/os/ - Online Security

News, techniques and methods for computer network security.


New Reply on thread #1433
X
Max 20 files0 B total
[New Reply]

[Index] [Catalog] [Banners] [Logs]
Posting mode: Reply [Return]


DISCUSSION THREAD II
Want to say something off topic about anything?

Have a hot tip about something in the computer security world that doesn't fit into any current thread or category?

Want to chat with your fellow invisible 7 proxy friends?

Want to tell Lt. Gen Michael Hayden, Lt. Gen James Clapper,GEN Keith Alexander, ADM Michael Rogers, GEN Paul Nakasone, GOOGLE, AMAZON, FACEBOOK, Microsoft, Apple, etc. how you feel?

It's open mic at >>>/os/ , anything goes!!

Put all of your banter here:
Does anyone have an archive of the previous thread?
I forgot to download it / back it up... 
Sulu blew up my thread. I Blame it all on Sulu ...and Kirk.

I hope someone had a backup because I don't...







 >>/1451/
https://en.wikipedia.org/wiki/Peer-to-peer_web_hosting
"
Name      | Release date |   Anonymous | Fast | Edit rights | Read rights| Offline |FOSS  | Notes
Freenet   |  2000        |    Yes      |  No   |    No       |      No     |   Yes  | Yes |
Osiris    |  2010        |    Yes      |  Yes  |    No       |      No     |   Yes  | No  |
IPFS      |  2014        |     No      |  Yes  |    No       |      No     |   Yes  | Yes |
Maelstrom |  2014        |     No      |  Yes  |     ?       |      ?      |   ?    | No  | Project suspended since 2015
ZeroNet   |  2015        |     No      |  Yes  |    Yes      |      No     |   Yes  | Yes | DHT
Dat       |  2013        |     No      |  Yes  |     ?       |      ?      |   Yes  | Yes | 
Blockstack|  2013        |     No      |   ?   |     ?       |      ?      |    ?   | Yes | Uses the Bitcoin blockchain."

"Peer-to-peer web hosting is using peer-to-peer networking to distribute access to webpages.[1] This is differentiated from the client–server model which involves the distribution of Web data between dedicated web servers and user-end client computers. P2P web hosting may take the form of P2P web caches ( and content delivery networks like Dijjer and Coral Cache which allow users to hold copies of data from single web pages and distribute the caches with other users for faster access during peak traffic."

I don't know too much about these technologies, and I don't trust or endorse any of them. 

What is your goal? censorship resistance? Peer to Peer ? or Anonymity?  What is the use case?

As I see it there are currently only two options for semi-anonymous internet viewership.  Tor v3 onion, or I2p.

https://en.wikipedia.org/wiki/I2P

I2P looks like your next best bet. New technologies will emerge in the future, so if you see something interesting or read an interesting article, link to it and tell us about it.


 >>/1452/
At first my goal was to give an alternative to 08chan as to drop zeronet for X app/protocol/darknet. But actually if i wanted the perfect system I was thinking something that has mesh net capability. And the ability to filter what you "seed" firsthand and not after the fact like zeronet. With zeronet you must load the complete 08chan before filtering shit out. So you have to download the entire site including boards you would want to blacklist. That is unacceptable to me. I agree with the i2p and freenet comparison. Maybe p2p is not the way to go and some kind of anonymous meshnet is definatly the ideal in my opinion...if at all possible i know there is a couple of expirimental things like B.A.T.M.A.N which is probably not even anonymous. I don't know. When endchan was down i saw simular talk of how zeronet is not enough and a full meshnet sort of chan would be ideal. I read that on the overchan nttpchan which is compatable with tcp/ip meshnets apparently.

 >>/1454/
ZeroNet doesn't make you download the entire board, that's bullshit someone is repeating.  I actually spent the time and tested it myself and proved that's wrong.  See this thread in /tech/
https://endchan.net/tech/res/13329.html#q13434
But as I said in those posts, there are other problems with 08chan, and most critically is the "need" to generate an ID from a clearnet connection.  That pretty much defeats anonymity, since everything you post is trackable from that ID and thus that clearnet IP.

thumbnail of keylogger.jpg
thumbnail of keylogger.jpg
keylogger jpg
(47.94 KB, 619x273)
Supposedly, the primary directive of health care providers is "Do no harm," yet in every doctor's office I walk into today, the first thing they want to know is my name and social security number so that they can enter it into their electronic database. If I don't give it to them or deny them permission to store it electronically, they crash. They will often stare at me in befuddlement or start babbling nonsensically, unable to process what I just said or continue with the task of diagnosing or providing health care. This has happened even when they already had a two-inch thick folder of paper medical records and had been treating me for 30 years. 

