CPU level security threat. How can we protect ourselves?

Angry Dog

Member
Credits
550
Good day everyone,

i have to say i rewrote this thread a few times.

each time i realized a flaw in my thinking and now realized i am heading back towards CD-Rom drives? Seriously.

Here is the truth,

If YouTube is accurate and both amd and intel CPUs have a critical security flaw then they can no longer be trusted. What about a pi computer? The latest model is very useful and i have to admit i don't really notice lag doing research and might be part of my solution.

Situation, in my off time i write a lot and consider my scripts to be my property both because i wrote it and because i believe it may have future value especially when i wish to publish my work. Thus i need to protect my property.

The question now is how do i protect what is mine from CPU level security flaw? After doing research the simple answer is i don't. See anyone with the correct tools and knowledge can do serious damage as i understand it. But i lack the technical skill to protect myself. There are millions of YouTube videos teaching anyone how to compromise Wifi networks, home networks and the like. It is sickening to know that hard work can simply be stolen or removed.

So the idea now is to move away from X86 platforms. Now apple is a contender here but lets be honest apple is not cost effective. So a cost effective solution is a Pi computer. It uses Linux and it has a ARM based CPU with good amount of ram. Mine is a old one so i will be buying a few new Pi computers and see how i can secure the network, if encryption is possible. How to manage storage encryption. How to fully isolate networks so that each Pi has its own dedicated connection that is isolated from the other.

How to get virus protection for Linux and also look into a good KVM switch.

To come back to the CD-Rom. It is the only thing i can think of that i can make that is read only and cannot be compromised. So a old laptop with CD-rom will also be tested. It will have no hard drive and will store everything on a USB and Cloud base storage. So when the system powers down there is nothing. however the laptop is still intel and i don't trust them nor do i trust amd. So am seriously considering to retire all X86 systems.

It is no longer a question of paranoia it is a question of WHY did manufactures introduce these security flaws? Should they be held liable?

So my question to you all is, do i pull out all x86 systems? Do i simply disconnect from the internet entirely? In order to protect my scripts i have invested in a old typewriter that should arrive in a few days. This is not a joke, i honestly and truly believe it is the only way forward. The idea is to type my work out and take a photo with a good camera with no Bluetooth or wifi. That way each page will have a digital backup. But i would like to continue using a computer if possible but if not then this IS my solution. A camera and a typewriter? yea... i know it sounds like i am being seriously paranoid but in end, look for yourself how many people are actively trying to get into your network "for fun" and what damage will they do because they know they are hidden?

thank you for reading
take care.
 


craigevil

Member
Credits
502
I am quite happy with my PI 400. Running the PI OS upgraded to Debian Unstable.
 

Vrai

Well-Known Member
Credits
3,703
Good day everyone,

i have to say i rewrote this thread a few times.

each time i realized a flaw in my thinking and now realized i am heading back towards CD-Rom drives? Seriously.

Here is the truth,

If YouTube is accurate and both amd and intel CPUs have a critical security flaw then they can no longer be trusted. What about a pi computer? The latest model is very useful and i have to admit i don't really notice lag doing research and might be part of my solution.

Situation, in my off time i write a lot and consider my scripts to be my property both because i wrote it and because i believe it may have future value especially when i wish to publish my work. Thus i need to protect my property.

The question now is how do i protect what is mine from CPU level security flaw? After doing research the simple answer is i don't. See anyone with the correct tools and knowledge can do serious damage as i understand it. But i lack the technical skill to protect myself. There are millions of YouTube videos teaching anyone how to compromise Wifi networks, home networks and the like. It is sickening to know that hard work can simply be stolen or removed.

So the idea now is to move away from X86 platforms. Now apple is a contender here but lets be honest apple is not cost effective. So a cost effective solution is a Pi computer. It uses Linux and it has a ARM based CPU with good amount of ram. Mine is a old one so i will be buying a few new Pi computers and see how i can secure the network, if encryption is possible. How to manage storage encryption. How to fully isolate networks so that each Pi has its own dedicated connection that is isolated from the other.

How to get virus protection for Linux and also look into a good KVM switch.

To come back to the CD-Rom. It is the only thing i can think of that i can make that is read only and cannot be compromised. So a old laptop with CD-rom will also be tested. It will have no hard drive and will store everything on a USB and Cloud base storage. So when the system powers down there is nothing. however the laptop is still intel and i don't trust them nor do i trust amd. So am seriously considering to retire all X86 systems.

