- Apr 28, 2021
- 1
Hi,
I'm new to the community. While I love forums like these exists and I myself used to be a security/CTF hobbyist, but I have to post this first as it is bugging my mind.
I have some sensitive information that I do not want anyone to know. (I have to say it's not government secrets that's worthy of a wikileaks page, or government/newsworthy secrets in any kind, more in the line of corporate secrets, patents and such) The files currently reside on two of my linux machines, both running ubuntu 18.04 with encrypted hard drives and a secure password. I trust ubuntu much more than windows, but here are the loopholes:
1. these two linux machines are installed via a usb drive that's burned using a compromised windows 10 machine. though the adversary, if any, might not specifically go out and contaminate my iso image or the rufus.exe application. i suspect that the chance is low.
2. same password for both computers, the hard drive password and the login password are also the same.
3. hardware (BIOS) are made in China and might not be trustworthy. the wishful thinking, if it is that, is security by obscurity. but ubuntu is not really that obscure in China, especially among programmers.
4. I use cn.ubuntu.com for apt-get install as it is much faster for me.
5. I use a Chinese vpn vendor (not linked to the government as they don't like that. but who knows who's behind that.) I also have a professional plan by lantern (see github), but it's not working as well as my current one.
Given all that, my main question is: how risky are my ubuntu machines? what are the chances that they're eavesdropped?
Still, I trust ubuntu (linux in general) more than MacOS. is that right from a security perspective?
Thanks for answering in advance.
I'm new to the community. While I love forums like these exists and I myself used to be a security/CTF hobbyist, but I have to post this first as it is bugging my mind.
I have some sensitive information that I do not want anyone to know. (I have to say it's not government secrets that's worthy of a wikileaks page, or government/newsworthy secrets in any kind, more in the line of corporate secrets, patents and such) The files currently reside on two of my linux machines, both running ubuntu 18.04 with encrypted hard drives and a secure password. I trust ubuntu much more than windows, but here are the loopholes:
1. these two linux machines are installed via a usb drive that's burned using a compromised windows 10 machine. though the adversary, if any, might not specifically go out and contaminate my iso image or the rufus.exe application. i suspect that the chance is low.
2. same password for both computers, the hard drive password and the login password are also the same.
3. hardware (BIOS) are made in China and might not be trustworthy. the wishful thinking, if it is that, is security by obscurity. but ubuntu is not really that obscure in China, especially among programmers.
4. I use cn.ubuntu.com for apt-get install as it is much faster for me.
5. I use a Chinese vpn vendor (not linked to the government as they don't like that. but who knows who's behind that.) I also have a professional plan by lantern (see github), but it's not working as well as my current one.
Given all that, my main question is: how risky are my ubuntu machines? what are the chances that they're eavesdropped?
Still, I trust ubuntu (linux in general) more than MacOS. is that right from a security perspective?
Thanks for answering in advance.