses sudo privileges ... and it might be malicious.

Also would be good to explain what will happen when running a script that includes sudo commands and password is enabled.
Plus - describe what will then happen when scripts with sudo in them (bad idea) are run from cron

Heater
Posts: 7567
Joined: Tue Jul 17, 2012 3:02 pm

Re: New Pi Malware is here

Sat Jun 10, 2017 8:32 am

It's hopeless.

So many instructions around here for installing whatever include directions to change ones apt sources and apt-get whatever from some random web site.

And why does a Pi installation even have a default user and password, Debian does not?

bensimmo
Posts: 1684
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: New Pi Malware is here

Sat Jun 10, 2017 11:03 am

Default, as they have said many times before, it was design for the setup in an Education environment* and that legacy is still here. The work they did on trying to require changing passwords after SSH was enabled is there.
You know that.

*where ease of use is paramount. Security is not an issue as they are normally not connected to an inbound enabled not work etc..
The need to be root to run commands has over time been minimised, I don't know how much 'root' is needed now other than to install and update via 'apt', at least in the education environment.

etc..
Last edited by bensimmo on Sat Jun 10, 2017 11:09 am, edited 1 time in total.

Martin Frezman
Posts: 949
Joined: Mon Oct 31, 2016 10:05 am

Re: New Pi Malware is here

Sat Jun 10, 2017 11:07 am

And why does a Pi installation even have a default user and password, Debian does not?
That ship has sailed.

The historical reason is the same as absolutely everything else in computing: At the beginning they wanted it to be as easy as possible so people would adopt the new technology.

I can see having a default user id - even though, as you say, most "regular" distributions don't go this route (they make you setup a username and a password, both of which are your choice) - but I've always thought it should make you choose a password (even if the user id name is fixed/given).

The problem, of course, if that if they change anything, it will create a whole new wave of support questions, but here's a suggestion. At this point in time, I don't think we need a default password anymore, since most machines are going to be setup to auto-login to the desktop anyway. With ssh off by default, there's no real reason to have a password - unless/until ssh is enabled. And since we are controlling the status of ssh through the various config programs and/or the dropping of file(s) in /boot, we should be able to make this work.

So, I would suggest that the way it should work is that there is no default password, but when the user enables ssh (via any of the 3 supported methods), they are then forced to choose a password. One idea is that if they enable ssh via the dropping a file /boot method, the contents of that file would be the password (yes, this invalidates a few zillion tutorials...).

And, yes, whatever process picks up the 'ssh' file and processes it should "shred" that file before deleting it.
If this post appears in the wrong forums category, my apologies.

Navyscourge
Posts: 258
Joined: Sat Oct 24, 2015 1:50 pm

Re: New Pi Malware is here

Tue Jun 13, 2017 12:50 pm

by jamesh » Thu Jun 08, 2017 2:30 pm
I've just this moment added a new security page to the documentation...

https://www.raspberrypi.org/documentati ... ecurity.md
Thank you for adding this. I have just noticed the story in a technical news site. I usually check the RPi blog page for articles, and only read other pages when I have a need. It would be nice to see a brief notice in the blog page, since you have already done all the work :)

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17751
Joined: Sat Jul 30, 2011 7:41 pm

Re: New Pi Malware is here

Tue Jun 13, 2017 2:14 pm

Navyscourge wrote:
by jamesh » Thu Jun 08, 2017 2:30 pm
I've just this moment added a new security page to the documentation...

https://www.raspberrypi.org/documentati ... ecurity.md
Thank you for adding this. I have just noticed the story in a technical news site. I usually check the RPi blog page for articles, and only read other pages when I have a need. It would be nice to see a brief notice in the blog page, since you have already done all the work :)
The documentation changes almost every day with added pages and correction/improvements. You can keep track of changes (and proposed changes) on the github page which is the source of the documentation.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

S0litaire
Posts: 206
Joined: Thu Dec 29, 2011 4:24 pm
Location: Ayrshire, Scotland
Contact: ICQ

Re: New Pi Malware is here

Tue Jun 13, 2017 2:58 pm

Martin Frezman wrote:
So, I would suggest that the way it should work is that there is no default password, but when the user enables ssh (via any of the 3 supported methods), they are then forced to choose a password. One idea is that if they enable ssh via the dropping a file /boot method, the contents of that file would be the password (yes, this invalidates a few zillion tutorials...).

