How Can You Tell Whether Open-Sourced Programs Are Actually Open-Sourced
(03-21-2021, 06:04 PM)enmafia2 Wrote:
(03-20-2021, 07:00 AM)Wipe_TS Wrote: But keep in mind that, it is not because a software has his code on github, that you can trust it.

Exactly that, a lot of pieces of software have been open source and had vulnerabilities or had problems for years.
An example is CVE-2021-3156 in Sudo, it has there for 10 years and nobody noticed.

* CVE-2021-3156:

Yes, great example.
(03-16-2021, 08:31 AM)DarkFate Wrote: How do you know whether the ISO image of a Linux distribution you downloaded is the SAME as the source code that is available the source code that is available and that the particular distribution doesn't have any spyware?

CHECKSUM files and package signing keys. Each stable RPM package published by the Fedora Project is signed with a GPG signature.

dnf asks you importing an GPG key.

We use many virtual machines (network bridge) here for different purposes. In the VM ONLINE the .iso spyware image see only several browser, zero private / personal data and wrong hardware information.

The Host .iso spyware image is always offline (sometimes security updates). An offline .iso spyware image can neither be spied on nor attacked. ʕ•ᴥ•ʔ

Me > Host OS offline... > Type-2 VM... > Browser in a sandbox... > Tor client in my router... > www or .onion

Both .iso spyware images (host + guest) see only Tor relays. Router allows only Tor traffic.

Private data is in my Nitrokey Storage or DVD-RAM or external NVMe SSD. One Panasonic DVD-RAM in a drawer cannot be spied on. There is another VM - the name of this VM is OFFLINE (removed the virtual network interface). How do you attack a VM without a virtual network device (host is offline too)???
(03-20-2021, 07:00 AM)Wipe_TS Wrote: Open source is better, but it doesn't mean that the code is clean ...

Or rather, mega right.
All software in virtual machines. Never run software in the Host OS. Host is offline, guest use network bridging.

The last problems: hardware, hypervisor, virtualization software bugs / backdoors.

Powerless, i have no plan against backdoors. Theoretically you would have to use two routers with different hardware to protect yourself from it. In the hope that one of the routers does not have a backdoor.

Backdoorfree is only Nitrokey Storage and one DVD-RAM (no firmware).

Possibly Related Threads…
Thread Author Replies Views Last Post
  What methods/tools would you use to hack a forum (PHP)? choutan 3 2,122 09-02-2021, 03:35 PM
Last Post: Insider
  What got you into hacking? Atlas 7 17,585 08-05-2021, 10:54 AM
Last Post: Forint
  Can the three time of windows system account be modified? baka1024 2 2,602 08-05-2021, 03:00 AM
Last Post: baka1024
  Can you do anything with a botnet you create? purpledevil 4 8,184 06-17-2021, 06:36 PM
Last Post: Incog