[01:10] tomreyn: LOL ubottu link is pretty slick too :D [02:19] good morning [03:55] good morning [03:56] too bad i'm not a ubuntu member (yet) [06:30] hi there everyone [06:30] Generally speaking [06:30] how can an OS be protected against exploits? [06:30] or monitorred for exploits? [06:31] keeping the Os up to date is one thing you can do [06:31] and harden your system [06:31] well not exactly [06:32] sometimes this over crazed thirst for the very latest updates ended up with installed unwanted code [06:32] like the most recent version actually contained bad wares, like monero client [06:32] any Os has unwanted security flaws [06:32] yes exactly [06:32] there's no magic red button against it [06:32] but you can do alot to secure things [06:33] lotuspsychje: pretty sure he knows [06:33] he's been using buntu for years now [06:33] but the general "keep it fully updated" doesn't necessarily work all the time [06:33] i didnt say that cucumber [06:33] Build a turing machine out of lego, hand transmit data, swap your paper/magnetic tape when it's not in use [06:33] ??????? [06:33] i said, 1 thing you can do [06:34] UNHACKABLE! [06:34] sometimes, like with Huawei if not mistaken, even a backdoor was injected into the source code but the community detected it early on cause it followed a simplistic pattern, [06:34] Run all your software step-by-step [06:34] lol, that would take for ever [06:35] I mean it wouldn't be practical [06:35] What do you need your machine to do that a graphing calculator can't? [06:35] heh [06:35] right [06:36] I mean I harden my OS, to the best of my ability [06:36] but I always feel eyes on me [06:36] Russian intelligence don't even use computers for confidential information [06:36] cucumber: that's called paranoia [06:36] jdgr well what do they use? papers? [06:36] Yes. [06:37] Maik I know, but realistically how wrong am I? [06:37] They have special typewriters that encrypt everything [06:37] If you don't offer internet service and are behind a router, incomming connection will be blocked, the only way for a backdoor is reverse connect, so install a statefull firewall and block any non trusted connection to the outside world. [06:37] offline machines can get compromized too [06:37] papers can get stolen [06:37] jdgr : well papers have to be either printed or hand written, calculations can't be done using hand, papers if not encrypted are much more dangerous for highly classified material [06:37] Only if you kernel is rootkited it can go trought. [06:37] you're simply exaggerating imo cucumber [06:38] nothing is safe [06:38] lotuspsychje, ofc :) [06:38] what i always do it burry a hole in my yard, and hide my sensitive data usb in there [06:38] The US airforce used to calculated missile trajectory by hand [06:38] s/calculated/calculate [06:39] The reality is not much of your data is all that sensitive [06:39] thats for me to decide [06:39] akem : well what you do if you want to update software and the softwares contain backdoors, or the next updates contain reverse proxies, or that some hackers keep watch on you just to feed you "bad" stuff, how well would your firewall protect you realistically? [06:40] Circumventing firewalls is trivial... modern malware can exfiltrate data via DNS [06:40] or using the Twitter API [06:40] keep your data off the system and use honeypot and IDS [06:40] There's PoC malware that uses Twitter as the C&C infrastructure [06:41] jdgr : so damn true you are [06:41] how well can you protect yourself against those? [06:41] On a large enough network you're bound to overlook something [06:41] still not on a irc client cucumber? [06:41] Maik no [06:41] why? [06:41] why not [06:42] Whitelist only approach, hard coded ARP tables [06:42] Use fiber only [06:42] I think IRC clients can be a tiny bit easier to hack or execute directly on the PC, less private, while web can also be used for those purposes, you have a more degree of freedome for virtualization [06:43] Compromising someone using a web client is harder [06:43] cucumber: you think using web based chat is safe? Everything is logged, so forget about your privacy stuff. Even your provider stores your data and tracks what you're doing. [06:43] cucumber: if you want privacy cut yourself off from the internet and world. [06:43] jdgr yes, realistically not that HARD, but using web interface is a bit more restricted [06:44] I mean cucumber could in theory encrypt everything before inputting into the form on the web client and hitting enter [06:44] *it