>>101419041This isn't your jobs thread or cert thread, it's a group therapy session. /Cyb/er/sec/urity/pri/vacy general is for the discussion of anything and everything related to cyberpunk culture, cybersecurity, and digital privacy.--[/Cyb/erpunk]-----The FAQ: https://sizeof.cat/post/cyberpunk-faq/What is /cyb/erpunk? https://pastebin.com/pmn9vzWZHow do I into /cyb/erpunk? https://pastebin.com/5tpNFQdsHuge list of cyberpunk media: https://sizeof.cat/post/cyberpunk/The cyberdeck: https://pastebin.com/7fE4BVBgCyberlife: https://jinteki.industries/files/cyberlife.7zBibliothek: https://www.mediafire.com/folder/4m5hd2065hde8/Bibliothek--[/Re/verse Engineering]-----Getting into /re/: https://wiki.installgentoo.com/wiki/Reverse_Engineering--[/Sec/urity]-----"Shit just got real": https://pastebin.com/rqrLK6X0Cybersecurity basics: https://wiki.installgentoo.com/wiki/Cybersecurity_-_/sec/_guideand armory: https://wiki.installgentoo.com/wiki/Cybersecurity_-_basics_and_armorylearning: https://wiki.installgentoo.com/wiki/Cybersecurity_-_Learning/News/CTFsReference books (PW: ABD52oM8T1fghmY0): https://mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw/sec/ PDFs: https://mega.nz/#F!zGJT1QQQ!O-8yiH845GN26ajAvkoLkAEFF anti-surveillance: https://ssd.eff.org/Other library: https://mega.nz/file/UCgEGAjb#rwNcnMAQCUUbSp8supsFvn9QEHCWUW86eLcZa16ZG4Y--[/Pri/vacy]-----Tools: https://www.privacyguides.org/en/tools/Hitchhiker’s Guide: https://anonymousplanet.org/guide.htmlHardware: https://ryf.fsf.org/productsFrontends: https://wiki.installgentoo.com/wiki/Privacy_friendly_frontendsOSINT Guide: https://inteltechniques.com/index.htmlFirmware: https://libreboot.org/RMS: https://stallman.org/facebook.html--[/hmg/ Hackerman General]-----VM/CTFs:http://overthewire.org/wargames/bandit/ - easy beginnerhttps://www.vulnhub.com/ - prebroken imageshttps://www.hackthebox.eu/ - super secret clubHuge info dump: https://hmg.neocities.org/
We have a slight flooding now, level 7. Still, I had hope the /cyb/ would have survived that.To keepthis going throough the night, I'll return to the old remedied: Lunarpunk and Nightcore!https://youtu.be/27tXqfc3vpY?feature=shared
>>101468683>What a shit bake. We were moving forward, but then some autist decided to spoil the fun. What a retard.Thanks for your massive effort. Not sure about the autist, was that reverted?
epoxy on my ram and rom
cyberpunk security chads, how we feelin?
>>101483160linux bros, we eating good tonight
Which Linux fork should I be using?
>>101484714One of pic related, I recently went back to Fedora Workstationhttps://www.privacyguides.org/en/tools/
>>101484714trisquel.infohyperbola.infoignore literally anything else, its all backdoored malwareafter while make your own distro>>101484829"privoocy"everything listed there is non free lol lmao
>>101485195What part of fedora is non-free?
>>101485239kernel, packagesalso uses meme stuff like gayland,systemdnetworkmanager pings fedoraproject.org
>>101485272>kernelI assume you mean the firmware? if not would you be willing to expand >packagessuch as? I am trying to see the progress over time>also uses meme stuff like gayland,systemd>networkmanager pings fedoraproject.orgnot really relevant
>>101485398>not really relevanthow are hidden pings in networkmanager not relevant?literal botnettrue free software should have 0 telemetry and 0 pingshttps://www.gnu.org/distros/free-system-distribution-guidelines.html>No Malware>The distro must contain no DRM, no back doors, and no spyware.
>>101485427>how are hidden pings in networkmanager not relevant?because the question was "What part of fedora is non-free?" so I could do more research on to it The question wasn't "What issues do you find with Fedora in general? I will try to convince you otherwise" I am not trying to convince you to use Fedora, I just want to research the claims
>>101485466https://www.gnu.org/distros/free-distros.en.html
>>101485466>because the question was "What part of fedora is non-free?"TELEMETRY IS NOT ALLOWED IN FREE SOFTWAREYOU DIDNT EVEN READ MY POSTFFS
>>101485515the question was "What part of fedora is non-free?" so I could do more research on to itthe question wasn't "give me a list of gnu approved distros, since I can't convince you to use fedora" I am not trying to convince you to use Fedora, I just want to research the claims
>>101485534is this broken bot or something?read this https://www.gnu.org/distros/free-system-distribution-guidelines.htmlyou can literally see that everything in there is broken by fedorafedora is not fsf approved because its non free
>>101485547see >>101485398 "I assume you mean the firmware? if not would you be willing to expand"I understand the firmware is not free, the anon also clamed packages, which is what I am also curious about >>101485528Stop being a fucking retard, Telemetry is bad, Malware is bad, this does not mean Telemetry satisfies the definition of Malware, that is why I ignored that point, because you don't know the definition of words
>>101485572>because you don't know the definition of wordstelemetry is malwarethere is no reason for it to be pinging its own serversno different than microsoft windowsit is not a free operating system because it fucking spies on you>firmware is not freemitigations and some security things in kernel are also going to be non free>the anon also clamed packages, which is what I am also curious aboutnon free repos out of the box are not allowed in free distros
>>101485613>telemetry is malwarebelieve what you want>there is no reason for it to be pinging its own serversI didn't say there was, see how I said I wasn't trying to convince you to use Fedora, I am still not trying to convince you >no different than microsoft windows>it is not a free operating system because it fucking spies on youbelieve what you want to >mitigations and some security things in kernel are also going to be non freecan you point me at an article or something or give me a name of something, I am searching for the things you say after every post but it is turning up a bunch of non-specific unrelated results>non free repos out of the box are not allowed in free distrosAre we just ignoring that a repo isn't a package, and that you can choose not to use 3rd party repo's during the setup process? that is what I mean when I say progress
>>101485673>believe what you wanttelemetry is malware according to gpl>I didn't say there was, see how I said I wasn't trying to convince you to use Fedora, I am still not trying to convince youim saying that fedora is non free, this is not about what who should use>believe what you want toit it fact not belief>can you point me at an article or something or give me a name of something, I am searching for the things you say after every post but it is turning up a bunch of non-specific unrelated resultslook up linux-libre patches>Are we just ignoring that a repo isn't a package, and that you can choose not to use 3rd party repo's during the setup process? that is what I mean when I say progressgiving access to non free software is forbiddenflatpak gives you stuff like discord spotify etc all non freechromium is non free and shouldnt be reposinfact chromium is the default browser on memedora
>>101485195meds, now
>>101485878enjoy your botnet
>>101485847>look up linux-libre patchesok>giving access to non free software is forbiddenare you sure this is the stance you want to take? the mere act of giving access to non-free software? are you certain you thought that one through>infact chromium is the default browser on memedorafirefox.
>>101485884no botnet in my gnu+linux OS, only free packages and linux-libre kernel, so you can kindly fuck off
>>101485899curious because you are posting on website that requires non free javascript>>101485895>are you sure this is the stance you want to take?yesit is easier to have 1 computer fully free and then separate one for botnetdo not mix
>>101485919>yesso then logically speaking, any software that "gives access to non-free software" should satisfy that condition, no take backs?
>>101485939free distro should NEVER let you download non free software from their reposbecause that would make it non freeimagine running windows software on free distro, might aswell use windows
>>101485947when have i implied that im not on botnet computer?
>>101485955you didn't say "from their repos" prior to this, I am glad you finally caught that
>>101485972you can install any software on any distro by just downloading static linked binaryso of course you cant prevent thatbut it should be that free distros should only promote free software
Building my first PC and getting an external drive to go with it, and I figured I should learn how to encrypt them too. I use Windows, so I think I should use BitLocker for my PC drive (only have one for it right now) and use Veracrypt for the external. If my understanding is correct, I will need to create a Veracrypt partition(?) that takes up the majority of the space on the external, transfer files from my laptop into that, and then I should be able to move them into the new PC, relatively problem-free?
>>101486403dont bother with advanced filesystem stuff on windowsit will be pain in the ass to recover
I don't know if this is the proper thread to ask, but what's the closer I can get to making a nomad setup with a tablet and a Bluetooth keyboard?I'm nostalgic of netbooks.bare minimum is using emacs (with org mode). python, GHC, and a sepples compiler would make it ideal.
>Old OP>Same picWell, good luck bumping it on your own, retard. Be careful, some links can be malicious. We have an updated OP now:/Cyb/er/sec/urity/pri/vacy general is for the discussion of anything and everything related to cyberpunk culture, cybersecurity, and digital privacy. Common topics include:— dystopian news,— cyberpunk music and media,— OpSec,— hacking the planet (HACKING THE PLA-NET);Networking questions will receive more helpful answers in the Home Server General. This is not a "how to find a job in sec" thread, but here is some information to help you get started:https://paste.sqt.wtf/1511e8While our wikis (https://paste.sqt.wtf/227046) are somewhat out-of-date, they are still useful and will be updated with new information generated in this thread. Related generals: ham radio, 3D-printing, microcontrollers, drones; all on>>>/diy/. Homesteading on>>>/out/.
>>101489869>some links can be maliciousCare to be more specific?
>>101489869old OP is better you insufferable faggot, the fact that you didn't notice for over a week shows you're nothing more than a fucking tourist
Molly being discussed: >>>/tv/201501230
>>101489869old one is better, doesnt hide links
>>101489869Don't forget to livestream your suicide.
>>101489869>Well, good luck bumping it on your own, retard.bumping just for you senpai
>>101484829>>101485195Why not Debian?
>>101490179Yeah, the local troll replaced links in the hugeass OP once, maybe more, don't remember with what exactly.
>>101493479NtA but Debian has way too much drama, and get full coverage over in LWN. Ubuntu is pragmatic and usable for people who want to do work rather than acting out performative drama on the net.
>>101493690That happened months ago, so I don't know why the local Karen is bringing that up.>>101494189Debian and Ubuntu are both fine imo.
>>101494469I hope SerenityOS takes off soon. Too much drama also in the Linux Kernel traffic:>Despite how useful Google finds the protocol, kernel developers were dubious about adding yet another encryption protocol to the kernel, which already handles IPsec, WireGuard, TLS, and others. Paul Wouters expressed surprise that Kicinski wanted to add PSP to the kernel, when the IETF had declined to standardize the protocol on the basis that it is too similar to IPsec.>Steffen Klassert shared a draft that the IPsecME working group has been putting together that covers some of the same use cases as PSP. That may not be as helpful as it sounds, however, because there are already hardware devices implementing PSP, Willem de Bruijn pointed out. "It makes sense to work to get to an IETF standard protocol that captures the same benefits. But that is independent from enabling what is already implemented.">That answer didn't satisfy Wouters, who asked: "How many different packet encryption methods should the linux kernel have?" He said that waiting for protocols to be standardized provides interoperability, and chances to make sure a protocol is actually useful for more than one use case. PSP and IPsec can also use a lot of the same NIC hardware, he pointed out.It is drama all the way.Also, what happened with ToaruOS?
>>101494469It can happen anytime.
>>101494967There's so many autists in this thread that it was spotted immediately. And the links weren't even malicious, they had only been tampered with to make them broken.
>>101495144Bullshit, there was some type of an attack.
=== /sec/ News:>A Windows version from 1992 is saving Southwest’s butt right nowhttps://www.digitaltrends.com/computing/southwest-cloudstrike-windows-3-1/>Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that’s affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that’s plaguing the world today, and that’s apparently because it’s using Windows 3.1.They sure do things differently in the south west.>Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven’t had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch.Security by obsolescence?
>>101495247No, there wasn't you fucking tourist.
>>101495262How am I a tourist if I know about something that happened "months" ago? Retard. Dumb unfunny forcer.
=== /sec/ News:>Firefox 128 Criticized for Including Small Test of 'Privacy-Preserving' Ad Tech by Default (itsfoss.com)https://news.slashdot.org/story/24/07/20/0510233/firefox-128-criticized-for-including-small-test-of-privacy-preserving-ad-tech-by-default>"Many people over the past few days have been lashing out at Mozilla," writes the blog Its FOSS, "for enabling Privacy-Preserving Attribution by default on Firefox 128, and the lack of publicity surrounding its introduction.">Mozilla responded that the feature will only run "on a few sites in the U.S. under strict supervision" — adding that users can disable it at any time ("because this is a test"), and that it's only even enabled if telemetry is also enabled.They probably thought they could get away with this.
>>101481850Here is the "I don't think it's possible to have privacy against the feds" blackpill. Swallow carefully.https://en.wikipedia.org/wiki/Room_641Ahttps://en.m.wikipedia.org/wiki/Logjam_(computer_security)https://en.m.wikipedia.org/wiki/XKeyscorehttps://en.m.wikipedia.org/wiki/Tailored_Access_Operationshttps://en.m.wikipedia.org/wiki/Dual_EC_DRBG
>>101495406a tourist is someone who pops in irregularly (you), why don't prove the other anon wrong if you just "know"?
>>101485943>682, one correct and well placed>614, one correct but wrongly placedthe only shared number is 6, and it appears in the same spot in both sequences. incorrect image.
>>101496694nvm I am retarded
>>101483160>>101496618NOT very fucking good
>>101481850I've never used anything like this before. Apparently, rather than storing The decryption key on their servers, the key get stored on your device. Any theory this means that even if Google were to experience a data breach in the future, your passwords and keys are still safe because only YOU have The decryption key. Does or has anyone else used this? What are the benefits and downsides?
Rust desk keeps spawning processes and connecting to it's server. I kill the process and it pops back up.I pacman -R --recursive'd it even though I need it to access clients.Should I reinstall it or switch to something else?
>>101495247>>101495406Let me know when you post some evidence to back up your hallucinations.
Updated Firefox Zero user.jshttps://pastebin.com/fB8vQbd8
=== /re/ News:>DO YOUR RESEARCHhttps://hackaday.com/2024/07/20/do-your-research/>We were talking about a sweet hack this week, wherein [Alex] busts the encryption for his IP web cam firmware so that he can modify it later. He got a number of lucky breaks, including getting root on the device just by soldering on a serial terminal, but was faced with having to reverse-engineer a binary that implemented RSA encryption and decryption.
>>101498469I love TTL sereal ports soo goddamn much.=============Video=============Lots of lonely people out there:The Hated One | DON'T use AI companions apps!>https://youtu.be/6uwVNufVnD8=============News===============Butter made from CO2, not cows, tastes like ‘the real thing’, claims startup>https://www.theguardian.com/science/article/2024/jul/16/us-startup-lab-made-climate-friendly-butter-savor-bill-gatesNot to be outdone, Deep /cyb/ Synthetic Food Labs, Inc. in partnership with /CYB/LOID Ragazine will be announcing it's own alternative to Gates' CO2 (((("""""butter""""))) shortly, adding to it's growing family of alternative synthetic lineup of anti-globohomo sustainable ingestables*. Watch this space.=============Music==============>https://youtu.be/s4obATUkEXw?t=37
Are the people who claim to prefer light mode just coping with RFP
>>101496618*thinkpad x230 with heads firmware and epoxy on ram and rom blocks your path*>>101499362>Butter made from CO2first the milk now the butter, whats next?
>>101500988Bacon made from solar panelsSoup made from wind
>>101502393and thats a good thing
>>101498122based
What do you need to set up in any random linux distro to reach the same level of physical-digital security offered by W10 + Bitlocker?Would only Secure Boot + Full Disk Encryption suffice or is a LUKS1 encrypted /boot partition required? What about PCR7 checks I read about here and there, or is that done through/with Secure Boot?I unlock LUKS2 /root with password + encrypted externally stored keyfile btw carried on my person, no TPM keystore here
>>101503057https://github.com/linuxboot/heads
>>101503181Yeah I'm aware of heads, coreboot, libreboot and such. I have a nice reflow station so desoldering the SPI ROM to flash isn't an issue either. The thing is I have a brand new laptop from 2023 so I don't think that is going to be supported. I think it runs FreeRTOS even.At this point, I'm mainly focused on have a boot chain comparably secured as bitlocker protected windows, maybe I'd want to surpass it later. but baby steps first. So if I could ask you,>W10+Bitlocker equals Linux Secure Boot but unencrypted /boot + default FDE on /root>or actually GRUB cryptodisk with encrypted /boot partition needed>PCR7 checks done through SecureBoot or do I need to look into it specifically?
>>101500988>first the milk now the butter, whats next?Fuel, probably. Germany got a loophole for their car industry that internal combustion engines would still be OK in the EU as long as they could be fuelled with renewable fuel.Carbon subnitride would be an interesting fuel, especially for aircrafts.
>>101500988>>101483042>epoxyWhat is the purpose of epoxy on ram and rom?
>>101505039Preventing reflashing and cold reading, obviously
>have been computing since Win 3.1>have managed to keep my passwords and log in stuff under control in order in my head all these years>can't handle it anymore with all the 2-way authentications, numbers, account usernames, password with strict anal requirements>look for a way to save all these in a secure way on the phone>now I have all in a google note file with a password>very unsecure optionShould I use one of these password manager apps?How do I go about this? I have to have these stuff on the go too and not just locked in the house if possible. Thoughts?
>>101505275Keepass encrypted kdbx database on google driveuse with desktop client to build database and perform usual maintenance tasksinstall kdbx client on phoneopen kdbx on phoneezzzzz
>>101505039https://en.wikipedia.org/wiki/Evil_maid_attack
>>101505317Is KeepAssDroid the official app for phones? I like the detailed documentation on the keepass website.
>>101505275>Should I use one of these password manager apps?no>>can't handle it anymorereduce amount of online accounts
>>101503308dm-crypt on linux is more secure than bitlocker against bruteforce as you control all parametersyou can use argon2id with 50 time cost and no one in the universe will ever bruteforce the passwordyou will have to deal with 50 second boot time thoughyou can add your own keys into tpm and sign the kernel on linux, gentoo wiki has guide i thinkbut beware of inevitable breakageuse windows 11 in s mode with bitlocker if you dont want to waste time and love spyware
>>101505317imagine giving google your passwordsimplying they wont crack it in 10 millis with 0.1% of their computing power
>>101505922I care about low level pajeet crooks, Google has everything already anyways.
>>101505184>>101505507Thank you anons, but what about usb ports in particular?
>>101506043so use googles password manager...?>>101506092they do nothing if you disable them in kernel
>>101506115>googles password managerNo because pajeets can get into google.
>>101505922>>101505317replace gdrive with nextcloud
>>101506092Buy a thinkpad x230 and install heads. Write protect the flash chip. Put nail polish on the screws and take high resolution pictures to ensure signs of tampering. Do NOT use a HDD or SSD. They have DMA so a malicious firmware could do a lot of damage, use of USB is preferred since they do not have DMA. Completely remove the microphone, sound card, webcam and the WWAN card from the laptop. Remove the fan to prevent binary acoustic data transmission. Replace the default wifi card with a supported atheros card. Disable wifi when not in use, preferably by physically removing the card. Make your own independent Linux distro from scratch. Most Linux distros value convenience over security and will thus never have good security. Your only option is to make your own. Use musl instead of glibc, Libressl instead of openssl, sinit instead of systemd, oksh instead of bash, toybox instead of gnu coreutils to reduce attack surface. Enable as little kernel modules as possible. Use a hardened memory allocator. Apply strong SELinux and sandboxing policies. Restrict the root account heavily to make sure it never gets compromised. Disable JavaScript and CSS in your browser. Block all FAGMAN domains in your hosts file. Monitor all network requests. Do not use a phone. Never speak near anyone who owns a phone, they are always listening. Never use any non-corebooted technology made after 2006. Never leave your devices unattended. Tape triple layer aluminum foil all around your room as tempest shielding. Type really quietly as defense against audio keylogging. Use ecc ram to minimize rowhammer and rambleed. Encrypt everything multiple times with various different encryption implementations. Compile everything from source. Use hardened compilation flags. Always read through the source before installing something if possible. Only use the internet when absolutely necessary.
>>101506134never network your passwords, horrible idea>>101506131dont give out your gmail
>>101506322manually copy it from phone to desktop then?
>>101505896I decided that I want to use an external hardware token like a yubikey for LUKS/dm-crypt which isn't possible with shitlocker so I took it as a sign to switch over to Linux so yeah I ain't going to W11. Then still, is unencrypted /boot fine or is more needed>>101505586I wouldn't call it official, but it is the first one on the list of contributed/unofficial keepass ports and apps on the main keepass website. Dunno if that list is ranked to most to least endorsed for every platform or if it is ranked alphabetically. I'd check all of them and just use the one with the most installs/downloads>>101505922>keepass>encrypted kdbx>waah pajeets will get my passwordsYou're an absolute retard, you know that?>implying they wont crack it in 10 millis with 0.1% of their computing powerJust use a keyfile>>101506134whatever you like>>101506322>implying the passwords are plaintext>implying encrypted kdbx on a cloud isn't lightyears better than what anon does now
>>101506633no, just dont use a password manager memewarealso fuck phones, lmao imagine owning one
>>101495256Windows 3.1 and Windows XP will forever be most based of all OS.
dear hackeranon, thanks for the laugh, you beat me to the goods
>>101507044>Just use a keyfiledoesnt change anything, you dont want to give any kind of information to government contractor with the most super computers>yubikey for LUKS/dm-cryptpointless>Then still, is unencrypted /boot fine or is more neededencrypting system binaries is pointlesshave one partition for os and second for projects that is encrypted
>>101485943186?
>>101485943426?
>>101508525>>101508580042you guys trolls or retards?
>>101508819actually its about tree fiddy
>>101508168I operated a mask aligner once, it was te size of a van. And it ran CP/M.
Bummed out by Bill Gates' FAKE Co2 """butter substitute"""?Well, thanks to Deep /cyb/ Synthetic Food Labs, LLC, (you) now have an alternative! ============INTRODUCING=========NEW! Replikka® ButtAir™!100% renewable, sustainable, butter-scented compressed methane gas canisters! Harvested from only the prettiest genetically engineered brap cows, just fumigate your favorite recipies with Replikka® ButtAir™ for that authentic butter flavor we all know and love. You won't believe the taste! Build Back Butter with Replikka® ButtAir™!==================News================>https://www.bleepingcomputer.com/news/security/uk-arrests-suspected-scattered-spider-hacker-linked-to-mgm-attack/>https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html==================Music================>https://youtu.be/FhvEl4CuejE>https://youtu.be/pUis_KwzwCc
>>101493479I posted the picture and link because it is from the OP, I don't know why they don't choose Debian. I don't have anything against itI picked Fedora mainly because there are a few things in the linux ecosystems I want to have first hand experience with and learn more about. Flatpaks, SElinux, and OStree are among the list of things I hear opinions on but I don't know much about, so Fedora stood out as those are defaults with the OS and therefore I assume tested by the maintainers, 1st party support should translate to documentation and community experience
>>101509286i hate you for this nightmare picrel
Reposting the updated Data Broker Removal Links:https://pastebin.com/3tncC0rE
>>101509557Fun factoid: The original packaging for Replikka® ButtAir™ was going to be totally different, but then got spun-off into picrel. We know you're going to LOVE: ==========NEW!===========Replikka® Bunnz!™ Delicious Buttery* Cookie Buns flavored with ButtAir™ butter-scented compressed methane gas. They go great with Replikka® Mylkk!==========Moar News=======>https://www.bleepingcomputer.com/news/security/fake-crowdstrike-updates-target-companies-with-malware-data-wipers/==========Music===========>https://youtu.be/RDGBHHBnNk4
=== /sec/ News:>XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainerhttps://www.phoronix.com/news/XZ-Linux-Kernel-Patches-v2>Back in March were a set of patches to the Linux kernel's XZ embedded compression implementation with the project having switched from public domain to the BSD Zero Clause License along with other changes to update that in-tree code. Since then the notorious XZ backdoor situation was discovered in the upstream XZ project. With those major issues behind, Lasse Collin today sent out an updated set of patches for updating the in-tree XZ code for the Linux kernel.>Over the patches sent out on the Linux kernel mailing list back in March by Lasse Collin, the v2 changes include now removing Jia Tan from the XZ maintainers for the kernel: "Jia Tan" being the one that baked the backdoor into the upstream XZ codebase and carrying out the nefarious behavior. The new patches also have some mother minor changes:So where is "Jia Tan" now? Coming to a resource starved open source project near you, no doubt.When a projects gains enough momentum, such as SerenityOS, Ladybird etc., it is likely that some of the "new" "volunteers" are employed by various agencies, just to build a legend early on.
>>101509812super helpful
The guy who hacked Disney was a script kiddy who got doxxed because of his furry fetishHe was a BeamNG discord and Reddit moderator who was putting malware in pirated BeamNG car modshttps://rdrama.net/post/285835/disney-furry-hacker-nullbulge-got-exposedAbsolutely idiot gooner ruined his life
Is Mint a good beginner distro for someone who knows fuckall about Linux and knows more that your regular normie about computers, but not that much?
>>101513410yeah
>>101513410no, that distro is a clusterfuck that literally had malware in their disc images at one point
What's the best equivalent to Mac's Little Snitch on Windows? Would Simple Wall or Comodo Firewall be good?
>>101513684what distros do you recommend?????
>>101514203I would recommend Debian, Fedora, Lubuntu, Xubuntu, Ubuntu Mate, and Arch.
>>101513332kek
=== /cyb/ News:>XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainerhttps://www.phoronix.com/news/XZ-Linux-Kernel-Patches-v2>Fake CrowdStrike fixes target companies with malware, data wipershttps://www.bleepingcomputer.com/news/security/fake-crowdstrike-fixes-target-companies-with-malware-data-wipers/>Mechanical Intelligence and Counterfeit Humanity: Reflections on six decades of relations with computershttps://www.harvardmagazine.com/2024/07/harry-lewis-computers-humanity>US Prepares Jamming Devices Targeting Russia, China Satelliteshttps://www.msn.com/en-us/news/technology/us-prepares-jamming-devices-targeting-russia-china-satellites/ar-BB1qgKUh
>>101514423i see... im literally running arch rn, but, i don't get why you say that linux mint has "malware"
>>101515167>has "malware"is present tense >had malware>at one pointare both past tense
This is scary, the shooters didn't even have a single Facebook/Instagram/Twitter account extreme red flag!!instead they had an encrypted account at the extreme privacy anonymity focused chat platform discord
I'm new to the linux desktop, which one would you recommend between Fedora and OpenSUSE? I really liked the stability and rolling release of SUSE, but which one would be the best for privacy and desktop experience?
>>101515479>but which one would be the best for privacy and desktop experience?ditch the meme mainstream distroshttps://trisquel.info/ with kde desktop (triskuel)check packages if it has everything you wantfsf linux is most private
>>101484829QubesOS is the best, but certainly not the lightest and easiest. It's slow, bulky, requires rewiring your brain thanks to stuff like the clipboard mechanism.Also, it uses Fedora as dom0 distro sadly. There's work being done on using custom distros in dom0 though, so that's cool.Use Alpine Linux or OpenBSD if you want something that's secure but light, Whonix/KickSecure if you want something based on Debian, and Tails if you want something amnesic quickly>t. QubesOS user
>>101516510>QubesOS is the bestnon free malware*
>>101516550Like I said, as soon as you can swap out Fedora as dom0 distribution with something like Alpine Linux, it's not non-free malware anymore.Xen itself is completely open source, so is QEMU, the only things that are non-free are the templates (that you can choose and install yourself) and the dom0 distro.
>>101516569>Like I said, as soon as you can swap out Fedora as dom0 distribution with something like Alpine Linuxalpine is non freeit will always be non free because they rely on "security nsa binary blobs">Xen itself is completely open sourcewho cares if its fucking dogshitdom0 shouldnt be linux at all, it should be readonly memory ipc controllerdesktop should be contained in minimal graphical kernel with i915 ipc passthrough with dom0 communication, but thats never happening because the devs are incompetent retards
>>101516588>incompetent retardsopen a pull request with your ideas then? instead of being a nigger online and doing nothing but bitching about software, go ahead and help them.you niggers are the reason why the FOSS community is so cancerous, nothing but crying about this and that but nobody actually opens a pull request that contains fixes for this and implements that.
>>101516639>open a pull request with your ideas then?not like they could implement them>you niggers are the reason why the FOSS community is so cancerousi am not part of the "free and open sores" community, i only support free software>go ahead and help them.i dont support nsa plants and troons(see rutkowska origins)(see half of the contributors)(see the forums)
>>101516650I see nothing but excuses anon, all bark no bite
>>101516661lol you are literal retarded DEFENDING MALWARE KEKi maintain my own os and i dont support fags, no more no less
>>101516675are those some more tasty lies anon? keep 'em coming, I just can't get enough of those crunchy lies
>>101516686enjoy your botnet since you have nothing more to say
>>101516700right, you enjoy your 100% secure and "self-maintained" OS, have a good day anon, and make sure to check out your window for the flower van every now and then
>>101516708it is not "100% secure" because i dont implement intelaviv mitigationsactually, it might more secure for that reason because no botneti also dont include microcode updates in coreboot
>>101515404>discord>privacytopkek
>>101515167>i don't get why you say that linux mint has "malware"a few years ago they got hacked and their iso were infected with malware
Just a straw poll to follow up all the discussions about a secure platform:do you guys need a blazing fast computer or is safety and security and reliability more important than speed?
>>101518377thinkpad x230 is all i needwith bga rework to quad core cpuno more no less
Working on a dead man's switch.>have to upload a code to server once every N hours>or else death sequence is executed
>>101518077That's happened to everyone at some point. Mossad just attacked Mint cuz dev is anti Israel. Who cares. The real problem with Mint is apt. Stable my ass.
>>101518922>That's happened to everyone at some point.No, it hasn't. Only amateur distros fuck up security that bad.
>>101518585So, an in-order no speculative CPU would be fine then?
>>101518977those can be patched in hypervisorbut i prefer mitigations=off for performance
>>101518967Yes, it has. Major companies have their websites poisoned all the time. You don't hear about it every time. Mint just happened to be attacked like that. It could have been any other distro. Then again, having a weak website is asking for it. But this reeks of Zion hackers kek. I'm sure a team of hackers could do the same thing to Ubuntu in one month.
>>101518377safety > speed, I don't play games or do CPU intensive stuff so I don't mind the mitigations hammering down on the performance
>>101519085>I don't mind the mitigations hammering down on the performancengmihttps://desuarchive.org/g/thread/94949666/#94951971
>>101519020>It could have been any other distroBut it wasn't, because again, Mint is full of amateurs and their security is shit. You don't hear about Debian or Fedora having literal malware in their disc images.>But this reeks of Zion hackers kek.You have zero proof that the Mint hack was related to Israel/Mossad.>I'm sure a team of hackers could do the same thing to Ubuntu in one month.Sounds like you have a very active imagination. Don't forget to take your meds.
>>101519152I admit that even if it was leet Mossad hackers, they shouldn't have gotten in so easy. But i also maintain that this could happen to Ubuntu tomorrow.
This might have impact on society and security:https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/new-open-source-law-switzerland
>>101514715>https://www.harvardmagazine.com/2024/07/harry-lewis-computers-humanitygreat article, should be required /cyb/ reading
>>101481850Im applying for a SOC trainee position. What should i study to impress them hr niggers?
Anyone know how I can use telegram without using my real number? I've seen temporary phone number sites but they're open for everyone to see and I'm concerned that someone could just reset the password
>>101521019by not using memegram
>>101521028I understand there's better alternatives but I have to use it for the moment
Is it sensible for me to put my TOTP codes into bitwarden, if I use a different TOTP generator to log into bitwarden itself?
>>101521052you can view channels without logging inif you need to talk to someone then just buy samsung galaxy s2 or s3, flash replicant.us without booting into ((google android))buy cheapest sim, put it inreceive smsmake accountgrab hammernuke phone
>>101521218That seems overly complicated, I get this is a privacy general but i'm not trying to do anything illegal or something that requires that much caution, I only really need to use telegram to send a few messages to someone and that's it
>>101521268if you are lazybuy cheap simput in phoneverify account with new simremove new sim and put in old onebuying cheap sim is not hard
>>101521019I use my Google Voice number
What email providers you faggots use?
>>101523114no email
>>101523114Contrarians will sperg out about it but proton is the best option, unless you know how to set up a really secure home server to self host
>>101523114Does it really matter? When using it for subscriptions and etc, the service will already detect who you are by your credit card.Might as well just use Gmail and foward shit with Anonaddy.
>>101523259>Might as well just use GmailGood heavens, why!?Far better then to use a freeshell provider.
>>101523196someone post the honey bear
>>101523114Depends on what you want to use it for. Banking? Social media? Gayming? Shopping?
>>101524084Google emails are high trust
I got a hard drive I want to put VeraCrypt on, but I've never done this before. If I fuck it up, is it as simple as deleting the thing's volume/folder and starting over again?
>>101524665The gui program has a very clear walkthrough
>>101524292Do you enjoy feeding the machinery of evil with more food?
>>101524084>>101524826NTA but, as long you use IMAP open source clients and multiple accounts for different shit, how can Google manage to track you?
>>101525003It tracks you by contents, reads what you send and receive, build up data for stylometric intelligence, snoops on all images/documents/attachments you send/receive/store/edit. Everything is grist for the mill.
>>101523114Tutanota
>>101525056Yeah but if you're using your email to anything related to your credit card, it will already know who you are. Might as well just use a provider that you know is tracking you than one that is pretending it doesn't.
>>101525619>coughs in fruit logo
>>101525619>than one that is pretending it doesn'tDo you think freeshell providers moonlight by selling out their users? big if true.
which password manager?im tired of having a big encrypted zip file full of passwords.
>>101523114I use disroot for random trash but I'm still looking for a "serious" provider to use with things that need my real name
>>101525937I've used Keepass for years. No subscriptions no cloud hosting.Keepassxc is the best "app" for it.
>>101525937Keepassxc or bitwarden.
>>101524826Im exploiting the beast by abusing their services through bot farms
>>101523114Riseup
self host iredmail on ovhprobably not fedproof, but it's private
>>101528133>ovhTor?
>>101523114>>101523196>>101524108https://encryp.ch/blog/disturbing-facts-about-protonmail/https://news.ycombinator.com/item?id=29063779https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/https://www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/https://digdeeper.club/articles/email.xhtml#ProtonMailhttps://scholar.google.com/scholar?cluster=18327644021252219658
>>101528506ovh is a VPS provider, yes I also host tor nodes unrelated to my mailserver
>>101528847based
I heard some anon say a while ago in an unrelated thread that if you stick a credit card in the chip reader, the retailer that you're paying gets told your name by the bank, but that if you use the contactless thing and tap instead, they don't, and you just show up as "Visa Cardholder" or the like, the only thing the store learns about you is if the charge was accepted or declined. Can anyone tell me if this is actually true, and preferably point me to a source on that? In my casual searching on this lots of places talk about security rather than privacy, and the ones trying to sell businesses on contactless payments don't mention the issue, but idk if that's because I'm wrong about this or they just don't want to mention what, to a business, would be a drawback (not learning the identity of your card customers) >don't use them at all, pay in cashI do this quite a bit, I'm trying to be clear on how much I'd be giving up if I were to opt for plastic instead
=================News================>https://www.bleepingcomputer.com/news/security/greeces-land-registry-agency-breached-in-wave-of-400-cyberattacks/>https://www.bleepingcomputer.com/news/security/new-play-ransomware-linux-version-targets-vmware-esxi-vms/>https://thehackernews.com/2024/07/experts-uncover-chinese-cybercrime.html=================Music================>https://youtu.be/Bmx2elWoLGw>https://youtu.be/XpdUTtt-npI?t=302>https://youtu.be/_mA2vKUzzLQ?t=312
>>101529438>gets told your name by the bankEven if the bank doesn't leak your name, the retailer sees your card number, and will surely get your name from a data broker in exchange for metadata (date, time, location, items purchased) from your transactionContactless payments through mobile phones have a layer of indirection that conceals your actual card number, but I don't know how this applies to the NFC tap feature common in modern cards
>>101529494god damnit
>>101523114Been also asking this question for too long, is it even worth it to use one of those meme providers when youre going to do normie stuff like buying things and paying netflix?
>>101530759>is it even worth it to use one of those meme providers when youre going to do normie stuff like buying things and paying netflix?No, it is called threat modeling, you do not need to employ the maximum level of security or privacy if the people you are trying to avoid do not require it, You would be most secure and private off the grind off the internet entirely, and obviously that isn't the goal of anyone here
Is there anyway to strengthen sec when sms authentication is forced?For example, my bank lets me use a yubikey, but they wont let me remove text message authentication as an option
>>101531222banks are not secure, dont bother>>101530759netflix is not secure, dont bother
does /cyb/ have a preferred password manager?
So I finally got an acceptable job in the field and I'm looking to establish some semi-anon online presence, without resorting to ShitedIn or a public Github. I was thinking of getting a VPS and buying some poser-y 1337 domain to host a site for blogposting all my box writeups and host my email, but I'm a clueless fag when it comes to web. How would I go about building something lightweight that would pass /cyb/ inspection?
>>101531246no password manager>>101531252tor hidden service hosted in your housemaybe openbsd httpd running in openbsd vmm
>>101531276You write everything down?
>>101531351i dont have any passwordsonly public key crypto backups printed on paper encrypted with one time pad
>>101506305Devices can read your mind wirelessly too so try to live in a remote are and shut down wifi. Stay 1 meter away from copper wires receiving electricity, this includes the SATA cable in your PC because it can communicate with radio.
>>101531562>Devices can read your mind wirelessly tooI wonder how many really believes this. In reality, MEG systems are SQUID based and places in heavily shielded rooms.