Several years ago, the thriving marketplace for millions of medical records stolen from insecure health care provider databases was called Hansa Marketplace. Hansa was shut down in 2017, but it matters not. Today, it's Samsara. If you want to buy millions of your own state's voter records, the entire LinkedIn name/email/password database, millions of names and SSNs stolen from hospital databases, or lists of US children's names and SSNs lifted from pediatrician's databases that won't be used for tax reporting for years so that you can use them to report wages for undocumented workers in your meat packing plant, Samsara is the place to go. It's easy too - download Tor from www.torproject.org, bring up any Tor search engine, and search for "samsara". There you'll find drugs, counterfeit money, credit card numbers, bank accounts, dozens of corporation's customer accounts and passwords, voter records, drivers license databases, fake ids, fake passports, and kid's names and SSNs because parents are so naive as to just answer the question whenever anyone in a white jacket asks them for their children's names and SSNs - Social engineering at its finest.

The next time you are sitting in an exam room unsupervised waiting for a nurse to walk in and take your blood pressure, try not to look too hard at the computer bolted to the wall. It is physically connected to their network, you could attach anything you wanted to without anyone knowing, and someone is about to type a password into it. If you look at that gigantic gaping hole in their security that is observed firsthand by millions of patients every day, your blood pressure will go up, and your doctor certainly wouldn't want that.

Unrelated to the previous discussion

Crypto for 8-bit
https://cryptolux.org/index.php/Links_to_Embedded_Crypto_Implementations
https://crypto.stackexchange.com/questions/55885/lightweight-cipher-using-only-8-bit-operations
https://crypto.stackexchange.com/questions/570/types-of-cryptography-for-a-4-8-bit-microcontroller
https://cockrum.net/Implementation_of_ECC_on_an_8-bit_microcontroller.pdf-

https://www.embedded.com/design/prototyping-and-development/4006433/Implementing-SSL-on-8-bit-micros
https://cockrum.net/Implementation_of_ECC_on_an_8-bit_microcontroller.pdf

I just updated hyperbola, 

# pacman -Syy
# pacman -Su

And now ls, rm, ln, sed,grep, and all the basic utilities stopped working and it will not start into x-org, supposedly replaced with xenocara. Broken POS.

Just a heads up, updating hyperbola might be a bad idea / get ready to reinstall from scratch. 

I'm logged in on another computer. This is unacceptable.  Anyways, I'm out of commission until this issue is resolved, which might require a wipe and re-install. I can't afford to be knocked out of commission for 2-3 days every month because of bad update pushes or because of some weird pacman fail issue.  

The last time something like this happened was right before exams started, and I had to waste an entire day fixing / rescuing my computer instead of studying...totally bogus.  This is why people use Windows... I think I'm going to switch my main school setup to Debian, with a Windows 7 dual boot (They force us to use the MS products for school).  I'll continue doing everything else with hyperbola (once it's working again), and OpenBSD.


 >>/1482/
Thanks, I've been busy with school and homework.  I've got two midterms on Monday back to back...  I usually log in once or twice a month to clean up spam.  I'll try not to lose the board by negligence.

Adolf only has 5 posts left to produce the National Socialist Channel.  I've added Best Korea State Television to channel 375, so the Hitler channel should be no problem.   

OK I'm going to clean up and move some posts around and then get back to studying about friction on inclined planes connected to pulleys double wrapped with an in-extensible cable. Calculate the tension in the cable and the acceleration of blocks A and B.  But first perform an impending motion analysis with the static coefficient of friction...


 >>/1484/
Thanks again,

Yeah, I didn't think you were Adolf, I was just noting that it's getting close to the Hitler get. He'd better deliver... (He didn't actually promise anything, I invented the scenario that there is going to be a Hitler Channel).   

Also I missed the corner by the computer in the Encrypted Internet banner, it's really annoying me...I'll do something about that next weekend. I'll get that corner and flood fill it with purple. Also the Omega looking like a dude bending over grabbing his ankles and looking back from underneath was totally accidental...I was like "Hey a lamp shade, that's a good place to insert an Omega"...


