/os/ - Online Security

News, techniques and methods for computer network security.

Boards | Catalog | Bottom

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.

Meta Thread Endwall 07/12/2016 (Tue) 12:03:36 [Preview] No. 171 [Reply] [Last 50 Posts]
Post any comments, concerns, or requests for the board in this thread.
Edited last time by Endwall on 07/12/2016 (Tue) 12:15:00.
17 posts and 6 images omitted.

Anonymous 09/04/2017 (Mon) 19:58:42 [Preview] No. 1013 del
fellow traveler is absolutely a masonic phrase. People will say traveler. They will ask "are you a traveler?" or "are you a fellow traveler?" or "are you a traveling man?"
>The logo is a tunnel.
that alone is fine but with the rabbit signaling it looks like a maglev tunnel.

May be coincidential. I think otherwise because there is a disproportionate amount of this kind of symbolism in tech.

Anonymous 09/08/2017 (Fri) 11:50:44 [Preview] No. 1018 del
"fellow traveler" is hippie lingo ca 70s, masons absolutely don't have a claim on that.

Anonymous 09/27/2017 (Wed) 03:03:12 [Preview] No. 1036 del
Are you going to remove the idiotic claim in >>894 that the heads website contains "Masonic references"?

Endwall 09/27/2017 (Wed) 05:50:33 [Preview] No. 1037 del


The term fellow traveller (also fellow traveler) identifies a person who is intellectually sympathetic to the ideology of a political organization, and who co-operates in the organization's politics, without being a formal member of that organization.[1] In the early history of the Soviet Union (1922–91), the Bolshevik revolutionary Trotsky coined the term poputchik ('one who travels the same path') to identify the vacillating intellectual supporters of the Bolshevik régime. Likewise for the political characterisation of the Russian intelligentsiya (writers, academics, and artists) who were philosophically sympathetic to the political, social, and economic goals of the Russian Revolution of 1917, but who chose to not join the Communist Party of the Soviet Union (CPSU). Moreover, during the Stalinist régime, the usage of the term poputchik (fellow traveller) disappeared from political discourse in the Soviet Union, but the Western world adopted the term fellow traveller to identify people who sympathised with the Soviets and with Communism.[2] In U.S. politics, during the 1940s and the 1950s, the term fellow traveler (U.S. spelling) was a pejorative term for a person who was philosophically sympathetic to Communism, yet was not a formal, "card-carrying member" of the American Communist Party. In political discourse, the term fellow traveler was applied to intellectuals, academics, and politicians who lent their names and prestige to Communist front organizations. In European politics, the equivalent terms for fellow traveller are: Compagnon de route, sympathisant, and progressiste in France; Weggenosse and Sympathisant in Germany; and compagno di viaggio in Italy.


Meaning Someone sympathetic toward a certain point of view without being a fully paid-up member of the club. Origin In its literal meaning 'fellow traveller' just means someone who travels with you. It was first applied to non-communists who were inclined toward the views of the Communist Party by Leon Trotsky. He used the Russian word popútchik to indicate that. The term fellow traveller in this sense came rather later, in the New York publication Nation, 1936: "The new phenomenon is the fellow-traveler. The term has a Russian background and means someone who does not accept all your aims but has enough in common with you to accompany you in a comradely fashion part of the way. In this campaign both Mr. Landon and Mr. Roosevelt have acquired fellow-travelers."


"It was during that period that I became interested in freemasonry. ... In the eighteenth century freemasonry became expressive of a militant policy of enlightenment, as in the case of the Illuminati, who were the forerunners of the revolution; on its left it culminated in the Carbonari. Freemasons counted among their members both Louis XVI and the Dr. Guillotin who invented the guillotine. In southern Germany freemasonry assumed an openly revolutionary character, whereas at the court of Catherine the Great it was a masquerade reflecting the aristocratic and bureaucratic hierarchy. A freemason Novikov was exiled to Siberia by a freemason Empress. I discontinued my work on freemasonry to take up the study of Marxian economics. The work on freemasonry acted as a sort of test for these hypotheses. I think this influenced the whole course of my intellectual development." The founder of the Red Army, Freemason Leon Trotsky. Leon Trotsky My Life: The Rise and Fall of a Dictator .

Message too long. Click here to view full text.

