MITM ?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

MITM ?

Cord
Hi,
some months ago I sent some emails to misc (search my email on google) because I believe my obsd laptop was been hacked.
Then I bought a new laptop because my suspicious were that some firmware or the bios had some infected code.
Then I taken the new laptop and I went in two wifi point (in two different days and in two different wifi spot) to install openbsd. I installed a basic system and firefox, after that I come back to home.
At home I tried to complete the installation adding other packages. After one hour between pkg_add and watching video on youtube my laptop was freezed. The freeze was happen im the middle of a pkg_add.
After that I forced a reboot and I completed the installation. Then I start to watch a video on youtube. Then after 15 or 20 minutes from the boot the system again has been frezzed. Again forced reboot. And again watching a youtube video, around 10-20 minutes again freeze. In total there was been 3 freeze, one on pkg_add and two during watching a youtube video.
At the fourth boot, I left the system disconnected from the wifi to verify if it was an hardware problem. After 15 minutes I connected to the wifi but without doing anything. Then after other 10 minutes I opened youtube but the system was pretty stable. Those freeze was happened maybe 10 days ago. But I haven't had other freeze.
Now the "signs" of the previous hacking are appeared again in the new laptop then most probably the laptop was been hacked again.

What is your opinion ?
could be a MITM from my router and a kernel 0day on the tcp/ip stack implementation ?
could be MITMed pkg_add ?
the encryption algorithm (AES_128_GCM) behind https is really secure ?
Can some code be injected in an encrypted stream ?

Thank you.
Cord.



Reply | Threaded
Open this post in threaded view
|

Re: MITM ?

Chris Bennett-4
On Wed, Mar 25, 2020 at 07:17:59PM +0000, Cord wrote:

Go buy an ethernet cable. No WiFi.
Use someone's phone hotspot.
Use a fixed PKG_PATH instead of /etc/installurl

Read a LOT of man pages and misc@ tech@ ports@ bugs@

Maybe even tell us which version of VAX your laptop runs on?
Is it OpenBSD version 4.9?

I'm annoyed that our hotel room is sharing electrical circuit with the
room next to it and the power keeps tripping the circuit breaker.

I feel better now.

> Hi,
> some months ago I sent some emails to misc (search my email on google) because I believe my obsd laptop was been hacked.
> Then I bought a new laptop because my suspicious were that some firmware or the bios had some infected code.
> Then I taken the new laptop and I went in two wifi point (in two different days and in two different wifi spot) to install openbsd. I installed a basic system and firefox, after that I come back to home.
> At home I tried to complete the installation adding other packages. After one hour between pkg_add and watching video on youtube my laptop was freezed. The freeze was happen im the middle of a pkg_add.
> After that I forced a reboot and I completed the installation. Then I start to watch a video on youtube. Then after 15 or 20 minutes from the boot the system again has been frezzed. Again forced reboot. And again watching a youtube video, around 10-20 minutes again freeze. In total there was been 3 freeze, one on pkg_add and two during watching a youtube video.
> At the fourth boot, I left the system disconnected from the wifi to verify if it was an hardware problem. After 15 minutes I connected to the wifi but without doing anything. Then after other 10 minutes I opened youtube but the system was pretty stable. Those freeze was happened maybe 10 days ago. But I haven't had other freeze.
> Now the "signs" of the previous hacking are appeared again in the new laptop then most probably the laptop was been hacked again.
>
> What is your opinion ?
> could be a MITM from my router and a kernel 0day on the tcp/ip stack implementation ?
> could be MITMed pkg_add ?
> the encryption algorithm (AES_128_GCM) behind https is really secure ?
> Can some code be injected in an encrypted stream ?
>
> Thank you.
> Cord.
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: MITM ?

Joe Davis
> > What is your opinion ?
> > could be a MITM from my router and a kernel 0day on the tcp/ip stack implementation ?
> > could be MITMed pkg_add ?
> > the encryption algorithm (AES_128_GCM) behind https is really secure ?
> > Can some code be injected in an encrypted stream ?

An internet connection might not suit your use case. Have you considered
a self imposed air-gap?

Reply | Threaded
Open this post in threaded view
|

Re: MITM ?

Chris Bennett-4
In reply to this post by Chris Bennett-4
On Wed, Mar 25, 2020 at 11:06:57PM +0000, Cord wrote:

>
> > Read a LOT of man pages and misc@ tech@ ports@ bugs@
> >
> > Maybe even tell us which version of VAX your laptop runs on?
>
> VAX ???
>
> > Is it OpenBSD version 4.9?
> >
>
> 4.9 ???
>
> I'm sorry, I'm in the future.

But, my joking aside, you haven't provided much info for giving advice.

They have now found out that a huge number of commercial VPN companies
are both running tracker software and selling your data.
Worse, many are running session recording which could be making your
passwords stealable.

In the USA, ISP's like Comcast have opened up all customers rented
routers to the full public without the need for a password.
If that is your case, your private network isn't private.

If your laptop is Intel based, turn off HT/SMT.
Run syspatch and pkg_add -u.
Look at all of your logs in detail.

Use NoScript and Ghostery plugins for Firefox.
Assume that someone might be physically accessing your laptop.
The laws in the USA since 9/11 allow this to be done without you being
told.

Good luck, hopefully you are not having this problem, but paranoia is a
good thing in today's world.

Chris Bennett