/os/ - Online Security

 >>/1769/
actually schizo

 >>/1830/
Actually in need of eye glasses 3x strength prescription, prescribed by an Ophthalmologist. Possibly Asian and squinting fiercely in order to see.

 >>/1831/

I recommend you take a look at this, it may give you a differents perspective of what is ocurring around you

https://psychcentral.com/quizzes/schizophrenia-test

 >>/1833/
https://visionscreening.zeiss.com/en-US

no_schizo png
(107.69 KB, 1089x1079)

 >>/1833/
I tried it out... I think the results are correct.

TOP BUMP 
Additions: 
TENS , https://www.tens.af.mil/lipose.htm , US Air Force Live CD LibertyBSD http://libertybsd.net/ , https://libreboot.org/docs/bsd/openbsd.html

Heads https://heads.dyne.org/ http://fz474h2o46o2u7xj.onion ; Devuan non-systemd version of Tails (Disclaimer: Website/Project uses occult language with communist signals)
Devuan https://www.devuan.org/ http://devuanzuwu3xoqwp.onion
Systemd Free http://systemd-free.org/

Mozilla Firefox Hardened Profile
https://github.com/ghacksuserjs/ghacks-user.js

SEARX
https://www.searx.me

Searx Instances
https://searx.space/
http://searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion/

SearX Installation
https://github.com/asciimoo/searx/wiki/Installation
https://asciimoo.github.io/searx/dev/install/installation.html
https://github.com/asciimoo/searx/wiki/Installation-on-RHEL-7---CentOS-7
https://github.com/asciimoo/searx/wiki/How-to-create-and-configure-SSL

On Debian and Windows I use ClamAV which is maintained by Cisco systems. 

https://www.clamav.net/
https://www.clamav.net/downloads

It comes packaged with Debian and other GNU/Linux distributions, and I've used it on OpenBSD. On windows I use the Windows defender suite but this also works on windows through an admin CMD command line. You download the package from the above link and install it. Then you need to edit two config files in the directory "C:\Program Files\ClamAV\conf_examples\".  Copy these files to the main directory 
 
C:\> copy "C:\Program Files\ClamAV\conf_examples\*.sample" .. 
C:\> cd "C:\Program Files\ClamAV\" 
C:\> move clamd.conf.sample clamd.conf
C:\> move freshclam.conf.sample freshclam.conf
C:\> notepad clamd.conf

#Comment or remove the line below.
#Example

Save and close the file, then do the same for freshclam.conf

C:\> notepad freshclam.conf

# Comment or remove the line below.
#Example

Save and close the file after commenting Example with #

C:\> freshclam

This will update the database of signatures and definitions
Next change directory into the root directory.

C:\> cd C:\  
C:\> "C:\Program Files\ClamAV\clamscan" -help | more
## read the instructions
C:\> mkdir C:\temp 
C:\> mkdir C:\temp\virus\

Now run the program from the root directory

C:\> "C:\Program Files\ClamAV\clamscan" -v -a -o -i -r -z --memory --kill --move=C:\temp\virus

This will run the antivirus program on windows and move the infected files to C:\temp\virus
you can delete these after you inspect the directory

C:\> cd C:\temp\virus\
C:\> dir 
C:\> rm C:\temp\virus\*

For GNU/Linux, the package installation will already have the #Example commented out and you simply run :

$ su
# cd /
# freshclam
# mkdir /tmp/virus/
# clamscan -v -a -o -i -r -z --move=/tmp/virus

To run the program from the current working directory

# cd /tmp/virus/
# ls /tmp/virus/
# rm /tmp/virus/* 


I'm sad to say that ClamAV found stuff on my server on Parabola GNU/Linux and on my daily driver computer on Debian, and on my Windows Computers, but found nothing on my OpenBSD machines. I don't know if it reports matched hashed files back to a central server or not so this may not be for you if you have stolen documents in your possession. For my use case I'm only concerned about Trojans, worms and files that have viruses. It's the best I have to go on.  Use this with windows defender on windows, and as mentioned on *NIX and GNU/Linux systems.  If you know more about this kind of stuff and have tips to share, feel free to share them below.

If you just want to scan your home directories, you can just run this on /home/ or a specific directory cd'ing into the directory.  Also --remove will do the deletion for you if you'd rather the program handle the process of bad flagged file removal. For a silent non verbose run remove -a and -v. Example:

$ su
# cd /home/
# freshclam
# clamscan -i -o -r -z --remove

Run it on the root directory / to get everything, however removal might break programs so its best to run verbose to a log file and move the bad files to a quarantine location before deletion. Post any tips about anti-virus if you have any.

