How Can You Tell Whether Open-Sourced Programs Are Actually Open-Sourced
#11
(03-21-2021, 06:04 PM)enmafia2 Wrote:
(03-20-2021, 07:00 AM)Wipe_TS Wrote: But keep in mind that, it is not because a software has his code on github, that you can trust it.

Exactly that, a lot of pieces of software have been open source and had vulnerabilities or had problems for years.
An example is CVE-2021-3156 in Sudo, it has there for 10 years and nobody noticed.

* CVE-2021-3156: https://nvd.nist.gov/vuln/detail/CVE-2021-3156

Yes, great example.
Reply
#12
(03-16-2021, 08:31 AM)DarkFate Wrote: How do you know whether the ISO image of a Linux distribution you downloaded is the SAME as the source code that is available ...as the source code that is available and that the particular distribution doesn't have any spyware?

https://getfedora.org/security/

CHECKSUM files and package signing keys. Each stable RPM package published by the Fedora Project is signed with a GPG signature.

dnf asks you importing an GPG key.

We use many virtual machines (network bridge) here for different purposes. In the VM ONLINE the .iso spyware image see only several browser, zero private / personal data and wrong hardware information.

The Host .iso spyware image is always offline (sometimes security updates). An offline .iso spyware image can neither be spied on nor attacked. ʕ•ᴥ•ʔ

Me > Host OS offline... > Type-2 VM... > Browser in a sandbox... > Tor client in my router... > www or .onion

Both .iso spyware images (host + guest) see only Tor relays. Router allows only Tor traffic.

Private data is in my Nitrokey Storage or DVD-RAM or external NVMe SSD. One Panasonic DVD-RAM in a drawer cannot be spied on. There is another VM - the name of this VM is OFFLINE (removed the virtual network interface). How do you attack a VM without a virtual network device (host is offline too)???
Reply
#13
(03-20-2021, 07:00 AM)Wipe_TS Wrote: Open source is better, but it doesn't mean that the code is clean ...

Correctly
Or rather, mega right.
All software in virtual machines. Never run software in the Host OS. Host is offline, guest use network bridging.

The last problems: hardware, hypervisor, virtualization software bugs / backdoors.

Powerless, i have no plan against backdoors. Theoretically you would have to use two routers with different hardware to protect yourself from it. In the hope that one of the routers does not have a backdoor.

Backdoorfree is only Nitrokey Storage and one DVD-RAM (no firmware).
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Can you do anything with a botnet you create? purpledevil 4 2,860 06-17-2021, 06:36 PM
Last Post: Incog
  Share how you learned your most important hacking skills ! justjess2021 8 5,761 05-14-2021, 01:30 AM
Last Post: justjess2021
  Can you name a few open source tools for offline password cracking? ShadowRaider 2 7,173 06-30-2020, 01:54 AM
Last Post: poppopret
  Can ColoCrossing spoof IP header now? feeder986 2 7,234 03-10-2019, 05:25 PM
Last Post: Insider