My post has two sections: one about a secure ISO, and after the divider line about the high-level VM trojans.
Considered he or someone else did so, and made a secure checksum (aka not md5sum but sha256sum or sha512sum) - then any download and any existence of that ISO when the sha[25][51][26]sum is calculated correct can be seen as the genuine unaltered article, right?brokenman wrote: ↑20 Apr 2016, 01:45I would quite easily provide a secure download link and signed ISO. With this method I am quite content. I know exactly where I download my stuff, checked its authenticity. I know that I compiled the applications and that I created and signed the final ISO. Once I pass that ISO onto a disk and give it to someone to deliver, the chain of trust is broken.
With the one exception that the user testing the authentic has a cracked system, and the binaries of his sha[25][51][26]sum (among other binaries) are cracked ones that deliver what the cracker wants them to deliver, and the cracker also intercepted a non-secure or not-secure-enough download or cracked a download ISO on a server.
That of course would only work with users whose system also has been compromised, to all others downloading the cracked ISO the sha[25][51][26]sum will show it is a tampered version, and user will raise alerts that every download has the same wrong sha[25][51][26]sum - so that a mistake cannot be the rare occurrence of a random unintentional corruption while downloading.
__________________________________
Of course, presuming ones own system got hacked by high level crackers who are after you personally usually sounds more like a pipe dream in dire need of psychiatrical evaluation, but… the sad news is:
Even Germany - a country more concerned about digital security for the citizens than, say, the US of A - has for years now an official Staats-Trojaner (State Trojan) that they copy onto ordinary citizens PCs and that monitors all and everything that is done on that machine.
Some of these existing high-level trojans are build as VMs (virtual machines), meaning prior any OS loading, be it Windoze or Linux or MacOS or whatever secure or less secure OS you use, hides itself from the OS that the trojan itself is starting and the VM-trojan is always the real OS in full control. Quite scary, and it is the military, police but also criminals who use that kind of trojans.
But they are not that widespread, compared to other low-level trojans (that only start after the OS starts them and is also able to hide itself, more or less) or ransomware.
It was years ago when I first heard of that issue, when I recall correct even booting via USB can be too late, because the trojan starts up so early in the whole boot process that you need to physically remove the hard disk or SSD and analyse it without it being used as a start media. That being the only way to find such a trojan, because only by not using the drive in any kind of booting process it cannot start its VM and is only passive data on a hard drive.
Added in 1 day 6 hours 9 minutes 18 seconds:
Seems fullmoonremix cannot contain himself, so his post I quote below was once again deleted by another moderator.
To put an end to his repeated attempts of derailing, I still quote his now deleted post to explain only this one time the misunderstandings he seems to fall for repeatedly.
_____________________________________________________
You seriously seem to not get why forums look like they do and how they work, so as moderator I have to explain some basics to you.fu11m00nremix wrote: ↑28 Nov 2020, 11:09his threads quotation of my original thread mocks a cyber
attack on me which was the context of the original thread.
Forums are divided into sub-forums to have articles about a similar topic together, like in forums.porteus.org here: bug reports vs module requests vs created & promoting module(s).
Now, in my case I stumbled upon an interesting part of an old post by brokenman, and since I am interested in cyber security and the machinations of crackers and hackers, especially concerning mafia-like cybercrimes like the harddisk encryption & extortion trojan and scam. But also the state police, military or intelligence service trojans; the last ones often open security vulnerabilities by installing their trojan or high-level VM-trojans as explained in my OP, compromising the user's data security.
I was not interested in any other detail about what was discussed in the thread I quoted brokenman, and there is no need or obligation for me to do so.
That is not the way forums work, when you want a forum only about yourself, create one and see how many people will register who are not spammers or trolls. In the real world you quote from any forum post you found and use that quote to start a new discussion that goes into a different direction. No obligation to keep it on the same tracks like the old thread - when one would like replying to that, he would just reply in the old thread.
