On Wed, Mar 25, 2020 at 07:17:59PM +0000, Cord wrote: Go buy an ethernet cable. No WiFi. Use someone's phone hotspot. Use a fixed PKG_PATH instead of /etc/installurl
Read a LOT of man pages and misc@ tech@ ports@ bugs@ Maybe even tell us which version of VAX your laptop runs on? Is it OpenBSD version 4.9? I'm annoyed that our hotel room is sharing electrical circuit with the room next to it and the power keeps tripping the circuit breaker. I feel better now. > Hi, > some months ago I sent some emails to misc (search my email on google) > because I believe my obsd laptop was been hacked. > Then I bought a new laptop because my suspicious were that some firmware or > the bios had some infected code. > Then I taken the new laptop and I went in two wifi point (in two different > days and in two different wifi spot) to install openbsd. I installed a basic > system and firefox, after that I come back to home. > At home I tried to complete the installation adding other packages. After one > hour between pkg_add and watching video on youtube my laptop was freezed. The > freeze was happen im the middle of a pkg_add. > After that I forced a reboot and I completed the installation. Then I start > to watch a video on youtube. Then after 15 or 20 minutes from the boot the > system again has been frezzed. Again forced reboot. And again watching a > youtube video, around 10-20 minutes again freeze. In total there was been 3 > freeze, one on pkg_add and two during watching a youtube video. > At the fourth boot, I left the system disconnected from the wifi to verify if > it was an hardware problem. After 15 minutes I connected to the wifi but > without doing anything. Then after other 10 minutes I opened youtube but the > system was pretty stable. Those freeze was happened maybe 10 days ago. But I > haven't had other freeze. > Now the "signs" of the previous hacking are appeared again in the new laptop > then most probably the laptop was been hacked again. > > What is your opinion ? > could be a MITM from my router and a kernel 0day on the tcp/ip stack > implementation ? > could be MITMed pkg_add ? > the encryption algorithm (AES_128_GCM) behind https is really secure ? > Can some code be injected in an encrypted stream ? > > Thank you. > Cord. > > >
