• 0 Posts
  • 57 Comments
Joined 1 year ago
cake
Cake day: November 10th, 2023

help-circle

  • groet@feddit.detoComic Strips@lemmy.worldI'm in!
    link
    fedilink
    arrow-up
    11
    ·
    6 months ago

    You DONT want to turn it off. Digital forensics work WAAAAAAY better if you have a memory dump of the system. And all the memory is lost if you turn it off. Even if the virus ran 10h ago and the program has long stoped running, there will most likely still be traces in the RAM. Like a hard drive, simply deleting something in RAM doesn’t mean it is gone. As long as that specific area was not written over later it will still hold the same contenta. You can sometimes find memory that belonged to a virus days or even weeks after the infection if the system was never shut down. There is so much information in ram that is lost when the power is turned off.

    You want to 1: quarantine from network (don’t pull the cable at the system, but firewall it at the switch if possible) 2: take a full copy of the RAM 2.5: read out bitlocker keys if the drive is encrypted. 3: turn off and take a bitwise copy of the hard drive or just send the drive + memory dump to the forensics team. 4: get coffee



  • No. It’s not a magic invisibility field inside. It’s a magic object that works only on living “intelligent” creatures. It also doesn’t work the same on different races. Only humans (hobbits are a subtype of human in Tolkiens lore) turn invisible. And because it’s magic it also turns their clothing etc invisible. So either Frodo and his poop is invisible or nothing is.


  • I have set it up in a way where all the packets have to go through their VPN and if they don’t, they get dropped before they leave my PC.

    That is the function of a firewall and not of the VPN. As I understand portmaster it does both. But that is not normal VPN behavior.

    VPNs are not magic. They are a piece of software that encrypt traffic and send it to a special server. They do that by creating a virtual Internet connection (think like pluging in an additional Ethernet cable or connection to an addition WiFi at the same time). Everything that is sent through the virtual connection is encrypted. Your system now has (at least) two valid Internet connections (one real and one virtual). For every packet it sends it needs to decide which connection it should send it from. This is decided by something called the routing table. When you start the VPN it will put two routes into the table.

    • traffic going to the VPN server goes through the real connection (so the encrypted VPN traffic is routed correctly)
    • everything else goes through the virtual connection (the VPN tunnel where it gets encrypted)

    The attack described is a way how a network router can add a new route into your devices routing table to basically override the second route from the VPN. The route is still there, there just is another one that has a higher priority.

    A VPN is not the ultimate authority over your network traffic. It is just another program sending and recieving taffic.














  • Can you verify the software running on an instance is the same as the one in the source code repository? You can’t. Can you verify the instance isn’t running code to read passwords from your login requests even if the code is the original open source code? You can’t.

    That’s why (and for other reasons) you should never use a password for more than one site/service/instance.

    Lemmy admins (admins in the Lemmy application) probably can’t read your password. But everyone with admin rights on the server operating system can.