Redpill me on cyber security

this

It doesn't exist. Don't ever do anything on a computer that could incriminate you and don't ever digitize anything you truly want kept private.

It's your first step to enlightenment.

CYBER IS A BIG DEAL! WE HAVE TO PROTECT OUR CYBER!!!

Yeah, I figured that out already.
But I mean, I often feel like a good goy when I use the internet... you know, browsing with firefox, using chrome at my working place, using gmail, having a youtube account etc.
I'm interested in what YOU figured out for yourself in your every-day internet&pc usage.

I would say I'm already quite far down the rabbit hole. Also been lurking here for quite some time now. But that was mostly afterwards. It confirmed what I found elsewhere.

>What are the basic and most important steps into cyber security?

You just don't get it, do you? The aspects of cyber security are very, very tough.

1. everything is monitored and collected by the government (public internet)
2. everything is monitored and collected in enterprise networks (workplace)
3. dont give your personal details to shitty websites (eg personal data and card data)
4. use TOR browser where necessary
5. use TAILS where necessary
6. use PGP email where necessary (protonmail is good compromise)
7. always use open source where possible
8. keen sensitive data encrypted
9. use long passwords, not necessary complex by long (lastpass is a good password safe)
10. use bitcoin where necessary (learn how to mix coins, bitcoin is not innately anonymous)

Okay, maybe I should rephrase it: what works for you? Also, that's why I'm asking for the most BASIC steps to employ.

Thank you. I will not hide my ignorance: What are TAILS?

what is this even supposed to mean? Your personal steps? It depends on who your enemy is.

Are you trying to evade tracking from corporations? Use browser extensions like Disconnect, HTTPS Everywhere, and Ublock Origin/UMatrix

Are you trying to evade the police? Just follow
Are you trying to evade the NSA? Tough luck, you've already lost. Germany trades data with the US.

I tell you what, Cyber is very importatn folks, especially in today's age it is most important. My son who is just ten years old and he uses computer. He is so good with cyber. He is , like is said cyber is important. People we need to secure the cyber. People there are some who are bleaching cyber, the acid is causing lots of problems with the flow of information. It is getting dissolved. It is very important we know what is going on.

TAILS is a linux based operating system that runs on a removable media (usb, cd, etc). install it on a usb, boot up computer loading from said usb, computer will then boot into TAILS operating system.

it is designed for anonymity and contains a lot of privacy related tools.

if you wanted to evade the nsa you could with those tools. but i personally have to reason to.

just passing on ideas, use them where applicable.

the terrifying thing is that 99% of the people "in charge" know even less than he does.

Check out OWASP.org, it's a great website which is a wiki for a lot of online cyber vulnerabilities and stuff.
Also, literally just browse Cred Forums there's not much too it anymore because everything was over hyped and it's lamer than you think

cybersecurity < opsec

spot the firewall admin

I'd consider any low-latency TOR network to be broken from the NSA's perspective. When they have eyes everywhere and can monitor all endpoints, they can just reconstruct the route you took in realtime.

Of course, this doesn't expose the traffic itself, it just exposes that you're using the TOR network. Hidden service / traffic security over TOR is an entirely different problem.

grugq, a former NSA contractor, has a good blog about the limitations and feasibility of evading the NSA @ grugq.github.io/

kek, not just firewalls but yeah

basically, assume every network is hostile and all users are compromised

>hash encryption
Quantum brute forcers have been cracking it for years

grugq is pretty based
basically if you are concerned about facing a nation state you are beyond boned

i think you just broke the buzzword limit chief

will read. yeah could compromise via sybil attack. there's also I2P. i assume everything is compromised really.

Use secure passwords, use security settings that do not allow multiple wrong login attempts, encrypt everything with secure algorithms.

Shut down all ports except those necessary, don't let your open ports be known. Use nonstandard ports if practical.

But most of all, follow your cyber security training because 99% of the time its a fucking retard who compromises your system.

you must be jew here

m8 wat?

I'm not trying to evade NSA necessarily. Let me explain: beforehand I was thinking as you already indicated: they know everything and everything is monitored. So I didn't bother all that much.
But now I am wondering whether that isn't careless. And which basic security&privacy standards to employ when using the pc day-to-day.

it's the best approach tbqh

goggle and m$ have been doing a lot of research on securing untrusted networks because they assume all traffic is malicious. good appraoch imbo

the nonstandard ports meme needs to die

This isn't Cred Forums related.

400lb hacker here AMA

security is layered so it would depend if you're looking secure against a specific threat or just in general. if you're concerned about monitoring in general then obscurity will probably be more valuable: as suggested, read the grugq's stuff, especially the one on the big bird group

quantum brute force will never exist idiot

Yes, I am jew here.
>Shut down all ports except those necessary, don't let your open ports be known. Use nonstandard ports if practical.
Explain.

with the amerifats handing over controll of the the internet to ICANN it's very much /po/ related.

Ok. Cybersecurity is all about managing your risks while maintaining usability.

The #1 tip is just to never make an enemy out of the NSA or any other widespread government surveillance.

If you want to evade the police, follow Bong's guide and learn about that software.

But more realistically, you will never be the target of a government conspiracy, so just:

- Keep all information that you can away from mega corporations like Google
- Use encryption for all possible Internet traffic
- Maintain good policy on what you download, and isolate the programs which are suspicious.
- Keep yourself anonymous while online and maintain different personalities.
- Don't be interesting.

Oppressive governments are politically related, user. Whether or not you realize you're being oppressed is a different issue.

en.wikipedia.org/wiki/Post-quantum_cryptography

Educate yourself, friend.

if you signed up for any online account using your real name and/or any other personal info like a retard then it's already too late. there is no turning back after uploading your name and photo to the internet. just give up and enjoy the normalfag life.

if not, ditch your jewgle account. there are plenty of disposable email services like 10minutemail and there is no reason to have a jewtube account, the age restriction is easily bypassable.

any app using a network connection will listen on a network port, e.g. 80 or 443 for HTTP/HTTPS. any listening port increases attack surface which means more things to attack. the solution is to have only specific things exposed on a network if you need to, which for a normal user means nothing needs to be listening on the network. then you only need to worry about internal compromises like funky attachments.

>security is layered so it would depend if you're looking secure against a specific threat or just in general. if you're concerned about monitoring in general then obscurity will probably be more valuable
Just in general.

en.wikipedia.org/wiki/Post-quantum_cryptography

i remain optimistic it will

my nigger - this user must work in IT

>step 1 :
do not trust user input.

>step 2 :
make clear and closed off channels to interface with your computers/servers.

>bonus step :
encrypt everything that poeple would want to steal.

I agree, to me actually his answer was endearing. I don't expect him to understand everything like many others.I trust he knows who to put in charge though.

Well, if you are using Tails in an area such as an enterprise network where everything is monitored and can be forensically examined, don't use Tails on a USB. That is, unless you make it non-rewritable. Instead, just use a live DVD. Make sure it's DVD-R. Re-writable media (USB, DVD) is not much different than storing information on a hard disk. It's just easier to hide. I laugh at people who say "virtual machines leave no trace on your PC." What a load of shit. The VM can be monitored by your VM software and your host OS. VMs are not safe at all. Whonix might be one exception, but it still leaves data on your hard disk.

BTW: Anonymity on Windows is an Oxymoron.

>no social media
>linux
>vpn
>private trackers
>have 50 emails
>never post pics of yourself
>tape webcams and mics
>use a fake name
>have 50 user names
>don't use botnet shit (google chrome,skype etc)
ezpz

There are 400 lb people on the internet who will fuck you shit up. Be very afraid. If you have ten year old kids, they can help you out.

kek that's one approach

and not a bad one at that

well yeah, but the assumption is if root/dom0 on the host gets compromised you are beyond boned. but most hypervisor vulnerabilities relate to old tech so as long as you don't have floppy devices you should be good.

Cred Forums, what are the essential Cybersecurity secrets again, I forgot

agreed. also the more serious orgs ive worked in superglue usb ports and remove media drives

Can you trust the VPN software?

trying compartementalizing before anything else?

yeah me too. while he often sounds simple, his sentiment isnt far off

its called cyber you idiot

srs: there is no hope, everything is compromised

depends. open source and country of operation? in reality you cant trust anything 3rd party.

Quite frankly no you can't as you're trusting a middle man.
However if you get one that doesn't log and use a server in an eastern european country or at least one that's not EU or first world then you're pretty safe.
I use PIA myself.
If you wanna be a pro you can rent a vps in eastern europe, install plex on it and open vpn then use that as a seedbox,vpn and personal netflix forever.
Only really worth it if you use private trackers though (i.e if you consume a lot of pirated media)

Actually, I forgot to mention that Virtualbox does enable you to encrypt your VMs with AES-XTS256-PLAIN64. This is nice. Still, not sure I would recommend everyone use a VM. Can you trust the Oracle Software? Can you trust the host OS? I think it's best to use Tails on a non-rewritable disk. My opinion.

Silly, there is no security without the watchful eyes of the government.

There's stuff like Proxies VPNs TOR Tails and Whonix, but God only knows if any of that shit actually works.

That's my point. I think that Tails on a live DVD-R is probably the best option for anonymity. I suppose it's the most trustworthy...

some of them, yes, the default windows one, no

Agreed!

yeah, makes sense. but any live distro should provide the same.

it depends on what you are trying to avoid, since you can still be tracked based on patterns of access.

You have to trust a middle man at some point. Whether it's the OpenBSD Foundation's software + a VPS host in deep eastern EU or PIA is up to you.

Otherwise you'd have to write and audit your own software (BUT CAN YOU TRUST THE COMPILER?) while colocating from your own datacenter which is outside the reach of the Gov you want to evade.

Like I said, it's all about managing your risks.

Best answer.
And I will read through that grugq blog.
Thanks for that wrap-up.

I knew I would have to learn all of that one day.

I also knew this would come up.

good call my man

only issue is the payment info is still trackable :'(

Doesn't using obfuscated bridges somewhat prevent the correlation attacks?

Buy a VISA gift card with cash, convert to BTC, and tumble 'em. Find a VPS host which will allow you to prepay for a year and jump through it.

man, paranoia is a bitch

openbsd is pretty based. in an ideal world i would use openbsd for any public facing server.

Even then people can still hack the Tor browser and get to your real IP.

Yeah but how paro are you gonna get and what are you doing that nessecitates such 'security'?
For the average guy what I outlined should do nicely although if I lived in Germany I would take no risks

Firewall all outbound traffic which isn't from the TOR network. Randomize your MAC on startup.

The only FBI malware which did this just directly contacted them in Virginia.

This guy here knows his shit

Well, that's always a risk because of "Zero Day" exploits.

Yes never use Tor for personal information. People who run the nodes can still see it and intercept it. You're best off just using a direct, secure, personal internet connection on a computer that's been checked for malware. Don't save any of your financial information on the browser or websites either.

yeah, but depending on the adversary you are not guaranteed to be anonymous. afair the two most recent "attacks" on tor from the fbi were sidechannels, one where they controlled some percentage of exit nodes to correlate traffic and the one with that pedophile ring where they got control of a server and installed malware on the client pcs to track them.

yes

well that would be very questionable conduct. personally i would never seed multiple btc wallets and fund various servers through multiples of those wallets and then bounce all traffic between those.

i would also never access the admin and payment for those servers from random internet connections using different devices.

Right! Facebook actually has a .onion website. It's really funny because isn't that an oxymoron? I believe it's

facebookcorewwwi.onion

I haven't tried it so I have no idea if it works. The only reason that anyone would want to use that is if they are a stalker with a fake account, or they just don't have anything special to do with their free time.

Continue

no worries sys admin bro, the forever hack gets us all eventually :(

>What's that?
existential torment

Continue

it hurts so good tho

wat was it??

Most of the time, unless you are the subject of a criminal investigation (and a big one at that) the authorities will simply Google you.

For more serious stuff, you can prolong it but not avoid it. They will get you as long as you have a connection.

pay with bitcoin

Just some good common sense stuff but it never hurts to brush up on it
Would screenshot it for ya but I respect his right to delete stuff

Even if they're just fucking around, all the Cred Forums users who have hate speech laws in their country are actually incredibly fucked as soon as the governments start cracking down on it. It's their version of thought-crime. Kek.

i get the feeling we're going to need to start screencapping the good points in this thread...

that bird gives me, "The Delegates, Donald," kinda feels.

dont download virus

lol yes. it's cool though, we're probably going to all get murdered in our beds in a few months' time.

progress yes!

