9
Cybersecurity, Ethical Hacker Operating System Poll (lemmy.world)
submitted 1 week ago by elias_griffin@lemmy.world to c/technology@lemmy.world
3 comments fedilink

I'm polling on disparate platforms and Mastodon has very healthy Cybersecurity Communities so that's why I'm posting that graphic.

Please comment with your daily driver host OS if you'd like and even better why you chose it. I'll add them all up and post the results back here.

If you'd like to vote on Mastodon the link is https://infosec.space/@wravoc/113411504241010388 with only two days left.

"Other" leads at 38% and I have a feeling it's all the Debian based distros, yeah? I did not have room on the don for Athena OS but I would have.

Expanded List:

  • Windows
  • Mac
  • Kali
  • Parrot
  • Fedora
  • Secureblue
  • Kicksecure
  • Whonix
  • Qubes
  • Alpine
  • OpenBSD
  • AthenaOS
  • Backbox
  • Black Arch
  • Tails
  • Pentoo
  • SigintOS
  • FreeBSD

And remember, Hackers aren't Crackers!

To those of you with nothing to hide: One day you might have. Because you don’t make the rules. by elias_griffin in c/privacy@lemmy.ml
[-] elias_griffin@lemmy.world 22 points 4 months ago* (last edited 4 months ago)
  • Women hide thier skin, lips, and age
  • Men hide thier jawline with beards and their insecurities are buried so well, they forget it themselves as a defense mechanism hoping the mental/emotional weakness will "heal" by next confrontation
  • Humans hide thier weakness,
  • Thier competitive business plans
  • Patents until they are published
  • Who are you falling in love with at the start
  • Exactly how much you are attracted to a person
  • Who you have a crush on
  • Your answer to a $10,000 competition
  • Your lottery ticket
  • The location of your gold and gun
  • The location of your child when allowed online
  • Whether someone is away from home for extended periods of time, you leave the lights and TV on.
  • Inventions until it's marketed
  • Science Fair Project until it's unvieled
  • Presents until they are opened
  • Your private parts
  • Your private thoughts on your marriage

Have you ever grabbed a childs private parts? NO of course not, because you INNATELY UNDERSTAND even though you are not a parent and don't remember being one yourself. In fact you understand it so well that if you were to do so publcally, you're putting your life at risk.

CONCLUSION: Privacy is natural and helps give confidence and security to an individual but they want access to your weaknesses and privates anyway.

EVIDENCE: Privacy Violation is a specific tactic meant to break people ...IN PRISON..since they begining of time, Gulags.

P.S. Stop showing nude baby pictures at reunions to those that did not raise or grow up with the child in the family who already saw them naked, and only while they are still a child and not a teenager, otherwise that is a serious privacy violation. In fact, just don't take the picture, where did you even get that you lazy lubricated louse.

106
AI Loophole #1; Your GitHub README.md (lemmy.world)
submitted 5 months ago* (last edited 5 months ago) by elias_griffin@lemmy.world to c/technology@lemmy.world
73 comments fedilink

I used to be the Security Team Lead for Web Applications at one of the largest government data centers in the world but now I do mostly "source available" security mainly focusing on BSD. I'm on GitHub but I run a self-hosted Gogs (which gitea came from) git repo at Quadhelion Engineering Dev.

Well, on that server I tried to deny AI with Suricata, robots.txt, "NO AI" Licenses, Human Intelligence (HI) License links in the software, "NO AI" comments in posts everywhere on the Internet where my software was posted. Here is what I found today after having correlated all my logs of git clones or scrapes and traced them all back to IP/Company/Server.

Formerly having been loathe to even give my thinking pattern to a potential enemy I asked Perplexity AI questions specifically about BSD security, a very niche topic. Although there is a huge data pool here in general over many decades, my type of software is pretty unique, is buried as it does not come up on a GitHub search for BSD Security for two pages which is all most users will click, is very recent comparitively to the "dead pool" of old knowledge, and is fairly well recieved, yet not generally popular so GitHub Traffic Analysis is very useful.