I just ported endstream to macOS using a MacMini 2014 model with MacOS 12.5 Monterey.  Using the Homebrew package manager you can install youtube-dl, curl, openssl, and mpv, and then the program will run.  I've tested this port as working, and have placed it onto the github repository and onto the hidden service. 

endstream_macOS.sh

Github
https://raw.githubusercontent.com/endwall2/endstream/master/endstream_macOS.sh
Endware Hidden Service
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware_macOS/endstream_macOS.sh

Now endstream is tested working on the following operating systems : { GNU/Linux, OpenBSD, Windows NT, MacOS }. I'm planning on going back and making winstream.bat into a powershell script so that it is fully compatible and can access all of the streams. Right now winstream.bat just uses fixed links and m3u8 playlists and can't access the Youtube live streams or other dynamic playlists.  I'll have to learn more about Powershell first which might take a month or two.  Its a side project. 

My next task with endstream is to fix up the channels on the OpenBSD port and test it, I'll work on that in around two weeks when I have some free time.  

Summary: I made a cross platform killer app, and gave it away for free on the internet...

 >>/1784/

I have completed and tested as working, a translation of endwall_wifi for PF. Tested working on a Toshiba Tecra with OpenBSD 7.1. I have also bug fixed the previous versions of the pf model, and added some new models for different use cases. The pf_wifi model is for locking to your internal LAN wifi. The pf_wifi_roam model is for allowing the wifi to connect to any network without re-running the firewall. The pf_roam model allows all interfaces to connect to any private LAN network for ethernet or wifi, basically you can plug in to anywhere or connect to any public wifi without re-running the firewall. 

Obviously the more restricted the better,however these models might be useful for some applications, like using wifi at coffee shops etc. I have also made a roam version for nft which allows for the laptop to plug in anywhere. These are all available in the usual places:

endwall_nft_wifi.sh (wired ethernet is static but wifi is roaming)
https://raw.githubusercontent.com/endwall2/endwall/master/endwall_nft_wifi.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endwall_nft_wifi.sh
endwall_nft_roam.sh (all interfaces allow connecting to any network)
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endwall_nft_roam.sh
https://raw.githubusercontent.com/endwall2/endwall/master/endwall_nft_roam.sh
endwall_pf.sh  for wired ethernet (internal lan static connection)
https://raw.githubusercontent.com/endwall2/endware_bsd/master/endwall_pf.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware_bsd/endwall_pf.sh
endwall_pf_wifi.sh (1 wired and 1 wireless interface both static) (internal LAN static connection) 
https://raw.githubusercontent.com/endwall2/endware_bsd/master/endwall_pf_wifi.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware_bsd/endwall_pf_wifi.sh
endwall_pf_wifi_roam.sh (1 wired static connection and 1 wireless static + roaming wireless). 
https://raw.githubusercontent.com/endwall2/endware_bsd/master/endwall_pf_wifi_roam.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware_bsd/endwall_pf_wifi_roam.sh
endwall_pf_roam.sh (all interfaces can connect to any network)
https://raw.githubusercontent.com/endwall2/endware_bsd/master/endwall_pf_roam.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware_bsd/endwall_pf_roam.sh

I have to make a nft model for static wireless + static wired connections for nft_wifi, and then rename the current nft_wifi model to nft_wifi_roam. 

The use cases are as follows:

1) Wired only desktop computer connection with 1 interface for wired ethernet in your home connected to your LAN, which supplies DHCP with a static ipv4 address. -> (endwall.sh, endwall_nft.sh endwall_pf.sh)

2) You have a wired LAN router and a wireless LAN router both supplying static ipv4 DHCP addresses to your internal network. -> (endwall_wifi.sh, endwall_nft_wifi.sh, endwall_pf_wifi.sh).

3) You have a Laptop you use in your internal network, wired, and or wireless, but you sometimes take it with you to school, or to a coffee shop and require the wireless connection to allow roaming connections to randomly assigned DHCP addresses. Also useful for investigating the networks of neighborhood wifi networks in your vicinity . -> (endwall_nft_wifi_roam.sh, endwall_pf_wifi_roam.sh)

4) You have  a laptop and you want to plug it in to ethernet anywhere you can get a DHCP address (school, the library, your friend's house), and also use wifi on any wireless network (school, library, coffee shop, friend's house) and both get a randomly assigned DHCP ipv4 address, without re-running the firewall. -> (endwall_nft_roam.sh, endwall_pf_roam.sh). 