It is no longer a question of paranoia it is a question of WHY did manufactures introduce these security flaws? Should they be held liable?

So my question to you all is, do i pull out all x86 systems? Do i simply disconnect from the internet entirely? In order to protect my scripts i have invested in a old typewriter that should arrive in a few days. This is not a joke, i honestly and truly believe it is the only way forward. The idea is to type my work out and take a photo with a good camera with no Bluetooth or wifi. That way each page will have a digital backup. But i would like to continue using a computer if possible but if not then this IS my solution. A camera and a typewriter? yea... i know it sounds like i am being seriously paranoid but in end, look for yourself how many people are actively trying to get into your network "for fun" and what damage will they do because they know they are hidden?

thank you for reading
take care.
Sounds like there may be a bit of paranoia going on here. But a 'bit' of paranoia can be a good thing! :)

I think the larger issue here is the illogic. Whereas virtually all computer and electronic devices have silicon chips in them, and the vast majority of chips are manufactured in China, then we are trusting the Chinese manufacturers. It is not just an AMD or Intel problem.

Also, trusting Cloud based storage seems a bit illogical. I understand the 'rant' - but a bit of logic and reason will be very useful here.

If one is truly paranoid then they will know that typewriters and keyboards can also be spied upon via listening devices. Although typewriters are more secure than internet connected devices.

I don't know what type of "scripts" you are referring to but good encryption will afford about the best protection. Type with a computer which is never connected to the interwebs, encrypt on that computer, and then the data will be very safe. Of course if it is ever unencrypted and copied to any connected device then all bets are off.
 

70 Tango Charlie

Well-Known Member
Credits
1,973
@Angry Dog
Greetings, and welcome.
If you are looking for 'perfect' security in the computer world; I'm afraid you will be disappointed.
There are ways to 'protect' your valuable data however.
I personally use USB memory sticks. I have several in the 256 gb range that I use for the data that is most important to me.
There are two advantages that I see in using these little, amazing wonders of electronic wizardry.
The first one is the portability. When I leave the house, they go with me. If the house burns down I don't lose my valuable data.
The next one is that they are easy to carry in my pocket.
I do not subscribe to the 'cloud' idea for my personal data. I want it as safe as I can make it, and putting it on a server somewhere is not my idea of safety. I guess I am what you would call a 'control freak'. That is one of the reasons I use Linux, so I can be in control of my computer - and responsible for anything that happens to it.

When it comes to the subject of scripts, there is an interesting book that is worth the read. It is called "Linux and the Unix Philosophy" by Mike Garcanz. It is written to specifically discuss the "Why" of Linux and Unix.
Just some thoughts from an Old Geezer, Tango Charlie
 

Angry Dog

Member
Credits
550
Within writing the above i was so sick at viewing YouTube. There was more about how to compromise security then actually implementing it. But i digress.

Right Logic time.

First thing all/most computers come from China, this is true but realistically they need to communicate and in order to communicate they need the internet.

i am not worried about a microphone in my home. I edited this part noticing i made a terrible mistake here but lets continue. Fact is most phones are listening devices if compromised anyway so again that is scary.

So what is the reality here? Well computers are in our lives, they keep our info and they connect and communicate with each other on the net.

The trouble here is, there are devices being build to compromise networks. the problem here is, people see these videos and see the word "ethical" in every title but lets be serious, how many of those people will use anything ethically? A small number might BUT not all of them and this is fact.

Now CPU manufactures allow for bios level attacks? Nothing can protect us then. It is pre-OS and can be devastating to anyone. Specially hospitals we saw this a while back. The fact is these manufactures are opening doors and i cannot understand why they do.

Realistic solutions?

A perfect solution does not exist but the following can be done.

1> Disable Wifi. 90% of what i see on YouTube is Wifi attacks and it is made easy.

2> Isolate the computer itself. This can be done in the form of VM and it giving it, its own isolated LAN interface is not that hard. So running a VM that is dedicated to browsing is a good start it means the browser remains isolated from both the main OS, the main hardware AND done right has its own isolated network. The other side is true. that is to start up a clone each time and dispose of it when done.

3> Multi-factor authentication, encryption and isolation is a big thing. So you can setup Linux encryption on most OS and give it a massive password But you also can put a password on the Bios. Most importantly you can create 2 accounts 1 with admin rights and the 2nd with user rights only. This is not hard and it means that even IF someone gets access to the user account it can only do so much.