The traceback and AI result analysis shows the following:

  1. GitHub cloning vs visitor activity in the Traffic tab DOES NOT MATCH any useful pattern for me the Engineer. Likelyhood of AI training rough estimate of my own repositories: 60% of clones are AI/Automata
  2. GitHub README.md is not licensable material and is a public document able to be trained on no matter what the software license, copyright, statements, or any technical measures used to dissuade/defeat it. a. I'm trying to see if tracking down whether any README.md no matter what the context is trainable; is a solvable engineering project considering my life constraints.
  3. Plagarisation of technical writing: Probable
  4. Theft of programming "snippets" or perhaps "single lines of code" and overall logic design pattern for that solution: Probable
  5. Supremely interesting choice of datasets used vs available, in summary use, but also checking for validation against other software and weighted upon reputation factors with "Coq" like proofing, GitHub "Stars", Employer History?
  6. Even though I can see my own writing and formatting right out of my README.md the citation was to "Phoronix Forum" but that isn't true. That's like saying your post is "Tick Tock" said. I wrote that, a real flesh and blood human being took comparitvely massive amounts of time to do that. My birthname is there in the post 2 times [EDIT: post signature with my name no longer? Name not in "about" either hmm], in the repo, in the comments, all over the Internet.

[EDIT continued] Did it choose the Phoronix vector to that information because it was less attributable? It found my other repos in other ways. My Phoronix handle is the same name as GitHub username, where my handl is my name, easily inferable in any, as well as a biography link with my fullname in the about.[EDIT cont end]

You should test this out for yourself as I'm not going to take days or a week making a great presentation of a technical case. Check your own niche code, a specific code question of application, or make a mock repo with super niche stuff with lots of code in the README.md and then check it against AI every day until you see it.

P.S. I pulled up TabNine and tried to write Ruby so complicated and magically mashed, AI could offer me nothing, just as an AI obsucation/smartness test. You should try something similar to see what results you get.

‘A fine line between humor and flopping’: tech summit’s rap battle is the height of corporate cringe by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 49 points 5 months ago* (last edited 5 months ago)

Canva is on the traditional corp Extend, Embrace, Extinguish mission to snuff Digital Content Design that is local only and has no AI. Canva bought Affinity Design Suite, which was the reaction of the non-corp creative world to not have to Adobe Creative Cloud, may it burn.

I believe we are in the era of "the great rug pull" of consumer empowered technology, moving to corp empowered technology stack, with them in control at all levels.

OpenAI Just Gave Away the Entire Game by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 82 points 5 months ago

Quote from the subtitle of the article

and you can’t stop it.

Don't ever let life-deprived, perspective-bubble wearing, uncompassiontate, power hungry manipulators, "News" people, tell you what you can and cannot do. Doesn't even pass the smell test.

My advice, if a Media Outlet tries to Groom you to think that nothing you do matters, don't ever read it again.

NetBSD bans all commits of AI-generated code by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 22 points 6 months ago* (last edited 6 months ago)

So proud of you NetBSD, this is why I sponsor you, slam dunk for the future. I'm working on a NetBSD hardening script and Rice as we speak, great OS with some fantastically valuable niche applications and I think, a new broad approach I'm cooking up, a University Edition. I did hardening for all the other BSD, I saved the best for last!

[EDIT 5/16/2024 15:04 GMT -7] NetBSD got Odin lang support yesterday. That totally seals the NetBSD deal for me if I can come up with something cool for my workstation with Odin.

If you would like to vote on whether, or by what year, AI will be in the Linux Kernel on Infosec.space:

https://infosec.space/@wravoc/112441828127082611

36
Apple, Android, IETF, Launch New Network Around The World. (lemmy.world)
submitted 6 months ago* (last edited 6 months ago) by elias_griffin@lemmy.world to c/technology@lemmy.world
9 comments fedilink

I revised the title many times. Am I giving the impact breadth of what it could be without veering into click-bait?

Bluetooth Low Energy MESH Network, it is built into the OS without any noted country exemption. Although there be will many air gaps, that is not what I mean.

https://www.apple.com/newsroom/2024/05/apple-and-google-deliver-support-for-unwanted-tracking-alerts-in-ios-and-android/

Some questions that came to mind reading it?

  • Can China even pull it out of the OS for good measure, hack it?
  • Even with topology of some enable, others disable, others wanting security will be reading bluetooth MAC addresses of un-consenting, disabled, for tracking of others whom have enabled, even if they are not being targeted. See below screenshots from the Internet Engineering Task Force presentation.
  • Is the Bluetooth freqz and combinatory fields bio-active in any regard of it's function? Do plants stay healthy around "high intake" Bluetooth whatever that may be?
  • They mentioned other devices and Industry being involved, how many devices to we expect to also use this protocol in the future?
  • If we mapped it out, all of these devices thus operating, mapped out of the whole network with a Supercomputer, real-time, how much energy do you think it would be? How many BLE pulses per second, in a busy metropolitan area?
  • Who pushed for this TRACKING NETWORK I will be partcipating in whether I like or NOT (uptake)?
  • Where was the pre-planning market and socio-economic research on this presented beforehand?
  • If entities very intent on tracking you, will just disable/refuse the protcol, then why instead would Apple and Alphabet whom introduced the vulnerability, just ...make thier own implementation secure?

So we're going to skip this useless marketing-speak on 9to5 Mac - Here’s how the new Cross-Platform Tracking Detection works in iOS 17.5

As far as I can tell, there is nothing that says it doesn't perform assessment of the MAC address in range, all of them, for "your" security of course. In fact, it seems in line with what they want to accomplish: Track all the trackers? Later safeguard them with a "Safefilter" online database check when Phone starts?

Did I get it wrong?

The Verge shows how Google search is useless by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 46 points 6 months ago

Best breadcrumb from article:

I wanted to understand: what kind of human spends their days exploiting our dumbest impulses for traffic and profit? Who the hell are these [SEO/Google] people making money off of everyone else’s misery?

32
I made an Advanced Asciidoc Cheatsheet (lemmy.world)
submitted 9 months ago by elias_griffin@lemmy.world to c/technology@lemmy.world
1 comments fedilink

I was a big Markdown fan. I think what finally broke me out was list formatting of mixed types, differences in formats across my repo servers, TOC generation software I was using broke, and no good editors suitable for my tastes for asciidoc that are available on BSD or Alpine Linux.

However, I found out that gedit natively supports adoc and even colors the admonitions. Excellent!

All the guides seem to be too skimpy, not robust enough, or out of order. I like to create as I read.

  • Comes with the adoc used to generate the guide and a PDF version.
  • Recommends editors with native asiidoc support.
  • Gives a comprehensive header "template".
  • Enables experimental features, admonition icons, and code highlighting.
  • Shows the best read/write table syntax missing from the official guide.
  • Corrects two errors in the official guide.

Did you know Asciidoc has a counter increment function?

Although it gives a warning saying not to use if possible, I found it works well for simple tasks.

Enjoy.

https://www.quadhelion.engineering/guides/AsciiDocCheatSheet.html

4-year campaign backdoored iPhones using possibly the most advanced exploit ever by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 37 points 10 months ago

I recently invented a "People First" Cybersecurity Vulnerability Scoring method and I called it CITE, Civilian Internet Threat Evaluation with many benefits over CVSS. In it, I prioritize "exploit chains" as the primary threat going forward. Low and behold, this new exploit, although iOS, possibly one of the most sophisticated attacks ever using one of the longest exploit chains ever! Proof positive!