I can't think of a better way to do it, other than a straight $ to BTC tx with a stranger in an area where nobody knows you. What would you do?

The admin panel is a concern too, yeah. Imo, the key concern would be the javascript requirement that most impose, but malicious end points are also a concern.

I wonder if you could bypass this by using one of the freedomhost clones, but that would change your network from VPN -> TOR to TOR -> VPN. Then you'd have to use a meek bridge to keep the traffic more realistic

What a pain this all is, honestly

This is one of the more underrated avenues of attack, imo. Regularly accessing the TOR network at typical times attracts attention, and most people don't think of it.

yolo

If I were you I would get a VPN somewhere outside of EU jurisdiction, like Russia or Switzerland, and use tor to connect to it.

you can buy btc straight from an exchange and mix/join the coins to achieve anonymity. but easiest is to buy in person in cash.

jurisdiction doesn't mean anything to when they track your traffice inside your cuntry tho

Oh, didn't know. I'm inexperienced with BTC so just parroting what I heard since seemed good.

>What are the basic and most important steps into cyber security?
Get rid of Windows.

The governments of the world actually use the webcams and microphones on all of the computers to watch people of interest. It takes a top level security clearance to actually know about it, so it hasn't been leaked about. Although, regular hackers use webcams on target computers all the time so why would anyone assume that the government isn't watching too? The governments of the world like taking lines from the books they read and making them reality, for example, world government, (from the Bible,) and a surveillance state with thought-crime, (from Orwell's 1984.) It's all bound to crash down on top of them as society wises up to the schemes, but that's probably a long time from now. We're more likely to lose our freedom in the coming decades than gain anything back that was lost. The revolution is for a future generation.

/g is mostly /v-tier Reddit know it alls in some useless college course.

>The revolution is for a future generation
Yup. There's a reason they call us the apathy generation..

but my online trolling identity is not my offline trolling identity... :(

That's the purpose of using tor. If they can't figure out what you're connecting to, and none of your traffic looks like it's coming from inside your country, and even your VPN provider can't tell where you're coming from, you're good. At least for most questionable activity.

It' laughable when these lawmakers talk about implementing new laws to put criminals behind bars when they have absolutely no understanding of cyber security. These are the type of people who call the help desk and say "My computer won't turn on" and the technician says "here, let me plug it in for you."

btc/blockchain is my focus. truly incredible tech. there is a huge industry forming around it too. hugely recommend learning it.

massive political implications too. i should do a write up and post it.

i was agreeing desu senpai, just expanding

depends on how paranoid you want to be, as you said it's a tradeoff vs. effort

Do it. Do it now.

We'd love to hear about it if you have the time.

Yeah, I've watched it since it was a meme on Cred Forums 6-7 years ago.

I never bothered to give it more than a cursory glance, but I'd appreciate the write-up if you want to take the time.

Oh, ok

i would call you paranoid but the even the facebooks ceo jew tapes his camera on his laptop, so...

Install TempleOS

except with tor you are not guaranteed that your first hop is inside your country. tor + vpn is good but a determined (read as nation state) foe can still track it afaik

you definitely should. i think it's gamechanges tbqh.

but then i'm all for any tech that gets (((banks))) out of the picture.

Here's a basic newfag guide m8, enjoy.
wiki.installgentoo.com/index.php/Anonymising_yourself

What do you guys think about i2p?

geti2p.net/en/about/intro

At this point, even the FBI Director recommends you do so.

usnews.com/news/articles/2016-09-14/fbi-chief-james-comey-cover-up-your-webcam

It's good advice imo, and laptops are even coming with camera shutters these days.

You can define a bridge which will allow you to stay inside your country (if it's big enough). They give them out @ bridges.torproject.org/

Afaik there is no publicly scrapable database like torstatus.blutmagie.de/ for bridges, so you'd have to find one with multiple emails or luck.

I'm not familiar with its intricacies, but it's not a botnet or anything. The last time I played with it was a few years back but it seemed better than Tor in most ways. Just slow as hell.

...

...

here are some of my guidelines:
>be aware of the networks you use; if you're finding yourself using public wifi often, consider a VPN

>know for certain if you're connecting to the actual server you're trying to reach, use https whenever possible, use your private CA if you're running your servers

>never plug anything in your USB port that you haven't bought yourself and used since new

>any information you volunteer might come back to bite you in the ass at some point

>if you're not paying for it you're the product

>use cryptography whenever transmitting personal/sensitive information, best way is still in person

noice

I have heard some people say that they use i2p because it gets far less attention from government adversaries than Tor does (sort of like the Windows vs. Linux argument where Linux isn't attacked as much since it has fewer users). However, it has also had less peer review than Tor.

SD cards have a physical Read-Only switch on them, don't they? That+USB reader sound pretty versatile.

...

Yeah. I assume that that would work as well. As long as it is non-rewritable.

slovenia yes

Is downloading games from places like TPB going to get me fucked?

sounds about right. pity i have to disregard it because of your flag.

Yes, that's correct. It's much less popular than Tor, but I believe it was mentioned in NSA leaks, and it's targeted since it's a part of Tails.

computerworld.com/article/2476563/malware-vulnerabilities/zero-day-broker-exploits-vulnerability-in-i2p-to-de-anonymize-tails-users.html

It's been a while since I've used it so my memory is fuzzy, but it was P2P in nature so the lack of users was a bit of a self-fulfilling prophecy. But you couldn't set your upload to 1KB/s and leech forever like a torrent; You have to participate to get traffic through.

In terms of content, there wasn't much there, but you could use it as a proxy for the clearnet (which I did, to shitpost on Cred Forums when the rules were more lax).

In terms of security, I don't know how well it's progressed. Sorry

you know what they say, if you need to ask then you're obviously not anonymising

Of course, there is also memory forensics. I believe this is done with liquid nitrogen. Tails does a memory wipe on shutdown, so if the computer is off, there is a good chance that the memory data is gone. Sometimes simply turning the machine off is enough to prevent memory forensics. It just depends on how long it's been turned off.

yup
Just join ggn or bcg and use vpn
Or get a real hobby :^)

leave no traces, if you don't want to be traced back, use things like open wifi hotspots and abandon them afterwards

Have cold boot attacks even been relevant since DDR3?

I thought they heavily reduced the amount of time that electricity persists in modules

As far as I know, this method is still used.

this guy knows. it's almost like europeans need to be more informed of opsec than the rest of us.

