In the latest post I got bashed for warning people about an actual threat that could expose people's money to huge risks. You know most people in these circles have Bitcoins or Steem's accounts, some people have accounts worth:
- 1,000$
- 10,000$
- 100,000$
- 1,000,000$ or more
And if a hack were to happen, then it would be disastrous to lose that amount of money. Yet some people think I am the crazy person for warning people against this exact possibility.
These people think I am some crazy conspiracy theorist that is just exaggerating things, but let me show you how much it is not exaggerated:
- Yahoo.com hacked , 1 billion accounts exposed, BOOM: https://www.yahoo.com/tech/yahoo-hack-shows-data-tool-information-warfare-202858183.html
- Ransomwares: http://phoenixts.com/blog/ransomware-prevention/
- Ubuntu weakness: https://donncha.is/2016/12/compromising-ubuntu-desktop/
- Skype: http://www.darkreading.com/vulnerabilities---threats/microsoft-patches-dangerous-backdoor-in-skype-for-mac-os-x-/d/d-id/1327712
And many more, these are just the recent ones, heck there are even KEYLOGGER PROOF OF CONCEPTS ON GITHUB!
You can't make this shit up, you know how easy would it be for an experienced hacker to hack an insecure computer when you can find keylogger scripts on Github?
Don't be naive to think that just because you are ignorant of the threat, the threat doesn't exist. It does, unfortunately.
Create Safe OS
My simple prevention plan is to have a Safe OS, that you can use to restore your PC from, in case some vulnerability is discovered or in worst case scenario you get a malware. I think it's crucial for everyone to make this, so that you don't get caught with your pants down in case of an emergency, be prepared for everything.
So whatever operating system you are using (preferably a good one), you can just restore it in case it gets compromised or infected. Of course you will also need to backup your data regularly for this to work.
The thing that people don't understand is that after a vulnerability is discovered you can't patch it, because your system is already exposed, and you cannot know what kind of malware that vulnerability let in, and patching it only closed the gate, but if the malware is already inside, it's game over. Here is an analogy:
- It's like if you have a cake, and your dog poops on it. If you remove the poop from the cake, it will not be the same cake, and you would not eat it. You have to make a new cake from the start.
- It's like a dam, if you open the dam, the water gets through, and doesn't matter if you close it afterwards, the village down the river is already flooded.
So after a vulnerability is discovered or you discovered malware, it's game over. You can't just patch it or update it, because the system is already compromised, and you can't know what damage the malware did, because your PC can't be trusted anymore. That is why you need a Safe OS, that you can trust, and restore the PC to it's original state.
THE STEPS
1) Backup your data regularly to a USB stick, preferably multiple ones, in case one gets corrupted.
2) Choose a live operating system that you want to use. Make sure it boots from maximum 1 DVD. (Bluray boot is not alwats supported)
- Here is a bigger list: https://en.wikipedia.org/wiki/List_of_live_CDs
3) Use an offline computer for verification: Download it, and verify it's PGP signature:
4) Get a DVD, and burn the .iso file to the DVD
5) Verify the burned image's SHA256 hash to the original ISO's SHA256 hash
- Note that since the DVD stores the data in 32768 byte block sizes, the hash will not match, because there are empty bytes being burned to the last block to make the DVD full. Unless the number of bytes of the ISO image is divisible by 32768, the hash will not match!
- So you need to subtract the 2 size numbers and take the absolute value for example:
2,549,317,421 byte (DVD) - 2,549,301,390 byte (ISO) = 16031 bytes outstanding - Now create an empty file of the size of the difference, in this case 16031 bytes:
dd if=/dev/zero of=adding_empty_bytes bs=1 count=16031 - And concatenate it to the original ISO:
cat yoursafeOS.iso adding_empty_bytes > fixed - Now the fixed file should be equal to the DVD's image, and now you can compare the SHA256 sums of the two, it must be equal. If it is, then the operating system ISO, matches byte-by-byte the one burned to the DVD. So now you have an trusted DVD with the new fixed version of your OS.
6) Now boot from this OS from the DVD, and you know that this is a trusted one if you did this instructions well, so now you can inspect/analyze/clean the OS that was exposed. Or you can just format the entire harddrive from this OS, and know that the malware will be terminated. Otherwise the malware can hide and regenerate itself it it's not formatted from a trusted setup.
7) So now you can use this DVD to boot your computer from whenever you need sensitive/confidential tasks being performed, like working with private keys, etc. Although it's recommended to only work offline with private keys, it is still certainly better if you use your trusted OS for this, than the one you have on your hard-disk.
It's a handy methodology, and whenever some vulnerability or malware is discovered you can always restore your PC to a safe state.
Disclaimer: The information provided on this page might be incorrect. I am not responsible if you lose money using the information on this page! This is not an investment advice, just my opinion and analysis for educational purposes.
Upvote, ReSteem & 