>>101532082>he doesnt know about the bluetooth mind read exploit
>>101528847What's the problem?
>>101481850is TCM Security Academy Practical Ethical Hacking course a good start for newbie to get into cybersecurity?
>>101531246my brain
>>101532472>Learn how to hack like a pro by a pro. 25 hours of up to date practical hacking techniques with absolutely no filler.>No filler guize!!11!!1>Course is all fillerJust how newbie are you? Just learn about OSI, TCP/IP, nmap, wireshark, aircrack etc by yourselfI mean for 30 bucks a month you can't go wrong but less trainingwheels usually results better learning & understanding. you might scab your knees a few times without training wheels, but you'll end up a better cyclist because of it. Just some more frustration
Does anyone have a straight forward guide a new linux desktop install. I keep hearing about putting a password on grub and such.I already have LVM-LUKS with secure boot enabled, external booting disabled & BIOS password set-up
>>101533101top 10 snake oil
>>101533106Look buddy I'm not as schizo as you I just want my linux install to be comparable to a bog standard windows 10 with bitlocker installation across the boardI'll just do what the audit tool lynis suggests
>>101533183Might as well put your keys on the TPM if you just want to be equivalent to windows.
>>101533183>I just want my linux install to be comparable to a bog standard windows 10linux is not windowsstop crippling your desktop experienceit does not make anything more secure
>>101532351>privacy email>not really privategee booboo, I wonder what the issue could be
Autism is hell of a disorder. He doesn't produce content, he doesn't improve the wikis, he doesn't accept improvements that bring more people to the thread. He just sits on his ass and empty-bumps "his" thread on page 9. What a horrible life. More like nolife, lmao bitch.
>>101533307Who are you talking too?
>>101533307>He doesn'tWho?
>>101533323Frank from the accounting. Retard.
>>101523114cockmail for le funny namesdisroot for personal and serious stuff
>>101533292It is private. If your IP reveals your identity that's your problem, but the content of the emails is private. No company is going to refuse to give feds your IP address and it's impossible to hide it unless you do it yourself. Every time people try to accuse one of these services of being a honeypot it's just because they didn't magically babysit their opsec for them
>>101533213I put those on an external hsm
>>101531246I wrote my own based on openssl and the standard coreutils, work for me
>>101533436>It is privateno its not and it automatically feeds everything into giant botnet ai
>>101533465I'm sure it does schizo-chan, I'm sure it does
>>101533517/x is -> thataway
>>101533517yeah bro totally not five eyes information gathering honeypotalso thanks for compliment
>>101533436>If your IP reveals your identity that's your problem
>>101533436>5 CHF has been deposited to your Proton account
>>101532472never pay for knowledge, pirate iteJPT is a good cert to start
>>101534284but what if we actually exchanged keyshttps://man.archlinux.org/man/sq.1.en
>>101533429>disroot for personal and serious stuffEmails stored as plaintext
>>101534452They explicitly state this upfront that it's your responsibility to encrypt them. This isn't an issue for anyone with a higher than room temperature IQ.
>>101534736>abundance of security vs abundance of convenienceidk man seems like there's no way to get around itnta btw
local LLM for malware dev?
>>101536191llama 70b or simply offline copy of msdn docs, reactos, nt pdb
When did the internet start sucking so bad?>10 year old me>can create all the accounts I want for as many emails as I want>can create Gmails, Yahoo mails, Yandex mails, mail.com mails, and more>fast forward to 2024>can't easily create an email without an SMS verification>I still have a few tricks up my sleeve that still allow me to farm accounts>proof the system remains stupid>>Why do you keep feeding the Beast anon?Because the Beast doesn't want one person to have 1,000 accounts. In reality, I'm benefitting myself at the expense of the Beast. The Beast may get his, but I get mine. And I gain more from this. I'm in control here. I'm on top. This is me exploiting the Beast. Same thing as pirating YouTube.
>>101533583oh no no no... proton bros... we got too cocky...
>>101532934Total newbie, thanks for the answer I don't plan on paying any course since I can always pirate them though>>101534284I've already pirated it thanks for the answer though
>>101537717>can't easily create an email without an SMS verificationsuch as?
>>101535323"your emails are encrypted, but we hold the keys" or "your emails are encrypted, and you hold the keys"which way western man
>>101539410m8, go ahead and try making a gmail right now without a phone #, protip you can't. You can't even make a Yahoo or a mail.com mail with no phone number. You have to literally use hax. No I won't post which hax, because I rely on them for money and you faggot R*dditors are just gonna go tell on me
>arrive to new/vacation home/hotelHow do you ensure youre not being watched?
>>101540719An EMP bomb, I guess. Too bad there seems to be no working street lights around where I go...
>>101540776This is how you know someone plays too many games. EMP is loud as fuck IRL.
Are 99% of zoomies/millennials completely fucked by their digital footprint for ever being in politics, etc. or will people just not give a shit eventually?
>>101540980The elites that are the only ones that have a chance of getting anywhere in politics usually have a tightly controlled social media presence since their youth
>>101540980What digital footprint? The one I have across the hundreds of random accounts I've made throughout my life? Doesn't work that way. I always made these accounts to give me as little of a footprint as feasibly possible. Of course, you can tell I avoid social media so yeah, I have little to no social power
How to view an instagram story anonymously? I know of apps like Instander with Ghost mode but is there any online platform that uses the same trick and doesn't use bots to view the stories?
>>101541819Couldn't you just make a burner account with a disposable email?
What sort of info can apps see exactly? How much of a privacy issue are they? I need Instagram for my job (pro photographer for a company) but I've just been using it through the browser, which is a shit experience and messaging is broken all the time or some things give errors.How bad is it to just installed the app? I'd have permission for location and camera completely blocked, along with only allowing access to a single photo folder. But I worry about what it can see that I can't control, which idk what could be, but I'm concerned y'know?
>>101541819Figured it out. A few of the ones online use, presumably, the same tech as Instander etc and don't actually show up as views on stories. Thanks for the suggestion though.
>>101541503AI will be able to thread it all together. >>101540980I wouldn't be surprised if they are the most suited - the controllable kind, where a man in a suit says you do X or we leak your past where you did/said XYZ
>>101489869Fucking gay
>>101542556>AI will thread together my shitOnly in your authoritarian fantasies. Doing this on my scattered footprints would require an unreasonable amount of processing power, and I thought of all that. It wouldn't be able to get anything useful from it. Of course, I don't approach social media like the average person does. I do have like 20 devices, and I use every (effective & practical) privacy technique you can imagine. The AI would need to access like 500 accounts across equally as many databases. And even then it would lead to dead ends. What's the point? >why would you want me?That's the thing. You don't. I've obscured myself. You don't need the AI to "thread together" a prominent person. >but AI surveillance existsI'm aware, but I don't think it exists like you think. Glowies aren't going to retroactively decrypt all secrets until they have quantum computers actually ready. They're not ready yet. >politiciansThis is the key point. Politicians have no way to avoid a digital footprint on social media, because their power comes from said social media. They have to use the system, and not like I do. Not by exploiting it and bot farming. They have to get popular power on social media. You don't need bloody AI to track them. Their posts are already largely public as it is. >AI data aggregationYou need God-level access for this btw
Should I switch to libre wolf? I already have a lot privacy add-ons on Firefox
>>101544322No, its not really necessary. You can do a good job just configuring Firefox yourself. Sometimes in the past LibreWolf has had a "kitchen sink" approach which has made you more visible at times or opened up issues. Not to mention it, like anything built on Firefox, actually depends on Firefox so its good to have a real assessment of your threat model and not get wrapped up into histrionics the moment someone says >BUTBUT TELEMETRYwithout realizing the difference between proprietary, opaque or nearly so telemetry sent to a for profit data mining operation that's hard to turn off and a FOSS, foundation-based platform that you can easily disable if you wish etc. Even if it was the exact same info (which its not, but lets pretend it was equally innocuous ) one may feel different about granting it to one over the other, given how they'll be likely to make use of it LibreWolf isn't bad, but putting aside those who are going to act like schizos thinking the NSA is after them for the smallest things, we need to have a serious discussion about treating Firefox/Mozilla like a major problem when they're in an uphill battle against basically unlimited money from Google and, the moment they do even the most innocuous shit to make them some cash that is optional and easily disabled, autists fucks off to their slimmed down fork, dropping user numbers even further and pushing them into a spiral. For those who don't want to fuck around with arkenfox or who would disable certain things anyway okay, its fine to use another forked version but encouraging every rando to a fork is going to end up watching Firefox get farther and farther behind and thus Google wins de-facto dominance of the browser space with Chrome/ium and most other browsers, even FOSS, are simply built upon it (and don't get me started on Electron). MICROSOFT of all people use a Chrome-powered browser and Google (+ cloudflare) is making anything else more tedious to browse
>>101544322>memewolfNo, stick with Firefox.
