Enraged

Status
Not open for further replies.
Oh, it works, until it doesn't. Once something is no longer obscure all your vaunted security advantages are gone. Look at Intel these last few years: Intel is about as secure as Swiss Cheese now, thanks to bugs no longer being obscure.
It's not like obscurity is the only defense linux has. You have to remember that the back end of all internet runs on linux. Every major website, root DNS services, routing and the works basically. 99,8% of supercomputers also run linux.
 
It's not like obscurity is the only defense linux has.

A big security flaw of Windows are it's users' bad habits. I don't know how many computers I have come across where users completely disable UAC. People got used to the convenience of not having to click "ok" on a prompt that pops up when something is trying to run in the background. You have to jump through some pretty advanced hoops to have your account set as root all the time on Linux. Without that enabled, you are very aware of everything that happens on your Linux computer since it prompts you for a password to even install things from the trusted software center.
 
A big security flaw of Windows are it's users' bad habits. I don't know how many computers I have come across where users completely disable UAC. People got used to the convenience of not having to click "ok" on a prompt that pops up when something is trying to run in the background. You have to jump through some pretty advanced hoops to have your account set as root all the time on Linux. Without that enabled, you are very aware of everything that happens on your Linux computer since it prompts you for a password to even install things from the trusted software center.
On windows the lack of security starts from the basic setup which puts every user to the administrator group. I have set up even my gaming computer (which I use only to run steam and WOT) as non-privileged user.
 
  • Like
Reactions: Lunar
like this
On windows the lack of security starts from the basic setup which puts every user to the administrator group. I have set up even my gaming computer (which I use only to run steam and WOT) as non-privileged user.

On Windows, backwards compatibility means that a limited or standard user account is often not useable. Of course, that is more on the OEM's than Microsoft themselves, as for the software itself goes.
 
A big security flaw of Windows are it's users' bad habits. I don't know how many computers I have come across where users completely disable UAC. People got used to the convenience of not having to click "ok" on a prompt that pops up when something is trying to run in the background. You have to jump through some pretty advanced hoops to have your account set as root all the time on Linux. Without that enabled, you are very aware of everything that happens on your Linux computer since it prompts you for a password to even install things from the trusted software center.

The problem is, in order for the computer illiterate masses to use Windows you have to introduce vulnerabilities, you have to make things less secure in the name of convenience.

Just look at Vista and UAC.
 
Security, on the other hand, is where I disagree with a typical Linux enthusiast where the philosophy of 'security through obscurity' holds reign supreme. Nothing is hack-proof; nothing is fully secure.
You say that like it's the only argument for security that Linux users provide. Personally, I agree with you that security through obscurity is BS, and as such, it has nothing to do with why I believe Linux is more secure. As said in later posts, the default new user state in Windows being administrator is a huge problem. The software installation model of Windows is ripe for exploitation, and has been over and over again. But worst yet is how MS is handling OS updates now. They've basically killed their internal QA testing in favor of insider rings that have proven over the last couple of years of updates to be an absolute disaster. In reality, MS has effectively abandoned Windows in favor of their cloud business. Everything with MS these days is to move customers to the cloud seemingly at the cost of the end user experience and quality of their former flagship product. Office 365 for Enterprise, Windows Virtual Desktop, etc. And I kind of understand why. For most consumers a fully featured computer in the home isn't necessary anymore. I'm not a fan of this, but it's the way things are. For most people, a Chromebook or a tablet is plenty for their needs. This would also be the reason why we've seen Windows 10S and now Windows 10X. At this point I think it's painfully obvious to just about anyone that MS doesn't give a crap about the traditional Windows desktop anymore. There just isn't any money in it.

On Windows, backwards compatibility means that a limited or standard user account is often not useable. Of course, that is more on the OEM's than Microsoft themselves, as for the software itself goes.
I'm sorry, but no. There are solutions to that problem. Enterprises do it everyday. Plus, if that were the case, then it implies that MS is wiling to sacrifice security for convenience which is a problem. They could develop a solution to that problem, but instead we're just going to give admin rights to everyone. Terrible idea.
 
Last edited:
I just spent a few hours today looking at criminal discovery of a guy that went to extremes to cover his identity. Proxies, anonymizers, burner phones paid in cash etc etc... the guy still left mountains of data that leaked out of his linux, windows and phones that were linked back to him with good forensics work. It's a game you can only win by living in a hut in a jungle from birth to death. You can beat some if it, but you will never escape it.
 
I just spent a few hours today looking at criminal discovery of a guy that went to extremes to cover his identity. Proxies, anonymizers, burner phones paid in cash etc etc... the guy still left mountains of data that leaked out of his linux, windows and phones that were linked back to him with good forensics work. It's a game you can only win by living in a hut in a jungle from birth to death. You can beat some if it, but you will never escape it.