Welcome to Online Security: Sticky Thread Endwall 07/13/2016 (Wed) 03:11:01 [Preview] No. 181 [Reply] [Last 50 Posts]
Hello and Welcome to /os/, Online Security. This is a board for the discussion of online security, privacy, anonymity, and news from cybersecurity and privacy world.
1.Follow the global rules
2.No Spam
3.No Classified Documents or leaks of Classified Documents or Files (News articles, or commentary about the documents or files is OK)
4.No Child Exploitation Material
5.Images should be safe for work and relevant to the post or thread, commentary can be NSFW
6.No Advertisements of Hacker Services or Solicitations for Hacking Services
Related Boards
tech >>>/tech/ Hacker >>>/h4x0r/ Security Concepts>>>/sec/ EndSoft >>>/endsoft/
Privacy Guides
Software Recomendations

Message too long. Click here to view full text.

Edited last time by Endwall on 12/23/2017 (Sat) 22:17:05.

Sticky Bump Endwall 10/23/2016 (Sun) 18:54:40 [Preview] No. 624 del
TENS , https://spi.dod.mil/lipose.htm , US Air Force Live CD <-- online banking for mom and dad.
LibertyBSD http://libertybsd.net/ , https://libreboot.org/docs/bsd/openbsd.html
Edited last time by Endwall on 01/02/2017 (Mon) 11:03:40.

Sticky Bump Endwall 04/30/2017 (Sun) 03:29:12 [Preview] No. 894 del
Heads https://heads.dyne.org/ http://fz474h2o46o2u7xj.onion ; Devuan non-systemd version of Tails (Disclaimer: Website/Project uses occult language with communist signals)
Devuan https://www.devuan.org/ http://devuanzuwu3xoqwp.onion
Systemd Free http://systemd-free.org/
Edited last time by Endwall on 10/07/2017 (Sat) 03:03:59.

Endwall 06/01/2017 (Thu) 08:14:41 [Preview] No. 933 del
Mozilla Firefox Hardened Profile

Online Security News Endwall 07/07/2016 (Thu) 06:09:23 [Preview] No. 149 [Reply] [Last 50 Posts]
See a news article or CVE bug report on an emerging computer security issue and want to share it? Post below.

I will also post links to Hak5 Threatwire videos.
Edited last time by Endwall on 07/07/2016 (Thu) 16:22:47.
469 posts and 3 images omitted.

Endwall 12/21/2017 (Thu) 01:32:41 [Preview] No.1088 del
Hak 5

A Dormant HP Keylogger Found, Uber Pays Ransom 10:12
https://youtube.com/watch?v=mACHIOMX5Io [Embed]

Triton Malware Threatens Lives & The Net Neutrality 8:28
https://youtube.com/watch?v=YVJnVYkaYu8 [Embed]

Endwall 12/21/2017 (Thu) 02:00:50 [Preview] No.1089 del
Jupiter Broadcasting

Server Neglect | TechSNAP 348
Posted on: December 15, 2017

Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about & the new version of FreeNAS packs a lot of features for a point release.


Endwall 01/05/2018 (Fri) 06:45:25 [Preview] No.1096 del
Hak 5
The Biggest Hacks of 2017 - ThreatWire 10:52
https://youtube.com/watch?v=s498DSurHiM [Embed]

Snowden’s New Security System; Browsing Tracked By Login Forms - ThreatWire 8:42
https://youtube.com/watch?v=TYdn3MSIacY [Embed]

Endwall 01/13/2018 (Sat) 22:25:55 [Preview] No.1100 del
Jupiter Broadcasting
Performance Meltdown | TechSNAP 351
Posted on: January 11, 2018
The types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself & the outlook for 2018. Plus a concise breakdown of Meltdown, Spectre & side-channel attacks like only TechSNAP can. Then we run through the timeline of events & the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances.


show links

Message too long. Click here to view full text.

VPN/proxy/TOR general thread Anonymous 04/15/2016 (Fri) 22:12:39 [Preview] No. 2 [Reply] [Last 50 Posts]
Cool board idea.

What's the safest possible way to browse the internet anonymously and safely? There's a thread on /tech/ with the endwall developer talking about proxychains, and that seems pretty cool. Some of the links to proxy lists seem dead, and I have found some online but why should I trust these random 'free' proxies?

What about proxychains over VPN? I'm currently using Mullvad which is alright, and I'm curious about more security if need be. Does a VPN -> proxychain -> TOR connection work? Sounds horribly slow in theory, but I think we all know that privacy comes at a cost in our current world.

I suppose I could call this a 'VPN/proxy/TOR general thread.'
44 posts and 4 images omitted.

tor 2.9.5 alpha Endwall 11/26/2016 (Sat) 06:09:14 [Preview] No. 689 del


Changes in version - 2016-11-08 Tor fixes numerous bugs discovered in the previous alpha version. We believe one or two probably remain, and we encourage everyone to test this release. o Major bugfixes (client performance): - Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them. Fixes part of bug 19969; bugfix on o Major bugfixes (client reliability): - When Tor leaves standby because of a new application request, open circuits as needed to serve that request. Previously, we would potentially wait a very long time. Fixes part of bug 19969; bugfix on o Major bugfixes (download scheduling): - When using an exponential backoff schedule, do not give up on downloading just because we have failed a bunch of times. Since each delay is longer than the last, retrying indefinitely won't hurt. Fixes bug 20536; bugfix on

tor mods Endwall 11/26/2016 (Sat) 06:24:17 [Preview] No. 690 del

else if (build_state && build_state->desired_path_len >= 4)
cutoff = fourhop_cuttoff

change 4 to PATH_LEN + 1
so for a 5 hop length route use 6 for a 6 hop length route use 7 etc.

Tor Browser Endwall 01/06/2018 (Sat) 02:31:17 [Preview] No.1097 del
Tor Browser

Step 0) Make some directories
$ mkdir -p ~/tor
$ mkdir -p ~/bin
$ cd ~/tor

Open a browser and go look here : https://dist.torproject.org which is where the files will be pulled from

Step 1) Get the relevent files
( using wget, endget or torsocks wget, I'll assume the user is just getting started and has a 64 bit distribution of linux )

Get the SHA256 sums
$ wget https://dist.torproject.org/torbrowser/7.0.11/sha256sums-signed-build.txt
$ wget https://dist.torproject.org/torbrowser/7.0.11/sha256sums-signed-build.txt.asc

Get the file and signature

Message too long. Click here to view full text.

tor_browser Endwall 01/06/2018 (Sat) 04:55:57 [Preview] No.1098 del
(72.09 KB 1000x500 tor_browser_7hops.png)
Tor Browser 7 Hops

step 0) Modify the tor source and compile
Do the modification recommended here:


change this to


Also change this

else if (build_state && build_state -> desired_path_len >= 4)

Message too long. Click here to view full text.

Endware Endwall 05/03/2016 (Tue) 08:54:28 [Preview] No. 32 [Reply] [Last 50 Posts]
Endware is a suite of programs geared towards internet privacy, security, and anonymity.

Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.

Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.

Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.

Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.

iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.

spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.

alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.

mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.

Message too long. Click here to view full text.

191 posts and 3 images omitted.

Anonymous 11/08/2017 (Wed) 04:05:25 [Preview] No. 1064 del
Get a nasal spray and use colloidal silver to spray it in your nostrils three times a day. You can also breath in said colloidal silver water so that it goes to your lungs. Breathing in ozonated air will be very harsh and will make you cough up mucus and everything else inside your lungs, nasal passages, throat, etc., but after it all comes out and your body calms down (after drinking some water, preferably distilled ionized water) you would feel cleaner and you'll breathe better at least for 15 minutes after the inflamed effects of oxidation stops, although it's really the charged singlet oxygen atom formed after breaking down from ozone into O2 and O that has that effect in going against free radicals.

I use a 2,000 ppm colloidal silver solution which I dilute it. I think it's still available on (((Amazon))). MSM crystals tastes bitter so take with magnesium citrate or even magnesium ascorbate so that you can get your magnesium and vitamin C at once. Preferably, take it with your vitamins and supplementation. Also, look into taking high dosages of both chlorella and spirulina, though make sure it's high quality, broken cell wall for chlorella for higher absorption, and don't buy blue-green algae from klamanth lake, it's not clean. Here's another good youtube channel but this time from the ONLY vegan that interests me since he got high levels of B12 without supplementing it, check his perfect bloodwork video for more info on how (spoiler: he takes lots of chlorella). https://www.youtube.com/user/watershed11/videos

Endwall 12/25/2017 (Mon) 07:12:43 [Preview] No.1091 del
I have made updates to endstream.sh and proxyload.sh.

Proxyload is now working again, I switched from curl to wget for grabbing the html files. Wget handles the retarded forwarding loops better than I could with curl.

Endstream has been updated by removing dead streams, reconnecting streams with changed keywords, and by adding more french and spanish content, as well as more USA local content.

proxyload.sh version 0.13

endstream.sh version 0.54

Hidden Service

Message too long. Click here to view full text.

Edited last time by Endwall on 12/26/2017 (Tue) 02:08:35.

Anonymous 12/25/2017 (Mon) 15:53:12 [Preview] No.1092 del
Thanks Merry Christmas!

Endwall 12/28/2017 (Thu) 06:54:53 [Preview] No.1094 del
Proxycheck appears to be malfunctioning. I'll work on fixing it this week.

Endwall 12/28/2017 (Thu) 20:08:02 [Preview] No.1095 del
proxycheck.sh version 0.18

I think it's working now. I just needed to change the search terms in the regular expressions in AWK to match some keywords in the html. Should be working now.

Internet Security General Anonymous 04/16/2016 (Sat) 07:56:30 [Preview] No. 4 [Reply] [Last 50 Posts]
Continuing from >>>/tech/597
This is for non specific, general tips for anonymous web browsing and downloads, tips on browsers and browser configurations for the security concious that you don't want to make a new thread for.
69 posts and 3 images omitted.

Anonymous 11/21/2017 (Tue) 07:31:49 [Preview] No.1069 del
Whats the deal with using i2p to torrent? Would you use a udp or tcp vpn?

Anonymous 12/10/2017 (Sun) 21:16:55 [Preview] No.1079 del
(146.93 KB 1600x800 deluge_tor_proxy_2.png)
(98.22 KB 1080x720 http_trackers.png)
I torrent behind tor. Not sure about doing this with I2P.

I use deluge with gtk and set the proxies to port 9050. Then add the torrent through a link, magnet or the actual torrent file. Then manually edit the trackers so that they are http only. It should start downloading after that.

Anonymous 12/15/2017 (Fri) 02:09:43 [Preview] No.1082 del
Yo, stop torrenting from behind tor right now. Either use i2p or a VPN, but for the love of god quit slowing down the network.It also doesn't even protect your identity.

Anonymous 12/15/2017 (Fri) 05:00:11 [Preview] No.1083 del
The proxying works fine in Deluge. It's not leaking. The trackers communicate by TCP, the traffic is TCP. It works. The attack that is mentioned in the second article stem from applications that ignore your proxy and send traffic by UDP without tor. That doesn't happen here. Both the trackers and the traffic are proxied through Tor as TCP connections. I dissmiss that complaint/claim.

As for slowing down the networks, with download speeds at 250KB/s I doubt it. Thats about what I get using wget behind tor. Rate throttle it if you want to be polite.

Youtube Endwall 12/28/2017 (Thu) 06:27:02 [Preview] No.1093 del
Searching Youtube

$ endjail
$ torsocks --shell
$ youtube-viewer

=>> Search for YouTube videos (:h for help)
> Endchan
1. EndChan/InifNow question and answer (by OdiliTime) [01:10:35]
2. The Old 4Chan (by That Guy With A Voice) [01:48]
3. The Voice Teens Philippines Battle Round: Clark vs. Chan - In The End (by The Voice Teens Philippines) [05:14]
=>> Select one or more videos to play (:h for help)
> 1
URL: https://youtube.com/watch?v=ParATBARwic [Embed]
-> Channel : OdiliTime
-> ChannelID : UC9YYaqKNOZa5ue-sxE0cuPA

Message too long. Click here to view full text.

OPSEC Endwall 08/23/2016 (Tue) 01:08:39 [Preview] No. 357 [Reply] [Last 50 Posts]
Discuss best practices for operational security.
4 posts omitted.

Anonymous 08/25/2016 (Thu) 19:24:27 [Preview] No. 401 del
What wrong with packages installed? Or you mean actual services running and listening at ports? Also
>server with gui
what the fuck

Endwall 08/25/2016 (Thu) 20:19:17 [Preview] No. 405 del
Run minimal, if there is a zero day for one service say apache, but you also host your mail using postfix, depending on the severity of the exploit, your loose your mail security as well.

If your server doesn't need a package to do its job, don't install it. Run minimal for the same reason as above. Once the attacker gets in they'll have more tools to work with the more you install.

Run postfix and dovecot on one server, and httpd on another shut off port 25 143 on the apache server, and depending on your use case shut off port 80, input on the mail server, etc. Run with the minimum number of ports open for each service to operate.

I'm not an expert but these are just feelings about it. I'm not rich enough to host all of my services on different computers but if you are you should.

Anonymous 08/26/2016 (Fri) 12:05:12 [Preview] No. 419 del
That's why every sane program on Linux drops root privileges after binding to wanted network interfaces and such.

Local attacker could just download wanted code or use scripting. And I doubt tools attacker would want to bring is X11 apps.

Anonymous 08/26/2016 (Fri) 12:11:06 [Preview] No. 420 del
iptables is great.

There is "owner" module that allows controlling OUTPUT traffic on per user or per group basis. And if you use separate users for every service running just like you should, you can control every service with iptables. For example permit traffic going to internet for tor daemon user and permit only localhost traffic for everything else.

Tails already uses similar iptables setup.

Anonymous 12/24/2017 (Sun) 15:09:42 [Preview] No.1090 del
What about having a fileserver to share anonymously? Like an open directory. How to do this?

(378.52 KB 801x501 aeaih.png)
FreeBSD Anonymous 12/05/2017 (Tue) 03:45:16 [Preview] No. 1073 [Reply] [Last 50 Posts]
Anyone here run FreeBSD on hardware?

Anonymous 12/06/2017 (Wed) 14:11:19 [Preview] No.1074 del
There isn't a single person who would use FreeBSD on real hardware. You can't easily port Linux drivers to it, not much community support... Really, using Gentoo FreeBSD edition or Source Mage is better.

Endwall 12/10/2017 (Sun) 08:50:25 [Preview] No.1078 del
I installed FreeBSD 10 on a Sun Microsystems UltraSparc Creator 3D workstation that I got for $30. OpenBSD wouldn't work, something about a bad magic number or something. Anyways the NVRAM had a dead battery so I couldn't get it on the internet because it couldn't register a MAC address which is stored in the NVRAM. I read an article about soldering the NVRAM with a new battery. Replacement is like $70 for a new NVRAM. So it's in the basement for future projects.

That aside I have about 2 or 3 PowerMac G5 silver towers ($50 for a dual 2.3GHz) that I want to install FreeBSD onto. I've read that this is the way to go with those things. I'll experiment with it this summer.

I think if you're going to go BSD go OpenBSD, but really these are for different purposes. If you need to have drivers for video cards and for multiple desktop environments use FreeBSD. If you want nothing to work, no drivers for video cards, etc but a secure environment then use OpenBSD. I mainly use Parabola, Gentoo and OpenBSD. Different use cases for different jobs. I ultimately want to migrate my linux experience to something like Source Mage evenutally when I have more time to spend reading and installing/fixing computers. But I'm too busy with school to change gears right now.

FreeBSD friends post your security tips here in this thread. Links to articles and tutorials about FreeBSD security and other helpful tips are also welcome. Thanks for starting the thread OP.

Anonymous 12/17/2017 (Sun) 05:39:07 [Preview] No.1086 del
I do. I run it on the Xeon workstation under my desk.

(843.92 KB 1582x929 adblockerultimate1.png)
Chrome Addons Anonymous 12/10/2017 (Sun) 03:54:06 [Preview] No. 1075 [Reply] [Last 50 Posts]
A lot of browser addons or extensions claim to improve privacy and security. These include Ghostery, Disconnect and Privacy Badger along with a slew of others.

I think for most entry level computer users that those type of addons might provide something useful. To people who are more experienced with browsers and their extensions they seem like a gimmick or just fancy visual feedback. A lot bells and whistles with very little actual functionality.

What can really make surfing the internet a much safer experience? If we focus on HTTPS, SSL and Digital Certificates then we have a good head start. From there we can protect ourselves from ads that might lead to sketchy websites. We can beef up our passwords and add authenticators to our accounts. At the most zealous level we can disable javascript and flash.

The following extensions are for Chrome.


Adblocker Ultimate accomplishes the two jobs that all adblockers must. First it has to have a pretty good idea of what is undesirable content and what it is that users want to see or interact with. Also there are no false positives; Adblocker Ultimate pretty much never identifies images or other website content as ads when they aren't.

The extension is also easy to turn off. You can disable it entirely or just for a webpage. The function that allows you to add new blocked elements works extremely well.


Authy integrates authentication into the browser. I have not personally used this extension. The use of authenticators is extremely powerful security wise. I prefer to use my phone and download apps that have authenticators because I see having two different pieces of hardware as more secure than an application running beside another on the same device.

Anonymous 12/10/2017 (Sun) 03:57:48 [Preview] No.1076 del

HTTPS Everywhere forces connections on websites to be made through HTTPS instead of HTTP. I have seen a number of times where a website's homepage will have HTTPS enabled but some other portion will not be encrypted through HTTPS.


KB SSL Enforcer redirects the browser to use SSL/TLS.


Keeper Password Manager is by far one of my favorite addons. It does a perfect job of saving usernames and passwords. It allows for the easy generation of new passwords that are extremely secure. The features that it offers for free are top notch.


Poper Popup Blocker is effective and consistent about blocking popups when the browser and adblocker fail to do so.


Message too long. Click here to view full text.

Anonymous 12/10/2017 (Sun) 04:18:38 [Preview] No.1077 del
If you don't trust password managers then I suggest using a solution like pass the unix password manager.


Also you can just generate passwords with password card and last pass.


Endwall 12/14/2017 (Thu) 04:06:42 [Preview] No.1081 del

I don't endorse google chrome, and generally avoid any products and services produced by this company if you want to maintain computer and internet privacy and security. Their entire business model is to invade your privacy and sell the information to advertisers and to the government. Avoid all of their products if possible.

That said I'm sure this thread might be helpfull to windows users. So go ahead and start a Windows 7 security thread as well.

Secure OSes Anonymous 05/09/2016 (Mon) 18:21:17 [Preview] No. 37 [Reply] [Last 50 Posts]
What is the best OS option for a secure setup?
How do OpenBSD and Linux with patches compare in terms of the security they offer?
69 posts and 1 image omitted.

Anonymous 09/18/2017 (Mon) 13:55:34 [Preview] No. 1028 del
Tor sort of works now but there's no official Tor-OpenRC script besides the deprecated AUR version of that script. Also, UseEntryGuardsAsDirGuards is deprecated, Endwall might need to update his endtorrc file.

Endwall 09/19/2017 (Tue) 06:29:25 [Preview] No. 1029 del
Yeah I noticed this a while ago and updated the file in endconf.git but forgot to copy it to the rest of the repo locations. Should be updated now. I guess the whole idea is that there is a best way to do something, (Tor settings for instance), so lets find that best way and spread it.

Endwall 09/19/2017 (Tue) 06:47:16 [Preview] No. 1030 del
I've been off of the ball for a while though. For instance I noticed recently that xtrac-ytpl.sh has stopped working. I'll look at this next weekend, but I've got homework up the wazoo.

I strongly believe that binary package based distributions are not the way to go for security. You're trusting the packager or the packaging team not to insert their own backdoor or malware, and you have no way to check if that has happened. Everything running on a secure computer has to have been compiled from source that is resident on your computer. That way if you suspect that something is wrong, you can at least check. I don't have the time or the expertise to do this but there are enough computer security experts out there that will, and will hopefully raise a red flag in a blog post, or in an article, or publicize it in a bug tracker. Right now, by using parabola (debian, ubuntu,mint,fedora,etc) , I'm trusting the packager that they don't work for an Intelligence agency of some small European country, or for a hacking team operating out of Russia. If they get caught (unlikely) they can just change their fake name and move on to the next distribution of linux (if they're not already doing it to the packages there as well).

I generally fell off of the wagon when I realized that my computer hardware and operating system were a major point of unreliability, and the probable source of my leak and privacy issues.

Binary package based distributions are a good place to start for someone learning to use GNU/Linux, but they're not the place to be for secure / private systems. Those are just my opinions, I'm not an expert in computer security, but by talking about it we'll get to the bottom of this eventually.

systemd Anonymous 09/27/2017 (Wed) 22:18:38 [Preview] No. 1039 del
About security vulnerabilities on systemd:

Beware of the combination with Wayland. Also systemd is not the only problem, Avahi has been a problem for a while.

Anonymous 10/03/2017 (Tue) 06:25:47 [Preview] No. 1042 del
This is supposedly better than firejail, and it sure is harder to use than firejail from the looks of it.