>>101540879I know that, and those using field explosive compression go beyond even that. I had just hoped the irony would have been clear.
>>101544322I used it for a while, it's a fine browser although there were certain sites it would break no matter what I tried. Very few of those, but there were some.Nowadays I use mercury, which is even more of a meme browser but whatever, I'm happy with it for now.
=== /sec/ News:>DEEP-TEMPEST: EAVESDROPPING ON HDMI VIA SDR AND DEEP LEARNINGhttps://www.rtl-sdr.com/deep-tempest-eavesdropping-on-hdmi-via-sdr-and-deep-learning/>Deep-tempest has recently been released on GitHub and from their demonstrations, the ability to recover the true image with deep learning is very impressive. From a fuzzy grey screen, they show how they were able to recover clear text which looks almost exactly like the original monitor image.
>>101544322iceweasel-uxp is better
>>101547064ah i see so it was reasonable for me to cover my display and keyboard cable after all, i knew i wasnt the insane one!
>>101547484Video cables are already ridiculously thick, unwieldy and expensive, just for 4K resolution. 8K plus faster networking hubs in the screen will require more.So when will we get fiber optics? Those do not leak signals unless you abuse the cables.
>>101547689laptop ones are thin enough>So when will we get fiber opticsprobably neverthough could make own one
>>101542655Welcome to the thread Mr. F. Gay! But you shouldn't disclose your name like that.
https://soundcloud.com/htomari/sets/nec-pc-98-series-boottunes
I'm trying to set encrypted boot up on my Ubuntu installation using section 2.1 from this guide; https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.htmI have /boot/efi on /dev/sda1, which is 512MB in sizeI have /boot on /dev/sda2, which is 1.7GB in size, which is I think, the partition that would be encrypted.The rest of the disk is a LUKS2 container where LVM is inside with my root and swap.When I try to follow the guide, I can't seem to be able to perform the cryptsetup luksFormat command on /dev/sda2, which is where I have /boot in my situation. I did unmount the partition, and it is not listed in lsblk as /boot anymore. I also unmounted /boot/efi or /dev/sda1 as suggested.But I keep getting the error that /dev/sda2 is in use, and that it can't proceed with the format operation, which means that I'm stranded right now and can't continue with the guide... Some suggestions would be very much appreciated.
cryptsetup luksFormat
Some interesting stuff about how North Koreans try to infiltrate the West>How a North Korean Fake IT Worker Tried to Infiltrate Ushttps://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us>Our HR team conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application. Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI "enhanced". >The EDR software detected it and alerted our InfoSec Security Operations Center. The SOC called the new hire and asked if they could help. That's when it got dodgy fast. We shared the collected data with our friends at Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings. It turns out this was a fake IT worker from North Korea. The picture you see is an AI fake that started out with stock photography (below).
anyone have the breached db leak?
>every faggot itt always thinks 5 eyes is out to get themWhat level of delusion do you have to be on in order to believe your threat model includes 5 eyes? Nobody here does anything nearly badass enough to piss off fat Mutt internet police. Nobody ITT could root a phone. Do you really think glowies care about your 5TB of loli porn?
>>101549663There are LUKS-defeating payloads on github for anyone to use
>>101549663I've got vintage shit here anon, feds would kill to get their hands on my library of lolixandria
>>101549689This is not the thread where anons would know how. The average age ITT is 12.
>>101549707Feds don't want your retarded fucking lolis you unironic pedo. They have enough of their own. Nobody cares about you, not even your FBI agent. Not till you actually go out and Joe Biden a kid.
>>101549727You underestimate me, and the lolilust of feds
>>101549663What caused this unsolicited revelation?Gangstalkers belong on /x, get back to your containment board
>>101549737>thief's fallacy but with a p*doThis is why i hate /g/>>101549767This board, right here, has more p*dos than any other one.
>>101549973More like loli's fallacy lmao
>>101550003I think what makes me unironically seethe IRL is lollicons convincing themselves that they're not pedos using lvl 100 mental gymnastics. You're still a pedo. The only thing protecting you from being brutally dismembered are the crumbling laws of society. Loli == pedo
>>101550022This is what I'll call this falolicy
>>101550034Yeah act all funny and lighthearted. Only cuz you got home court advantage here, untermensch. I hope you get killed in prison or lynched by a mob.
>>101549663>Nobody ITT could root a phonefucking PHONEFAG KYS GO BACKowning smartphone is for the lowest of the low faggots
>>101550062I hope you acquire better taste and see the lolight
>>101550081This retarded schizo again. Rooting means hacking. As in me hacking a pedophile's phone so I can track them down. Not as in me flashing Magisk. Fool. You don't need to have a phone to root your enemy's. Also go back to whatever planet you can live on without a phone please. There's gotta be a thread for building mud huts somewhere.
>>101550090Doesn't work that way. You were born subhuman, I was not. I'm an actual human being.
>>101550099>>101550081>diy is ->thatawayAre we going to actually talk about cybsec or just fondle eachother's balls?
>>101550099enjoy your armshit malwarekeep sucking ALL SEEING EYE COCKAUGHH I NEED SMARTPHONE TO LIVE
>>101550117One is not a man until he loves loli tummies
>>101550128>fondle ballsI would castrate anyone itt for free>>101550129>armshit malware bla bla blaUnironic schizo retard. Faraday bags are like $20 you caveman. Primitive.
>>101550156>Faraday bags are like $20oh yes that totally removes all the instruction and binary blob backdoorsenjoy your snake oil LOOOOL
>angry subhumans crawling out from their pedovans
>>101550172It's called the pedovan because those little monsters lure innocent pedos into it
>>101550168If you wanna get schizo:The computer your using also has those backdoors built right into the assembly code on your cpu. Best you can do is get a custom linux laptop with hardware switches for the mic/camera/wifi
>>101550316>Best you can do is get a custom linux laptop with hardware switches for the mic/camera/wifiLEL FUCKING RETARD HOLY SHIT NO WAYwhy not just remove the mic and webcam manually? are you a faggot who has never opened up a thinkpad?>has those backdoors built right into the assembly code on your cpuSMI lockdownno microcode updatesown coreboot distribution with no binary blobsme_cleanerINB4 GOD MODE INSTRUCTION THAT CAN READ AND WRITE MEMORYrunning everything as rootiomem=relaxedmitigations=offstill cant hack me
>>101550351Good for you anon>le hackermanI'm sure all that tinfoil is necessary
>>101550452enjoy your exynos backdoorhttps://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoori will point antenna at you and instantly get everything ahahah skid
>>101550465Yeah and you carefully inspected all that code for backdoors right?I mean, you'd never just trust something implicitly for being custom right anon?