Yeah but, what about Jack Bauer? :) ;)
 
I just spent a few hours today looking at criminal discovery of a guy that went to extremes to cover his identity. Proxies, anonymizers, burner phones paid in cash etc etc... the guy still left mountains of data that leaked out of his linux, windows and phones that were linked back to him with good forensics work. It's a game you can only win by living in a hut in a jungle from birth to death. You can beat some if it, but you will never escape it.

Which is a little bit different than monitoring a customer's browsing habits for the sole purpose of targeted advertising. Naturally you can track someone using proxy's if you go through the logs of each proxy, the question is: in 90% of cases is there any reason to?
 
I just spent a few hours today looking at criminal discovery of a guy that went to extremes to cover his identity. Proxies, anonymizers, burner phones paid in cash etc etc... the guy still left mountains of data that leaked out of his linux, windows and phones that were linked back to him with good forensics work. It's a game you can only win by living in a hut in a jungle from birth to death. You can beat some if it, but you will never escape it.
Cough *bs* cough. If he had burner phones there's nothing that can link to him except cell tower location.
 
Cough *bs* cough. If he had burner phones there's nothing that can link to him except cell tower location.

BS? lol Hardly. The calls and text messages made to others are cross referenced back to that phone, and with device location information the suspect nailed to those locations with things like surveillance video, retail transactions etc as being the user of that device+sim at that time.

Call "bs" somewhere else. The mountains of data these things collect cannot be escaped.
 
BS? lol Hardly. The calls and text messages made to others are cross referenced back to that phone, and with device location information the suspect nailed to those locations with things like surveillance video, retail transactions etc as being the user of that device+sim at that time.

Call "bs" somewhere else. The mountains of data these things collect cannot be escaped.

So in other words it's not real forensics. The Government themselves have stripped our right to privacy to the point where we can be tracked anywhere in the name of 'apparent' terrorism and the resulting media hype swaying public opinion allowing such laws to be passed.

Because surely those texts were encrypted assuming this individual was as thorough as you claim he was? How did you get around the encryption?
 
So in other words it's not real forensics. The Government themselves have stripped our right to privacy to the point where we can be tracked anywhere in the name of 'apparent' terrorism and the resulting media hype swaying public opinion allowing such laws to be passed.

Because surely those texts were encrypted assuming this individual was as thorough as you claim he was? How did you get around the encryption?

Of course its "real forensics". The investigation verifies what the forensics point at. A ground truth.

I don't work for the FBI/cops, they have the ability to capture things I could never capture as a CCPA. We simply get discovery and try and poke holes in government claims. They have the ability to capture things that even cellebrite says you can't capture, like an almost physical image of an iOS device in almost current versions.

My point is, even if you are super careful, iOS, Android, win10 are all leaky pools. Your use of any of these devices leaks data that can be recovered and linked directly to you. How do you think they tied all those BTC transactions to individuals?

I'm not looking to argue with all of you about windows 10 being data leaky (it is) just making the point that's simply using any of this is leaky in it's simple use.
 
Of course its "real forensics". The investigation verifies what the forensics point at. A ground truth.

I don't work for the FBI/cops, they have the ability to capture things I could never capture as a CCPA. We simply get discovery and try and poke holes in government claims. They have the ability to capture things that even cellebrite says you can't capture, like an almost physical image of an iOS device in almost current versions.

My point is, even if you are super careful, iOS, Android, win10 are all leaky pools. Your use of any of these devices leaks data that can be recovered and linked directly to you. How do you think they tied all those BTC transactions to individuals?

I'm not looking to argue with all of you about windows 10 being data leaky (it is) just making the point that's simply using any of this is leaky in it's simple use.

They're not leaky, the Government simply has too much power, and Windows leaks far more than Linux. Still doesn't overcome encryption though, if the individual in question encrypted all data/communication and used a live distro with no persistence you wouldn't have got a lot of useful data.

You also have to make sure not to use Google searches...
 
BS? lol Hardly. The calls and text messages made to others are cross referenced back to that phone, and with device location information the suspect nailed to those locations with things like surveillance video, retail transactions etc as being the user of that device+sim at that time.

Call "bs" somewhere else. The mountains of data these things collect cannot be escaped.
I guess you have no concept what a burner phone is. It's a phone that has a prepaid sim and which you *throw away* after use. That's why it's called a burner - you burn it or break it after using it to remove traces. Nobody knows you own that phone or the sim card so nobody can trace it to you or your location.
 
I guess you have no concept what a burner phone is. It's a phone that has a prepaid sim and which you *throw away* after use. That's why it's called a burner - you burn it or break it after using it to remove traces. Nobody knows you own that phone or the sim card so nobody can trace it to you or your location.

Why are you being so caustic? Of course I know what a "burner phone" is. It's a phone you use once then destroy it that is ostensibly not attached to any one person. The problem is, the moment you use it and call and text people you generate data that can tie you back to that burner phone which is often not "burned", and even if it is, that data can still be linked to you. Its not the movies, its real life. A good team of investigators can link data that came from a burned device to the purchase point back out to the person that used it. How do you think they catch these networks of people using throw away phones?
 
Since this thread is off the rails, I just wanna check, is there anyone here who believes Microsoft, with special assistance from your ISP, can dynamically enable a special hidden 10TB network pipe and upload multiple copies of all of your storage to MS's secret servers on the far side of the moon?

Just curious.
 
Why are you being so caustic? Of course I know what a "burner phone" is. It's a phone you use once then destroy it that is ostensibly not attached to any one person. The problem is, the moment you use it and call and text people you generate data that can tie you back to that burner phone which is often not "burned", and even if it is, that data can still be linked to you. Its not the movies, its real life. A good team of investigators can link data that came from a burned device to the purchase point back out to the person that used it. How do you think they catch these networks of people using throw away phones?
If you buy the phone used or stolen with cash, nobody will be able to link the phone to you. All they will know that a call has been made from around cell tower x and that's it. Of course if the person continues to use the phone it's not a burner anymore.
 
Read up on Kevin Mitnick. When he was on the run from the police they caught him by his burner phone. The phone was clean (bought by a bum with cash) but the police checked the cell records and noticed that he was connected to the same cell tower as his real phone (which he didn't use but was in his pocket at the time) when he made the calls on the burner. Lots of ways to tie the device back to you.
 
Read up on Kevin Mitnick. When he was on the run from the police they caught him by his burner phone. The phone was clean (bought by a bum with cash) but the police checked the cell records and noticed that he was connected to the same cell tower as his real phone (which he didn't use but was in his pocket at the time) when he made the calls on the burner. Lots of ways to tie the device back to you.

I read Kevin's book Ghost In The Wires, one very talented hacker. I don't remember the authorities tracking his burner phone like that however, in fact I don't even remember him having a burner phone as I think his time was before cell phones really became a thing.

Kevin was right on it. Even when they were tapping his phone he'd work it out and ring the telco, using social engineering to confirm if a tap had been put on his line or not.
 
Last edited:
Read up on Kevin Mitnick. When he was on the run from the police they caught him by his burner phone. The phone was clean (bought by a bum with cash) but the police checked the cell records and noticed that he was connected to the same cell tower as his real phone (which he didn't use but was in his pocket at the time) when he made the calls on the burner. Lots of ways to tie the device back to you.

Oh yeah Mitnick. I went to a book signing of his right after he got out of jail. That was 2 hours I'll never forget.
 
I read Kevin's book Ghost In The Wires, one very talented hacker. I don't remember the authorities tracking his burner phone like that however, in fact I don't even remember him having a burner phone as I think his time was before cell phones really became a thing.

Kevin was right on it. Even when they were tapping his phone he'd work it out and ring the telco, using social engineering to confirm if a tap had been put on his line or not.

His cellular activity ultimately damned him:

https://www.wired.com/1996/02/catching/

He was attempting to manipulate his star-tac to conceal his location, but in the end it didn't work.
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
OH man looking over your post your a dirty pirate... I can't take you serious now MS is right. If you have nothing to hide what are you worried about... there snagit user.

I am joking of course. Ya MS is a terrible terrible company... but you already knew that right.

If you are not using games. and your employer/school isn't requiring some specific will never run in Linux no matter what bit of software then burn that crap OS with fire. And even if you are a crazy gamer and you must have windows for work... dual boot. Its really not that painful especially today in the era of 5s boot times. Also if you are a light - medium heavy gamer that has a massive Steam library.... try Linux Steam (turn on steam play in steams settings and select use for ALL windows software) you may find that everything you care about runs very smoothly in Linux. If that is the case you won't miss windows AT all.

My suggesting for anyone new or old to Linux... Manjaro. Its based on lighting fast and reliable arch. With an extra level of testing adding even more reliability. While being one of the most user friendly distros around. New user power user it doesn't get much better then Manjaro. Even if your a 1000 level Linux god you can use Manjaro as a faster installer for Arch proper by simply switching to Manjaros unstable update branch (which is just vanilla arch... ok I think its 1-3 days delayed but that isn't a bad thing even for level 1000 users lol).
https://manjaro.org/
https://manjaro.org/download/official/gnome/
 
Read up on Kevin Mitnick. When he was on the run from the police they caught him by his burner phone. The phone was clean (bought by a bum with cash) but the police checked the cell records and noticed that he was connected to the same cell tower as his real phone (which he didn't use but was in his pocket at the time) when he made the calls on the burner. Lots of ways to tie the device back to you.
It means he was sloppy or stupid lol. Only a moron would leave their personal phone on if they think they're being tracked. You need to either leave the phone home or remove the sim and battery while moving. In fact, best thing to do would be to give your personal phone to someone else to carry, that way it won't be offline when you make the call and moving somewhere else.
 
