mirror of
https://0xacab.org/optout/into-the-crypt.git
synced 2024-12-12 09:24:33 -05:00
Removed image.png
This commit is contained in:
parent
ba3d68ccc2
commit
025b88a3cd
@ -188,7 +188,7 @@ Deletion of files in most operating systems today is a loose version of the term
|
|||||||
A simple shred command in a Linux bash shell: `shred -n 32 -z -u <FILE>`
|
A simple shred command in a Linux bash shell: `shred -n 32 -z -u <FILE>`
|
||||||
This command would use GNU coreutils shred function to wipe over the designated file with 32 iterations. The -z adds a final overwrite to hide the shredding process, and the -u unlinks the file completely.
|
This command would use GNU coreutils shred function to wipe over the designated file with 32 iterations. The -z adds a final overwrite to hide the shredding process, and the -u unlinks the file completely.
|
||||||
|
|
||||||
Note: this is an example command; I am not recommending 32 overwrites.
|
Note: This is an example command; I am not recommending 32 overwrites.
|
||||||
|
|
||||||
The NSA has in the past developed malicious firmware for HDDs that can create secret copies of user-written data. SSDs which make use of wear-leveling cannot have information securely erased by the user. However, SSDs with wear leveling also pose a significant annoyance, and even create difficulty for, forensic investigators. Such annoyance cannot be considered a security guarantee. In short, wear-leveling, garbage collection, and trim operations are largely outside of the user's control, therefore "secure" deletion should not be assumed to be possible. Regarding SSDs, trim operations should always be enabled as it stands to make files unreadable using "Deterministic Read After Trim" or "Deterministic Zeroes After Trim." Consider trim as an unreliable backup mitigation to FDE.
|
The NSA has in the past developed malicious firmware for HDDs that can create secret copies of user-written data. SSDs which make use of wear-leveling cannot have information securely erased by the user. However, SSDs with wear leveling also pose a significant annoyance, and even create difficulty for, forensic investigators. Such annoyance cannot be considered a security guarantee. In short, wear-leveling, garbage collection, and trim operations are largely outside of the user's control, therefore "secure" deletion should not be assumed to be possible. Regarding SSDs, trim operations should always be enabled as it stands to make files unreadable using "Deterministic Read After Trim" or "Deterministic Zeroes After Trim." Consider trim as an unreliable backup mitigation to FDE.
|
||||||
|
|
||||||
@ -355,9 +355,6 @@ Code is a great complement to cryptographic ciphers. It has an incredibly easy i
|
|||||||
|
|
||||||
Standard security mechanisms are inadequate for the purpose of anti-forensics. Nation-States and Advanced Persistent Threat (APT) groups do not play by the rules. All bets are on that no matter how hardened your system kernel is or how safe your OPSEC precautions may be, there is always a point of compromise. An unpatched vulnerability is waiting to be exploited against your system. If your device is emitting traffic, all bets are on that with enough resources, these groups will be able to decrypt the traffic. Maybe it won't be today, but it certainly will be in the not-so-distant future. If you are a target, chances are that you are already compromised. Use the masses as cover; open deviation is ill-advised.
|
Standard security mechanisms are inadequate for the purpose of anti-forensics. Nation-States and Advanced Persistent Threat (APT) groups do not play by the rules. All bets are on that no matter how hardened your system kernel is or how safe your OPSEC precautions may be, there is always a point of compromise. An unpatched vulnerability is waiting to be exploited against your system. If your device is emitting traffic, all bets are on that with enough resources, these groups will be able to decrypt the traffic. Maybe it won't be today, but it certainly will be in the not-so-distant future. If you are a target, chances are that you are already compromised. Use the masses as cover; open deviation is ill-advised.
|
||||||
|
|
||||||
Note:
|
|
||||||
Go into more detail about using the masses as cover. Also, distro hopping can be a useful method of keeping powerful attackers enough steps behind that they won't be able to compromise your system.
|
|
||||||
|
|
||||||
## Minimimal Attack Surface
|
## Minimimal Attack Surface
|
||||||
|
|
||||||
While living in the "end of trust," we must follow standard system hardening practices. These practices emphasize the reduction of software and hardware needed throughout the operation. There is no purpose of strong keys in cryptography if the underlying system operations have compromised you via keylogging and other variants of malware. You can create an intricate system of firewalls, intrusion prevention/detection systems (IPS/IDS), event log management to detect compromises, proxies, virtual private networks, TOR, I2P, but your must recognize the underlying fingerprint of these systems. Minimal architecture should not be limited to solely software and hardware, but also the signals being used; treat all signals as hostile. On mobile devices, consider the different Cellular protocols such as 3-5G variants and LTE. In times of unrest, the state has the power to disable and manipulate the protocols available for use. Most modern devices allow you to select settings such as LTE only or whitelist specific towers. You may go offline in times of unrest, but at least they aren't leveraging legacy protocols, potentially engaging in packet injection, and redirecting your device like a good puppet following dictates of its puppeteer.
|
While living in the "end of trust," we must follow standard system hardening practices. These practices emphasize the reduction of software and hardware needed throughout the operation. There is no purpose of strong keys in cryptography if the underlying system operations have compromised you via keylogging and other variants of malware. You can create an intricate system of firewalls, intrusion prevention/detection systems (IPS/IDS), event log management to detect compromises, proxies, virtual private networks, TOR, I2P, but your must recognize the underlying fingerprint of these systems. Minimal architecture should not be limited to solely software and hardware, but also the signals being used; treat all signals as hostile. On mobile devices, consider the different Cellular protocols such as 3-5G variants and LTE. In times of unrest, the state has the power to disable and manipulate the protocols available for use. Most modern devices allow you to select settings such as LTE only or whitelist specific towers. You may go offline in times of unrest, but at least they aren't leveraging legacy protocols, potentially engaging in packet injection, and redirecting your device like a good puppet following dictates of its puppeteer.
|
||||||
|
Loading…
Reference in New Issue
Block a user