/os/ - Online Security

outbound_rules_with_b... png
(67.98 KB, 1047x784)

windows_defender_fire... png
(63.95 KB, 1047x784)

outbound_rules_bullsh... png
(44.75 KB, 1047x784)

Windows Defender Firewall

Go to the search tab and type firewall. Select windows defender firewall.  Click on advanced settings.  Block all incoming and outgoing traffic by default. Then wipe out all of the policies or click disable, better to click delete and remove them.  Then add the policies that you need.  Lock them down by application if need be. Play around with the detailed rules and use filters for programs, ports and ip addresses to get the desired effects for your network applications to work. Adding new programs magically changes your firewall settings, but go back and fix them after each new application install. Wipe out and delete all inbound rules.  If you need to let inbound come in, then you should know enough about the application to configure it. 
Block everything and only let out/in what you need to go out/in, specific programs, ports and ip addresses.

Windows Subsystem for Linux

Installation guide:

https://docs.microsoft.com/en-us/windows/wsl/install-win10

I installed Debian, seems to work well for some applications.  I'll import endware and test some fo the tools out.  If you install debian you can install a windowing server Xming or CygwinX 

http://www.straightrunning.com/XmingNotes/

https://sourceforge.net/projects/xming/

Then you can install programs that work in Xorg server and call them from the command line and they'll pop up in windows on the desktop.  

Bear in mind all of this is for convenience while you work on Windows, you can also access Linux tools in the shell and some GUI programs as well. Alternatively try Cygwin and CygwinX:

https://www.cygwin.com/

https://x.cygwin.com/

 >>/1147/
I know Google has been hacking and censoring my sons emails. They do not get forgiven for that. William Gates & his entire staff and bloodline are banned from Heaven.

Regards,

YHVH

Local_Security_Policy png
(97.25 KB, 1506x936)

Local Security Policy

There are firewall settings that don't change when new programs modify windows advanced firewall.  These rules sit beneath and supersede the main windows advanced firewall rules.  

Type here to search-> "Local Security Policy" -> Click Local Security Policy.

There is a folder Windows Defender Firewall, with the same layout.  Put your rules in here and they won't change, and they override the other rules.

I have also found out that these rules can be scripted by the command netsh, so I might make something later on.

Local_Security_Policy... png
(64.09 KB, 1198x885)

Local_Security_Policy... png
(31.72 KB, 1210x687)

 >>/1814/
General Policy and Inbound rules:

Alternatively start a thread or add it to one of the current threads.

This looks like a related board:

https://masterchan.org/nsa/

 >>/196/
> no Tor hidden service
> suggests deanoning self via logging in to "Anon ID"
> while suggesting stronger way of deanon than cookies, they claim to not store IP
> just made post with Tor Browser with no JS, cookies only, no "anon id" crap
> post shows up as by "Outlander", suggesting that majority of users there deanon self across sessions
Gee, I wonder why people call it honeypot

Wanted to join their IRC
OFTC is a bunch of rulecucks. While they allow Tor access, they limit amount of connections per Tor exit node. I had to rotate circuit 11 times to connect.
> #masterchan Illegal channel name
Looks like "identified anon's" message on that imageboard is truth
> Why is someone possibly IRCOP banning users right and left in #masterchan?

Why the hell Tor Project uses this cucked network?

Related board:
https://lainchan.org/sec/index.html

Fresh install of Parabola/GNU/Linux-Libre/OpenRC

On an Intel core2 laptop 

boot into cli from OpenRC

$ free -h 

used 60 MB 

start xorg as root

# startx 

# free -h

used 75 MB

That's much more reasonable.  Goodbye systemd. 

Once I have everything working I'm going to backup my desktop and nuke it. It has Intel ME so I'll put parabola Open RC base onto it with Xorg and use it with mpv and retroarch, for streaming and gaming. I'll use other alternative hardware for more important / less resource intensive activities.   I like the memory usage from OpenBSD 6.3 more (27MB in cli after boot), and MS DOS 6.22 (348 KB) even more. Less things running in memory means a better chance of being clean. 

I have a retail box of MS DOS 5 from the early 90s on 5.25" floppies, before the advent of the internet(its clean).  MS DOS has no security, it's security is the physical security on my front door, but it's clean so that gives me privacy (unless I install malware); it's a pain to setup though, everything is manual configuration, that's the down side.