 >>/1487/
What a stupid, odd question, but I get what you're saying and the answer is no, there's no other website that's archiving the posts on Endchan. There IS however archive.is while archive.org doesn't really archive as frequently on here.


For the last three days or so youtube has been rejecting requests coming from the tor network. Basically endtube and oldtube are not working.  I think the next best strategy is to go to open high anonymous proxies, and or to use a vpn.  It might be temporary in nature, but I'm not sure. If anyone has some insight into this issue post below. 

This is all I get from any attempt:

WARNING: unable to download video info webpage: HTTP Error 429: Too Many Requests
WARNING: unable to download video info webpage: HTTP Error 429: Too Many Requests
ERROR: : YouTube said: Unable to extract video data

I won't be posting anymore youtube video links until there is a fix / this is resolved.





> Endwall is still posting 6 years later


I sure hope you've made improvement to your knowledge of OPSEC/Scriptwriting since. When I first saw you, you were a mega-dumbass newbie who was making broken scripts dependent on Arch-Linux that made you less secure.

 >>/1521/
The only thing I thing that I produce that makes people less secure is endstream.sh because it's a clearnet product. 

We can argue about how you shouldn't change the defaults for wget or curl or youtube-dl or whatever, I take a different stance, you should be able to change the headers to the tor-browser UA or 50 different UA every download at volition.  Or perhaps you object to my settings in endtorrc.  Or perhaps you disagree with my 6 hop tor mod that I published here. IF you want to do a code review here are the links:

Endware Hidden Service
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/

Git Repositories
https://gitgud.io/Endwall/
https://github.com/endwall2/

My main works are the firewall, endwall.sh its associated ipset script endsets.sh and the traditional blacklisting script (good for all of your /8 bans)  endlists.sh.  My most "dangerous" script to anonymity is probably endstream.sh an internet news streaming product that operates over clearnet.  It can be modified to run through tor, but a better idea is to use it in conjunction with a VPN.   Some of my scripts are no longer functional ( proxyload.sh xtract-ytpl.sh) and need to be updated.  There is a youtube-dl torsocks script that uses custom headers and User Agents set by the user or uses the tor-browser UA endtube.sh, and oldtube.sh a simplified version.  These seem to work well.  

As you can see there are about 50 products I've created or worked on during the course of this project. Feel free to audit my code and post some problematic examples back here.  I've been posting continuously here at Endchan since a couple months or  so after it started... Endware  related posts should be posted in the Endware thread, where you can review the code and post suggested changes or critique, and suggestions for improvement.  This thread is for off topic and general computer security discussion. Go ahead and examine the scripts and find some problematic sections in my code and post about it in the Endware thread and I'll work on fixing it (in time).  However, my production rate has slowed down significantly since September, as I am bogged down with school work.  Thanks for the feedback.


Anybody want to talk about Zoom and this plethora of Skype and MS Teams stuff? NSA must be swimming in data these days.  Voice, Video, Facial and Voice prints...  

School is shut, but we teleconference for our classes...forced me back onto windows and Microsoft teams and skype and this Zoom room crap...  

Teacher: Turn your camera on Endwall! 
Endwall: I don't have a camera, its not plugged in.  
Teacher:  Feel free to unmute yourself.  
Endwall: I don't have a microphone, typing is fine...

This is some sad stuff...Open up my ports... so lame.  After all of the hardening I did...*Shakes head in shame*


thumbnail of Zoom5_AES256_ECB.png
thumbnail of Zoom5_AES256_ECB.png
Zoom5_AES256_ECB png
(36.81 KB, 878x660)
Zoom
I have to use this for school and for my part time job.  It uses AES-256 bit in ECB mode. And was generating the session keys on servers in China.  I've added a picture from zoom 5.0 on windows 10.

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation   

https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/

"The report points out that Zoom may be legally obligated to share encryption keys with Chinese authorities if the keys are generated on a key management server hosted in China. If the Chinese authorities or any other hypothetical attacker with access to a key wants to spy on a Zoom meeting, they also need to either monitor the internet access of a participant in the meeting, or monitor the network inside the Zoom cloud. Once they collect the encrypted meeting traffic, they can use the key to decrypt it and recover the video and audio."   

Post any other relevant information here or in the security news section.  I feel that this is a massive error that people are making using this software.

