(originally posted on BMAC, where posts are searchable/organized by category; signup for optional account is completely free, includes occasional surprise post/download, has direct messaging, and allows you to receive more important posts by email (if you like))
Important Mention: in addition to other networks, a malicious VPN provider is capable of MITM attacks (one of the networks not commonly mentioned).
Key Security Takehome: Your computer's self hosted, open source encryption/crypto/hash methods are the only reliable encryption you can rely on for data integrity.
What are these? local/trusted checksum comparison programs/commands, ssh/key fingerprints -- all include storing some form of key / crypto related program on your own computer - above any reliance on 3rd party outside servers. Sometimes utilizing form of private key, other times local programs such as sha512sum, sha256sum, GPG, etc for verification.
Recently wrote a checksums tutorial (with screenshots), here on the main BMAC blog. Continuing in line with this important security topic for new Linux users - some may prefer this video over reading the written tutorial: I decided to offer both.
TIP: When checking a download outside the package manager (ie: Linux .img), one way to increase assurance of a checksum is to grab that checksum from a separate domain/server from the download hosting itself.
Example: Compare the hash from the official source, then download from a mirror: in this situation one would have needed to compromise both the mirror and official server to make hash match the download mirror.
I used a real world example of MITM story to introduce checksums and how they can serve to verify integrity of a file, entire package, or set of packages.
With a MITM attack, this can happen more locally, within your home/office LAN, public WiFi. It can happen at a higher level as well. In some countries where Human Rights are not well respected, this type of attack could happen at ISP level. Example: criminals compromising ISP to perform attacks or harm Human Rights activists.
We cover
checksums using commandline, Nextcloud App, and a graphical program called Gtkhash.
VIDEO TUTORIAL:
What do you find running these commands? Are you seeing anything concerning? Have you inspected any of the "FAILED" results for anomalies?
Let me know in the comments. π
If you would like to show support work like this, options are listed below, and on Front Page
Thank You to everyone who takes the time to Share and/or Support my videos. As all my channels/pages are completely demonetized.
Thoughts, comments and any questions welcome below.
π Thank you for Sharing this (Telegram/Social media + everywhere).
----------------------------------------------------------------------
π§
π ANONYMOUS GITEA (.onion): Books, Code/Scripts, Wiki, more (make a repository)
π§
π PASTEBIN (.onion): options- password protect, zk-256bit, "Burn After Reading" + more
----------------------------------------------------------------------
π€ SUPPORT OPTIONS (If you like to):
π²CASHAPP
βππ Politictech (BMAC Memberships (monthly supporter option)
π EXTRAS: Unique extra Services (get something back for your support)
π³ Politictech Main Page: (info + current Crypto)
----------------------------------------------------------------------
FOLLOW:
βπMASTODON
π¦ TWITTER
π PEERTUBE
π BITCHUTE
π ODYSEE
---------------------------------------------------------------------
β CONTACT
-------------------------------------------------------------------------
THANK YOU for Sharing this, Liking, and Subscribing.
-------------------------------------------------------------------------
If you aren't registered for Odysee I'd love to see you over there.
Use my invite link: https://odysee.com/$invite/@RTP
--------------------------------------------------------------------------