>to not do anything online you wouldnt want to share with the world

This

yes

Maybe with a cantenna. If you go into a public place you risk being seen by the people around you as well as the surveillance equipment. A government adversary can simply ask people questions and figure out it was you by simply doing some old fashioned detective work. SO NO! Depending on what you are doing, wifi hotspots are not the answer unless you have a wifi antenna that will reach it from a distance that is away from shoulder surfers and cameras.

t. the US government

yes, goy, don't take any precautions

He's right though. It's better to bruteforce someone's wife and use a cantenna than to actually sit in starbucks where they have cctv and multiple witnesses

Unless you have built or audited your own computer up from the transistor level, you can't trust it. Read Ken Thompson's Reflections on Trusting Trust.

Intel for example is U.S. based. What if I told you, a government, that with a small investment you could get a key to every modern computer connected to the internet. How valuable would that be?

In the trillions. All you need to do is give Intel a few hundred million. They've probably been at it 10+ years. No sane government wouldn't break the law to do it.

But it's not the end. There are mathematical techniques that let an insecure processor run an encrypted process safely (homomorphic encryption). The Ethereum project tries to implement this for example. (I don't own any ethereum so no shill.)
In the future we'll use thin, easily audited clients to interact with mathematically secure servers. A homomorphically encrypted image board would be relatively simple.

You could build an alter-ego?

WE'RE GOING TO MAKE CYBERICA GREAT AGAIN!

Can I bruteforce your wife hahahaha. Just kiddin man. I saw that and I could not help myself.

if (((they))) know to look for you on cctv in a public place you don't go to often then you clearly have bigger concerns than your internet connection.

it's all defence in depth, right? so if they see you using a laptop on a public wifi spot and (((they))) can't find said laptop what can they do? if you are that concerned about anonymity then you are already way past having to wonder if the cctv is going to catch you.

Step one: Don't run an unpatched private server in your bathroom that has top secret info coming in and out of it unencrypted.

Yes, looks like they still are. DDR3 is more sensitive than DDR2, and prone to failure though.

Good talk @ youtube.com/watch?v=ZHq2xG4XJXM

No public research on DDR4 though.

Ah yes, Intel's lovely 5MB mystery blobs on-chip.

Such a shame that AMD has been non-competitive for the past decade.

true. it's one of the biggest issues now, since a lot of operating systems, i.e. not m$ winblows, are actually pretty secure out of the box.

this is one of the main reasons our slavbros in russia and those yellow niggers in china are building their own chips based on ARM

and if you do make sure you wipe it before the inevitable senate hearing but ensure your admin leaves an online trail

Well, it's not just that. They can also access the networking equipment and see who accessed what at what time etc. The cctv is only half of what they could do. Even if you use Tor, they will see that you used it. I mean it's not like everyone knows how to use Tor and use it correctly, so... In my opinion, hotspots aren't really safe at all unless you have a way of accessing it from far away.

The point is that if you want to be user then maybe don't do shady shit in broad daylight for obvious reasons

CYBER - WE SHOULD - CYBER IS THE CYBER IS VERY IMPORTANT

I HAVE A 10 YEAR OLD SON AND A 400 POUND CHAN MAN ON MY BED

>wipe it
what like with a rag? hit that shit with a hammer

as for me I use a sawzall with a carbide blade for the quick and easy

Most important step into cyber security is to have no internet.

stuxnet and thumbdrives for the fukushima wild ride

THANKS JEWS!

fair enough but the assumption here is that you know enough to actually use things like TOR properly and you don't do shady shit in broad daylight.

i would say use a disposable laptop and cell for interwebs but even if you use a local wifi hotspot, don't make your traffic stand out. don't run tor, don't run an nmap on the local network don't run some shit like tcpdump my.hackedserver.ru.

you can still use a public hotspot, without using the wifi, but even using the wifi just be smart about it. layer that defence my man.

Just never write to the drive. Use a Tails live DVD. If you are really worried about it, you can pull the hard drive out of the machine completely. Better yet, just find you an old piece of shit machine with a decent amount of memory and take the hard disk out, then boot Tails.

well if she didn't have alzheimers and her admin didn'g have an IQ that wasn't measured on the same scale as room temperature they would've watched some blackhat talks and installed some of those disks with thermite on the drive platters.

>tfw used to have /comfy/ local ISP with leased verizon lines that didn't even know how to configure them properly without help
>nmap all day long
>packet the shit out of everything
>lines stuffed as full of numbers as they could get 24/7
>verizon don't give a fuck because it's a drop in their bucket and the bills are getting paid

those were the days

this

when done with a burnder laptop just pull the drive and ram and melt them.

You should do it like the Coach Joe Paterno Child Sex Slave Ring lawyer and chuck the drive in a river so the agent who finds it can get offed and the drive disappeared.

in SA you used to be able to nmap the entirety of your "public" range and access the users' routers directly. most of them obviously had the default creds set and this was also the days before the password fields were actually protected so you could just copy/paste creds from these routers.

fun fact, ZAR ISPs now only allow specific telephone numbers to connect with accounts ;)

not that i ever did this, btw. i just heard that people did it.

talk about layering defence, eh? ;)

also, is it just me or do these captcha's get more difficult with each drink?

>how to look suspicious while accomplishing nothing
great post famalam

What are you drinking?

Well if you're talking about home routers and wifi and shit, it turns out if you can get into one with two antennae and you can xmit on both, then you can use that to triangulate anything within range and develop something close to a 3D map of the area.

This is public research btw.

said the guy who's obviously tried to set up GPG with S/MIME

that's a day of my life i'm never getting back

Don't connect anything to any network

anyone here use iridium? i want to quit chrome but i'm so used to it.

i'm drinking bestiality

lol, i've read about this, yeah. combine this with the fucking (((israelis))) doing research on snooping airgapped systems and you have a lot of fun times coming

DUDE WHAT THE FUCK YOU'RE DRINKING CANADIAN DOGS?

i try avoid leafs if i can

im drinking this

en.wikipedia.org/wiki/Black_&_White_(whisky)

it's pretty good after the first bottle. until they ask you to select all the cars... fuck, i can't even spot my own fucking hands rn 8/

woah
You guys know any good blogs/news sites where I can keep up with stuff like this?