ZOOM

Citizen Lab University of Toronto Canada
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

https://citizenlab.ca/2020/04/faq-on-zoom-security-issues/

Response from Zoom
https://blog.zoom.us/wordpress/2020/04/03/response-to-research-from-university-of-torontos-citizen-lab/



 >>/1583/
Now chain this to a router running openWRT running strictly through the Tor network with a torrc with 9 hops with no entry or exit in 9 eyes countries.   

From there on it's just going to be building software for downloading and display of content (web browsers, content/media players etc.)

I'm on my OpenBSD computer running tor-browser from pkg_add in xenocara running fvwm.  I've been running OpenBSD for about a week now, and it hasn't crashed yet.  GNU/Linux on the other hand crashes 3-4 times per day forcing system restarts.   I think I'll spend more time over on OpenBSD moving forward. I'll still be using Linux, because I have it set up where everything I use on a daily basis works (except for the crashing and lockups) and is at arm's reach, whereas OpenBSD has limitations for packages and drivers and leaves me without certain capacities. However for text based messaging (irssi, profanity, mutt, links2, etc)  its probably the best all round platform to work off of / start with.  

I don't trust the Linux ecosystem (Arch, Debian, Ubuntu, Fedora Derivatives) or the Linux kernel anymore, and I want to work on old non-x86 hardware (Sparc, Alpha) when working on sensitive things.  For watching TV on endstream, Linux is just fine, but for secure messaging it's not.  I've lost interest in GNU/Linux... it's basically windows 98 tier in terms of stability and "Just trust me" in terms of security.   My go forward plan is to migrate my servers to OpenBSD and proxy MS DOS or FreeDOS through an OpenBSD firewall/proxy/tor proxy machine.   

I don't want multi-tasking on my main system.  I only want to have to check 2-3 programs for issues and have 1 program active on stack memory (The program I'm currently using) not 200 process in the background. That's fine for a multi-user server, but doesn't make any sense for my security/privacy model. This means I will be mostly restricted to text mode applications, which is fine by me. 

Winter Semester for school will be starting for me soon, so I'll be back to the grind again, bogged down by assignments, with limited time for development.  I'll be spending my free time reading OpenBSD man pages and materials and doing system administration tasks.  I'll be around but, as has been mentioned before, this board is unfortunately inactive and consists of more or less just me, and my occasional posts.  If you guys want to start security threads about topics of interest to you feel free to do so.


11/06/2019 (Wed) 04:47:44 No. 1491 

I read that wireguard has a smaller attack surface than openvpn. I think this might be an over-simplification. Can there be vulnerabilities when one piece of software interacts with another? If so, wouldn't it be more difficult to detect?

05/22/2022 (Sun) 21:37:24 No. 1776 
When my computer is not connected to the internet, even though I formatted, changed the bios software and changed the hard disk firmware, the program opens by itself and the mouse cursor moves by itself. When I examine with the Wireshark program, an interrupt signal comes from the usb ports even though the device is not plugged into the usb ports. In this case, I am complaining. Logs are attached.
no programs are open. the signal is coming from usb ports not programs. Signal incoming ports are undefined and empty. An interrupt signal is coming, not a connect signal.
Before this event happened, when I checked the usb ports via wireshark, the interrupt signal was not coming.
It's not a simple badusb pressing keyboard keys.
It is a very sophisticated badusb attack that installs itself on a different linux pci module via the kernel.
badusb wireshark logs ufile.io/uehckndm

08/13/2022 (Sat) 08:12 No. 1797

I am using Linux operating system.

My computer is not connected to the internet. However, I formatted it and changed the bios firmware and hard disk firmware. However, the program opens by itself, the mouse cursor moves by itself, and sometimes the system's default audio service is turned off.

When I examine it with the Wireshark program, an interrupt signal comes from the usb ports, even though there is no device plugged into the usb ports. The interrupt signal comes from linux's default idle hardware.
I have a hidden implant in my computer that looks like the NSA ANT COTTONMOUTH tool.
Wireshark logs https://easyupload.io/eqrfr6


This hidden usb implant can easily bypass all antivirus and security software by introducing itself as a hidden system process by overflowing the kernel, regardless of linux or windows operating system, during computer startup.
On computers that cannot exceed the kernel security, it introduces itself as a different hardware and takes over the control of the system via memory buffer overflow by overloading the interrupt. No antivirus and security software can detect this situation.


