« Rev
@FreeBSD1   223
Fwd »


ɴꙩᴍᴀᴅ
The problem is that less exploits reported doesn't mean less exploits at all 😢 I couldn't find any great journal in this case.
I suggest you ask in a dedicated security group. They'll have a better answer and knowledge to tell you
Anonymous
I need a secure OS for my project and security is critical in that case. And i just feared after i read few articles about exploits in Linux and OpenBSD.
my suggestion: read and learn security concepts and best practices if you don't know them either install a linux distro or any bsd depending on what you need customize the HELL out of the kernel, disable anything you won't need, especially linux binary compatibility layer, its a perfect hole to exploit on the userland side, remove any packages and don't install any packages you won't need. you can even go a step further by using freebsd ports to customize your packages, compiling them with features you don't want removed, obviously can't exploit code that doesn't exist
Anonymous
But if you are an expert, you can fix and prevent from these things.
its easier to build a structure from scratch than to maintain one that is falling apart
Anonymous
The problem is that less exploits reported doesn't mean less exploits at all 😢 I couldn't find any great journal in this case.
this is were carefully customizing your OS is important. can't exploit code that doesn't exist also most normal hackers just try to brute force, so picking a good password is already enough to keep them at bay also, who are you trying to secure your system against? this is an important question
Anonymous
So I'm here @n0madcoder
Anonymous
What's your project? The hacker is waiting for you? to hack you?
Yes , i have to install and configure an OS for a company that is secure and have good exploit mitigations. They usually use debian (they formerly used CentOS) for their servers, but they asked me a more secure option. I have tried freeBSD & OpenBSD , but i don't know which OS is better for this purpose.
Anonymous
See, when you find an exploit, it becomes a vulnerablity
Anonymous
But
Anonymous
Exploits aren't schrodinger's cats
Anonymous
They don't stop existing if you haven't found them
Anonymous
They don't stop existing if you haven't found them
y'all people also forgot the hardware side stuff like intel management engine amd platform security processor god I fucking hate intel and amd
Anonymous
They don't stop existing if you haven't found them
yeah, someone can just find them and not tell others
Anonymous
Even if you go fully free software
Anonymous
You'll have a foss implementation that works like the intel ME
Anonymous
You will always have something like the intel ME or the AMD PSP whether you like it or not
which is why you have to switch to either ARM, MIPS or POWERPC to be more secure
Anonymous
PowerPC has openbmc
Anonymous
Both do similar stuff to the intel ME
Anonymous
If you want security, the intel ME has to exist
Anonymous
There is no other way to do this
Anonymous
I've also audited powerpc's openbmc
Anonymous
And it is far worse than the intel ME
Anonymous
I don't know about MIPS
Anonymous
If you want security, the intel ME has to exist
what? no you can disable, though its a little tricky also what do you mean an out of bounds processor that has proprietory firmware and has access to everything and is below the main OS in terms of access level is needed for security?
Anonymous
You cannot disable the intel ME
but you can cripple it to some extent
Anonymous
All you're doing is stripping out code from the ME
Anonymous
Intel ME has to be the first thing that starts
Anonymous
All you're doing is stripping out code from the ME
well at least its better than nothing
Anonymous
It is responsible for initialising the cpu, protecting the bios from malware and implementing a secure enclave
Anonymous
The only proper way to do security on desktop is with the intel ME
Anonymous
There is no DRM here
Anonymous
The secure enclave emulates a TPM
Anonymous
It can do more depending on what the vendor lets it do
Anonymous
The only proper way to do security on desktop is with the intel ME
the "proper way to do it" also has these:
Anonymous
Most of these aren't even ME bugs you realise that?
Anonymous
Most of these aren't even ME bugs you realise that?
well then where do they come from?
Anonymous
well then where do they come from?
Many of those bugs are just due to manufacturers not implementing uefi correctly
K
The only proper way to do security on desktop is with the intel ME
How can a closed source rootkit can be defined necessary for security?
Anonymous
Many of those bugs are just due to manufacturers not implementing uefi correctly
so it gives me even more reason to strip it down
Anonymous
How can a closed source rootkit can be defined necessary for security?
Open source or proprietary is irrelevant when it comes to security
Rafa
Yes , i have to install and configure an OS for a company that is secure and have good exploit mitigations. They usually use debian (they formerly used CentOS) for their servers, but they asked me a more secure option. I have tried freeBSD & OpenBSD , but i don't know which OS is better for this purpose.
MHO: security is a process, a daily process. Security involves the OS, the underlying HW, userspace and, most important, users ... You can have the most secure infrastructure in the World but if you have a user that clicks on everything, uses insecure passwords, ... You're doomed.
Anonymous
I disagree
Well then your opinion is wrong
Rafa
So, my first question: do you trust your users? I don't
Anonymous
Suggest you pick up a book on software engineering and see what open source and proprietary mean
K
Well then your opinion is wrong
I think yours is tbh You can’t have security through obscurity
Rafa
I mean, I don't trust YOUR users and I don't trust MINE either 😅
K
Well then your opinion is wrong
This is literally an opinion
Anonymous
Open source or proprietary is irrelevant when it comes to security
yes it does, while open source doesn't give you a "backdoor-free guarantee", you can still audit it yourself, something you cant do with proprietory software
Anonymous
This is literally an opinion
By definition, open source does absolutely nothing to make software more secure, trustworthy, or stable
Anonymous
We are going by the SE definition of source models here, feel free to look it up
Anonymous
It can be audited
It's useless
K
Its not lol
Anonymous
Its not lol
Bugs and vulnerablities are almost never found by reading the code
Anonymous
You're free to see the stats on how hundreds of linux kernel bugs are found every month
Anonymous
You think people sit and read code?
Badugar
Open source or proprietary is irrelevant when it comes to security
How do you want to verify something is secure if you don't know what it is doing?
Anonymous
https://en.m.wikipedia.org/wiki/Underhanded_C_Contest
Anonymous
How do you want to verify something is secure if you don't know what it is doing?
We can verify the security properties of something without the source
K
You're free to see the stats on how hundreds of linux kernel bugs are found every month
Linux codebase is fucking huge and not always written by experts. OpenBSD codebase is smaller and constantly audited
Anonymous
This is how debian-hardening-check works
Anonymous
I just said reading code isn't how it works
Anonymous
they don't?
Nah, it's just a bot doing random stuff with the kernel until it crashes
K
You can’t check for backdoors on proprietary software
« Rev
@FreeBSD1   223
Fwd »