We did a big mistake with the internet, it should have been a gaming and porn tool O N L Y.

my advice would be to think carefully before paying attention to infosec. there is a reason those guys are some of the hardest drinkers on god's green earth...

you could start by just subscribing to the security mailing lists of the software you use. srsly though, if you think getting redpilled about kikes was bad, wait till you see the shit happening with fucking software... it's the wild fucking west my man.

I work in research these days, so I just sometimes walk down the halls and read the abstracts on the advertisements for talks and put 2+2=4 together.

Don't really have time for blogs as that would encroach on my shitposting time. I don't even have time to sort through all the damn trade emails I get spammed in anymore, which are also a great source of upcoming developments (where the money goes, the R&D flows).

well it was originally designed as a tool for US generals to ensure they have access to porn in the case of nuclear war, so that makes sense.

i just don't get why everyone seems intent on connecting everything to a fucking computer and the internet. i mean they've compromised every computerised car ever released. just stahp. pls.

iridium the satellite network?

What if I have a highly specific, but legal porn habit? ;-; no one wants to see that

It's for the singularity mate. The internet of things people are an amazing source of autism set to building the end of the world as we know it.

you must work in IT :P what kind of research?

honestly, i've unsubscribed from most mailing lists and feeds because of the volume of retarded shit. i don't want to spend an entire god damned day reading email.

One day, there will be an entire image board devoted to trading video of you enjoying your highly specific porn habit.

lol if they were building to end the world they are definitely on the right path. man, the fucking vulns coming out the (((internet))) (((of))) (((things))) is fucking ridiculous

the (((NSA))) disagrees and probably already knows about it

I usually get paid by DARPA, Google, Yahoo!, Microsoft, NIST, NIH, etc.

never make profiles
do not use windows products
never use gmail or google products
kik, skype, steam, whatsapp, facebook, etc all disclose all of your information to the NSA and police if they request
use a local self hosted dns server
do not use tor, VPNs, or anything else
do not make porn site profiles, and assume any porn you lookat has classified you as being something on your NSA profile, for example, furries are being regularly catalogged so that later on someone can use that information against them if they start to get uppity
just be a plain ghost, use an internet connection with a different mac address

man, that's awkward... either you're one of those researchers who swallows the gravy and says what (((they))) want you to or you're one of the good ones who has to pretend to do it to keep your research going... either way, i pity you :( gl hf bro

also, could you pls not undermine RSA k thx

this

I try to keep it on the up and up. It's a weird place to be, but I think it's important that people in situations like mine keep open good side channels of communication to the rest of the world like shitposting or writing fiction or whatever else. In the end, it's going to come down to a lot of people working together to catch this thing when it falls.

As for RSA, I don't have the inside scoop on that, but I have heard some disturbing rumors.

But here's a key concept that is often missed. Once everything is recorded, then you have to divide by time, which, as far as we know, is roughly infinite. Or at least we'll all be dead and gone before time ends. If you trust X to keep you safe now, do you trust we'll never be able to think up a way around X for all eternity?

He's referring to the NSA-backdoored crypto that RSA (the company) implemented

What rumors, though? Most people who pay attention will consider RSA (the algo) to be deprecated. ECDHE is the new hotness.

that's a good point. that's why even though we don't have stable quantum computers quantum crypto is one of the biggest things right now, since the assumption is that once we do have a stable quantum computer we're fucked on current crypto.

as for RSA it's only an issue for enterprises, i think, since the open source guys are mostly ignoring them. that NIST RNG thing was fucking hilarious to me tho.

as for it being a weird position, as long as you don't compromise results and data because of the other shit then it's all good as far as i'm considered.

I know what he's talking about. But the rumors I've heard are not good enough to spread.

Indeed, it should be considered deprecated. Unfortunately, the world keeps going the way of PGP emails, TOR, securecrypt, etc., and not deprecating on schedule.

It wouldn't be that hard. We have complex advanced OSes that run for just about fucking ever on their own. But """for some reason""" people aren't that interested I guess.

ECDHE is super smexy tho

Don't blueball me man. Cred Forums is where 6 million jews' death is a conspiracy. Nobody's going to take it seriously.

"crypto" has been flawed from the start, unless you use keys much larger than the target data you are trying to encrypt they mind as well just be passwords, for a crypto alg to actually be useful it has to have multiple layers of instrumentation

also this comes from most people encrypting things with a key that is hashed data
>encrypted layer of data
>layer using words in English to confuse most NSA brute force programs
>more layers repeating until you get to the data within

while entirely possible to make an encryption that wouldnt be broken by something searching for what looks like words, it hasnt been made yet because nobody seems to take this seriously, if they did, dns requests would have solid authentication to make sure the data is real and not just a "man in the middle", oops that official dns root nameserver forwarded you a name to a honeypot for state malware

Back in school, the fastest way we found to keep the 300IQ NSA math majors from being able to crack the communications we'd leave out in public was through metaphor.

I fully expect one day they'll trivially easily be able to assign the bulk of my posts to who I am based on my use of language. But not until they can adequately model language and how it moves from numbers to metaphor.

THE JEWS ARE SCRAPING ALL Cred Forums POSTS AND USING IT TO IDENTIFY DISSENTERS

Laughs aside, I do not blame you. I recall a journalist who had the same fears and spoke very tersely when being interviewed anonymously because of it. Writing styles are hard to drop.

Nah, I take the reverse view. I hope they're paying close attention to what I've been saying in public for years.

Let's avoid the worst, eh?

these are all very nice, and you seem to know what you are talking about, but without decent alternative suggestions for some of the things suggested, it's all smoke in the breeze...

Oh, and they are in fact scraping to identify dissenters. That part is no joke.

Stop and think for a sec. 2+2=4, right? Trump wants Muslims to rat each other out. Trump wants to stop ISIS from using the internet to radicalize the youth. Do you think it's just about identifying dissenters? No, it's about modeling a variety of more latent variables in order to identify the networks.

yeah, these are all known flaws. that's why if you care about security you pay attention to these things, especially the latest TLS specs and it's why you layer this shit. as for dns poisoning, well if they compromise your DNS you have bigger concerns. if your shit is sensitive enough to care about this kind of thing then you espiaclly pay attention to it and work around it. also, private networks and internal dns etc.

what do you mean the future? it's happening now my man, though afaik it's mostly for targeted people since it's very manual.

give that man a bell's

I'd expect them to. They didn't build the most expensive data harvesting network in the world for nothing.

