So some people may have seen the isis guy that got caught viewing terrorism content on the dark web back in 2020 because the FBI used an NIT or network investigative technique. To those in the know this is lingo to describe a zero day and not just any kind of zero day but specifically a memory corruption/memory safety issue type zero day. If you know how the FBI does their magic trick then it's easy to completely mitigate their little tricks. All you really have to do is never run any memory unsafe binary and that also includes memory safe binaries that have sneaky memory in wage dependencies which is usually archived through FFIs or Foreign Function Interfaces this allows devs to use memory unsafe glue code so things like C with memory managed languages like Java so have to be weary of that.
This unfortunately means most browsers are out for the count because there's no good rust ones out the only one I know of is I2Ps browser I believe that's completely in Java. If you just use a memory unsafe binary they must be completely containerized and isolated in its own environment. Qubes OS makes security by isolation easy to do so it's the most recommended option. Although the best combination is qubes OS with memory safe web browsers and media viewers not using garbage like adobe reader or foxit. Isolated environments are extremely important because if you get owned by a rogue nation state there's no real IPs and information to phone home because most container environments you could add restrictive egress fire wall rules.
Most people are catching on to the FBIs NIT nonsense so people are already aware of this stuff but wanted to make a post on it. LE and nation states aren't your friends and they have even been known to go against good intentioned people so you always want to maintain opsec regardless what your doing online their literally even using zero days to capture evidence to put mother's in jail over abortion so bodily autonomy is basically gone our bodies have serial numbers at this point and we're owned by the government, the world's becoming 1984 fast and knowledge is power as always and will keep your head constantly above the dirty corrupt water.
One last thing I wanna discuss is why this is important. Memory unsafety is completely garbage for your opsec and Microsoft knows this and intentionally keeps a lot of their system files in C because they have a secret partnership with the NSA you see in the hypothetical universe where Microsoft invested billions of dollars to convert everything to rust other then some key components that require unsafe keyword for performance reasons well in this universe the NSA couldn't hack other foreign governments who mostly use windows PCs so the NSA coerces Microsoft with bribes to keep this drop feed garbage patch system in place. It's crazy to me how we normalized patch tuesday where 50-70 dangerous bugs get patched monthly that's not normal unless there's some fuckery afoot and there is. Instead Microsoft wants to spend 40 billion or something crazy on an Activision acquisition to further become a monopoly behemoth and ruin the gaming industry when they should be fixing their shitty operating system they intentionally leave these bugdoors open for the NSA to exploit and then after they squeezed a bug dry they'll let Microsoft patch it. I realized we lived in a backwards world ages ago and all these NPCs and their ignorant takes continue to perpetuate this broken system and are part of the problem.
Some important links:
https://gizmodo.com/fbi-tor-ip-address-muhammed-momtaz-al-azhari-isis-1849975153 this is the article where the FBI used a TOR NIT to get his home IP. A reminder that TOR is based on a Firefox fork which has plenty of memory unsafe components still and can't be trusted unless it's sandboxed well.
https://www.qubes-os.org/ the link to a good OS to use to isolate your activity.
[link] [comments]
from hacking: security in practice https://ift.tt/qXTwals
Comments
Post a Comment