Let's say I have an external hard drive with personal information on it, and I plugged it into one of my computers that I haven't ran any antivirus on except Windows Defender for a long time, a computer that I had previously ran a lot of russian 3D porn games on.
If the computer is connected to the internet, I'm assuming it's possible a hacker could access and read the files on the external hard drive as well... but how likely is that to happen?
Other urls found in this thread:
computerworld.com
twitter.com
Just checked, the chance is like 17.418%
I get 17.466 repeating.
what russian 3d porn games (to provide accurate analysis)
very likely, if you want advice on how to securely store your child pornography then look for one of the /sec/ generals
If they can access the computer, they can access any drives attached to it at the time.
So long as you have an internet connection you're always vulnerable to attacks.
^ all these replies are bait btw
hard drives don't even need to be plugged in to get hacked
>take external hard disk
>make second partition and encrypt it
>store important files on the encrypted partition
>leave non-sensitive files on unencrypted partition
>only allow untrusted system to access the unencrypted partition
>profit
Are you sure?
I'm getting a higher 19.85%
I bet you didn't adjust for Crimean 3d porn games.
;^)
0% if your PC is clean, 100% if it isn't.
But that's not the answer you want. What you want to know is the odds your computer is infected with shit. Way too many variables to answer that question with any degree of accuracy. What OS you use, whether you browser is sandboxed, what browser you use, the configuration of said browser, where you visit using said browser, and what you click on while you are on those sites.
Nobody can answer that question for you. Either install Linux, and learn how to run shit safely, or start using something like Avast.
Don't listen to this guy. Even with a "clean" PC there is ALWAYS a chance, no matter how small, of being attacked. Yes, even if you run all FOSS and no hardware botnet.
Highly unlikely, of course, but still possible.
run it in a vm
Only on Intel based machines that have Intel ME, AMD systems are always secure and immune to viruses like Mac's
>he allows his web browser full system access
can paranoid cp hoarder threads be auto banned
Fucking robot detected
What if I was only plugged in for like 15 minutes and drive is full of non sensitive stuff as well?
It's not cp, it's my passwords.
sounds like it's time to change your passwords
I'd be genuinely interested to hear how a firejailed waterfox using NoScript, Ublock Origin, Flash Control, and Random Agent Spoofer, all through a VPN, by someone who knows what they are doing, would get compromised.
Please, educate me.
As said: there is ALWAYS a chance. Every single device that is connected to the Internet, even if for 15 minutes, can potentially be hacked if the attacker knows his shit.
How likely this is, it depends on how much you know your shit yourself, but this chance will always be greater than 0%. If you are very very careful you could bring this down to 0.2%, but not 0%.
Mostly gov and people who can get into your modem or other hardware at that point.
Are you using Intel ME? If so, all that software is irrelevant.
Otherwise, the weak link in that chain is of course the VPN provider. Say someone manages to break into the server you're connecting to to use it as VPN: it can now see everything you are doing, including your IP address.
As I said, highly unlikely, of course, but still theoretically possible.
There is no way on earth to make a PC 100% secure.
Ok, so someone breaks in and compromises the VPN. I get how they can monitor my web browsing, but how do they infect my computer? Keep in mind that my shit is still firejailed, and I'm not running it as sudo.
not earlier poster, but:
> what are bugs you didn't patch yet because you forgot to turn on your computer for like a year and now there's rce in wget or curl or your DNS client or something and your package manager uses them
> what is a browser DOM 0day plus kernel 0day to privesc
> what is vpn 0day
> what is kernel/ip stack rce
> what is compromised supply chain
I'm sure you already know, everything's a risk/reward decision here. Is it likely that the russians/chinese/americans are going to risk burning a 0day on you? If no, not worth defending against. Is it likely that a vendor is going to put shit code and/or backdoors in their cable router? quite probably.
I don't want to start getting all autistic about security here - a lot will be stopped with your mentioned setup - but this is a field where there are no absolutes. I don't even do actual pentesting (my deliverables are PoC) so there's probably loads of shit I've missed.
Also, fucking tempest attacks, lol.
Changing passwords is cheap and easy. Change them whenever you want to - don't wait for justification.
IMO you should be thinking in terms of likelihood here - an attacker could've images all your HD by now, but it's pretty unlikely. Much more likely that a script saw a new device, checked it for interesting stuff within a second or two (so looked for passwords.txt or camera-named jpgs), then uploaded them.
anyway I'm rambling because I just took my morning ritalin - the answer is "change your passwords, don't panic, but bear in mind the risk you created and take it as a lesson going forward".
Who would boot up a computer that hasn't been turned on for a year without installing the latest Linux distro version via USB, while still falling under the descriptor of "running shit safely?"
I'm just not seeing anything that you're listing that would give someone full access to your computer on the presumption that you ran your shit safely (which obviously means that it's up to date).
I'm not saying it can't happen, I'm just asking HOW it happens. Closest thing to an answer in that list is a compromised supply chain, which would be pretty significant news. Obviously the government would have their hands on all your shit due to intel and the like, but I meant a random Joe.
...
Man, the National Enquirer was Sup Forums before Sup Forums existed, huh?
(not 63780112 but my opinion here):
If that were me attacking you (again, I'm not a redteamer here), that'd push me into the "need browser bugs" category, which makes an attack much more expensive, esp since they need to in an area not blocked off by ublock and shit. I guess it depends on your threat model - it may be that they can gain enough from just sniffing (third party cookies and shit).. but then again, that's somewhat mitigated by the browser addons.
Also, I guess it depends on your usage - a lot of people still get fucked over via a well-crafted "sslstrip" style attack.
I think what would keep me up at night with this setup is third party software's update process. Having seen the shit in VLC's codebase, for example, I'd be worried about how it verifies updates.. plus the (albeit almost microscopic!) risk of a 'goto fail' style ssl bug.
IMO: the threat from vpn providers is overblown. I have a VPN that I use for one specific thing which I don't want my ISP seeing but I don't mind the VPN co. selling.. and you should be treating your ISP as hostile if at all possible (I try to do this, but it's not practical for all things).
Hope my posts are helpful, I don't mean to sound like an autistic 'OMGZ THE 0DAYS' tinfoil-hat asshole.
imma go back to my hugbox now, my skin is too thin for posting. I mostly just lurk a lot.
I didn't mean to attack. It was a genuine curiosity. Thanks for giving your input, and sorry if it came out as an attack.
I would argue that DANE would help negate most of the SSL shit.
>muh Sup Forums
Show us on the doll where the mean nazis hurt you.
> I'm genuinely interested in how X would get compromised
> I'm just asking HOW it happens
literally just provided a list of how this happens
> obviously means that it's up to date
There are four occurrences of '0day' in my post
> compromised supply chain, which would be pretty significant news
You know this happens IRL, right? computerworld.com
Remember this next time you buy a usb device online and have it delivered to your house..
Oh, look, someone who can't take any criticism of their board.
The groundless conspiracy theories you guys buy into is right up there with "Hackers can turn your PC into a bomb!"
You bought into Pizzagate, hug?
No worries, I'm hugbox / thin-skin af, that's why I don't post here often. :)
>computerworld.com
Yeah, but that's windows. Windows is never secure. On the presumption that was for Linux, wouldn't it need sudo in order to wreak havoc?