This hidden usb implant is not simple usb keyboard like ruber ducky and usb ninja. For this reason, do not recommend simple and useless scripts such as "usb guard". This implant is an advanced usb spying implant similar to NSA COTTONMOUTH.

My request from the linux community is to develop a security module for the linux operating system against hidden usb implants.

08/11/2022 (Thu) 16:26  No. 1796 [Reply]
Exploit development with artificial intelligence

Why don't hackers use artificial intelligence to develop exploits ?

It is quite easy to develop exploits with artificial intelligence.

They do not need to use their own computers for this. There are dozens of artificial intelligence services operating online.

A special artificial intelligence algorithm that you will prepare will scan all the vulnerabilities that have come up to date. By making comparisons between the vulnerabilities it scans, it determines the cause and source of the vulnerabilities in a way that a human cannot perceive.

Understands how to develop exploits against vulnerabilities by examining all exploits written.

That's what intelligence agencies do. This is how hackers should do it.


08/07/2022 (Sun) 07:06:36 No. 1794 
Antivirus and cyber security systems used for computers are software-based.
Today, cyber espionage can be done not only with codes and programs, but also on hardware.
It is possible to spy directly on the hardware, bypassing the operating system and antivirus by loading harmful codes into the firmware on the chips of the hardware.
While it is possible to clean the malicious rootkits infecting the UEFI / BIOS firmware and Harddisk firmware of the computer by reinstalling the original firmware of the hardware manufacturer, the firmware of the chips in the other hardware of the computer (keyboard, mouse, mouse, usb controller, camera, microphone, video card, PCI slots and other hardware) It is not possible for ordinary people to detect and clean rootkits infected with the rootkit.
For this reason, a special operating system or special system software is required to detect rootkits that infect the firmware of chips in other hardware.
This system and operating system can detect by examining the signals given by other hardware to the system and by examining the operation of the firmware on the hardware chip, if possible, by examining its digital signature.
You can claim that the Sniffer and Monitor programs on the market can do this function. But these programs can examine as much as the operating system they are running gives them.
Therefore, a different system or operating system is required in this regard. Apart from this, "hardware antivirus" can be developed as an alternative to software antivirus and software cyber security systems.
Security software is usually installed on the operating system, the operating system kernel and, if necessary, the motherboard bios/uefi section. Alternatively, a "hardware antivirus" with a different motherboard and processor can be placed inside the existing computer case, regardless of the computer used.
The difference of this "hardware antivirus" from IDS, IPS and External Firewalls is that it can directly connect to the computer's memory, hard disk and network paths with a physical cable or implant, and physically control the computer system, ensuring the security of the computer regardless of the current operating system and motherboard.
This "hardware antivirus" can physically monitor the computer's input and output ports, stopping hard-to-detect BadUSB and NSA ANT tool attacks.

GRUB boot commands works when I type pci=disable_acs_redir=pci:12D8:2308 in linux pci module.

When I type pci=pci_disable_device=pci:12D8:2308 to disable the hardware, it gives unknown parameter error.

what is the reason of this ??

Anonymous 08/31/2022 (Wed) 09:25 No.1809 

The pci_disable_device function is defined in the source file of the kernel pci module. Let the pci_disable_device function be a working parameter of the kernel pci module...

Anonymous 09/02/2022 (Fri) 14:38 [Preview] No. 1810

Antivirus and security software should use a second video card modulated for them.

If security software uses a second video card that is modular for them, it does not overwhelm the existing system.

This makes the computer run faster.


A strange thing happened last week. My router got bricked, for no apparent reason while I was at school. I replaced it when I came home, and after 5 hours of work I had the core of my network back up and running. It might have been an electrical failure, but I don't know... If it was a cyber-attack, it was professional. 

Anyhow after that happened, I restored all of my services, however I can't seem to restart my tor hidden services anymore from my server. Tor works but the hidden services won't start. I have to comment them out in the torrc file to get tor to start. Anyways, they're down until I have some more free time to troubleshoot what the issue is. I'm backlogged with school work and assignments, so it might be down for a while. All very strange...I'll take another look next weekend and see if its fixable.

 >>/1828/
The hidden service is back up. I'm now using the stock tor daemon from the package manager to run it. I needed to change some directory permissions to get it running. I have to build a new modded version of tor from the latest source code, but it will have to wait until I have some free time.


Post(s) action:


Moderation Help
Scope:
Duration: Days

Ban Type:


50 replies | 4 file
New Reply on thread #1433
Max 20 files0 B total