The key, as always, is just to not be interesting. Hopefully America doesn't go full totalitarian during my life.

that ship has sailed my friend.

as for checking for dissenters, people seem to think that this is some sort of future tech. tell me - what do normies think "big data" is? you could track specific patterns, e.g. specific turns of phrasem, across the entirety of the internet using AWS.

>what do you mean the future? it's happening now my man, though afaik it's mostly for targeted people since it's very manual.
You answered your own question. The future is going from manual to automatic.

>Edward Snowden mode:
Tails OS

it is based on Linux (Debian, I think)

It is installed onto a USB drive or SD Card.

You can boot any computer from the USB/SD and it leaves no trace on the computer - Hard disk page files are not used... all data is stored on RAM which is permanently wiped when you shut down the computer.

Within Tails OS , you can only access the internet via Tor. All scripts (Flash, Java etc are disabled).

>Power Tier:

Normal OS (Mac/Windows)

VPN (decent one) + Tor Browser.

>weak tier
proxies, free vpns

>using AWS
In Soviet America AWS uses you.

Clouds are like the internet. They're for being able to watch what everybody else does with them.

Yeah, I recognized the irony of the post after I submitted.

The chilling effects of the NSA are a hell of a thing.

>God tier
configure a live distro Qubes server as your gateway, have multiple ISP accounts, each in its own vm and route inbound requests using a random one

Now you're thinking with portals. I was once thinking about using controlled jitter in ICMP echo requests as the dark section of an IRC to email bridge, but the bandwidth would have been too low for the channel of interest.

kek exactly. i happily use it for people i work for but man oh man i will never put anything important i need to persist on it.

the thing i find most funny is people now going "omg they are listening to our things in the current year"
mfw they've been doing this for years.

the reason i think snowden is based is that he proved common tech is being used to do bad things, which these leftie fucks never thought possible.

Your posts are awfully comfy reading user. Ty and keep it up.

So much this. Watch this deacon talk about how tor users got caught. Moral of the story:
1. Understand what you're doing
2. Don't attract attention (don't do illegal shit)
3. Don't brag or give out personal info

youtu.be/7G1LjQSYM5Q

Don't put it on a computer.

that is fucking great :D the bandwidth would be terrible but man nobody would see it coming. i like that project they use to get around the monitored (((public))) wifi spots by routing everything over DNS/UDP.

i've been thinking of a similar TCP system, where you have a bunch of public servers, kinda like Tor, which act as gateways using that VM ISP gateway where each sessions is encrypted using IPsec to that gateway vm

lel you just reminded me one time when we were having embarrassing cybersecurity problems a story got circulated that the Russians were buying up all the typewriters from eBay and anybody who had a typewriter in the attic should sell now to make $$$, but the really smart people would keep them safe for later

exactly. it's what i try to teach my users as well since this will solve at least 80% of security problems. the issue is that most people cannot keep up the vigilance, which is why you need to put systems in place to help but users are fucking lazy cunts :'(

lol i remember that, but the way i heard it, it was the germans using typewriters after snowden revealed the US was spying on her blackberry.

Ha! No, this was years before Sowden.

See? Now we know the typewriters are chaff. PUT YOUR TYPEWRITERS INTO THE SHREDDER

i always shred my typewriters since the Bundeswehr can read the the things i've typed off the heads :DDDDD

Hear about that other time the Russians figured out you could use satellite to send commands to a pre-compromised server because even if you were to catch the satellite signals in either direction, you still wouldn't normally be able to know the sender or the receiver?

The US at one point got pissed enough to drop that into the MSM to let them know we were unhappy.

kek. man, falling for the technology jew sure is hard. i consider GPS a practical joke.

also, after i realised you don't have to masquerade your requests using anything funny. you could do a meta implementation, where the PATTERN of your requests determin your actual requests. so you request site 1 twice and site 2 thrice and that means you want to get routed to site 3... probably wouldn't hold up with some serious design work but you would have some NSA analyst going "wtf" for a while

>where the PATTERN of your requests determin your actual requests.
It's all about the patterns.

And then after that it's all about reverse-engineering the patterns so you can learn what the pattern learning has learned. It is in fact a never-ending cycle of this - cf. my earlier reference to time going to infinity.

a never ending circle jerk tbqh senpai

It's worse than that, though. Down and around the hall from me, you can type on a keyboard and they can tell you if you have a neurological problem.

One day they'll be able to figure things out by the way you jerk off. And just think: kids these days love to turn their webcams on while they jerk off.

BELIEVE ME I HAVE TEN YEAR OLD SON CYBER SECURITY AND BELIEVE ME ITS VERY IMPORTANT A TERRIFCI PROBLEM IS YUGE WE TAKE CARE OF THIS BELIEVE ME 400LBS CYBER

WOULD AN INTELLIGENCE SURGE FIX THIS OR JUST SOUND BETTER?

pls direct me to the korean news source this video surely comes from

i will never understand this irrational trust of technology people have even after all the major breaches. it's like they don't pay attention at all 8/

COMPUTERS ARE CYBER ITS A HUGE PROBLEM AND ITS WE FIX THIS SO FAST - I HAVE A SON HES TEN YEARS OLD HE HAS A COMPUTER THERES PEOPLE IN CHINA

*sniff*

NOTHING SOUNDS AS GOOD AS A GOOD

C H Y N A
H
Y
N
A

I think I'm going to start using "cyber" all the time instead of "tech" or "IT".

mfw it catches on

but enough about every government ever

It would take a whole other 300 post thread to explain that. But basically it's because it's easy to make people want things.

>What are the basic and most important steps into cyber security?
Configure your things correctly. If you are unsure, search google
Keep your things updated
Learn about hackers and the like. You don't need to have expert level knowledge, just enough so you can be sure your fears are valid.

And don't click on emails. I always get emails from my security department reminding me to not click on emails.

never post a threat on the internet ergo against a building you will be found

and you probably do anyway, don't you?

>I fully expect one day they'll trivially easily be able to assign the bulk of my posts to who I am based on my use of language
this has always been on the back of my mind, I feel like some day I'll have to justify lots of suff
also, the way i draw

Almost never. I still use a modified version of pine for everything always.

It's too late user. Once they bring back HUMINT we'll know it's you most of the time.