4> Don't use mainstream devices. Mainstream devices like X86 gets a lot of unwanted attention just like Windows OS use to get. Using something different means functions that may otherwise exist don't and exploits that may otherwise be a problem isn't simply because it is not widely use yet.

5 > Do i need a hard drive? Booting from a USB is a reality for Linux and we use to do it with CD rom as well. So the idea is if you boot with a USB and do work and then shut it down, there is nothing to be accessed simply because it is not plugged in.

6 > backup backup and more backup. This is the primary way we can protect ourselves. If it is backed up and not plugged in it cannot be accessed.

7> Divide workloads, right now i am running 4 computers 1 of them is isolated and only see the net when security updates is needed. Nothing is stored on it, it is just a OS with the basic software i need. But once offline i do my work on it by connecting my USB drive to it. Yes keyboard logging IS something windows do and it does bother me so i went over to Linux Mint for it. But still even Linux need to update from time to time. I use another computer "Pi computer" for browsing and my phone isn't connected to any network. This is sadly very expensive because mobile data IS just expensive BUT it is isolated and that i think is the best way to go about it.

So it is not like i sleep under a rock, i know the realities but i am still upset, we spend money on these devices and to hear that the manufacturer actually is factually leaving doors open is just STUPID. It shouldn't happen. yet here we are.

Was the typewriter a bit of a overkill? Not really... considering its function is to allow me to work on my hobby it is not so bad. It is not for work at all.

All this said i am just angry that a system that cost real money for all of us has flaws like this. i mean why does these back doors exist? What was their original function? These are serious questions we need to start asking and consider before we buy future hardware.

Just a note, when i wrote the above i was seriously tired and haven't slept for 2 days so my spelling an grammar is really terrible. That said English is not my first language so if anyone sees something and wonder about it i thought i would just add this here. Again thank you for reading and please be safe.

We live in a strange world.
 
Last edited:

Angry Dog

Member
Credits
550
I never worry what people put on the Internet, especially Youtube. :rolleyes:

My way is simple...
1. Run Linux
2. Encrypt your DNS
3. Use a Proxy or VPN
4. Keep your System up to date
5. Use DuckDuckGo and wear a large Tinfoil Hat . :):);)
:) lol yea love the tinfoil hat idea it is just i have no hair and i am worried about cooking what is left... All seriousness what you are saying is true i will not dispute that. BUT in the end we all know VPNs say they don't log data BUT we know that governments are slowly forcing them. Also i don't really care if my ISP sees what i am doing i am just a average user. But cookies i dislike because of the types one get. Some are just well scary for lack of a better term. As for using Google on a browser that is going to get wiped anyway i don't really care because after i close the VM i del the clone create a new one life goes on. Again i have nothing to hide i just HATE the fact that i spend money on a compromised product. It is like buying a car and learning at every other car's keys can start it. It just sucks...

sorry i wanted to wrote VM not VPN so edited that.
 

Angry Dog

Member
Credits
550
The more we know. Did a search on this and liked what i saw.

After installing an x86 application in the guest x86 environment you can just go to the Start Menu of your Raspbian and run this application simultaneously with native ARM applications. For example, you can run Spotify on Raspberry Pi with ExaGear Desktop virtual machine.16 Mar 2017
Had a look i can get a Raspberry Pi 4 it has 8GB RAM, quad-core CPU, support for dual displays at up to 4K resolution, "so they say. Gigabit Ethernet, USB3.0, wireless LAN, Bluetooth 5.0, and USB-C power.

Will be taking the heat-sink enclosure with it. This is a little monster of a PC i mean 8GB RAM is a lot even for a modern system it is not bad considering... looking forward to test it and see what i can do with it. Maybe i can do actual work on it. That be cool so worth the test.
 

Linuxembourg

Member
Credits
531
I wonder what data you have that is important to you if the house burnt down! My priority would be to get a place to stay for the night, then to get some weed!

8gb of RAM is ridiculous by my standards. I've never had more than 4!
 