And, yes, whatever process picks up the 'ssh' file and processes it should "shred" that file before deleting it.
Or just have a public key file and rename it "ssh" in the boot partition. (lot more secure)

It could work something like this:
Users can create their own key pair (loads of simple step by step instructions are available, They would use their own PC or a secure hosted hosted website could do it for them) and rename the public key to "ssh" and then copies it to the /boot partition.

On first boot : If the "ssh" file is found in the boot partition, it enables SSH for one time use as normal.
If "ssh" is not empty, it moves the "ssh" to /pi/.ssh/ and renames it to "authorized_keys".

That way enables first time login (and subsequent logins) using key instead or the default password.
--
Laters

Bill "Solitaire" C

Anáil nathrach, ortha bhas betha, do cheol déanta

bensimmo
Posts: 1684
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: New Pi Malware is here

Tue Jun 13, 2017 4:41 pm

jamesh wrote:
Navyscourge wrote:
by jamesh » Thu Jun 08, 2017 2:30 pm
I've just this moment added a new security page to the documentation...

https://www.raspberrypi.org/documentati ... ecurity.md
Thank you for adding this. I have just noticed the story in a technical news site. I usually check the RPi blog page for articles, and only read other pages when I have a need. It would be nice to see a brief notice in the blog page, since you have already done all the work :)
The documentation changes almost every day with added pages and correction/improvements. You can keep track of changes (and proposed changes) on the github page which is the source of the documentation.
Still, the blog is the news about the RaspberryPi for a lot of people, probably most people?.
Perhaps think about a monthly roundup to blow your own trumpet of new documentation or large updates to it etc. Not only does it make people aware of them or changes, they may actually use them too and other may reblog them.

Github is not really a place for normal people to find out what's happening.

MagPi blogs it's own articles, so should the main site :-D

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17751
Joined: Sat Jul 30, 2011 7:41 pm

Re: New Pi Malware is here

Wed Jun 14, 2017 9:00 am

bensimmo wrote:
jamesh wrote:
Navyscourge wrote: Thank you for adding this. I have just noticed the story in a technical news site. I usually check the RPi blog page for articles, and only read other pages when I have a need. It would be nice to see a brief notice in the blog page, since you have already done all the work :)
The documentation changes almost every day with added pages and correction/improvements. You can keep track of changes (and proposed changes) on the github page which is the source of the documentation.
Still, the blog is the news about the RaspberryPi for a lot of people, probably most people?.
Perhaps think about a monthly roundup to blow your own trumpet of new documentation or large updates to it etc. Not only does it make people aware of them or changes, they may actually use them too and other may reblog them.

Github is not really a place for normal people to find out what's happening.

MagPi blogs it's own articles, so should the main site :-D
I really don't think that documentation updates are that interesting!
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

bensimmo
Posts: 1684
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: New Pi Malware is here

Wed Jun 14, 2017 9:19 am

You're not the one using them.
New ones
Always good to know (things are very burried in the website, there is no easy list, most of the time it is chance you stumble over them.)
For example how to create an AP, knowledge about it is burried in this forum to rest it.
Security burried in a post in here.

Updates
Not little updates and formatting, but things like the move to the SenseHAT documentation being changed to have inline trinkit (useful in a school if I suddenly refer to the page and it's changed and we now don't need to fire up python)
or update to new methods (Jessie ways of doing things or new implementations).

There is a lot of hard work from you lot doing but things people don't see and so don't use.