The security decreases as you go from 1)->2)->3)->4).   Best practice is 1) no wifi, only wired connections on desktop computers, no wireless interfaces, and connections in your own LAN network using static ip assignment from the router with mac address binding. Next best is 2) only use your own wifi, in you internal network as well as wired on your own LAN with static IP. 3) You have static ethernet and WIFI LAN at home, but sometimes you bring the laptop to school and need to connect to a randomly assigned ipv4 address on their WIFI without re-running the firewall rules, or you are at home and want to connect to or investigate local neighborhood wifi networks without re-running the firewall.  4) You want to be able to plug in to any ethernet jack anywhere (school,library, friend's house), and use any coffee shop WIFI but only for allowed/selected ports.   

I'll work on creating the nft_wifi_roam and nft_wifi models sometime next week. School is starting in 2 weeks, so I have to wrap these projects up before the session starts. I'll be too busy to do anything consistent once the semester starts up, other than some maintenance and bug fixes as I find them. I'll do what I can, on Fridays and Saturdays during school, but I'm going to be busy with school assignments and studying.  

Let me know if these are working for you.  Post bug reports, comments or requests below. Thanks.

I can report that endstream.sh launches and plays with no GUI in GNU/Linux. Tested in tmux in the shell with no desktop or GUI, on Debian 11. I wasn't aware that this was possible until recently.  Sound and full motion video work.  Good news for people who don't use desktops, xorg or wayland or any GUI. mpv can play videos in the command line with no GUI, interesting development.  

I did some updates to endstream_bsd.sh, endstream.sh and winstream.bat, including adding some streams from cozy.tv. Available in the usual places:

https://www.github.com/endwall2/endstream
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/

 >>/1825/
I just tested endstream_bsd.sh in the shell on OpenBSD 7.1 (no GUI no Xenocara). And it also works. It goes to full screen, with full  motion video and sound working on a Toshiba Tecra Laptop. You can use mpv from text mode in OpenBSD 7.1.

Anonymous 08/31/2022 (Wed) 09:25 No.1809 

The pci_disable_device function is defined in the source file of the kernel pci module. Let the pci_disable_device function be a working parameter of the kernel pci module...

Anonymous 09/02/2022 (Fri) 14:38 [Preview] No. 1810

Antivirus and security software should use a second video card modulated for them.

If security software uses a second video card that is modular for them, it does not overwhelm the existing system.

This makes the computer run faster.

Edward Snowden about our legal case against mass surveillance
https://media.privacyinternational.org/w/ie2gnw6BRos7nANn4fDPn4

A strange thing happened last week. My router got bricked, for no apparent reason while I was at school. I replaced it when I came home, and after 5 hours of work I had the core of my network back up and running. It might have been an electrical failure, but I don't know... If it was a cyber-attack, it was professional. 

Anyhow after that happened, I restored all of my services, however I can't seem to restart my tor hidden services anymore from my server. Tor works but the hidden services won't start. I have to comment them out in the torrc file to get tor to start. Anyways, they're down until I have some more free time to troubleshoot what the issue is. I'm backlogged with school work and assignments, so it might be down for a while. All very strange...I'll take another look next weekend and see if its fixable.

 >>/1828/
The hidden service is back up. I'm now using the stock tor daemon from the package manager to run it. I needed to change some directory permissions to get it running. I have to build a new modded version of tor from the latest source code, but it will have to wait until I have some free time.

 >>/1357/

You can also set up proxying to 127.0.0.1:9050 in Hexchat.  This works when connecting to the .onion addresses.

Settings->Preferences->Network-> Network Setup

Fill in the socks5 proxy information.  Then Add the new server in the connection tab using the .onion address and port number.  Works.

Unless there is a discount for buying a vpn with bitcoin. It is not necessarily an anonymous transaction because you theoretically connect to your raw ip with the bitcoin purchased vpn.

What is the search engine that should we use?

 >>/1792/
Use Tor browser for whatever you choose. Some use Searx onion, some use DuckDuckGo onion. I use bookmarks.

I use https://iptotal.io/ to find free socks proxies

https://github.com/microsoft/MS-DOS/

The ultimate step is to build an 8-bit computer with a soldering iron (RC2014), launch a browser in a community audited version of CP/M, connect by socks 5 proxy to a unix computer running tor with 12-15 hops, and use a text browser for the web and and irc client in text mode. Proxy out to  Tor or I2P or whatever the next super duper anonymity router is.  In the mean time do this with DOS.  This won't be a solution for the everyman or for the newbie, but it will be a solution for the serious thinking man.

 >>/1541/
Anything you can do to isolate the tor daemon from the system or its running processes will help.   I'm running it as a user with a custom torrc.   If you can first run firejail or bubble wrap, or chroot it and get the tor daemon to still function it might help.  I consider the linux/unix environment potentially hostile to the user and a potential source of packet inspection.  Basically linux can be used to keylog the users and destroy the anonimity factor in real time or in post analysis.  If there is key logging with an output beacon on your machine, you don't have privacy, and Tor Browser isn't going to help you with anonymity.   If there is malware that can mess with the tor daemon as it's running, then it might be wise to try to isolate the process, so yeah probably a good idea.  I'll try running it with firejail it probably won't work.  If you get a setup like  that and find it beneficial, please post the steps and instructions here. Thanks.

I am big fan of Minecraft and like to watch different minecraft video on Youtube.But for watching I use https://veepn.com/vpn-apps/vpn-for-firefox/ because I can not log itnto my youtube channels.

 >>/151/
personally followed Woflsgang's latest tutorial (with the script)
worked pretty well on my VPS

https://rumble.com/

https://cozy.tv/

https://dlive.tv/

https://joinpeertube.org/
https://media.privacyinternational.org/
https://tube.rebellion.global/videos/local
https://tilvids.com/
https://video.blender.org/videos/local
https://v.basspistol.org/home

https://www.facebook.com/watch
https://www.facebook.com/gaming/
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/watch
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/gaming
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/watch/search/?q=8chan
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/brutamerica/videos/411616456136550/

the shadow brokers released the EquationGroup tools from the NSA a while ago

sorry by the way never used a thread like this before

here is some info on it
[clearnets]
https://news.softpedia.com/news/list-of-equation-group-files-leaked-by-shadow-brokers-507546.shtml

 >>/566/
My computer hung when I clicked on that link.  Could have been a coincidence but  tread carefully.

 >>/575/

> HTTP


not a Cohencidence

outbound_rules_with_b... png
(67.98 KB, 1047x784)

windows_defender_fire... png
(63.95 KB, 1047x784)

outbound_rules_bullsh... png
(44.75 KB, 1047x784)

Windows Defender Firewall

Go to the search tab and type firewall. Select windows defender firewall.  Click on advanced settings.  Block all incoming and outgoing traffic by default. Then wipe out all of the policies or click disable, better to click delete and remove them.  Then add the policies that you need.  Lock them down by application if need be. Play around with the detailed rules and use filters for programs, ports and ip addresses to get the desired effects for your network applications to work. Adding new programs magically changes your firewall settings, but go back and fix them after each new application install. Wipe out and delete all inbound rules.  If you need to let inbound come in, then you should know enough about the application to configure it. 
Block everything and only let out/in what you need to go out/in, specific programs, ports and ip addresses.

Windows Subsystem for Linux

Installation guide:

https://docs.microsoft.com/en-us/windows/wsl/install-win10

I installed Debian, seems to work well for some applications.  I'll import endware and test some fo the tools out.  If you install debian you can install a windowing server Xming or CygwinX 

http://www.straightrunning.com/XmingNotes/

https://sourceforge.net/projects/xming/

Then you can install programs that work in Xorg server and call them from the command line and they'll pop up in windows on the desktop.  

Bear in mind all of this is for convenience while you work on Windows, you can also access Linux tools in the shell and some GUI programs as well. Alternatively try Cygwin and CygwinX:

https://www.cygwin.com/

https://x.cygwin.com/

 >>/1147/
I know Google has been hacking and censoring my sons emails. They do not get forgiven for that. William Gates & his entire staff and bloodline are banned from Heaven.

Regards,

YHVH

Local_Security_Policy png
(97.25 KB, 1506x936)

Local Security Policy

There are firewall settings that don't change when new programs modify windows advanced firewall.  These rules sit beneath and supersede the main windows advanced firewall rules.  

Type here to search-> "Local Security Policy" -> Click Local Security Policy.

There is a folder Windows Defender Firewall, with the same layout.  Put your rules in here and they won't change, and they override the other rules.

I have also found out that these rules can be scripted by the command netsh, so I might make something later on.

Local_Security_Policy... png
(64.09 KB, 1198x885)

Local_Security_Policy... png
(31.72 KB, 1210x687)

 >>/1814/
General Policy and Inbound rules: