Desert Nomad, First Responder, Reverend, Intelligence Analyst, Computer Expert, Cowboy, Sorcerer, Metaphysician, Polymath.

  • 0 Posts
  • 35 Comments
Joined 1 year ago
cake
Cake day: October 4th, 2023

help-circle
  • Elias Griffin@lemmy.worldtoPrivacy@lemmy.mlThreat Modelling 101
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    4 months ago

    I just happened upon this thread and security of all types is my specialty so I just wanted to say that nothing here is personal. I’m trying to be helpful giving folks “actual security” as in not “better than putting passwords in plain text files”. Lazy idiots will be lazy idiots with Keepass as well. I can’t tell you how many stories I’ve heard from colleagues that those people aforementioned just put the main Keepass password in a plain text file.

    I upvoted the OP and your reply for bringing TM novelty and awareness.

    I do see what you’re going for, but the mitigations you wrote can be found everywhere on the Internet for over a decade. It’s average commodity information combined with that fact that we are not more secure these days, but less secure in 2024 that ever.

    In the case of password databases, this is de facto less secure than paper and pencil, which is not extreme by any measure and actually takes little effort.


  • Elias Griffin@lemmy.worldtoPrivacy@lemmy.mlThreat Modelling 101
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    4 months ago

    Quadhelion Engineering Corrected Mitigation Strategies:

    • Never use an electronic password manager, use index cards and an art quality graphite pencil instead
    • The loss, hack, crack, or malfunction of a MFA device can be absolutely devastating. Use with caution and sync three of them, 1 of them kept in a firesafe at all times
    • Never regurlarly update all software and devices, choose your updates and choose your timing depending on your environment and posture instead
    • Never be reliant upon an electronic home security system and lock devices (if they get that far, major damage has occured), use a Rottwieller, Great Dane, Mastiff, German Shepard, or Akita (never Pitbulls or Dobermans) alongside yourself with non-lethal weapons until lethal force is used upon you, instead

    You asked and the Non-lethal (Less-Lethal) Weapons Industry has delivered. Pepper ball guns, Radically Improved Tasers, Electrical Stun Devices, Batons, Kubatons, Pellet Guns, ColdSteel Brooklyn Smasher, Slings, and also you may not think unless you played, Paintball Guns, big nasty bruises at medium range if only wearing a T-Shirt.


    • Women hide thier skin, lips, and age
    • Men hide thier jawline with beards and their insecurities are buried so well, they forget it themselves as a defense mechanism hoping the mental/emotional weakness will “heal” by next confrontation
    • Humans hide thier weakness,
    • Thier competitive business plans
    • Patents until they are published
    • Who are you falling in love with at the start
    • Exactly how much you are attracted to a person
    • Who you have a crush on
    • Your answer to a $10,000 competition
    • Your lottery ticket
    • The location of your gold and gun
    • The location of your child when allowed online
    • Whether someone is away from home for extended periods of time, you leave the lights and TV on.
    • Inventions until it’s marketed
    • Science Fair Project until it’s unvieled
    • Presents until they are opened
    • Your private parts
    • Your private thoughts on your marriage

    Have you ever grabbed a childs private parts? NO of course not, because you INNATELY UNDERSTAND even though you are not a parent and don’t remember being one yourself. In fact you understand it so well that if you were to do so publcally, you’re putting your life at risk.

    CONCLUSION: Privacy is natural and helps give confidence and security to an individual but they want access to your weaknesses and privates anyway.

    EVIDENCE: Privacy Violation is a specific tactic meant to break people …IN PRISON…since they begining of time, Gulags.

    P.S. Stop showing nude baby pictures at reunions to those that did not raise or grow up with the child in the family who already saw them naked, and only while they are still a child and not a teenager, otherwise that is a serious privacy violation. In fact, just don’t take the picture, where did you even get that you lazy lubricated louse.









  • Elias Griffin@lemmy.worldtoPrivacy@lemmy.mlSignal leaked random contacts to me!
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    5
    ·
    edit-2
    11 months ago

    This is super helpful, I may post this to infosec.exchange. Flathub makes this so much more difficult to find the reason for what looks like a real breach. I don’t use Flathub for security reasons so I don’t know if you can even isolate the PID? Anyone know?

    I don’t want you to have to spend a lot of time or troubleshoot over the web but if you see anything that stands out as “wow shouldn’t be there/running” when you run these commands come back to us:

    1. ps the PID of Signal or secondarily, Flathub
    2. lsof -p PID
    3. strace
      • sudo strace -f -t -e trace=file -p PID
    4. sysctl kernel.randomize_va_space
      • pkill/killall Flathub/Signal and restart FH/Signal and see if it still presents the vulnerability





  • Yeah, GetPocket App from Aurora store was able to turn on location on GrapheneOS about 4 months back. After reading the AuroraOSS Store Founder’s profile on Gitlab, I no longer trust AuroraOSS and if you are using GrapheneOS I would advise to vet and install your own apks.

    I had a CalyxOS phone whose ROM was hacked which should be impossible outside the factory. Yes, I’m sure and if you had access to the phone, you would also be sure. I’m a huge target whereas most people are not so maybe some high end team was run at me and that would not happen to you.

    I’m not competent enough about mobile OS security as of yet to vet mobile OS in detail, but thanks for awareness on Lineage/Divest.



  • The Blacklight results come up exceptional compartively, 1 tracker, 1 cookie, and it’s easy to block Google. It doesn’t do that over accounts or sessions however, and that is a quite positive attribute. Thanks for the awareness on that though, for everyone. I always advise to use a blocking browser. I guess overall I see the best-in-class results to be worth it every once in a while.

    You mentioned Cromite for Android, isn’t that conflicting? Cloudflare is the #1 MITM privacy destroyer so that’s great too. I’ll have to check under VPN.

    Could I get your recommendation for what you would advise for a private search engine that has acceptable results?

    Good info overall, thanks for this comment.



  • What a superb list! Saved.

    I was thinking of writing a guide on how to lead a digitally private and secure “life” since so many bad guides are out there.

    I’d like to add that the best private and secure Operating Systems are:

    • BSD
    • HardenedBSD
    • Commercial UNIX (HP-UX, AIX, IRIX)
    • Void & Alpine Linux
    • Indie Operating Systems

    Private Search Engines


    Private Browsers

    • Lynx
    • Librewolf
    • Waterfox
    • Qutebrowser
    • Hardened Firefox (at my repo)

    Qubues runs containers yes, but the unique use of a paravirtualized Fedora Linux kernel itself leaves open lots of unique security holes and is therefore extremely hard reviewing the security of it yourself.

    GrapheneOS is constantly being showboated by Ed Snowden which is a red flag and I did experience app contamination on it. I would also suggest PostmarketOS. Definite no on CalyxOS.

    I’d like to throw in my own Free Open Source, git clone, security repositories for BSD and Firefox available on Bitbucket, Github, and my own self-hosted git server with the latest files. All my software is currently written in Python (my very first Python scripts!) and short so it’s very easy to review.