>Cred Forums has better discussions than Cred Forums on technology

fuck Cred Forums and whatever happened to it

Nobody is hunting down your posts. Please do not spread false rumors. Go back to your every day job citizens.

the few times i was there they were all fucking commies and queuing up to blow stahlman. stalhman needs to meet with a terrible accident, even though he is apparently against the mentally ill.

Who keeps thinking about dinosaurs when they see birds? I do it all the time

Stallman is our friend, he fights for freedom.

sure he does, that's why he cockblocked the GCC plugin framework. i mean, competition is bad, right? it's pure coincedence that LLVM is a better compiler and more popular.

PS he's a fucking commie and i hope he gets eaten by cockroaches on a beach.

Just as a note, for the Windows users here (discounting Windows 10, in which you're sol), remember that Windows is a highly complex system and has many, many functions built in for data retention which forensics investigators take high advantage of.

One of the biggest ones I'd recommend you disable is the Volume Shadow Services which is the service that is used to create the backups used in Windows Restore. If you open up an elevated command prompt and type in the command

vssadmin list shadows

you'll most likely see a bunch of system restore points, or Volume Shadow Copies. These will contain data from previous points in time, even if you deleted the files on your disk and can be restored from this method. Get rid of it and disable the service in the Windows service manager.

type in vssadmin delete shadows /all in order to delete them, then go and find the service to disable the volume shadow service so it doesn't make system restore points automatically anymore.

Another thing to know is the NTFS file system and how it tracks files and data. Look up and do some research on the $MFT if you're interested, but otherwise download the tool Privazer in order to delete files securely. Permanently deleting a file removes the flag in the file system saying that the physical space is being occupied by said file or directory and allows the file system to write over the space with the data, but it does not guarantee the file is deleted or wiped from the physical disk immediately.

And one more thing, always clear out your cache and clear it out often. Thumbnails are probably the most common way that people are busted and implicated by the feds. Even if you deleted the file itself and even if it was written over, if the generated thumbnail wasn't deleted and wiped as well, it's still usable as evidence.

Now obviously there's more things, but I thing these things are some of the biggest things to worry about. Remember, anti-forensics is learned from forensics.

>thumbnails in the cache
Man, all the things you didn't necessarily want to know about somebody.

I honestly would go into more detail, but I'm limited by the stupid fucking 2000 character limit, and I hate having to write out multiple posts.

Happy to answer questions to the best of my ability though.

I don't personally have questions. I've audited a hard drive or two before it experienced physical death.

Just pointing out that you're quite correct about where to find maybe too much information.

good advice, thx swede bro

If you want to keep backups, you also need to keep them in physically separated places. I almost lost everything one time when two RAID arrays in a tri-mutual redundancy system almost might have come to physical death and the datacenter chief caught me trying to sneak one of them out just in case.

Yeah, it's actually pretty ridiculous how much data retention is built into Windows.

Other minor points to be wary of btw,

Make sure to clear out jump lists, which are those lists of previously accessed files that you see when you right click an icon on the task bar in Win7/Win8.1. Even if the file doesn't exist anymore, those are still pointers to the file and forensics investigators can use this as evidence in their final report. Use privazer or ccleaner to clear out most of these things. Seriously, forensics investigators hate these pieces of software because it makes their job 10x harder.

Logs are also to be wary and should be cleared out every so often. Again, CCleaner or Privazer will take care of these.

Also look into Prefetch. Not as big a deal, but still worth looking into.

>bleachbit.org/news/bleachbit-stifles-investigation-hillary-clinton

backups are like dead niggers - the more the better. learn from those code spaces people and have multiple backup sources, across multiple providers.

anyone else surprised they can still type? man this whiskey is kicking my ass rn. still hope stalman dies tho. fuck that guy. srsly.

this is why i recommend qubes/full vms and full disk encryption since even a normal erase will provide quite a bite of security.

NSA already announced it has the emails. If that's a bluff, then the NSA deserves to be defunded and shut down.

we must protect the cyber

I don't know why people would ever use Windows in the first place honestly, especially if they gave a shit about security. I guess that's a mirror of how stupid the common criminal is.

Back when ext3 was still the thing to do, I just got some dude's thing off his personal website, the relevant RFCs, and modified it until it could get what I wanted off a #rekt thing. There's no need to make it so complicated.

Too bad nobody was there to pay me to submit patches back to the open source community so everybody else could have something that would actually work ;(

Anyone else having "unable to resolve DNS Host" errors on trying to connect to sites?

>multiple providers
>implying I'm going to leave anything not innawoods somewhere

you didn't expect handing control of the internet to the (((UN))) to go off without a hitch did you?

omg

the 3d effect on that pic

my sides are dying

Well people use Windows because it's grabbed up the consumer side market share which means all the games and movies are designed for it, and they're trying their damndest to do the same for the server side.

Windows is just massively insecure by default, but if you know what you're doing and configure it correctly, Windows can be pretty well secure. Of course, it'll never be as secure as an open source alternative due to the proprietary nature of the software, but it can still be pretty secure and, of course, "it just werks" (NOT lmao)

"physical off-site redundancy as per disaster recovery requirements"

Macs generate greater levels of consumer satisfaction anyway. Recommending that is super-effective.

It's fun watching the toy-phone market evolve. Wait until you see what we have in store for that. Still working out the multilayer stratification from thin client to thick client in old people terms, but if you think children are captured by TV or pads or whatever now then just wait.

We're gonna catch 'em all.

Yeah that's nice. Currently going on over a year of chapter 11 bankruptcy proceedings from a certain contract.

People like me because I provide reliable and cost-effective solutions.

the good news is that after windows 10 the "it just works lol" and "it's easy to use lol" memes have well and truly died. i like how you can't opt out of their "telemetry" gathering and how you can't schedule updates. wp m$. wp.

you're like a little baby
watch this
HACC

Autist mode = use proxies/vpn enabled browser on a virtual machine running something other than windows

Bruce Schneier uses Windows as his primary OS, so it can't be that bad right? RIGHT???

tfw barron becomes the next richard stallman

probably because he's learned to let go of his jimmies. any OS can be secure if you don't have anything sensitive on it or you just don't care if people have the info.

>Bruce Schneier
wow that's quite a bio

The old bell labs crew is cool as hell, but they're old and generally on the take already, even if they don't know it because of ((())).

>shitting on AWS
You're much more likely to develop something that gets fucked hard either through bad security practices or limited scalability if you roll your own than if you use a service like AWS

true, but the secret here is to not have retards develop your shit. also, AWS (((route 53))) and (((elb))) need to die.

