Enraged

Discussion in 'Operating Systems' started by Coldblackice, Nov 18, 2019.

  1. B00nie

    B00nie [H]ardness Supreme

    Messages:
    8,039
    Joined:
    Nov 1, 2012
    It's not like obscurity is the only defense linux has. You have to remember that the back end of all internet runs on linux. Every major website, root DNS services, routing and the works basically. 99,8% of supercomputers also run linux.
     
  2. AltTabbins

    AltTabbins [H]ard as it Gets

    Messages:
    19,371
    Joined:
    Jul 29, 2005
    A big security flaw of Windows are it's users' bad habits. I don't know how many computers I have come across where users completely disable UAC. People got used to the convenience of not having to click "ok" on a prompt that pops up when something is trying to run in the background. You have to jump through some pretty advanced hoops to have your account set as root all the time on Linux. Without that enabled, you are very aware of everything that happens on your Linux computer since it prompts you for a password to even install things from the trusted software center.
     
    schizrade likes this.
  3. B00nie

    B00nie [H]ardness Supreme

    Messages:
    8,039
    Joined:
    Nov 1, 2012
    On windows the lack of security starts from the basic setup which puts every user to the administrator group. I have set up even my gaming computer (which I use only to run steam and WOT) as non-privileged user.
     
    Lunar likes this.
  4. ManofGod

    ManofGod [H]ardForum Junkie

    Messages:
    11,136
    Joined:
    Oct 4, 2007
    On Windows, backwards compatibility means that a limited or standard user account is often not useable. Of course, that is more on the OEM's than Microsoft themselves, as for the software itself goes.
     
  5. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    The problem is, in order for the computer illiterate masses to use Windows you have to introduce vulnerabilities, you have to make things less secure in the name of convenience.

    Just look at Vista and UAC.
     
  6. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    No. I hate using cell phones for anything but calls.

    Fiddly little shitty virtual keyboard thingos..
     
    tordogs, B00nie and Master_shake_ like this.
  7. Lunar

    Lunar Limp Gawd

    Messages:
    396
    Joined:
    Jul 26, 2007
    You say that like it's the only argument for security that Linux users provide. Personally, I agree with you that security through obscurity is BS, and as such, it has nothing to do with why I believe Linux is more secure. As said in later posts, the default new user state in Windows being administrator is a huge problem. The software installation model of Windows is ripe for exploitation, and has been over and over again. But worst yet is how MS is handling OS updates now. They've basically killed their internal QA testing in favor of insider rings that have proven over the last couple of years of updates to be an absolute disaster. In reality, MS has effectively abandoned Windows in favor of their cloud business. Everything with MS these days is to move customers to the cloud seemingly at the cost of the end user experience and quality of their former flagship product. Office 365 for Enterprise, Windows Virtual Desktop, etc. And I kind of understand why. For most consumers a fully featured computer in the home isn't necessary anymore. I'm not a fan of this, but it's the way things are. For most people, a Chromebook or a tablet is plenty for their needs. This would also be the reason why we've seen Windows 10S and now Windows 10X. At this point I think it's painfully obvious to just about anyone that MS doesn't give a crap about the traditional Windows desktop anymore. There just isn't any money in it.

    I'm sorry, but no. There are solutions to that problem. Enterprises do it everyday. Plus, if that were the case, then it implies that MS is wiling to sacrifice security for convenience which is a problem. They could develop a solution to that problem, but instead we're just going to give admin rights to everyone. Terrible idea.
     
    Last edited: Nov 21, 2019
  8. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    I just spent a few hours today looking at criminal discovery of a guy that went to extremes to cover his identity. Proxies, anonymizers, burner phones paid in cash etc etc... the guy still left mountains of data that leaked out of his linux, windows and phones that were linked back to him with good forensics work. It's a game you can only win by living in a hut in a jungle from birth to death. You can beat some if it, but you will never escape it.
     
    DrLobotomy likes this.
  9. ManofGod

    ManofGod [H]ardForum Junkie

    Messages:
    11,136
    Joined:
    Oct 4, 2007
    Yeah but, what about Jack Bauer? :) ;)
     
    schizrade likes this.
  10. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    He lives with Chuck Norris at 255.255.255.257 lane... cant track shit into their neighborhood.
     
    ManofGod likes this.
  11. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    Which is a little bit different than monitoring a customer's browsing habits for the sole purpose of targeted advertising. Naturally you can track someone using proxy's if you go through the logs of each proxy, the question is: in 90% of cases is there any reason to?
     
  12. B00nie

    B00nie [H]ardness Supreme

    Messages:
    8,039
    Joined:
    Nov 1, 2012
    Cough *bs* cough. If he had burner phones there's nothing that can link to him except cell tower location.
     
    wra18th likes this.
  13. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    BS? lol Hardly. The calls and text messages made to others are cross referenced back to that phone, and with device location information the suspect nailed to those locations with things like surveillance video, retail transactions etc as being the user of that device+sim at that time.

    Call "bs" somewhere else. The mountains of data these things collect cannot be escaped.
     
  14. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    So in other words it's not real forensics. The Government themselves have stripped our right to privacy to the point where we can be tracked anywhere in the name of 'apparent' terrorism and the resulting media hype swaying public opinion allowing such laws to be passed.

    Because surely those texts were encrypted assuming this individual was as thorough as you claim he was? How did you get around the encryption?
     
  15. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    Of course its "real forensics". The investigation verifies what the forensics point at. A ground truth.

    I don't work for the FBI/cops, they have the ability to capture things I could never capture as a CCPA. We simply get discovery and try and poke holes in government claims. They have the ability to capture things that even cellebrite says you can't capture, like an almost physical image of an iOS device in almost current versions.

    My point is, even if you are super careful, iOS, Android, win10 are all leaky pools. Your use of any of these devices leaks data that can be recovered and linked directly to you. How do you think they tied all those BTC transactions to individuals?

    I'm not looking to argue with all of you about windows 10 being data leaky (it is) just making the point that's simply using any of this is leaky in it's simple use.
     
  16. cybereality

    cybereality [H]ardness Supreme

    Messages:
    4,872
    Joined:
    Mar 22, 2008
    Use Linux. It's as simple as that.
     
    schizrade likes this.
  17. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    It helps that's for sure. It doesn't leak like the rest.
     
    cybereality likes this.
  18. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    They're not leaky, the Government simply has too much power, and Windows leaks far more than Linux. Still doesn't overcome encryption though, if the individual in question encrypted all data/communication and used a live distro with no persistence you wouldn't have got a lot of useful data.

    You also have to make sure not to use Google searches...
     
  19. B00nie

    B00nie [H]ardness Supreme

    Messages:
    8,039
    Joined:
    Nov 1, 2012
    I guess you have no concept what a burner phone is. It's a phone that has a prepaid sim and which you *throw away* after use. That's why it's called a burner - you burn it or break it after using it to remove traces. Nobody knows you own that phone or the sim card so nobody can trace it to you or your location.
     
    Mazzspeed likes this.
  20. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    Why are you being so caustic? Of course I know what a "burner phone" is. It's a phone you use once then destroy it that is ostensibly not attached to any one person. The problem is, the moment you use it and call and text people you generate data that can tie you back to that burner phone which is often not "burned", and even if it is, that data can still be linked to you. Its not the movies, its real life. A good team of investigators can link data that came from a burned device to the purchase point back out to the person that used it. How do you think they catch these networks of people using throw away phones?
     
  21. SuperSubZero

    SuperSubZero 2[H]4U

    Messages:
    3,589
    Joined:
    Nov 21, 2000
    Since this thread is off the rails, I just wanna check, is there anyone here who believes Microsoft, with special assistance from your ISP, can dynamically enable a special hidden 10TB network pipe and upload multiple copies of all of your storage to MS's secret servers on the far side of the moon?

    Just curious.
     
    primetime and Chuklr like this.
  22. B00nie

    B00nie [H]ardness Supreme

    Messages:
    8,039
    Joined:
    Nov 1, 2012
    If you buy the phone used or stolen with cash, nobody will be able to link the phone to you. All they will know that a call has been made from around cell tower x and that's it. Of course if the person continues to use the phone it's not a burner anymore.
     
    Mazzspeed likes this.
  23. cybereality

    cybereality [H]ardness Supreme

    Messages:
    4,872
    Joined:
    Mar 22, 2008
    Read up on Kevin Mitnick. When he was on the run from the police they caught him by his burner phone. The phone was clean (bought by a bum with cash) but the police checked the cell records and noticed that he was connected to the same cell tower as his real phone (which he didn't use but was in his pocket at the time) when he made the calls on the burner. Lots of ways to tie the device back to you.
     
    schizrade and Mazzspeed like this.
  24. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    I read Kevin's book Ghost In The Wires, one very talented hacker. I don't remember the authorities tracking his burner phone like that however, in fact I don't even remember him having a burner phone as I think his time was before cell phones really became a thing.

    Kevin was right on it. Even when they were tapping his phone he'd work it out and ring the telco, using social engineering to confirm if a tap had been put on his line or not.
     
    Last edited: Nov 24, 2019
    cybereality likes this.
  25. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    Oh yeah Mitnick. I went to a book signing of his right after he got out of jail. That was 2 hours I'll never forget.
     
    cybereality likes this.
  26. schizrade

    schizrade [H]ardness Supreme

    Messages:
    4,758
    Joined:
    Feb 15, 2003
    His cellular activity ultimately damned him:

    https://www.wired.com/1996/02/catching/

    He was attempting to manipulate his star-tac to conceal his location, but in the end it didn't work.
     
  27. cybereality

    cybereality [H]ardness Supreme

    Messages:
    4,872
    Joined:
    Mar 22, 2008
    I believe that story was from his newer book, The Art of Invisibility: https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother-ebook/dp/B01GZY28CW/
     
  28. ChadD

    ChadD [H]ardness Supreme

    Messages:
    4,268
    Joined:
    Feb 8, 2016
    OH man looking over your post your a dirty pirate... I can't take you serious now MS is right. If you have nothing to hide what are you worried about... there snagit user.

    I am joking of course. Ya MS is a terrible terrible company... but you already knew that right.

    If you are not using games. and your employer/school isn't requiring some specific will never run in Linux no matter what bit of software then burn that crap OS with fire. And even if you are a crazy gamer and you must have windows for work... dual boot. Its really not that painful especially today in the era of 5s boot times. Also if you are a light - medium heavy gamer that has a massive Steam library.... try Linux Steam (turn on steam play in steams settings and select use for ALL windows software) you may find that everything you care about runs very smoothly in Linux. If that is the case you won't miss windows AT all.

    My suggesting for anyone new or old to Linux... Manjaro. Its based on lighting fast and reliable arch. With an extra level of testing adding even more reliability. While being one of the most user friendly distros around. New user power user it doesn't get much better then Manjaro. Even if your a 1000 level Linux god you can use Manjaro as a faster installer for Arch proper by simply switching to Manjaros unstable update branch (which is just vanilla arch... ok I think its 1-3 days delayed but that isn't a bad thing even for level 1000 users lol).
    https://manjaro.org/
    https://manjaro.org/download/official/gnome/
     
    cybereality likes this.
  29. B00nie

    B00nie [H]ardness Supreme

    Messages:
    8,039
    Joined:
    Nov 1, 2012
    It means he was sloppy or stupid lol. Only a moron would leave their personal phone on if they think they're being tracked. You need to either leave the phone home or remove the sim and battery while moving. In fact, best thing to do would be to give your personal phone to someone else to carry, that way it won't be offline when you make the call and moving somewhere else.
     
  30. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    I need to read this book! Ghost In the Wires was awesome, the guy is a true genius.

    That's actually an excellent article, however it's a little different to your example of intercepting unencrypted SMS messages.
     
    Last edited: Nov 25, 2019
  31. Stanley Pain

    Stanley Pain 2[H]4U

    Messages:
    2,447
    Joined:
    Apr 5, 2001
    You mean like every user created as part of the just about every Linux installer being placed into the wheel group? ;)

    Sorry for the slight thread necro.

    Security is the users responsibility and unfortunately the gross majority of users don't care.
     
  32. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    UAC isn't effective privilege escalation, even Microsoft themselves state so. Fact is: Malware's infecting Windows systems somehow, the problem's rampant.
     
  33. Stanley Pain

    Stanley Pain 2[H]4U

    Messages:
    2,447
    Joined:
    Apr 5, 2001
    It is at it's max setting. Anything below max settings is a slippery slope of compromise. You can make it function pretty much the same way sudo works (by requiring a password).
     
  34. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    “Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.”
    ― Douglas Adams

    UAC is the way it is as the average Windows user cannot handle anything else. It's a compromise between security and convenience.
     
  35. AltTabbins

    AltTabbins [H]ard as it Gets

    Messages:
    19,371
    Joined:
    Jul 29, 2005
    And almost every "average" user I have met has it completely turned off. In the early 2000's when Windows Vista and 7 were out, it was actually a well known "life hack" for people to turn off UAC so they wouldn't have prompts pop up.
     
    Mazzspeed likes this.
  36. Shoganai

    Shoganai Limp Gawd

    Messages:
    397
    Joined:
    Dec 5, 2018
    It's the first thing I turn off for literally everyone I know using a Windows PC because they can't stand it.
     
    Mazzspeed likes this.
  37. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    It's a massive problem. Even MacOS users are struggling with the new security requirements introduced with Mojave. It's the reason why mobile devices are actually better for such users.
     
    Shoganai likes this.
  38. Shoganai

    Shoganai Limp Gawd

    Messages:
    397
    Joined:
    Dec 5, 2018
    MacOS Catalina is a nightmare. I’m moving away from Apple in general these days, but they are starting to get a bit Windowsy ... only in much worse ways than UAC. Having to use Terminal to bypass new stupid security measures to obtain what used to be basic functionality is a bit jarring ... and very frustrating for my family in which they never had to deal with issues like that before. The best security is unobtrusive and hiding in the background, not slapping you in the face at every turn.
     
  39. Mazzspeed

    Mazzspeed 2[H]4U

    Messages:
    2,052
    Joined:
    Dec 27, 2017
    Yes..And no.

    That measure of convenience is the crux of the issue regarding security, and the reason why the hackers are winning.
     
  40. Shoganai

    Shoganai Limp Gawd

    Messages:
    397
    Joined:
    Dec 5, 2018
    The convenience part is definitely fading away. Education about common sense computer practices is the best defense. I never knew Macs could be infested with endless malware, but my cousin proved me wrong. She had literal hundreds of malware and managed to get every possible online account hacked. She also hadn’t updated her OS in years. Took me a week to get her stuff back and just started over with a fresh wipe of the OS, got her an iPhone instead of Android, and put two-factor authentication on everything. She used literally the same password on a hundred different accounts, including social media and her banks. I don’t think I’ve seen anything that bad, especially not on a Mac. She clicks and installs everything that pops up.