Re: /var/lib/dpkg/status strangeness
>> SMART Error Log Version: 1
>> No Errors Logged
>>
>> SMART Self-test log structure revision number 1
>> Num Test_Description Status Remaining LifeTime(hours)
>> LBA_of_first_error
>> # 1 Short offline Completed without error 00% 14025 -
>> # 2 Extended offline Completed without error 00% 14024 -
>
>That all looks good.
>
>> It still seems like a big coincidence that the word airdrawndagger
>> appeared there as this machine never in it's life saw that
>> wifi. Although The smart TV it's connected to via HDMI did...
>
>It is strange. I don't know what more to suggest. And apparently no
>one else does either because there are no other comments.
>
>Among the last hints I can provide would be to install mcelog to make
>sure that any machine check exceptions are logged.
>
> # apt-get install mcelog
>
>It would also be possible to 'grep' through your swap partition just
>to see if there are interesting things there. For example if you
>found "airdrawndagger" there or other things then that could be a
>useful clue that it came through there. For example, I am just
>brainstorming, haven't thought about it much:
>
> # LC_ALL=C grep -a airdrawndagger /dev/mapper/v1-swap
>Or perhaps:
> # strings /dev/mapper/v1-swap | grep airdrawndagger
>
>But since then it could have been overwritten too. So even if nothing
>found it doesn't say much. Again, to me this feels like flaky
>hardware more than anything else.
>
> Is it too paranoid to consider some kind of malware from another
> machine on the network?
>
>Some would say that it is impossible to be too paranoid. But it is
>all a long gray scale. It all depends. If this is simply your
>desktop and it lives on a private home network then I probably
>wouldn't be too paranoid. If you are running a banking system and it
>is handling credit card data on the hostile Internet then for that I
>would be quite a bit more paranoid. It all depends.
>
>It doesn't feel like an attack since an attacker would have no
>knowledge of that old wifi ssid either. So at least not directly
>using that data. So far too many unknowns.
>
>I still think that somehow the string was still in the swap partition
>of the disk after all of this time and therefore got sucked into
>memory that way somehow. I think if we knew exactly how it happened
>we would be amazed at the coincidences needed to have it occur.
>
>It feels more like a random machine failure due to the consumer grade
>hardware which we are all using these days. It isn't required to run
>faster than the bear. It is only required to run faster than the
>other person who is also running from the bear. Therefore hardware
>vendors don't make great reliable Unix server quality hardware these
>days. Instead it is mosly MS quality hardware. Almost no desktops
>have parity anymore for example. Because of this the hardware just
>isn't ultimately reliable. You will drive yourself crazy if you try
>to chase down every odd thing.
>
>Bob
Thanks a lot, I'll defo get mcelog installed
Reply to: