Security Security about Operating systems and Password managers

Hello

It feels good to give back on a community like Centminmod and as i am not good at servers technical stuff i will post here my opinion and my recommendations for security about Operating systems and Password managers from my experience.

You may notice that 1-2 years ago a lot of leaks was out related to NSA and security Companies and a lot of exploits are gone public.....

In my opinion that was an inside job as NSA has other tricks more advanced and they want the old exploits methods to be patched as many users start to find out about them and try to use them...

---

They want to be able to spy to others but not have users do the same with advance methods.

What advance methods users start to use?

Hard disk boot sector malwares
Bios malwares
and so on....

That kind of viruses are not detected by any Security software as they operate outside of the OS level ..... so you know what does that means.....Once inside forever inside.

Recent news from Wikileaks bring to light that the hardware that you buy may already has malware pre installed most Android Phones but pc parts also!

Other big threat is your browser (chrome, firefox, e.t.c) flash and java malware is waiting for you

Now there is one big question to proceed:

Do you want to protect your data from:

1)Normal users attacking you and your data
2)Spy agents

For case one it is very easy

Just try to not accept anything from anyone and run it on your machine and you are fine
Also do not visit pages that they recommend you and click around..... I think you got my point in general

For the second scenario you must be paranoid as they are to you

There are two scenarios also:

1)Physical raid on your PC
2)Online hacking to you

For the first one i use Kali with luks encryption with nuke patch !!!

What it does?

It encrypts the boot sectors with AES-256 encryption with one password for decrypt and one for nuke it and then delete it from your device.

You will get that on a usb device and when you travel you are safe as none ever crack that and a month ago they create a way to brute force that with a very low speed so with a good password you are fine

So when you reload the boot sectors back and the Linux start loading it will ask for a pass and you should have a simple sticker on your laptop with a small note:

password: superhacker

So if anyone got your laptop he will may try that one so he will wipe out your sector so boom no way to get any data from there

Another way is to use a live OS from a DVD like Tails that is stateless and you don't need a hard disk at all so no data will be there as you will working on Ram

Not flexible at all but it helps Also that apply also to the second scenario as Tails use as default tor and the browser is locked and can't escape from it's lock and write or access data from the given Tor path !

For the second scenario you can use Qubes and that's an amazing OS !!!!

You can have Os templates to load with a click (they even have Windows) and you can work with any OS for a specific job and there is no way for an attacker to pass from one OS to another !

They can't even open your mic or cam if you don't give permissions for that.

The minus is that not all hardware is compatible as they have very strick rules for a hardware to be compatible and they have some advance technics to protect from attacks that you even never know about them....

Veracrypt is another nice software but i do not trust it 100% but is good to keep an eye on it as it i offering a hidden partion option with dual password prompt like Luks but it does not nuke with the second password but it does load a second hidden partition.

Virtual machines like Vmware should not considered as secure also and it will be good to not run any app on them as there was exploits about escaping from VM and run code on the main machine....

For password managers Keepass for windows is the best but windows is not secure

So using Qubes with Windows template that will not have access to the net will do the trick...

I do not trust any password manager and no way for password managers that store online your passwords !

That's a tough one on what to use.....Linux for sure with a Vpn and with an open source password manager should be ok but block net access to that app.....Also the app should use encrypted local database and clear the ram after x seconds of copying it....

About 2 factor authentication is secure only if the attacker is far away from you as now a days there is very easy to sniff an sms if you are close to the victim There is a known unfixed issue at the GSM SS7 protocol.

But you can create a rogue GSM tower using a Motorola very cheap specific phone or with some advance equipment up to 400$ and as you will be very close to the victim the power signal will be much better and he will connect to you and the rest is peace of cake !

You can do that using an SDR device without having the user connect to you and sniff the sms direct from the tower as a second option....

Don't know if i confuse you more or help a bit to research by yourself and decide what is the best for you