into [06:44] Maik I didn't say safe al together, I said safer, web client can also be injected with stuff [06:45] cucumber, Usually you inspect a system to the bone, and you freeze to that version, and do only critical updates. [06:45] jdgr like encrypted text for the text box? then how would you guys be able to read my stuff? [06:45] We wouldn't, but neither would the server administrator or the person hosting the client [06:45] or anyone inbetween [06:45] unless they had the key to decrypt it [06:46] Key exchange can be done in person [06:46] akem : very good point, awesome, yes, that is what I do for the most part, upgrade freeze using dd, and stuff, compare find the stuff, alert the good guys, BUT what if .... [06:46] All I do really is limit user access [06:46] Checksum everything [06:46] must be a new COVID-19 level that causes paranoia with certain people on this planet. :P [06:47] jdgr I have much respect for you sir or mam [06:47] Have logs shipped to numerous remote hosts [06:47] i like healthy paranoia, aka knowing whats possible [06:47] Each of which is configured differently [06:47] Maik no my covid infection is almost over, I am thankful that I wasn't hospitalized [06:47] doc said you don't need it [06:47] My girlfriend just out of the ER... all she had was a prolapsed uterus and a UTI [06:48] I mean she needed to go because we couldn't find her IUD... but now I'm worried will end up with COVID [06:48] Oh well off to Taco Bell bbl [06:48] I wonder if i have a backdoor in my lovely chinese phone :P [06:48] *we'll [06:49] akem heh [06:49] you "wonder" ? [06:49] lol [06:49] and abit more lol [06:49] huawei just got new exploits again [06:49] really???? [06:49] again? [06:49] wow [06:49] https://www.theregister.com/2020/09/17/huawei_iptv_video_encoder_security/ [06:49] I mean not really that surprising but... [06:50] oh yeah [06:50] maybe you can install HIlinux next time cucumber [06:50] They will install tiktok in my back and steal my MP3s :P [06:50] that one I have read already [06:50] all smartphones keep on listening and recording stuff 24/7, even when turned off [06:50] lol I thought something new [06:50] HIlinux ? [06:50] No I think I can trust Ubuntu better, many eyes on it and stuff [06:50] cucumber: so you didnt read the article :p [06:51] but the new background was super scary so I changed it [06:51] lotuspsychje what article? [06:51] huawei [06:51] yes I did [06:51] the ip tv and such that is almost a wekk old [06:51] week [06:54] anyways [06:54] thank you guys [06:54] for all the suggestions [06:54] I mean from time to time I need to let off a little steam about these things [06:54] nothing can be done [06:55] but it is nice to talk to someone abut them [06:55] a lot can be done [06:56] like what? [06:56] please help me if you can man [06:56] :( [06:56] like dont use a lot of services on your machine [06:56] I don't [06:56] ok what's next? [06:57] dont run your machine 24/7 [06:57] well, not exactly possible for soe of my machines [06:57] but I usually don't [06:57] then you are a target [06:57] 24/7 boxes are hunted for their uptimes [06:58] yeah [06:58] the moment you connect a machine to the net, you get scanned [06:59] but lets say a router, or a wifi access point, or a laptop hosting a website, or a tiny raspberry pie for dns how can you turn them off? [06:59] turn what off? [06:59] you say don't keep your machines on 24/7 [06:59] some machines, while vulnerable, have to be on 24/7 [06:59] so... as i said, cut yourself off from the internet. THE best way imo. [07:01] a lot of Iot & routers are scanned for weakness these days, so if you dont want them exploited put em offline :p [07:01] even if they are up to date, someone invents a new 0day for them [07:01] in ubuntu's case... Livepatch to fix vulnerabilities without needing to reboot [07:01] yeah [07:02] but I keep most of the systems offline when possible [07:02] what's next? [07:03] even offline they can grab your machine physically when you're not around [07:03] lotuspsychje yeah that has happened to me before i college [07:04] someone plugs an infected stick in the back [07:04] Aluminium hat on your head so that no one steal your passwords with mind reading technology :P [07:04] I came back I noticed the back of my latop was opened [07:05] I could never trust that laptop again so I sold it [07:05] lol [07:05] what? [07:06] what's next? Nothing. Just live and try not to be paranoid or make yourself crazy in your head. [07:06] fresh format [07:06] Maik How can I when