/os/ - Online Security

News, techniques and methods for computer network security.

Boards | Magrathea | Catalog | Bottom

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.


I for one welcome our new overlord Anonymous 07/07/2016 (Thu) 17:44 [Preview] No. 152 [Reply] [Last 50 Posts]
I was about to claim this board, but seems like Endwall guy claimed it. Please disable captcha for replies. Also, guess this is a meta thread.
6 posts omitted.


Endwall 07/12/2016 (Tue) 11:30:51 [Preview] No. 170 del
Alternatively start a thread or add it to one of the current threads.


Anonymous 07/16/2016 (Sat) 19:52:18 [Preview] No. 196 del
This looks like a related board:

https://masterchan.org/nsa/


Anonymous 08/26/2016 (Fri) 20:22:48 [Preview] No. 427 del
>>196
>no Tor hidden service
>suggests deanoning self via logging in to "Anon ID"
>while suggesting stronger way of deanon than cookies, they claim to not store IP
>just made post with Tor Browser with no JS, cookies only, no "anon id" crap
>post shows up as by "Outlander", suggesting that majority of users there deanon self across sessions
Gee, I wonder why people call it honeypot


Anonymous 08/26/2016 (Fri) 20:39:19 [Preview] No. 428 del
Wanted to join their IRC
OFTC is a bunch of rulecucks. While they allow Tor access, they limit amount of connections per Tor exit node. I had to rotate circuit 11 times to connect.
>#masterchan Illegal channel name
Looks like "identified anon's" message on that imageboard is truth
>Why is someone possibly IRCOP banning users right and left in #masterchan?

Why the hell Tor Project uses this cucked network?


Anonymous 08/30/2016 (Tue) 03:19:37 [Preview] No. 461 del



System Resources Endwall 07/05/2017 (Wed) 03:13:35 [Preview] No. 965 [Reply] [Last 50 Posts]
I have some observations to make.

## I just tested these systems:
MS DOS 6.22 runs in 384K of memory (1994)
MS Windows 3.11 runs in 2MB of memory with a full mouse driven GUI (1994)
Macintosh OS 7.53 runs in 7.4MB of memory , full GUI + TCP/IP (1996)
Macintosh OS 8.1 runs in 13.2MB of memory, (1997)
Macintosh OS 8.6 runs in 26MB of meomory, (1998)

OpenBSD 6.1 starts in text mode command line in 27MB of memory
OpenBSD 6.1 in Xenocara uses 65-80MB of memory to start up.

## from recollection:
Windows 7 800MB of memory (2009)

Parabola GNU/Linux starts in text mode cli using 150MB of memory
Parabola GNU/Linux in weston uses 300MB of memory

Message too long. Click here to view full text.

Edited last time by Endwall on 07/05/2017 (Wed) 03:17:31.
12 posts omitted.


Endwall 07/12/2018 (Thu) 08:34:29 [Preview] No.1247 del
Fresh install of Parabola/GNU/Linux-Libre/OpenRC

On an Intel core2 laptop

boot into cli from OpenRC

$ free -h

used 60 MB

start xorg as root

# startx

# free -h

used 75 MB

Message too long. Click here to view full text.



Endwall 08/20/2018 (Mon) 23:04:48 [Preview] No.1274 del
Alpine Linux on OpenRC
Fresh install on encrypted lvm with the services it said to start in the wiki guide. In command line on busybox.
$ free -m
120MB.

I couldn't get X org to start, but it would probably add another 20MB on top of that.


Endwall 08/20/2018 (Mon) 23:11:21 [Preview] No.1275 del
Hyperbola with linux-libre-lts on OpenRC is similar to parabola. Boots into user account in command line in at around 100MB xorg adds another 20MB ontop to around 120MB. Booting into a user shell seems to be more memory expensive than starting as root.

I want to boot to command line in no more than 20MB with a GUI that brings me up to no more than 40-50MB of memory usage. Any more than that and there is too much going on.


Endwall 08/15/2021 (Sun) 04:30:05 [Preview] No.1738 del
Gentoo Linux (2021)
Gentoo Hardened 10.3.0-r2
Linux/x86 5.13.10-gentoo Kernel

text mode: 51 MiB

Fresh install running with Btrfs on LVM on LUKS. Hardened Gentoo amd64 no-multilib stage 3,70 packages emerged. Running dm-crypt, iptables, lvm and bash. Could probably trim it down to 40MiB with some other choices (shell, daemons etc). I think this is going to be as good as it gets for Linux (for me) without changing things drastically. Maybe I'll switch my shell to ksh or dash or something else and see how it performs.


Endwall 07/10/2022 (Sun) 18:48:11 [Preview] No.1785 del
MacOS HighSierra (2017)

Installed on a MacMini 2011 with 16GB RAM, fresh install:

PhysMem: 4981M used (1945M wired)

The system needs at least 5GB to run properly, and uses up to 10-14GB of RAM when using applications. The memory usage is similar on Monterey.



Online Security News Endwall 07/07/2016 (Thu) 06:09:23 [Preview] No. 149 [Reply] [Last 50 Posts]
See a news article or CVE bug report on an emerging computer security issue and want to share it? Post below.

I will also post links to Hak5 Threatwire videos.
Edited last time by Endwall on 07/07/2016 (Thu) 16:22:47.
494 posts and 3 images omitted.


Endwall 07/13/2021 (Tue) 23:03:13 [Preview] No.1731 del
Hak5
7 Year Old Linux Flaw Newly Discovered - ThreatWire
https://youtube.com/watch?v=12oSZ3FVXBA [Embed]
Jun 15, 2021
"EA Source Code was Stolen, a 7 Year Old Linux Flaw was Discovered, and 1.2 Terabytes of Data was Mysteriously Stolen from millions of Windows pcs!"


Endwall 07/13/2021 (Tue) 23:06:15 [Preview] No.1732 del
Hak5
PrintNightmare Hits Windows, REvil Kaseya Ransomware Hits Businesses Worldwide - ThreatWire
https://youtube.com/watch?v=iCGuqW7NL9U [Embed]
Jul 6, 2021
"3 Vulnerabilities were Found In Netgear Routers, Ransomware Hits Businesses Worldwide, and PrintNightmare Leads to remote code execution attacks!"
Edited last time by Endwall on 07/14/2021 (Wed) 00:54:52.


Доброго вечера DAVENSIZER84 01/09/2022 (Sun) 04:49:23 [Preview] No.1765 del
No Spam 3 year ban
No Spam 3 Year Ban (WIDE)
Edited last time by Endwall on 01/18/2022 (Tue) 01:10:17.


Свежие новости Adamoym 01/11/2022 (Tue) 08:47:30 [Preview] No.1766 del
Где Вы ищите свежие новости?
Лично я читаю и доверяю газете https://www.ukr.net/.
Это единственный источник свежих и независимых новостей.
Рекомендую и Вам

Translation to English: Where do you look for the latest news? Personally, I read and trust the newspaper https://www.ukr.net/. It is the only source of fresh and independent news. I recommend it to you
Edited last time by Endwall on 01/18/2022 (Tue) 01:12:51.


covid 19 danke mitunsriste 05/12/2022 (Thu) 04:50:33 [Preview] No.1775 del
ich hatte Recht :) mituns



Secure OSes Anonymous 05/09/2016 (Mon) 18:21:17 [Preview] No. 37 [Reply] [Last 50 Posts]
What is the best OS option for a secure setup?
How do OpenBSD and Linux with patches compare in terms of the security they offer?
81 posts and 1 image omitted.


Anonymous 08/26/2021 (Thu) 21:58:28 [Preview] No.1742 del
Linux 5.10 Kernel Contributors.


Anonymous 08/30/2021 (Mon) 04:23:56 [Preview] No.1745 del
(316.77 KB 705x825 linux_committers_v3.png)


Anonymous 11/05/2021 (Fri) 21:25:36 [Preview] No.1758 del
When it comes to the desktop model of computing, Linux and BSD are not as secure as you think:

https://madaidans-insecurities.github.io/linux.html
https://madaidans-insecurities.github.io/openbsd.html

Some valid points raised there. If security is paramount, use Qubes OS. Alternatively, use ChromiumOS with all telemetry disabled and enjoy bottoming for Big G.