I don't think you understand, buddy.

But as far as the price structure goes I haven't checked in a few years, so I can't comment beyond noticing that the people who use it do so reluctantly.

Don't hurt me bro. I'll just chillax over hear with full use of the clusters I built before "clusters" were a thing.

What's wrong with Route53 and Elastic Beanstalk? They only need to die if, as you've said, you have retards developing your shit and they end up costing you a fortune

If you can build and support your own clusters without it becoming a time/money sink for you or your company, then that's great. That's not the case for many startups or individual developers, though

>the hacker named Cred Forums

That's correct. I built them because every other option was a time and money sink.

In retrospect, I should have built them harder, but at least we could skirt around the regulations enough.

What do you use them for?

i have an issue with paying per DNS query for (((route 53))) and (((elb))) literally just drops traffic when i doesn't expect it. that seems... silly to me

it's not that hard tbqh, the problem is that most companies have non-technical people making technical decisions which is where shit goes terribly wrong.

All sorts of things. Like I said, I work in research, so the ideas are always changing.

I probably shouldn't say some of the underhanded things.

How do I install it? After saving the pic it gives me no option to install

If you're using it for research and local number crunching, then yeah, building it yourself makes a lot more sense.

The pricing is pretty cheap. If you spend as much on Route53's DNS lookups in a month as you do on a single cup of coffee, you're probably creating something that you can generate revenue off of to sustain yourself. Assuming that you're creating something that's meant to turn a profit, that is

I'm a total newb when it comes to this stuff. I recently bought PIA VPN for a year, also have Avast.

Are there any other good steps to take? I also noticed I cant post here when I use VPN. Not sure how to fix that.

buy a Cred Forums pass. only 20$ a year shouldnt be a big deal if your not a poor fag

>local number crunching
>local crunching
>local
Can you guess one of the reasons why I'd want to stand up my own rack instead of using AWS?

> no option to install
i have some good news and some bad news m8

don't get me wrong, the pricing makes sense i just seem to have a mental block against it. i would rather run my own dns desu senpai. the (((elb))) is a piece of shit tho. no questions there.

> phone us if you expect a spike in load
thx guys great "load balancer"

What if you use a dynamic IP? Isn't a pass just throwing away 20 bucks? You still get banned even with a pass and ivd been banned for the most stupid bullshit

this user knows what it's about
local networks, amirite?

You might have to set up an exception to use VPN for everything except for connecting here, then. Depending on your machine, that would either require OS-level configuration or browser-level.

Additional steps you ought to take should include getting HTTPSEverywhere and ensuring that all of your online accounts at least use two-factor auth for additional security and notification in case you get compromised

Also, check out this site to ensure that you're not already at risk of being attacked:
haveibeenpwned.com/

I've already agreed with you. Not sure why you're trying to make it look like you're one-upping me

ELB isn't bad. You can configure your instances to scale based on various arbitrary metrics. You can scale up based on network, CPU usage, etc. Really easy to fuck yourself with it, though

>tfw first to get unused gig fiber on the local net
>tfw subnet
>tfw head network guy puts you on the local network map as evidence we need an upgrade
>tfw finally multiple big name providers

i love haveibeenpwned.com since if you need to ask the answer is usually "yes".

>also have avast
>Are there any other good steps to take

delete your antivirus right now for starters.

Honestly, I know of no other software that is just downright useless, resource hogging, and inefficient as an Antivirus.

The only good Antivirus's are ESET, Kaspersky, and MSE. But you still don't even need those.

Here's a tip user, the vast majority of your malware is going to come from your web browsing habits. If you install the following addons, you're virtually guaranteed 99% to never get malware that can be avoided ever again (this means everything except for 0-days).

On firefox install the addons:
Ublock Origin
noscript
self destructing cookies
Privacy Badger
HTTPS Everywhere
Better privacy
Blender

With these addons I promise you you will never get a virus ever again unless you're so retarded and explicitly allow it on your computer.

The biggest of these addons are Ublock and noscript.

Ublock is fairly easy, just install and go, but noscript will take a little bit of learning and getting used to as it's a site script blocker. You're going to have to whitelist every script on a page that pertains only to the page itself that makes the site functional, and leave everything else blacklisted. The blacklisted ones will always be third party scripts running for advertisers and trackers.

Get going

(((Stallman)))

it's an 80% solution. i feel that when you get to that point you need to be able to set up your own solution since solutions like (((elb))) are necessarily limited for some applications.

that is a great feel

t. malware writers

running windows without an anti-virus is like fucking a dindu waifu without a condom - 99% of the time you're fine but 1% of the time you get AIDS. worth it?

if you don't want to run constant anti-virus then switch to Linux or BSD.

Do you have an example? I'm curious about your thoughts on it since I've been pretty deep in the AWS world mostly for API scalability and microservice architecture at one company doing essentially one thing, and haven't yet used Elastic Beanstalk outside of that realm

an example would be something like a 10% traffic spike, which you would see if, for example, you send out a notification on your system. elb tends to just drop "excessive" connections unless they scale up over a certain amount of time (afair it's like 15 minutes). so spiky traffic gets dropped, but some platforms deal with only spiky traffic so you tend to over provision. but that's why i say it's an 80% solution, since 80% of the time it works 100% of the time.

if you need something more advanced it's not that hard to implement. i'm partial to clustered environments myself.

take this with a grain of salt though since your milage may vary.

Bro, I've competed in competitions where I and my team had to defend from red teams who are actively trying to infiltrate and pwn our systems, and they explicitly said that they were laughing at all the teams who installed antiviruses because they didn't do shit to them getting in. They took screenshots too.

Antiviruses only work as well as the definitions database allows them to, which means the malware has to have some kind of hash signature or code pattern within that is known to be malicious.

This can be 100% avoided with the addons I've told to install on your browser since that's where 99% of your viruses are going to come from for most people (discounting email). The common malware will never be allowed on your computer because everything is blacklisted by default except for what you know is trusted.

If you're getting pwned by malware that gets past this line of defense, your antivirus ain't going to do jack squat shit and you have bigger problems to worry about at that point.

so one shouldn't get vaccinated because new diseases won't be stopped by vaccinations?

why not both?

...

Good point.

What do you use to build your clustered environments, usually?