Alpine Linux on OpenRC
Fresh install on encrypted lvm with the services it said to start in the wiki guide. In command line on busybox.
$ free -m 
 120MB. 

I couldn't get X org to start, but it would probably add another 20MB on top of that.

Hyperbola with linux-libre-lts on OpenRC is similar to parabola.  Boots into user account in command line in at around 100MB xorg adds another 20MB ontop to around 120MB.  Booting into a user shell seems to be more memory expensive than starting as root.  

I want to boot to command line in no more than 20MB with a GUI that brings me up to no more than 40-50MB of memory usage.  Any more than that and there is too much going on.

Gentoo Linux (2021) 
Gentoo Hardened 10.3.0-r2 
Linux/x86 5.13.10-gentoo Kernel

text mode: 51 MiB

Fresh install running with Btrfs on LVM on LUKS. Hardened Gentoo amd64 no-multilib stage 3,70 packages emerged. Running dm-crypt, iptables, lvm and bash. Could probably trim it down to 40MiB with some other choices (shell, daemons etc).  I think this is going to be as good as it gets for Linux (for me) without changing things drastically. Maybe I'll switch my shell to ksh or dash or something else and see how it performs.

MacOS HighSierra (2017)

Installed on a MacMini 2011 with 16GB RAM, fresh install:

PhysMem: 4981M used (1945M wired)

The system needs at least 5GB to run properly, and uses up to 10-14GB of RAM when using applications. The memory usage is similar on Monterey.

Hak5
7 Year Old Linux Flaw Newly Discovered - ThreatWire
https://youtube.com/watch?v=12oSZ3FVXBA
Jun 15, 2021
"EA Source Code was Stolen, a 7 Year Old Linux Flaw was Discovered, and 1.2 Terabytes of Data was Mysteriously Stolen from millions of Windows pcs!"

Hak5
PrintNightmare Hits Windows, REvil Kaseya Ransomware Hits Businesses Worldwide - ThreatWire
https://youtube.com/watch?v=iCGuqW7NL9U
Jul 6, 2021
"3 Vulnerabilities were Found In Netgear Routers, Ransomware Hits Businesses Worldwide, and PrintNightmare Leads to remote code execution attacks!"

No Spam 3 year ban

Где Вы ищите свежие новости? 
Лично я читаю и доверяю газете https://www.ukr.net/. 
Это единственный источник свежих и независимых новостей. 
Рекомендую и Вам

Translation to English: Where do you look for the latest news? Personally, I read and trust the newspaper https://www.ukr.net/. It is the only source of fresh and independent news. I recommend it to you

ich hatte Recht :) mituns

linux-5-10-employers-... jpg
(69.77 KB, 525x462)

Linux 5.10 Kernel Contributors.

linux-kern... png
(101.98 KB, 313x905)

linux-kern... png
(91.63 KB, 297x878)

https://news.itsfoss.com/huawei-kernel-contribution/

https://fossbytes.com/linux-kernel-development-contributer/

linux_committers jpg
(331.49 KB, 705x825)

https://www.itwire.com/open-source/linux-kernel-report-shows-more-than-20,000-contributors-since-beginning.html

When it comes to the desktop model of computing, Linux and BSD are not as secure as you think:

https://madaidans-insecurities.github.io/linux.html
https://madaidans-insecurities.github.io/openbsd.html

Some valid points raised there. If security is paramount, use Qubes OS. Alternatively, use ChromiumOS with all telemetry disabled and enjoy bottoming for Big G.

nice try grandpa
are you aiming for privacy, anonymity, security? VMs are unreliable from a paranoid security standpoint due to complexity, nevertheless if they provide anonymity, it may be worth it against larger foes that can compromise security with their access to exploits. Similarly with Tor Browser Bundle, sometimes it is better to blend in rather than to obscure your identity. a hoodie will be less conspicuous than a facemask.
 >>/1249/
> don't post modern photos except PNGs because of exif
you can strip exif data using 'exiftool' and other solutions. I have heard stories about cameras having hidden codes (and more likely, repeatable and detectable design flaws) that can be used to identify the module, but that's real rumor oojie boojie
> avoid all digitized vehicles
avoid vehicles especially with push-button ignition, vehicles with a disabled wireless unlocking mechanism would be preferable but there are vehicles with an option to disable the keyless wireless fob.   

