>Why noone ever replies to these edition. Sup Forums is Sup Forums now, etc etc. Also maybe you just have a shortage of offensively-minded rather than defensively-minded folks.
I'm chasing down a glitch in a VM that happened after I updated the kernel for that recent privilege-escalation problem. fun times.
Juan Powell
there aren't enough of us here, that's why nobody posts
Liam Rogers
are attacks on qemu really something I should be worried about? It's not that common, is it?
Hudson Jones
Escaping the VM might fuck your shit up.
Robert Ortiz
How probable is that a website can inject a vm escape malware even when maximum security is toggled on, on tor?
Andrew Garcia
>How to become a hacker.
Michael Ross
Nearly impossible. Just nearly.
Adam Ramirez
A website? I'd imagine there are exploit kits targeting versions of Firefox associated with the Tor browser bundle. Most modern browser exploits require JS to be enabled in order to work though.
Xavier Torres
Nice. We should make these threads a regular thing, like the daily programming threads. We need to build a hacker culture on Sup Forums
Charles Young
VM escapes are one of those exploits that are possible but rare and difficult to pull off. Worry about stopping arbitrary code execution and elevation-of-privilege attacks first, those are a lot more common, and if an attacker can't get his own code running on your machine he'll never have the chance to do a VM escape in the first place.
First rule of using Tor is to disable JS. So many browser exploits rely on JS that its not even funny. Not all of them, every once in a while you'll see something where (for instance) a malformed image file can lead to code execution. But lack of JS makes things awfully difficult for a malware-writer right off the bat.
How plausible is it to get malware on your android phone? I'm talking ads on websites that you can't block. Even if you don't click on them can they get access to your files?
Levi Martinez
Best way to harden ssh security for a vps?
Cameron Rodriguez
- Turn off root login. Use another user to work with your VPS. - Use a key authorization rather than a password. - Use fail2ban.
Cooper Brown
How do i completely delete myself from the internet?
is there a guide to 1. fake, untraceable email, that can be used in other websites that ask for it [even social media] ? 2. completely remain anonymous / untraceable on the internet?
i want to know about anything to do with anonymizing my internet experience.
Gabriel Davis
What's your goal?
Brody Wood
an hero, eventually. but right now i'm just trying to erase myself from the internet.
Levi Edwards
>use disposable mails like 10minutemail.com >don't trust companies like Google, Facebook, et cetera >don't use windows or apple software >use linux as your daily driver and tails for sensitive data >use open source or free software
That's all that I could thing about right now. If you already gave out your info, is nearly impossible to stay off the grid. However, anonimizing yourself isn't an all-or-nothing job, every bit counts.
Daniel Fisher
>1. fake, untraceable email, that can be used in other websites that ask for it [even social media] ? Create one time use emails at cock.li.
>2. completely remain anonymous / untraceable on the internet? Use Whonix/TAILS. Buy SSH tunnels from some shady Russian to circumvent constant "Fuck you" for TOR users.
Grayson Flores
was meant to
Jaxson Reyes
thanks.
>you already gave out your info how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
> nearly impossible to stay off the grid yeah, unfortunately. maybe i'll keep protonomail for absolute necessary shit.
>However, anonimizing yourself isn't an all-or-nothing job, every bit counts you said it.
Daniel Murphy
>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account? Never. Seriously. You done fucked boy, pack ur shit.
Daniel Wood
>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
Well, depends on how well your data is distributed. If you're on old backup servers, never.
Noah Perez
>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account? sit around for a few decades and hope the only FB server holding your data explodes into flames
Angel Jenkins
Depends if those sites have an exploit.
Most malicious ads will try a whole range of JS exploits, mainly for outdated browser exploits.
Landon Jones
Disable Root login. Change the port to evade common port 22 attack. If you use key based auth, set the login retry to a minimum. AllowUsers DENYusers
Grayson Moore
"forgot"
Kayden Nguyen
Kill yourself.
Jace Bailey
eventually, ya stupid cunt, eventually.
Robert Evans
B U M P
Daniel Anderson
Thanks for compiling all these resources First time I see them in this thread
Ayden Flores
the fact that you're not using dedi hardware is bad sec practice in the first place
Why take unnecessary risks?
Benjamin Perez
strong pass fail2ban (optionally) everything else is a waste of time or sec by obscurity
while properly segmenting your services to non root users is good sec practice disabling root login by no way helps
a box with a net facing root and a strong pass is as secure as a box with only lower priv users that are net facing
imo most of those spam ads are "safe" ads without malware but rather they force u to idk fill out some survey that in the end in order to submit data want you to subscribe with your mobile phone or whatnot to some other 3rd party shit that will take montly fee out from your phone
that is so far from my experience
Hudson Jenkins
bump
Angel Miller
There are multiple better chans that have ongoing security discussion and that aren't full of constant shit flinging.
Caleb Jones
which chans? i know about /sec/ on lainchan, but it's slow as heck, with generally very little technical discussion period
Luke Price
whats the common / best rules for a firewall?
Matthew Ward
Block all incoming and outgoing ports
Oliver Powell
infinichan, lainchan is good as well. >slow as heck Who cares. It means that people actually give well thought out responses. They aren't just spoonfeeding generals, its expected that you know how to do your own research and that questions asked aren't ones that can be answered in a 20 second search using a search engine.
>our system thinks your post is spam
Jeremiah Williams
And i have no internet then
Brody Scott
idk, it'd just be nice to have a nice chillout general or something to discuss exploit development and reversing when we're not actually doing it. communities/discussion on the topic of netsec being slow can make conversation feel pretty disjointed and difficult to get invested in
Christian Cook
the internet is harmful
Justin Long
>general Well then someone already linked a place to go here There is already a hacking genreal on lainchan. But as usual """"Generals""""" are better suited to IRC, and the lainchan one is usually pretty active.
Josiah Phillips
/r/netsec is good for news but it's not much of a community i suppose i'll give the lainchan irc another go