User avatar
DougieLawson
Posts: 29306
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: New Pi Malware is here

Wed Jun 14, 2017 9:49 am

bensimmo wrote:You're not the one using them.
New ones
Always good to know (things are very burried in the website, there is no easy list, most of the time it is chance you stumble over them.)
For example how to create an AP, knowledge about it is burried in this forum to rest it.
Security burried in a post in here.
Those things are not buried when they're the current news. The forum, various Raspberry Pi blogs and security notices were awash with chatter about the folks who stick their RPi on an open port but forget to change the default userid. The fact that they're then surprised that an attacker reaches their system was news for a while (to the point of tedium).

The biggest problem with documentation is the maintenance of that documentation. About five minutes after something is published it's stale. About a month later it's wrapping for your chips. About a year later it's probably wrong. After a switch from version to version of DebIan/Raspbian (Wheezy to Jessie to Stretch) it's probably dangerous and likely to crash your system.

The authors of blogs and stuff never come back to fix or delete things when they've expired and that's an insurmountable problem.

The benefit of the Raspberry Pi Foundation docs being on github is that it gives us all a way to leave "reader's comments". I've been giving IBM my comments on their mainframe documentation for thirty-five years, that's one of the reasons for the high quality of docs on http://ibm.com
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17751
Joined: Sat Jul 30, 2011 7:41 pm

Re: New Pi Malware is here

Wed Jun 14, 2017 9:55 am

bensimmo wrote:You're not the one using them.
New ones
Always good to know (things are very burried in the website, there is no easy list, most of the time it is chance you stumble over them.)
For example how to create an AP, knowledge about it is burried in this forum to rest it.
Security burried in a post in here.

Updates
Not little updates and formatting, but things like the move to the SenseHAT documentation being changed to have inline trinkit (useful in a school if I suddenly refer to the page and it's changed and we now don't need to fire up python)
or update to new methods (Jessie ways of doing things or new implementations).

There is a lot of hard work from you lot doing but things people don't see and so don't use.
The documentation is here...

https://www.raspberrypi.org/documentation/

It's all hyperlinked. There a section on how to build an AP under configuration, as you might expect. The forum searches should be unnecessary - that why the documentation exists.

Posting links in a blog post to things in the documentation seems unlikely to help the situation.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

bensimmo
Posts: 1684
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: New Pi Malware is here

Wed Jun 14, 2017 11:13 am

It's informing the reader there is something new from when they may have last looked.

It may peak their interest, they may use it. Try something new and be educated.
They then might not search, find some old documents on the web, try it out, get messed up give up or come here and be given loads of ways until someone points then to the documents.

But it's up to you, you put in the work and if few use it or know about it, that's up to you.

It's why people like changelogs for apps, programs, raspbian releases, windows insider updates (excellent blog information given there), Google maps updates etc.

You spend a lot of time in here informing the few, why not inform a wider population.

Anyway, it's up to you.

bensimmo
Posts: 1684
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: New Pi Malware is here

Wed Jun 14, 2017 11:18 am

jamesh wrote:
The documentation is here...

https://www.raspberrypi.org/documentation/

It's all hyperlinked. There a section on how to build an AP under configuration, as you might expect. The forum searches should be unnecessary - that why the documentation exists.
Give AP as an example, nobody but the few new you had added it.
So nobody would go back in there to see if it was there, a new user might.

For me running through links to link to link is a pain (others may like it). It fancy in a primary school way.
There is no overview/outline list and quick scanning.
But that a problem for the website style. Pretty for a few things.

Also note using the Search on the main site does not pick up
AP or Access Point documentation.
It does show something from 2012 to try though as the first option.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17751
Joined: Sat Jul 30, 2011 7:41 pm

Re: New Pi Malware is here

Wed Jun 14, 2017 11:36 am

bensimmo wrote:
jamesh wrote:
The documentation is here...

https://www.raspberrypi.org/documentation/

It's all hyperlinked. There a section on how to build an AP under configuration, as you might expect. The forum searches should be unnecessary - that why the documentation exists.
Give AP as an example, nobody but the few new you had added it.
So nobody would go back in there to see if it was there, a new user might.

For me running through links to link to link is a pain (others may like it). It fancy in a primary school way.
There is no overview/outline list and quick scanning.
But that a problem for the website style. Pretty for a few things.

Also note using the Search on the main site does not pick up
AP or Access Point documentation.
It does show something from 2012 to try though as the first option.
The site search is basically useless, will be fixed in the future. I hope. Google is the best option. I just did a search "Raspberry Pi access point", our documentation was the second link in the results.

Not sure how the current documentation architecture could be improved. It's already in categories, it's just a few links to get where ever you want to go. What is the alternative? A massive list of links to every available page? That doesn't seem particularly useful, scrolling through ten pages of links is prone to missing what you actually want to find.

I suppose a 'recent changes' page might be useful, but it's an added workload to maintain/keep updated and time is short given our workload.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

jahboater
Posts: 1666
Joined: Wed Feb 04, 2015 6:38 pm

Re: New Pi Malware is here

Wed Jun 14, 2017 11:44 am

Well I would like to see a "News" section in the forum (or somewhere visible).

Each entry is just a quick one line note and url to announce:- new documents published, new products, new software releases, important updates. Shouldn't take too long.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17751
Joined: Sat Jul 30, 2011 7:41 pm

Re: New Pi Malware is here

Wed Jun 14, 2017 12:29 pm

jahboater wrote:Well I would like to see a "News" section in the forum (or somewhere visible).

Each entry is just a quick one line note and url to announce:- new documents published, new products, new software releases, important updates. Shouldn't take too long.
OK, I sorta like that idea. No specific page to keep updated, old news just falls off the bottom of the page. Any mod can add a news item, reduces the RPFT workload. I'll run it past those who make the decisions.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

User avatar
DougieLawson
Posts: 29306
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: New Pi Malware is here

Wed Jun 14, 2017 3:52 pm

jamesh wrote:
jahboater wrote:Well I would like to see a "News" section in the forum (or somewhere visible).

Each entry is just a quick one line note and url to announce:- new documents published, new products, new software releases, important updates. Shouldn't take too long.
OK, I sorta like that idea. No specific page to keep updated, old news just falls off the bottom of the page. Any mod can add a news item, reduces the RPFT workload. I'll run it past those who make the decisions.
We've got that, it's called the home page and the blog.
https://www.raspberrypi.org/blog/
Just publish a blog item when there's something exciting to announce to the world.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

gtechn
Posts: 70
Joined: Thu Jan 07, 2016 5:32 pm

Re: New Pi Malware is here

Thu Jun 15, 2017 12:04 am

DougieLawson wrote:
jamesh wrote:
jahboater wrote:Well I would like to see a "News" section in the forum (or somewhere visible).

Each entry is just a quick one line note and url to announce:- new documents published, new products, new software releases, important updates. Shouldn't take too long.
OK, I sorta like that idea. No specific page to keep updated, old news just falls off the bottom of the page. Any mod can add a news item, reduces the RPFT workload. I'll run it past those who make the decisions.
We've got that, it's called the home page and the blog.
https://www.raspberrypi.org/blog/
Just publish a blog item when there's something exciting to announce to the world.
No, we don't. That is for new projects and things like that. For actual code updates, extra technical stuff, upcoming releases, and multiple posts per day, the forum page would make more sense. I want to see it happen.

Like, the Raspberry Pi blog is for major new stuff and projects. This would be for the minor, everyday stuff of less importance.

jahboater
Posts: 1666
Joined: Wed Feb 04, 2015 6:38 pm

Re: New Pi Malware is here

Thu Jun 15, 2017 8:21 am

gtechn wrote: Like, the Raspberry Pi blog is for major new stuff and projects. This would be for the minor, everyday stuff of less importance.
+1
Yes I think the forum is a better place. You wouldn't want a big thing on the home page just to announce a minor new document.
It costs nothing to set up, the posts can be short, and users can "Watch" to get emails when a message appears.

Return to “Off topic discussion”

Who is online

Users browsing this forum: No registered users and 13 guests