I see a config running that I didn't recall asking for [07:07] lotuspsychje fresh format can probably never manage to get rid of hardware issues [07:07] cucumber: security always starts from the users needs, what is it you wanna protect from really? [07:08] cucumber: seriously, get a grip and life :) I for one had enough of the same conversations all over again [07:09] well, as a simple example I want my codes not to be tampered with. Like if I write a python script and I notice it had been changed or stolen, I mean generally speaking how can anyone grow in such a world? [07:09] that is like asking "if you have nothing to hide why protect in the first place" is all I am saying [07:10] It can't be stolen if it is open source, so open source all your code :) [07:11] cucumber: keep your scripts offline [07:11] well, even if opensource when it grows gradually, and lets say you want to submit it somewhere, and the people with "hidden" access to your system change it, and the "good" people who you send the code to will never be able to trust you anymore [07:12] There is checksums to fight this. [07:12] akem: after all these years using buntu/linux he should know that. [07:12] yeah, ok, lets say you have your project with thousand of lines open, working on it, and when you change something another file is being changed, or aother part of your file is being changed [07:13] how can you checksum while you are working on the files [07:13] check sum works before and after the changes are done [07:13] not when you are actively working on the code [07:14] You really think some ghost hackers will be modifying your files while you're working on them and you won't notice it? :P [07:14] yes [07:14] I do [07:14] :( [07:15] seriously? [07:15] yes [07:15] seriously [07:16] that's not good, seriously. [07:17] Well, I don't know [07:18] i know [07:18] Then the only solution is Neo, he will bend space and time inside your RAM and CPU to protect you :P [07:18] lol [07:22] LOL [07:22] come on [07:22] haha [07:22] I mean I know you are trying to help, but the state of security is fucked up really [07:22] hahahahaha [07:22] language [07:22] really? [07:23] ok sorry [07:23] yes [07:23] alright man chilax mate [07:23] i'm chillaxed [07:23] you... are not [07:23] ;) [07:24] no I am chilaxated relatively, only feel insecure and paranoid [07:24] cucumber: i'm just realistic and stand with both feet on the ground, if i were you i'd seek some professional help to get rid of the paranoia. [07:25] lol [07:25] you'd do yourself and others a big favor [07:25] no doctor can help me, I mean I have had two doctors before and they ended up not trusting their phone and computer after trying to help me and they never accepted to visit me any more [07:27] I feel so left out and alone :( [07:27] cucumber: i doesn't only depend on the doc but most of all on you and you alone [07:28] yeah users can do a lot of things that can make everything go wrong [07:29] cucumber: what i'm trying to say is that no one can help you but yourself [07:29] i know where i'm coming from so i know what i'm talking about [07:29] call it human error or accidental mistake or the after math of a bad break up or a broken heart, but "heartbleed" period was not a good time! [07:30] Maik Waht? you been a paranoid too? :D [07:30] great [07:31] what did you do to fix things? [07:31] Breakups.... that's part of life, get over it, move on and do things you like. [07:32] Maik : no not for me, forget it man, I meant more like as a result why "bad coding" makes into the code base sometimes.... [07:32] I mean human errors in coding happen for a variety of reasons [07:32] like being mentally saddened [07:35] ...... [07:35] flatline [07:35] i'm afk [07:35] lol, I am that depressing and disappointing huh? [07:36] rather annoying [07:36] :P [07:36] laters [07:36] that is a bit rude [07:36] but ok [07:36] I can take a constructive criticism [07:37] https://en.wikipedia.org/wiki/Heartbleed [07:37] not rude...just the reality [07:37] :) [07:38] I sense some feminine traits of behavior a little bit [07:39] a cucumber with senses and feelings, you don't see that everyday :D [07:49] we know you've been playing us ;) [07:49] and for now gnite [07:49] not really playing you [07:50] just letting off some steam [07:50] I hate to play anyone as much as I hate being played with [07:50] have a good night Maik [07:50] Mostly think of it as trying to find someone to share the pain with [07:51] the current state of privacy and security is so painful