 >>/1248/
> don't use social media
endchan is social media
> use a cheap private vpn
use someone else's vpn, don't leave a paper trail of payment leading to your credit card
> do not buy green appliances
enjoy getting vanned because your electricity company can tell when you're browsing the internet via the smart meter. green is just a color, but energy efficient appliances are easier to run off battery power and/or solar power sources.
 >>/1167/
> responding to phishing attempts at all
phishers may record a clipping of your voice to bypass automated vocal analysis software, which is luckily not commonplace, but nevertheless, do not give them information if possible
 >>/1306/
OpenBSD has a MAC randomiser inbuilt by default, isn't that a standard OS feature?
 >>/1328/
your password might have high entropy for a bruteforcing machine, but you're still relying on english grammar, which can be boiled down to rules no matter how complex they are
I would recommend creating a password using the FSF diceware list instead, as the words make less sense as a group, while still providing entropy

glownigger png
(91.93 KB, 400x400)

Don't use smartphones.

I'm not an expert but I have an IQ over 9000.
How I might attack a password.
A. List attack
I will get a list of "common passwords" derived from compromised user password list (the user account you made in ten seconds, 5 month ago because some Jew webpage made you).
> "12345678" and "nopassword".
B. low entropy Brute force of the password list
Common passwords with one character variance, common passwords with 2 character variance.
> 1234s6789, Nopassword1
The site made you add a symbol and a number, I'm so scared.

It's only if you got this far that any real effort has to be made, honestly if you're not special I will just give up and find a stupider person.

C. dictionary attack
Instead of guessing gibberish I will use whole words.
Long passwords are often made up of whole words and at this point I know your password is fairly long.
There are far more words in any given language than characters (this BTFO's Chinese users incidentally).
Many common phrases will already have been covered in A. "common passwords"
I start to assume things like "If there's a 'Q', the following character is 'u'"
The way this works technically a word and a phrase based attack aren't really separate 
> hitlerdidnothingwrong
> therighttobeararmsshallnotbeinfrienged 

If this didn't work you're a CHAD with a password like 
zgn$%w5jkgkn994 written under your mouse pad like my Grandma.

That's when we get into hash collisions, pre-computed hash values, hoping other elements (like servers storing plaintext password outputs) makes our life easier

Gentoo jpg
(16.96 KB, 474x496)

Install gentoo

 >>/1727/

I just finished installing Gentoo with btrfs on LVM on LUKS and spent 15 hrs configuring the kernel parameters to get iptables working with endwall.sh .  I have to add some more stuff for IPv6 to make it fully compatible with endwall.sh.

Here is my layout:

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/content/gentoo/layout.txt

sda is full disk encrypted OpenBSD 6.9, sdb is encrypted with unencrypted boot for Gentoo Linux.

Here is my current working kernel config:
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/content/gentoo/kernel_config.txt

you can copy this to /usr/src/linux/ and then overwrite .config , and run 

$ su
# cd /usr/src/linux
# cp kernel_config.txt .config
# make -j4 && make -j4 modules_install.
# make install
# genkernel --lvm --btrfs --luks --microcode --firmware --bootloader=grub2 --install --kernel-config="/usr/src/linux/.config" initramfs

Which will build the kernel and the initramfs.  This works with encrypted lvm with btrfs.  changing parameters in menuconfig

change parameters with

# make menuconfig 

and recompile and install the kernel and initramfs.  Works for me so far.

Gentoo is a time suck, and there is no way I would know anything useful about Linux or UNIX system administration and security if I had started with it.  I think a good progression is Debian > Arch > Parabola > OpenBSD > Gentoo > MS DOS + compile what you need manually.

Has anyone figured out how to escape an X11 desktop (like "nobody's x11 desktop" in the title) in vnc?

some oil thing
 70.36.21.143

 >>/1717/
I don't think you can. I haven't found a app or software that hides your device name

122.176.39.102 win

72.24.222.203 win10

Dudes. Is shodan worth it?

 >>/1467/
Yeah that's probably faster/smarter to get the Americium from a smoke detector. Good call.

crypto101.io is a decent overview of _contemporary_ cryptography, not the usual textbooks

 >>/1469/
and it should work the same, right? just a button of a different material.