OPSEC Endwall 08/23/2016 (Tue) 01:08:39 [Preview] No. 357 [Reply] [Last 50 Posts]
Discuss best practices for operational security.
22 posts omitted.


Anonymous 03/21/2019 (Thu) 09:13:24 [Preview] No.1383 del
nice try grandpa
are you aiming for privacy, anonymity, security? VMs are unreliable from a paranoid security standpoint due to complexity, nevertheless if they provide anonymity, it may be worth it against larger foes that can compromise security with their access to exploits. Similarly with Tor Browser Bundle, sometimes it is better to blend in rather than to obscure your identity. a hoodie will be less conspicuous than a facemask.
>>1249
>don't post modern photos except PNGs because of exif
you can strip exif data using 'exiftool' and other solutions. I have heard stories about cameras having hidden codes (and more likely, repeatable and detectable design flaws) that can be used to identify the module, but that's real rumor oojie boojie
>avoid all digitized vehicles
avoid vehicles especially with push-button ignition, vehicles with a disabled wireless unlocking mechanism would be preferable but there are vehicles with an option to disable the keyless wireless fob.

>>1248
>don't use social media
endchan is social media
>use a cheap private vpn
use someone else's vpn, don't leave a paper trail of payment leading to your credit card
>do not buy green appliances
enjoy getting vanned because your electricity company can tell when you're browsing the internet via the smart meter. green is just a color, but energy efficient appliances are easier to run off battery power and/or solar power sources.
>>1167
>responding to phishing attempts at all

Message too long. Click here to view full text.



Anonymous 03/29/2019 (Fri) 21:15:48 [Preview] No.1385 del
(91.93 KB 400x400 glownigger.png)
Don't use smartphones.


Anonymous 05/03/2021 (Mon) 06:22:08 [Preview] No.1722 del
I'm not an expert but I have an IQ over 9000.
How I might attack a password.
A. List attack
I will get a list of "common passwords" derived from compromised user password list (the user account you made in ten seconds, 5 month ago because some Jew webpage made you).
>"12345678" and "nopassword".
B. low entropy Brute force of the password list
Common passwords with one character variance, common passwords with 2 character variance.
>1234s6789, Nopassword1
The site made you add a symbol and a number, I'm so scared.

It's only if you got this far that any real effort has to be made, honestly if you're not special I will just give up and find a stupider person.

C. dictionary attack
Instead of guessing gibberish I will use whole words.
Long passwords are often made up of whole words and at this point I know your password is fairly long.
There are far more words in any given language than characters (this BTFO's Chinese users incidentally).
Many common phrases will already have been covered in A. "common passwords"

Message too long. Click here to view full text.



Anonymous 05/28/2021 (Fri) 03:07:17 [Preview] No.1727 del
(16.96 KB 474x496 Gentoo.jpg)
Install gentoo


Endwall 08/15/2021 (Sun) 03:52:23 [Preview] No.1737 del
>>1727

I just finished installing Gentoo with btrfs on LVM on LUKS and spent 15 hrs configuring the kernel parameters to get iptables working with endwall.sh . I have to add some more stuff for IPv6 to make it fully compatible with endwall.sh.

Here is my layout:

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/content/gentoo/layout.txt

sda is full disk encrypted OpenBSD 6.9, sdb is encrypted with unencrypted boot for Gentoo Linux.

Here is my current working kernel config:
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/content/gentoo/kernel_config.txt

you can copy this to /usr/src/linux/ and then overwrite .config , and run

$ su
# cd /usr/src/linux

Message too long. Click here to view full text.

Edited last time by Endwall on 08/15/2021 (Sun) 04:09:27.



(55.23 KB 1024x768 218.241.83.20_5900.jpg)
/vnc/ general Anonymous 02/25/2021 (Thu) 02:32:53 [Preview] No. 1598 [Reply] [Last 50 Posts]
Pwn the chink edition
Come explore the internet with other Anons
http://computernewb.com/vncresolver/
>4chan
pozzed
>lainchan
pozzed
Well let's give finalchan a go
107 posts and 13 images omitted.