Nik-Ken-Bah

Well-Known Member
Credits
1,460
I never worry what people put on the Internet, especially Youtube
I concur since people have their own agendas.
As for security I personally look at this way.
Why do we have locks and such like?
They are there only to keep out honest people for those with nefarious intentions will find a ways to negate the use of the lock. It is the same with electronic devices there are know exploits but it is only those with bad intentions that will use those exploits to drive through your security no matter how well it is setup.
So I would not be overly concerned.
Take heed of what @70 Tango Charlie said since you have no desire to lose what your scribe. I am also in that boat and I have that same problem of loss but for another reason I have not the time to rewrite my words as Father Time flies and sleeps brother is awaiting the hour to take me back home to the far shore.
 

Angry Dog

Member
Credits
550
I wonder what data you have that is important to you if the house burnt down! My priority would be to get a place to stay for the night, then to get some weed!

8gb of RAM is ridiculous by my standards. I've never had more than 4!
Scripts, and stuff, mostly writing so in all honesty not something that will take a lot of storage space. But lets be real about the specs 8gb of ram is a lot.
 

Linuxembourg

Member
Credits
531
Scripts, and stuff, mostly writing so in all honesty not something that will take a lot of storage space. But lets be real about the specs 8gb of ram is a lot.
I wanna keep scripts I've written from the public, but mainly through embarrassment!

It's different if you are doing certain tasks, but in general most people wouldn't get close to using 8GB of RAM. Or they shouldn't.
 

70 Tango Charlie

Well-Known Member
Credits
1,973
Linus Torvalds has 32 gb of ram on his rig.
TC
 

Nik-Ken-Bah

Well-Known Member
Credits
1,460

Angry Dog

Member
Credits
550
I wanna keep scripts I've written from the public, but mainly through embarrassment!

It's different if you are doing certain tasks, but in general most people wouldn't get close to using 8GB of RAM. Or they shouldn't.
Me not so much. To be clear i don't care what my ISP sees, i don't care if Google is interested in what toilet paper i use. I cannot care less if Facebook wants to record my every conversation, log my every move and try to sell me stuff i don't need at prices i am not willing to pay. i don't care about what is in my emails because an entire company that generated that email SAW its creation, topic and delivery to me.

What i care about is, what i create is mine. It is mine to create it is mine to craft it is mine to sell/publish it is my property. Privacy is dead i get that but security shouldn't be next on that list. Security should be the primary focus because our livelihoods is dependent on it. In short lack of security WILL effect your ability to eat, allows you to get hospital care and allow you pay for things. Unlike privacy this can actually kill me. If you go to a hospital and they get the wrong info about something that is dangerous and implement the wrong medication a person can actually die or their body can be injured in such a way that it cannot be healed.

that is the part that makes me angry. The part that our computers now have a open door and anyone with the right tool can do so much harm in such a bad horrible way that it is effectively physically dangerous. If i don't get the right treatment i die. if the computer that my data is stored on is corrupted or tampered with i die. i lose my life. That is murder not a video game but actual murder.

It is for this reason CPU companies should be sued to hell and back because they created this problem and for what reason? Who ordered it? Who made this choice? Because that person made a choice that humanity must live in fear that important systems CAN be messed with and the effects WILL HAVE direct and sometimes deadly consequences.

see i am just a stupid little dude with no real value in the greater picture of life. BUT why should someone i don't know have access to systems that i and others are dependent on ?

So yea privacy is dead but we BETTER demand that security stays alive and healthy. Because without it life as we know it cannot continue and we go back to 1960.
 

sam444

Member
Credits
511
Also i don't really care if my ISP sees what i am doing i am just a average user.
Well you should be concerned, if your ISP sees everything you do, so can everyone else including Governments. :mad:

We are all average users but we have a right to privacy, something we should never take for granted, that is unless people are stupid enough to run Windoze Spyware 10 where micro$oft not only spy on you but sell your information to Governments or anyone with cash. :mad::(

Speaking of Ram, in my tower I have 16GB of Ram, I have used nearly half sometimes but that's running my VM at the same time. These days 8GB of Ram is the norm and the more you have, the more you can multi-task. :);)
 
Last edited:

Linuxembourg

Member
Credits
531
So yea privacy is dead but we BETTER demand that security stays alive and healthy. Because without it life as we know it cannot continue and we go back to 1960.
Veering off-topic into politics really, but the vast majority of societal improvements since the 60s have little to do with computer security. DJB is a legend, but he isn't on a level close to Aneurin Bevan or Simone Veil.

On a less serious note, nothing to worry about regarding medical records and stuff. That's all solveable with the magic word blockchain. Who needs doctors when you can have extreme libertarian ideas on a blockchain!
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top