• 5 Posts
  • 17 Comments
Joined 3 months ago
cake
Cake day: September 16th, 2024

help-circle


  • You are right but I think most people would in hindsight say they wished the did more to protect their computer when shit happens. It’s like a camera, you can buy a cheap camera meant to be used for a vacation then thrown away and it’s not worth much but the pictures you have taken are worth a lot as in semantic value, memories you want to keep.

    In someones computer they have their entire digital life. Work, personal life, social life, all kinds of data, pictures, banking, investments, crypto, etc. All that is priceless. That’s why ransomware viruses are so effective, people will pay and do anything to get their data back and they all wished they had just done some simple backups and from then on they will probably spend effort on security.


  • Ahh, very interesting! I think QubesOS only does mitigations, not microupdates. So that’s a point for linux in linux vs qubesos. I need to spend more time learning about these cpu vulnerabilities. One of the things I like about QubesOS is they do many security stuff that many of users don’t know about or understand. For example QubesOS doesn’t use the GPU in the Qubes because an attacker could get control of the GPU and see everything that the GPU renders which means seeing the host (dom0) and all the Qubes.

    I guess you can do that on Linux as well by disabling kvm passthrough of the GPU to the VMs.

    And maybe disabling hyperthreading like QubesOS does isn’t necessary on Linux if the cpu microupdates from Linux kernel already solves that cpu vulnerability. Many things for me to look into regarding these cpu vulnerabilities.

    QubesOS does make compartmentalizing much easier and smoother experience though.






  • I hope you are right, it would really make it easier if it’s just an external boot rom flash that is needed. I mean I know that feds can plant chips in the silicon and you wouldn’t find it if they had covert physical access and there’s no glitter nail polish to protect the screws, but in this case they are not the adversary, in this case it’s just random cyber criminals who are the adversary when you buy a second hand laptop.

    That article I linked to seems to suggest the malware can persist by hiding in any usb peripheral even camera. I think bluetooth is usb as well if i am not mixing it up with something else but i remember reading bluetooth is actually using usb bus. But anyway you mentioned only the boot rom and EC, you didn’t mention other peripherals so that’s why I’m replying and asking what you know about it. Do you think that linked article is mostly FUD and a bit incorrect when it says a malware can hide in the hardwired webcam or other USB components inside the computer?


  • Intel ME and AMD PSP, in conspiracy-speak are kinda like government backdoors, closed source, undocumented, with huge control over a processor.

    In theory it’s possible that intel me is made to be spyware/backdoor for feds but I don’t think it is because if it was then why are there so many cyber criminals in the world who the feds can’t catch? There are lots of cyber criminals on the top wanted lists and feds want to catch them so badly. And that’s just the non-affiliated cyber criminals, then there are also nation sponsored hackers for example north korea has been in spotlight recently for crypto hacks. And if intel me really was what we fear it could be in theory then usa’s enemies like russia and china would be instantly defeated.

    So even if it’s possible in theory because it’s cpu proprietary firmware with its own OS and that’s scary but if it really was abused that way then wouldn’t the world be a completely different situation?

    Also, intel wouldn’t need to have a backdoor in intel me. This source puts it well (https://deploy-preview-244--privsec-dev.netlify.app/posts/knowledge/laptop-hardware-security/):

    Intel and AMD do not need the co-processor to implement a backdoor - they can simply introduce CPU vulnerabilities like Spectre and Meltdown if they want to. If you do not trust a CPU vendor, the only mitigation is to not use said vendor.

    So if you read that article, he says there’s no point in buying an old brick just to be able to disable intel me because of the above quote.



  • I have respect for what you’re saying and I would like to think you’re right. I don’t have the experience myself to know, I just listen to what experts like you are saying. But I have also read other experts say worrying things like this (https://www.srlabs.de/blog-post/usb-peripherals-turn):

    To make matters worse, cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive.

    Once infected, computers and their USB peripherals can never be trusted again.

    What do you think about that?

    And if you want to get tin foil hatty. How do you know you werent man in the middled when you bought a laptop from a retailer. What if a bad actor installed or tampered with the new laptop you bought. And now is less secure than a second hand laptop because joe down the street doesnt care what you do with the laptop as long as he gets paid.

    That is part of the unavoidable risk. There are some entities we can’t avoid having to place some trust in. But I think the risk is higher buying second hand instead of from a reputable brand and off the shelf. And the previous owner was also at risk of such a mitm attack from the vendor.

    Lets say you have your laptop and sombody steals it. Your using LUKS full disk encryption right? Lets say you did for this example, your headers for decryption are plaintext on boot. So a threat actor can use brutforce to crack your disk. You can setup LUKS to have your headers on a separate disk that you take with you. Its the equivalent of taking away a lock and a key. So all the threat actor is left with is a door.

    If you have a password with 100+ entity then practically I don’t think we need to worry about bruteforce attack, or am I wrong about that? But you are still making a good point about there being many attack surfaces to defend against, it’s not only about where you buy it from.





  • If they don’t want to use private communication then just leave it. If you want privacy you have to get used to having a less social life, at least online. That’s the key really, if you want a social life, you have to start going offline, out into the real world and meet people. Get to know your neighborhood a bit or join some outdoor activity or club or something. I know it’s weird at first about going outside because we’re all basement computer nerds but you will find freedom without all the online surveillance when you leave your home.

    JK, because next challenge is to convince everyone you meet that they should leave their phones are home and if you thought getting people to use Signal is hard you have no idea because that’s just step 1.


  • should be able to cut D-/D+ and the SS lines

    What do those lines do if they are ok to cut? And why we cutting them?

    I also wonder if Boot Guard or USBGuard is enough to protect against a malicious charger. Becuase if the adversaries switch the charger out for their own malicious charger that looks the same but is going to be used to maybe record my password or something, then USBGuard should recognize it’s a different device? And I don’t know enough about Boot Guard, I guess Boot Guard doesn’t help in this situation because Boot Guard is just about during the Boot.



  • Why do you think it’s a low risk? And even if it was a low 0.1% risk, the consequence is your entire digital life compromised and at the attackers mercy.

    I actually had someone who pretended to be a friend do this to me before when I used to be naive and didn’t think about these stuff. I think the risk is decent if you go to tech or crypto events or really anywhere there is money there is going to be black hat hackers looking for a naive victim. And it’s not too difficult to be a black hat hacker with all the open source hacking tools available. And most people have 0 security, not even disk encryption.

    The more you announce yourself as a target the higher the risk. And if you are putting a lot of effort into securing your computer that will make all kinds of adversaries very curious about what you are “hiding” even tho you aren’t actually hiding anything, you just want privacy which is a human right. But this will make all those adversaries try to gather info on you and look for a way “in” just because you are standing out from everyone by having so much digital security and privacy.


  • Great questions but I’m not experienced enough to answer them. I hope someone does, I’m also noting them down to do my own research on them later.

    About SRTM, I’m not an expert at that neither but you can start by reading this FAQ it gives a good little intro/summary about SRTM and DRTM: https://trenchboot.org/FAQ/

    AEM uses DRTM (intel TXT) which is started by Trusted Boot. Trenchedboot doesn’t use Trusted Boot, their team worked with Xen and Grub to make some modifications so Trusted Boot isn’t necessary.

    SRTM is good. I’ve read the devs of Trenchboot saying the best is to have both SRTM and DRTM instead of only one of those techs. I could say some more stuff but I could easily mislead and say something wrong because I’m not so experienced so start by checking that FAQ i linked to and hope someone more experienced can answer.