Anonymous 04/21/2021 (Wed) 17:51:05 [Preview] No.1717 del
Has anyone figured out how to escape an X11 desktop (like "nobody's x11 desktop" in the title) in vnc?


Anonymous 04/22/2021 (Thu) 07:56:18 [Preview] No.1718 del
some oil thing
70.36.21.143


Anonymous 04/25/2021 (Sun) 01:50:24 [Preview] No.1720 del
>>1717
I don't think you can. I haven't found a app or software that hides your device name


Anonymous 06/11/2021 (Fri) 14:52:05 [Preview] No.1728 del
122.176.39.102 win

72.24.222.203 win10


Anonymous 06/18/2021 (Fri) 01:52:21 [Preview] No.1729 del
Dudes. Is shodan worth it?



Cryptography Endwall 05/12/2018 (Sat) 20:26:54 [Preview] No. 1211 [Reply] [Last 50 Posts]
In this thread we will discuss cryptography, cryptosystems, crypt-analysis, and tools for cryptography such as gpg and other tools. If you work in this field or hear of some relevant news about this field feel free to contribute. Use hyperlinks and source citations to back up any claims made if necessary.
15 posts omitted.


Endwall 09/23/2019 (Mon) 03:31:11 [Preview] No.1469 del
>>1467
Yeah that's probably faster/smarter to get the Americium from a smoke detector. Good call.


Anonymous 10/14/2019 (Mon) 19:23:20 [Preview] No.1477 del
crypto101.io is a decent overview of _contemporary_ cryptography, not the usual textbooks


Anonymous 11/14/2019 (Thu) 03:21:11 [Preview] No.1495 del
>>1469
and it should work the same, right? just a button of a different material.


Endwall 11/15/2019 (Fri) 02:36:19 [Preview] No.1498 del
>>1495
Any radiocative isotope of an element should work. In the video he's using Americium from a smoke detector. You just need some random gamma and beta radiation from a decay event to set off the Geiger counter. Any radio isotope will do. Radioactive decay times and quantities are random and unknowable before the event occurs.


Anonymous 05/03/2021 (Mon) 03:27:01 [Preview] No.1721 del
(21.11 KB 336x336 Youdontsay.jpeg)
How does a crypto operator in a client relationship protect themselves against duress?
We are already starting to see digital robberies, because crypto clients are typically anonymous and can use a range of access point the rick of Crypto-ATM robberies is increasing.
A two factor authorization and a silent alarm would be easy to set up- but this presents the risk that the silent alarm keeper could freeze accounts and make demands of clients.
A "two key" system can be used to ensure transactions and blocks are only made with the simultaneous cooperation of the Client and broker, but as with TOR if unilateral blocking is not possible the systematic takeover of brokering services is likely to eventuate.
While in theory if the broker was a bad-actor they still wouldn't gain access, the client would loose their protection without their knowledge- and a large number of bad-actor brokers would emerge to net a large number of clients.

Is this a problem inherent to a single origin (client centered) authorization chain?
Could the blockchain work in tandem in a two factor access system?



Hardware Endwall 09/18/2016 (Sun) 18:31:31 [Preview] No. 580 [Reply] [Last 50 Posts]
Discuss hardware and alternative hardware concepts to increase computer and online privacy and security.
Edited last time by Endwall on 09/18/2016 (Sun) 18:50:04.
9 posts and 1 image omitted.


Endwall 09/03/2017 (Sun) 23:52:30 [Preview] No. 1011 del
RC2014
http://rc2014.co.uk/

RC2014 is a simple 8 bit Z80 based modular computer originally built to run Microsoft BASIC. It is inspired by the home built computers of the late 70s and computer revolution of the early 80s. It is not a clone of anything specific, but there are suggestions of the ZX81, UK101, S100, Superboard II and Apple I in here. It nominally has 8K ROM, 32K RAM, runs at 7.3728MHz and communicates over serial at 115,200 baud.

RC2014 is available in kit form for you to solder together.  Through-hole components are used throughout, making soldering easy, even for those with limited soldering experience.  Along with a selection of modules to extend functionality, such as serial terminals with HDMI output, digital input modules or, simple keyboard, the RC2014 is a very adaptable computer.