So one creates a new thread and quotes only a small part to focus on just one or a few specific aspects. That is the reason you quote only the small selected part of an older post since you want to explore the theme(s) in a new direction than before, and therefore you create a new thread - with a new appropriate subject.
It looks like it, since you once again deceptively misquote my post, even when I explained that to you three times already: once in my first reply to you that now got deleted by another moderator, once in my last reply in the thread again that was also deleted, and once in a PM to you.fu11m00nremix wrote: ↑28 Nov 2020, 11:09This language is the Gaslighting narrative of a Tin foil hat analogy.
Therefore I have to present the whole quote of what I wrote and not the selective manipulative misquoting you did over and over again. I will explain what I wrote and what is meant by what I wrote for the 4th time; honestly my hopes are below zero that you get it, since you already failed doing so the first 3 times.
But since any of this is not about you anyway, my explanation is more about setting things straight and for the benefit of all other readers.
You conveniently ignored how my post continued:
(highlighting by me, not part of my original post)Rava wrote: ↑27 Nov 2020, 06:59but… the sad news is:
Even Germany - a country more concerned about digital security for the citizens than, say, the US of A - has for years now an official Staats-Trojaner (State Trojan) that they copy onto ordinary citizens PCs and that monitors all and everything that is done on that machine.
The way my post continues makes it obvious that claims of being hacked by state organisations might sound ludicrous to some or maybe even most people - but the reality is, such hacking techniques are used, not only by some undemocratic countries like Saudi Arabia or China, but in recent years by many countries usually seen as democratic.
I only mentioned Germany and its Staatstrojaner, but could easily have added details of such covert hacking by other western democratic countries - US of A, Australia, UK, France, Canada, NZ… I just choose one single example being enough to illustrate my point.
And probably even worse than what I wrote above: western countries sell digital surveillance techniques to countries like Saudi Arabia who use these to monitor, imprison, torture and kill critics.
China not needs such imported digital surveillance techniques - they already developed enough themselves to fit all their needs.
Use a quote to show that what you claim is true.fu11m00nremix wrote: ↑28 Nov 2020, 11:09Which @ the time my original thread was made this member was calling me a tinfoil hat.
But remember: What was written in PMs is confidential and not to be quoted in public.
If you cannot show proof by quoting from a forum post, do not make such claims.
You still not get what I wrote above: as I stated, to most people such claims sounds ludicrous, but the sad reality of the last decades and most probably for the foreseeable future is that almost every country uses such covert techniques.fu11m00nremix wrote: ↑28 Nov 2020, 11:09There is no problem with being perplexed if never victimized.
So you blamed me repeatedly for the very opposite of what I wrote.
Sometimes I wonder if English is not your native tongue. How can you misunderstand what I wrote by selective quoting over and over again, even when I explained the whole argument to you three times already, making this post the 4th time.fu11m00nremix wrote: ↑28 Nov 2020, 11:09However... that does not justify mocking the victim using their own thread.
And just a reminder to you, fu11m00nremix: Your attempt in misquoting me and attempt to derail this thread already made another admin or moderator delete all but my original initial post.
This is the only time I explain all that to you in this thread, all other misunderstandings by your part are to be discussed in private via PM, I already sent you the PM hours ago.
If you still go off topic here and continue with misquoting me, I (or other moderators) will delete all such posts, even when they would contain some on-topic material about the real topic of this thread, since I now had enough of you misquoting and trying to derail this thread over and over again. If you would care to read and comprehend for once, the thread is not titled "fu11m00nremix tragic past with state-hacking" since this thread is not about any individual person at all. This thread is about the threat to all of our global freedom and way of living (and issues with secure ISOs).
If you want a discussion about your past with state-hacking, do so anywhere appropriate, like the old thread I quoted, or create a new one.
Trying to derail this subject by repeatedly misquoting is off topic and will be handled accordingly.