Depending on how you define it; I define the Kaspersky diagram has 8 steps. In my system, I define steps that advance the exploit discretely as stages, so I would evaluated Triangulation to be a 4 stage exploit chain. I should tally this attack to see how it scores and make a CITE-REP(ort).

You can read about it if interested. An intersting modeling problem for me was does stages always equate to complexity? Number of exploits in the chain make it easier or harder to intrusion detect given that it was designed as a chain, maybe to prevent just that? How are stages, complexity, chains and remediation evaluted inversely?

https://www.quadhelion.engineering/articles.html

14
"Belief in Science" Oxymoronic Explainer for SecOps/Mathematicians/Programmers (lemmy.world)
submitted 11 months ago* (last edited 11 months ago) by elias_griffin@lemmy.world to c/technology@lemmy.world
32 comments fedilink

Science is what is, which requires nor benefits from belief. Adding a belief layer is interpreting, exploitable, and leads to believing untrue things as true (Science).

Reduced Logical Form: I believe what is (true) = Oxymoron

Oxymoron: A rhetorical figure in which incongruous or contradictory terms are combined

Explainer: It is impossible to believe what is true.

---Highly Related---

Question: 1 - Is it true or false?

Hint: Is/must/can the number/digit/integer 1 (one) be boolean in [all] cases? What are the conditions in which 1 is false?

Test from OCaml: if 1 then true else false;;

Theorem Pseudocode: if (1 = true) && (2 = 1 + 1) && (2 = true && true) then [true +& true +& ...] = true else nothing else matters

Note my recursive application to all other numbers/physics and inference that if 1 is not true, nothing is true

Postulation: All positive integers are true

Great! I like getting tracked by 766 third parties! thanks Outlook by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 63 points 11 months ago

Also, it's the language scam of the decade to have a [privacy] agreement or terms with a "third party" which is basically anonymous/anyone/indeterminate/changing/.

Signal leaked random contacts to me! by elias_griffin in c/privacy@lemmy.ml
[-] elias_griffin@lemmy.world 21 points 11 months ago* (last edited 11 months ago)

Huge if true! You could conceivably submit your phone to a Cybersecurity company and share in any reward.

Help us with:

  • Your OS Version
  • OS settings that are possibly related
  • How you obtained Signal
  • Signal version
  • Video proof
  • Steps to reproduce

Who knows how to compute a hash for an installed mobile phone app? We need to compare it with legit.

Microsoft lays hands on login data: Beware of the new Outlook by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 19 points 1 year ago* (last edited 1 year ago)

I'm seeing many people recommend Thunderbird. Let me enlightnen you.

I personally never trust any software that is not secure and private by default. Mozilla Corp is a for-profit corporation that makes nearly a Billion dollars in cooperation with Google monetizing data about your life. Thunderbird is Mozilla and if you setup with the Wizard, it already got the basics about your email life even if you disable it later.

Thunderbird Not Private by Default

  • Sends all interactions with it to Mozilla
    • Whether calendar is in use
    • How many filters you have
    • How many email accounts you have
  • Computer/Device Information including hardware configuration
    • Operating system
    • IP address is logged

https://support.mozilla.org/en-US/kb/thunderbird-telemetry

Disabling Telemetry

  1. Click the menu button Menu Button and select Settings.
  2. Select the Privacy & Security panel.
  3. Scroll to the Thunderbird Data Collection and Use section.
  4. Deselect the Allow Thunderbird to send technical and interaction data to Mozilla checkbox.

Thunderbird Bad Security Practice of using a Primary Password

https://support.mozilla.org/en-US/kb/protect-your-thunderbird-passwords-primary-password

17 Criticial or High Vulnerabilies this year alone

Conclusion

If email security and privacy means a lot to you, or even computer security and privacy, your best options are to use BSD/UNIX/Void/Alpine and Claws-Mail. That is just the way the cookie crumbles in 2023.

21
Music for Global Cyberattacks (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by elias_griffin@lemmy.world to c/technology@lemmy.world
1 comments fedilink

This post with embedded music/videos in one blog page

Groking

White Hat

Frida - I Know There's Something Going On, Bladerunner Mix https://soundcloud.com/thebladerunners/frida-i-know-theres-something

Black Hat

VLF Electro https://soundcloud.com/microdosepromotions/sets/wook-chamers

Gray Hat

Dark + Light Electro https://soundcloud.com/xenondream/do-it-to-it-xenondreamix

Battle

CISA NCISS CODE BLACK – 12 minutes until people die https://soundcloud.com/lil-chromosome-unofficial/andrew-hulshult-davoth-doom-eternal-the-ancient-gods-part-2-extended-gamerip

CISA NCISS CODE RED - 11 minutes, 11 seconds until people lose it https://www.youtube.com/watch?v=vwUejFGol9E

Aftermath

A. Against all odds, you WON in near perfection, and you knew you would; Let us bask in your glow. https://www.youtube.com/watch?v=lEr8Gfa-hsk

B. Against all odds, you WON utilizing any/all available means, and it was chaos the entire time; Let us be in awe of you. https://www.youtube.com/watch?v=_PlSTjgcpa8

Apologies for music that could only be found on YT

✳️ Add your music+-scenario! ✳️

Google Brain cofounder says Big Tech companies are lying about the risks of AI wiping out humanity because they want to dominate the market by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 39 points 1 year ago

"Ng said the idea that AI could wipe out humanity could lead to policy proposals that require licensing of AI"

Otherwise stated: Pay us to overregulate and we'll protect you from extinction. A Mafia perspective.

*Permanently Deleted* by elias_griffin in c/privacy@lemmy.ml
[-] elias_griffin@lemmy.world 77 points 1 year ago* (last edited 1 year ago)

It gets worse. Not having used my Gmail account for years, old phone died, moved to another state with new number there, and I traveled back to Los Angeles in order to log in on the same network, same laptop, correct password, but I put a new HDD in my Macbook Pro which caused Apple to re-ID the OS, and locked out! No way to recover, I try twice a year. Will not even reset to the correct backup email I have! I just get an email saying I tried to login with no actions possible!

Google stole parts of my life from me, the history in those emails, wow!

STOLEN

I AM NOT MY PHONE

92
Lemmy's List: Downloadable AI, Databases - Critical Knowledge Backup (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by elias_griffin@lemmy.world to c/technology@lemmy.world
14 comments fedilink

Related:

Major cyber attack could cost the world $3.5 trillion - Power Grid, Internet Outage

The one database/file/zip to save humanity, what is it?

Show Lemmy the downloadable URL of a Database or AI you know of so we can have a local backup copy that will improve the resilience and availability of Human Knowledge.

Given the state of AI being Corporatized I think we could definitely use links for whatever comes closest to a fully usable Open Source, fully self-contained downloadable AI.

Starter Pack:

★ Lemmy List

Databases

AI

FreeBSD, GhostBSD, OpenBSD, Dragonfly BSD, Firefox Hardening - FOSS - git clone by elias_griffin in c/technology@lemmy.world
[-] elias_griffin@lemmy.world 23 points 1 year ago

Yes, I'm serious about my mission statement in the beginning and I have some more ideas. First there is a Linux OS that installs all kinds of Educational Software, like Encyclopedia, Maps, Learning Tools that is all available offline in the full 17GB Full Version. It's called Endless OS (no affilitions) and here is the excerpt.

Multi-language system, pre-loaded with apps in English including games, productivity software, reference materials like Cooking, Farming, Health, Travel, and educational materials like a robust Encyclopedia.

It would be great if all of us could have some of the civilization important databases on this BSD installation of yours. Please contribute a downloadable database file or file set you know of. I'll start.

Downloadable Wikipedia Database Encyclopedia Britannica All Volumes

283
FreeBSD, GhostBSD, OpenBSD, Dragonfly BSD, Firefox Hardening - FOSS - git clone (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by elias_griffin@lemmy.world to c/technology@lemmy.world
18 comments fedilink

I'm personally motivated in a non-commercial way to supply everyone with as much cybersecurity as possible in the interests of civlization, especially now. I've just finished what I wanted to releae as "set" 2 days ago and it's time to announce them.

I'm the former Web Application Security Team Lead for the National Computer Center, Research Triangle Park, having been contracted to the EPA by the now defunct Computer Sciences Corporation.

If you have some extra hardware not really being used I would suggest perhaps a great use of it would be to create yourself a hardened platform, just in case, to protect your sensitive data on an emminently stable platform going forward.

Maybe you've always wanted to try a BSD, well now is a great time to do that. They are super stable, super reliable, community drive, and you are in control of everything.

I would also like to mention that if you'd like to go extra hard consider Hardened BSD. Another alternative is using grsecurity/PaX kernel patched Alpine Linux as a Desktop choosing crypt full disk encryption during setup + AppArmor.

Just as an example you can get your hands on a $250 Thinkpad T495 and installing GhostBSD on it is as simple to setup as Linux Mint and runs as fast as a brand new 2023 Windows laptop. If you choose Dragonfly BSD, the fastest BSD, on a T495 (the lastest year fully BSD compatible laptop), my repo will completely configure it for you, complete with all applications needed for a professional developer.

In addition to that I've created a Network Based Firefox hardening solution that wipes the extremely profitable, For-Profit, Mozilla Corporation off your Internet and easily combines with Arkenfox. It removes Mozilla servers from being contacted by any application or service on your machine and does not interfere with web page rendering.

I've created my own Git Repository using Gogs (which Gitea is based on) where you can get all the goods here:

Latest Software

https://quadhelion.dev

Main Website

https://www.quadhelion.engineering

About

https://www.quadhelion.engineering/about.html

Backup GitHub

https://github.com/wravoc

Backup BitBucket

https://bitbucket.org/quadhelion-engineering/workspace/repositories/

111
BSD Security Software, Wallpapers, Icons. (lemmy.world)
submitted 1 year ago by elias_griffin@lemmy.world to c/technology@lemmy.world
12 comments fedilink

Hello everyone!

Former Security Team Lead at the National Computer Center here. I'm a Security Professional with decades of experience in most Operating Systems and Web Applications.

Recently I've gotten weary of the Global Mega-Corp $100 Billion Linux Eco-System, which still manages to provide an unstable OS experience. I've turned my attention to the rock solid and predictable BSD/Unix world whenever I can use them.

I've created security hardending scripts for most BSDs except for NetBSD which is next in line. What would normally take an experienced SysAdmin an hour to complete, covering kernel mitigations, file system permission, daemon permissions, password encryption, etc can be done in seonds by a new user, with conf file verifications, backups, logging, and pretty printing the output to console.

  • FreeBSD
  • GhostBSD
  • DragonflyBSD
  • OpenBSD

For Dragonfly BSD, the fastest BSD, with a filesystem in the news lately that recovers itself and provides automatic snapshots down to the file level, I went ever further and created a rice for it using AwesomeWM. You are in luck if you have a Thinkpad T495 because I also wrote a full installation script for it for DF!

In addition to that I did it right and got explicit permission for Logo use or attained sponsorship and included the Wallpaper+Icon pack you see above.

You grab it all for my free on my self-hosted git repo for free at: https://quadhelion.dev/

Although I use a custom License which is somewhere between copyleft and copyright, it is generous enough to allow you to accomplish whatever task you wish and provide protections for my work and future oppourtunities for me.

I'm not liking the direction GitHub is going but you can find my work there: https://github.com/wravoc

I hope you find it useful and you are free to ping me here or write to my email listed on the main website page with any concerns.

Thanks,

  • Elias
  • @wravoc
  • @erogravity
view more: next ›

elias_griffin

joined 1 year ago