I believe that story was from his newer book, The Art of Invisibility: https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother-ebook/dp/B01GZY28CW/

I need to read this book! Ghost In the Wires was awesome, the guy is a true genius.

His cellular activity ultimately damned him:

https://www.wired.com/1996/02/catching/

He was attempting to manipulate his star-tac to conceal his location, but in the end it didn't work.

That's actually an excellent article, however it's a little different to your example of intercepting unencrypted SMS messages.
 
Last edited:
As an Amazon Associate, HardForum may earn from qualifying purchases.
On windows the lack of security starts from the basic setup which puts every user to the administrator group. I have set up even my gaming computer (which I use only to run steam and WOT) as non-privileged user.

You mean like every user created as part of the just about every Linux installer being placed into the wheel group? ;)

Sorry for the slight thread necro.

Security is the users responsibility and unfortunately the gross majority of users don't care.
 
You mean like every user created as part of the just about every Linux installer being placed into the wheel group? ;)

Sorry for the slight thread necro.

Security is the users responsibility and unfortunately the gross majority of users don't care.

UAC isn't effective privilege escalation, even Microsoft themselves state so. Fact is: Malware's infecting Windows systems somehow, the problem's rampant.
 
UAC isn't effective privilege escalation, even Microsoft themselves state so. Fact is: Malware's infecting Windows systems somehow, the problems rampant.

It is at it's max setting. Anything below max settings is a slippery slope of compromise. You can make it function pretty much the same way sudo works (by requiring a password).
 
It is at it's max setting. Anything below max settings is a slippery slope of compromise. You can make it function pretty much the same way sudo works (by requiring a password).

“Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.”
― Douglas Adams

UAC is the way it is as the average Windows user cannot handle anything else. It's a compromise between security and convenience.
 
“Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.”
― Douglas Adams

UAC is the way it is as the average Windows user cannot handle anything else. It's a compromise between security and convenience.

And almost every "average" user I have met has it completely turned off. In the early 2000's when Windows Vista and 7 were out, it was actually a well known "life hack" for people to turn off UAC so they wouldn't have prompts pop up.
 
And almost every "average" user I have met has it completely turned off. In the early 2000's when Windows Vista and 7 were out, it was actually a well known "life hack" for people to turn off UAC so they wouldn't have prompts pop up.
It's the first thing I turn off for literally everyone I know using a Windows PC because they can't stand it.
 
And almost every "average" user I have met has it completely turned off. In the early 2000's when Windows Vista and 7 were out, it was actually a well known "life hack" for people to turn off UAC so they wouldn't have prompts pop up.

It's the first thing I turn off for literally everyone I know using a Windows PC because they can't stand it.

It's a massive problem. Even MacOS users are struggling with the new security requirements introduced with Mojave. It's the reason why mobile devices are actually better for such users.
 
It's a massive problem. Even MacOS users are struggling with the new security requirements introduced with Mojave. It's the reason why mobile devices are actually better for such users.
MacOS Catalina is a nightmare. I’m moving away from Apple in general these days, but they are starting to get a bit Windowsy ... only in much worse ways than UAC. Having to use Terminal to bypass new stupid security measures to obtain what used to be basic functionality is a bit jarring ... and very frustrating for my family in which they never had to deal with issues like that before. The best security is unobtrusive and hiding in the background, not slapping you in the face at every turn.
 
MacOS Catalina is a nightmare. I’m moving away from Apple in general these days, but they are starting to get a bit Windowsy ... only in much worse ways than UAC. Having to use Terminal to bypass new stupid security measures to obtain what used to be basic functionality is a bit jarring ... and very frustrating for my family in which they never had to deal with issues like that before. The best security is unobtrusive and hiding in the background, not slapping you in the face at every turn.

Yes..And no.

That measure of convenience is the crux of the issue regarding security, and the reason why the hackers are winning.
 
Yes..And no.

That measure of convenience is the crux of the issue regarding security, and the reason why the hackers are winning.
The convenience part is definitely fading away. Education about common sense computer practices is the best defense. I never knew Macs could be infested with endless malware, but my cousin proved me wrong. She had literal hundreds of malware and managed to get every possible online account hacked. She also hadn’t updated her OS in years. Took me a week to get her stuff back and just started over with a fresh wipe of the OS, got her an iPhone instead of Android, and put two-factor authentication on everything. She used literally the same password on a hundred different accounts, including social media and her banks. I don’t think I’ve seen anything that bad, especially not on a Mac. She clicks and installs everything that pops up.
 
Status
Not open for further replies.
Back
Top