Assembly guides can be found here:
http://rc2014.co.uk/assembly-guides/

Module information including schematic diagrams and technical descriptions can be found here:
http://rc2014.co.uk/modules/

GitHub repository can be found here:
https://github.com/RC2014Z80/RC2014

Google Group for RC2014 owners can be found here:

Message too long. Click here to view full text.



Endwall 09/04/2017 (Mon) 00:33:49 [Preview] No. 1012 del
RC2014
http://rc2014.co.uk/
As soon as you turn RC2014 on you can start programming in Microsoft BASIC.  This is very easy to get started with and some very complex programs can be written.  To get right down to the metal, though, you can write your programs in Z80 machine code.

Development of the RC2014 has lead to a more powerful machine with pageable ROM, 64k RAM, compact flash storage and a whole range of expansion peripherals.  With the right modules, it’s now possible to run CP/M, which opens the RC2014 up to a wide range of software.

RC2014 can be bought from Tindie:
https://www.tindie.com/stores/Semachthemonkey/


Endwall 09/06/2017 (Wed) 21:07:20 [Preview] No. 1016 del
RC2014

Z80 Retrocomputing 18 - Z180 CPU board for RC2014
https://youtube.com/watch?v=D9u9hhNjcEY [Embed]
Dr. Scott M. Baker
In this video, I build and try out a Z180 CPU board to replace the Z80 CPU in my RC2014 retrocomputer. Aside from simply being faster than the Z80 that I'm currently using, the Z180 offers a lot of on-board peripherals (serial IO, timers, interrupt controller, mmu, dma, etc). I benchmark the 20 Mhz Z180 against my 7.3728 Mhz Z80. I'm saving exploration of the onboard peripherals for a future video. For more retrocomputing projects, see http://www.smbaker.com/

YM2149/ AY-3-8910 Sound Card for the RC2014 computer
https://youtube.com/watch?v=-iLwi9FagFE [Embed]

rc2014-ym2149 Designed by Ed Brindley
Demonstration of my sound card for the RC2014 computer. The board is Open Hardware and was produced entirely with Open Source Software (as was this video) PCB now available on Tindie:
https://www.tindie.com/products/edbrindley/ymay-sound-card-pcb-for-the-rc2014-computer/
Schematics and Gerbers for the board are available here:
https://github.com/electrified/rc2014-ym2149
Edited last time by Endwall on 09/06/2017 (Wed) 21:07:58.


Anonymous 04/22/2021 (Thu) 22:52:38 [Preview] No.1719 del
make a guide for new people niggers
also join discord.gg/obama



Security King Solomon 11/03/2020 (Tue) 08:08:02 [Preview] No. 1579 [Reply] [Last 50 Posts]
I have a VPN and am using Tor with JavaScript turned off. What more can I do to boost security?



Definitions and Threat Models Endwall 07/05/2020 (Sun) 20:46:22 [Preview] No. 1548 [Reply] [Last 50 Posts]
Definitions and Threat Models

In this thread we discuss the definitions of Privacy, Security, Anonymity. We also create and describe common threat models that chan users might face.

Who is the enemy? What tools do they potentially have? What could they do to you? How do you mitigate these threats and potential harms?
Edited last time by Endwall on 07/05/2020 (Sun) 21:15:21.


Endwall 07/05/2020 (Sun) 21:07:06 [Preview] No.1549 del
I'm going to provide my definitions without referencing any material. This is in a personal computing context:

Privacy: What I do on my local computer only I know, the files I read from my local hard disk, the computational operations that I perform, the text files I create, the commands that I input are known only to me (the user). These operations, inputs by keyboard and outputs to my screen / monitor are known only to the user, only I know what files I observed, how I interacted with them, edited them or saved them, and what commands I inputted to the keyboard to perform these actions. Local files and operations on the personal computer are known only to the current user, and are ephemeral and gone once the computer is power cycled, unless I specifically made a log of the actions and stored it to disk intentionally.

Security: Unauthorized users, programs, or processes are not able to access read, write or modify, or know the contents of files or operations performed on the personal computer. Remote computer users can not access, retrieve, files or memory from my personal computer unless I have set up a server to do so and only within the context of the files being served. Other persons with physical access to my computing device can not operate, or retrieve files or information from the device without authorization.

Anonymity: Actions performed in public whether observed or unobserved, are either unnoticed, noticed but unreported, or noticed and reported but it is not possible to attribute the public actions to the source actor either due to lack of observable evidence, or the computational complexity. Public here means remote computers that my personal computer connects to via internet routing technologies. Public access from my computer to another computer system hosting files or serving files and content via the internet. Actions could include retrieving files, modifying files, or reading and posting text to a remote server by way of programs running on my personal computer.

People accusing each other of not grasping the separation or overlap of these concepts is perennial (comes up often). So I figured this should be sorted out in it's own thread. Post any additional definitions or links to proper definitions below.


Endwall 07/05/2020 (Sun) 21:59:54 [Preview] No.1550 del
Related concepts

Privacy: clean computing, no malware, no keylogging, no system logging. No shoulder surfing. No cameras in your room. No microphones in your room. No screen captures. No position tracking. Public Key Cryptography for messaging (RSA).

Security: Strong passwords, username/password access authentication, file permissions, Strong Encryption, Encrypted file systems, Encrypted files and folders. Firewalls, Access Control. Physical locks on your room, front door, windows, bars on the windows, physical key lock on the computer.

Anonymity: Face masks, hoodies, wigs and sunglasses, motor cycle helmets, black track suits, camouflage. Tor, I2P, Proxies. Typewriters, cork bulletin boards with tacks and push tacks, No cameras, no voice recognition, no facial recognition. Dead drops of floppy disks and USB sticks, SD cards. Sneaker nets. Voice modulation/ modification dsp technologies, talking like Batman etc. Text to speech...etc.

I feel that personal computing privacy is the root of the other two concepts. If there is a key logger or other related malware on your system (screen shot grabbers etc), your passwords are not secure (system and encryption), your actions and intentions are known, and your "Anonymous" discussions online through IM and message board posting, and potentially offline (dead dropping your manifesto that you typed on your computer) are also observable.

Post more below


Endwall 07/06/2020 (Mon) 00:37:34 [Preview] No.1551 del
Analogies

Privacy: When I'm in my house I draw the blinds on my windows, and I can go into my shower, strip my clothes and shower naked, nobody can see what I'm doing except for me. My walls form a visual privacy barrier, the running water masks the sound of my humming and whistling. (Thermal imaging cameras can defeat this form of privacy).

Security: While I'm showering upstairs a delivery man comes to the door with a parcel, he rings the doorbell, and nobody answers, from this he infers that there isn't anyone inside, and he tries the door handle to open the door. It's locked with 2 deadbolts, so it doesn't open. There are no open windows, and the windows are all barred up with security bars. (Brute force or lock picking can defeat this form of security).

Anonymity: After finishing my shower, I open the front door and take the parcel in, and open the exterior, inside is a note with an address and some instructions, and another parcel. I put on a wig with a fake mustache and beard, sunglasses and a hoodie. I put on a black track suit and a motorcycle helmet, and go outside to my motorcycle and then I change the license plate to another stolen license plate belonging to another motorcycle owner that I stole earlier that day (borrowed). My motorcycle is the most common manufactured brand, model, and color averaged over the last 10 years. I proceed to drive at the speed limit to arrive at a house address mentioned in the note, to deliver the parcel that was placed at my front door by the delivery man. I place it at his front door in a special lock box, and then I drive home. Unless I was followed, hopefully the entire transaction was anonymous. (defeated by being tailed, traced, tracked, or by camera surveillance network).

Regular anonymity for most people, means walking out your front door with no face masking apparatus, jumping in your car (with your license plate), going to the store, buying milk, being on camera, paying with a credit card, and driving home. But nobody cares, since everyone needs food right? You are just one of many food eaters, not very unusual, so it goes unnoticed / unreported. (What most people think the internet is like...until you find out your were very wrong and uninformed about the danger...).