 >>/1495/
Any radiocative isotope of an element should work.  In the video he's using Americium from a smoke detector.  You just need some random gamma and beta radiation from a decay event to set off the Geiger counter.   Any radio isotope will do.  Radioactive decay times and quantities are random and unknowable before the event occurs.

Youdontsay jpeg
(21.11 KB, 336x336)

How does a crypto operator in a client relationship protect themselves against duress?
We are already starting to see digital robberies, because crypto clients are typically anonymous and can use a range of access point the rick of Crypto-ATM robberies is increasing.
A two factor authorization and a silent alarm would be easy to set up- but this presents the risk that the silent alarm keeper could freeze accounts and make demands of clients.
A "two key" system can be used to ensure transactions and blocks are only made with the simultaneous cooperation of the Client and broker, but as with TOR if unilateral blocking is not possible the systematic takeover of brokering services is likely to eventuate.
While in theory if the broker was a bad-actor they still wouldn't gain access, the client would loose their protection without their knowledge- and a large number of bad-actor brokers would emerge to net a large number of clients.

Is this a problem inherent to a single origin (client centered) authorization chain?
Could the blockchain work in tandem in a two factor access system?

RC2014
http://rc2014.co.uk/

RC2014 is a simple 8 bit Z80 based modular computer originally built to run Microsoft BASIC. It is inspired by the home built computers of the late 70s and computer revolution of the early 80s. It is not a clone of anything specific, but there are suggestions of the ZX81, UK101, S100, Superboard II and Apple I in here. It nominally has 8K ROM, 32K RAM, runs at 7.3728MHz and communicates over serial at 115,200 baud. 

RC2014 is available in kit form for you to solder together.  Through-hole components are used throughout, making soldering easy, even for those with limited soldering experience.  Along with a selection of modules to extend functionality, such as serial terminals with HDMI output, digital input modules or, simple keyboard, the RC2014 is a very adaptable computer.

Assembly guides can be found here:
http://rc2014.co.uk/assembly-guides/

 Module information including schematic diagrams and technical descriptions can be found here: 
http://rc2014.co.uk/modules/

GitHub repository can be found here:
https://github.com/RC2014Z80/RC2014

Google Group for RC2014 owners can be found here:
!forum/rc2014-z80">https://groups.google.com/forum!forum/rc2014-z80

RC2014
http://rc2014.co.uk/
As soon as you turn RC2014 on you can start programming in Microsoft BASIC.  This is very easy to get started with and some very complex programs can be written.  To get right down to the metal, though, you can write your programs in Z80 machine code.

Development of the RC2014 has lead to a more powerful machine with pageable ROM, 64k RAM, compact flash storage and a whole range of expansion peripherals.  With the right modules, it’s now possible to run CP/M, which opens the RC2014 up to a wide range of software. 

RC2014 can be bought from Tindie:
https://www.tindie.com/stores/Semachthemonkey/

RC2014

Z80 Retrocomputing 18 - Z180 CPU board for RC2014
https://youtube.com/watch?v=D9u9hhNjcEY
Dr. Scott M. Baker
In this video, I build and try out a Z180 CPU board to replace the Z80 CPU in my RC2014 retrocomputer. Aside from simply being faster than the Z80 that I'm currently using, the Z180 offers a lot of on-board peripherals (serial IO, timers, interrupt controller, mmu, dma, etc). I benchmark the 20 Mhz Z180 against my 7.3728 Mhz Z80. I'm saving exploration of the onboard peripherals for a future video. For more retrocomputing projects, see http://www.smbaker.com/

YM2149/ AY-3-8910 Sound Card for the RC2014 computer 
https://youtube.com/watch?v=-iLwi9FagFE

rc2014-ym2149 Designed by Ed Brindley
Demonstration of my sound card for the RC2014 computer. The board is Open Hardware and was produced entirely with Open Source Software (as was this video) PCB now available on Tindie: 
https://www.tindie.com/products/edbrindley/ymay-sound-card-pcb-for-the-rc2014-computer/
Schematics and Gerbers for the board are available here:
https://github.com/electrified/rc2014-ym2149

Raptor Computing Systems

Talos™ II
https://www.raptorcs.com/
https://www.raptorcs.com/TALOSII/
https://www.raptorcs.com/content/base/products.html

make a guide for new people niggers
also join discord.gg/obama