Simon Bell wrote: > SMART Error Log Version: 1 > No Errors Logged > > SMART Self-test log structure revision number 1 > Num Test_Description Status Remaining LifeTime(hours) > LBA_of_first_error > # 1 Short offline Completed without error 00% 14025 - > # 2 Extended offline Completed without error 00% 14024 - That all looks good. > It still seems like a big coincidence that the word airdrawndagger > appeared there as this machine never in it's life saw that > wifi. Although The smart TV it's connected to via HDMI did... It is strange. I don't know what more to suggest. And apparently no one else does either because there are no other comments. Among the last hints I can provide would be to install mcelog to make sure that any machine check exceptions are logged. # apt-get install mcelog It would also be possible to 'grep' through your swap partition just to see if there are interesting things there. For example if you found "airdrawndagger" there or other things then that could be a useful clue that it came through there. For example, I am just brainstorming, haven't thought about it much: # LC_ALL=C grep -a airdrawndagger /dev/mapper/v1-swap Or perhaps: # strings /dev/mapper/v1-swap | grep airdrawndagger But since then it could have been overwritten too. So even if nothing found it doesn't say much. Again, to me this feels like flaky hardware more than anything else. > Is it too paranoid to consider some kind of malware from another > machine on the network? Some would say that it is impossible to be too paranoid. But it is all a long gray scale. It all depends. If this is simply your desktop and it lives on a private home network then I probably wouldn't be too paranoid. If you are running a banking system and it is handling credit card data on the hostile Internet then for that I would be quite a bit more paranoid. It all depends. It doesn't feel like an attack since an attacker would have no knowledge of that old wifi ssid either. So at least not directly using that data. So far too many unknowns. I still think that somehow the string was still in the swap partition of the disk after all of this time and therefore got sucked into memory that way somehow. I think if we knew exactly how it happened we would be amazed at the coincidences needed to have it occur. It feels more like a random machine failure due to the consumer grade hardware which we are all using these days. It isn't required to run faster than the bear. It is only required to run faster than the other person who is also running from the bear. Therefore hardware vendors don't make great reliable Unix server quality hardware these days. Instead it is mosly MS quality hardware. Almost no desktops have parity anymore for example. Because of this the hardware just isn't ultimately reliable. You will drive yourself crazy if you try to chase down every odd thing. Bob
Attachment:
signature.asc
Description: Digital signature