> security, like OpenBSD works on. Anyone that says anything can be hacked > without > qualification, loses any respect from me, atleast for that moment. Even > browsers
"qualification" is very relative word... there are perfect unknown around internet that are high qualified guys. > > To the OP. I apologise if you are not but to me I thought you are/were a > Troll. > If not then I would consider what you posted from the point of view of a > Vulcan. Someone should consider the idea of create a pattern to recognize a troll. And I don't understand you say that my post looks from Vulcan.. also what have done the NSA looks come from Vulcan but certainly it's true. > Did you even consider pxeboot as a vector, if installing from a cafe? HW bios > defaults are often atrocious, unlike OpenBSD defaults! I'm very skeptic about pxe because is disabled on my bios and also the attacker couldn't predict the cafe where I'd go. I chosen the cafe randomly in a big city. > p.s. A web browser that is rarely exploitable is perfectly possible. It would > require some breaking re-design and likely removal if not severe limitations > on > js, for a start though. I'm guessing wasm will not go the right way to fix js. > Perhaps infosec could chime in on improving was but then they would be hurting > their own income streams!! Annoying! Now I'm running an iso from a usb stick and it seems ok but the most thing I miss on openbsd is tool or documentation for forensics analysis. For example now I could mount the disk and make some checking on the kernel, if there are something that it should not stay there, or "alien" (from Vulcan) kernel module installed. I think also would be very useful some driver to dump the ram and analyze it from tools like volatily. It seems that something is moving for freebsd: https://github.com/volatilityfoundation/volatility/blob/freebsd_support/FreeBSD-Support-README.md I think this depends of the idea that openbsd is absolutely secure and it's like a peripheral firewall that defend only the perimeter of a net. Then because openbsd is unbeatable then there aren't any forensic instruments. My idea is that secure means also check the integrity of what is installed.