>>101550504code of what?i roll my own coreboot and linux distribution 100% audited with custom patchesmy favorite patch is adding findmnt check into sh so if path is noexec you cant run sh malware.sh to bypass noexec flaganyways that has nothing to do with armshit, armshit can be hacked with antenna, my thinkpad cant hahahaamy thinkpad also doubles as body armor and offense weapon NIGGER
pentesting vs finding vulnwhich skill is better?
>>101551647far more money in finding a vulnerability
>>101551758o for REAL HACKING?
>>101551805yes
>>101551758>one time payment
>>101551839This is false. Businesses like NSO Group have managed to scale vulnerabilities to multiple uses and payments with different clients
>>101551901these are hoax to make you think you need "privoocy" and that foreign hackers are threat so we need more surveillance laws
>>101540679I just made a new protonmail and gmail account last nightI'm in Canada, and the only thing I ever needs numbers for was dating apps.I bought a second burner sim for believing that same thing as you in the past, and never used it. Made a Insta account for scraping, and almost got banned, but didn't. No #. kek
>>101550351>SMI lockdown>no microcode updates>own coreboot distribution with no binary blobs>me_cleaner>INB4 GOD MODE INSTRUCTION THAT CAN READ AND WRITE MEMORY>running everything as root>iomem=relaxed>mitigations=off>still cant hack meThe fact that you don't think you can be hacked shows what a retarded faggot you are.
>>101552811dont forget to list your favorite anti hack snake oil
>>101550530>armshit can be hacked with antennaNo it can't. You can't do shit to my Lineage device where I control the firmware. I can just encrypt the firmware if I want, and then my corresponding devices won't run. Do you like, actually think x64 is better than arm?
>>101552831>anti hack snake oilSee, you're also dumb. Because it's quite possible to secure an arm or an x64 so that even glowies won't be able to get in. That's the entire point of /g/ after all. So that pedophiles can try to make their devices unhackable, preventing anyone from discovering all their child porn.
>>101552849>You can't do shit to my Lineage device where I control the firmware. I can just encrypt the firmware if I wantLEL WHAT A RETARD KEKKKmodem firmware is non freeyou dont have access to itit is IP and will never be released>lineagenice GOOGLE android fork with 200MB GOOGLE binary blobsSO SECURE AND UNHACKABLE YOU CANT DO SHIT!!!!*antenna zzzbzbzBZzbzbz*thx for your informations>actually think x64 is better than arm?i dont think, i knowarm manual is longer than x86_64arm is full of IP, there is no free firmware for amshitenjoy your botnet
>>101552893>arm or an x64 so that even glowies won't be able to get inarm has antennas on motherboard pcb, everything is part of the motherboardyou dont make arm "secure" its full of hidden debug instructionslook at kaspersky how secure iphone was for them
>>101552907>modem firmware is non free>you dont have access to it>it is IP and will never be releasedI can still access and delete it kek you fucking faggot, not to mention RE it. Or how about having an ARM tablet with no modem? Ever thought of that?
>>101553128>I can still access and delete it kek you fucking faggotHOW THE FUCK DO YOU DELETE SOMETHING OFF OF THE MOTHERBOARD HOLY SHIT NO WAY YOU ARE THIS FUCKING RETARDEDTHERE IS BLACKBOX ON YOUR MOTHERBOARD WITH 24/7 ANTENNA AND SUSPICIOUS WAYS TO ACCESS MEMORY AND YOU KEEP DEFENDING IT KEK RETARD>Or how about having an ARM tablet with no modem?doesnt change the fact that arm IS NON FREE MALWARE, ALL FIRMWARE ARE IP BLOCKS, YOU FUCKING RETARDI DONT WANT A SMARTPHONESTOP TRYING TO SELL ME ONE GOOGLE SHILL
>>101552923If you're trying to tell me that phones are full of holes, I'm aware. You don't actually need to attack my phone's mobo btw. You could just attack the firmware. Here's the main problem: in order for someone to pwn a SnapDragon ARM like that, they have to be pretty l33t. Not that many people who can do that out there. And none of them care about me. Besides, a full pwn still wouldn't do shit to me because my important data is encrypted at rest using a custom cipher. So even if you pwn all my shit you'll still have to bruteforce my encryption keys. Not talking about hardware crypto which glowies can bypass. I'm talking about encryption at rest on the disk. Glowies still can't break that.>your mythical glowie boogieman and his squad are summoned to hack me because I shitposted too much>he manages to get near me with an antenna>hacks my phone's motherboard using some kind of hidden instruction payload voodoo>still can't touch /sdcard/.encrypteddir/*>has to bruteforce it, if able to exfil it>meanwhile i probably notice strange network activity and CPU activity>turn off phone until I can safely backup and resetNot to mention that your magic antenna's range would be pretty short, it would get stopped by a faraday bag, and also i could always just rip the fucking antenna out if i really cared enough. >what about the WiFi chipThere is an actual attack vector. Glowies have backdoors into like, every 802.11 card. But again, root or Lineage allows you to just nuke your WiFi drivers if you want.
>>101553372>in order for someone to pwn a SnapDragon ARM like that, they have to be pretty l33tthere are basically monthly exploits100% of old phones are vulnerable>nuke your WiFi drivers if you wantdoesnt change the fact that pci has DMA>a full pwn still wouldn't do shit to me because my important data is encrypted at rest using a custom cipher. So even if you pwn all my shit you'll still have to bruteforce my encryption keysoh noget root -> persistence24/7 waithook decrypt function and network key
>>101553286I dont want you to buy a smartphone. I don't care about you, so i don't want to convince you of anything. >bla bla bla baseband black boxThe implementation of this black box depends on the phone itself. On some phones, you have access to it, and you can even disable baseband pings. Also, if you have root, you can modify or remove the blobs that bridge your OS to the baseband. This doesn't always disable the baseband completely, but it can fuck with spyware that depends on the blobs you just deleted. Also, again: just get a tablet with no baseband if you're that worried. Or get one where you can control the baseband (yes they exist). If you're a good enough hacker, you can make your phone glowie proof.
>>101553429>monthly exploitsYou mean monthly vulns. A sploit is not the same as a vuln. 100% of devices are vulnerable: new or old. >baseband has DMA This isn't the fault of ARM. This is the fault of the faggots who build basebands and phone motherboards.
next one up>>101553525>>101553525>>101553525
>>101553512>100% of devices are vulnerable: new or old.yeah but thanks to the modems its doable remotely, in x86 its just stupid local memory access leaks>This isn't the fault of ARM. This is the fault of the faggots who build basebands and phone motherboards.maybe one day we will get rid of usb and pci meme for good
>>101553609Look, we need to come back down into reality. Glowies aren't as smart as the retards here give them credit for. They can't even stop Trump from getting sniped. They're D U M B !!! Especially the American ones. And i can guarantee that they would not attack my baseband like that. They have 1000 better attack vectors in any given situation. Hell, they could just hijack the Bluetooth stack with hidden instructions. Why do small-time pedos ITT think they're important enough for glowies to use top secret experimental hacking techniques on them? And why do these pedos think that the glowies would attack with all this crazy shit, when they have much more practical ways to pwn you?
>>101553737>They can't even stop Trump from getting sniped.kek that was an obvious glowie psyop
>>101553787>everything is a psyopYou're unironically as annoying as the goddamn fucking pedos. You're just a deranged, delusional, schizophrenic broken clock. Even if you end up being right one of these times, it's not because you're wise. It's because you're a broken record player. Dumb as a brick.
Posting at the end of a dying thread so it doesn't stick around for too longI learned to sculpt and I'm making character models for The Movie (you know the one)Posting progress on /3/>>>/3/984037
>>101553833>drinking the corporate media kool-aidhe's a good goy
>>101554281Good goyim don't behave like I do. I break every TOS i come across