I cannot explain all my motives and reasons. I cannot teach you all I know in a few comments.
All I wrote was 100% factual and as person who can infiltrate unix boxes, I have my reasons for all my statements.
You keep erecting straw men arguments and shifting narratives and putting words in my mouth.
You keep trying to shift conversation to SSH keys.
I never once typed the word "SSH" and I never discussed SSH. I was discussing files read only by web server code for HTTPS called a "SSL" key.
SSL and SSH are related, but my long priceless info has nothing to do with SSH, and you keep trying to debate SSH and even try to misprepresent "wheel" and try to misrepresent WHY a backup IT admin that does remote image wipes and restorations of databases might require R/W levels of access.
Since you do not know what SSL keys are used for, I know you are trying to play me for a "tool" and historically once I feel I am being toyed with, I exit the thread once I am convinced the naysayer is not only wrong, but unwilling to learn, and possibly a bad actor, as Jews dog me across the Internet.
I will provide you a layperson beginner link to SSLs (used for HTTPS implementations) :
https://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
And though it might boggle your mind, my unix builds and implementations have controls lower level than "ROOT" access and for file and file buffers, that access is not a named enumerated real user, but a DTRACE controlled gated logic trampoline because I NEVER NEVER NEVER trust OS vendors or soft-hypervisor vendors. Even the code that controls the lowest level code mods of my windows and unix machines is itself protected code and only in RAM after a boot (encrypted on images).
I am done talking in circles with you.
I am confident because I am right and I have never been hacked in my life and run machines that hundreds wanted shut down.
I am not Andrew A , despite various online dossiers comparing my paragraph structures, but I am as equally infamous in my own ways in the cyber universe. And of course my actions in dozens of national news events, blogs, magazines, etc. But no one on this site knows more about STEM (biology, medicine, normal chem, math, computers) than I do, but I grow weary defending my statements of facts, and statements of how to run a server , being opinions as they are, open the door to nitpickers and misunderstanding fools.
I recall many an argument with people defending the multiply exploited Brave Broswer here, people with your attitude, or people defending TOR and TAILS even as I showed them hot exploits of TAILS, etc. I generously try to close security holes via posting exploit zero day alerts, but do not do pen tests because no admins appreciate wasting three days wondering why they are being penetration probed, not even me.
you wrote :
When a user has code execution on a machine they have almost infinite options for gaining access to the system via backdoors.
That is factually not true for over 6 years on any servers I control, as I am interested mainly in protecting SSL keys and database files but explaining even that statement to you seems like it would take 40,000 words because you do not know what a SSL key is, or why I need to known when to rescind my SSL keys and roll new ones.
Whatever, you have no idea the level of courtesy you just got by me even bothering to reply one more time to you.
Listen dude, I'm not trying to take a shit on you here, but don't spread misinformation like that with such confidence.
All my many fun facts are 100% factual, and no misinformation. 100%. You found no errors.
I cannot explain all my motives and reasons. I cannot teach you all I know in a few comments.
Teach me? Dude you're amateur hour at best. You sound like a script kiddy.
If you want to learn something. Spin up a server, drop me SSH access in wheel and I'll teach you a thing or two.
You keep trying to shift conversation to SSH keys.
Because you're confusing the shit out of everyone with your unorganized thoughts. We are talking about wheel and remote access, rogue sysadmins. Then you bring in SSL keys/certificates? I rightfully assumed you meant SSH keys, why are you talking about irrelevant things? Even if you do secure your SSL keys and certs, what do you think that will get you? Do you think that prevents data exfiltration from your box? We're still talking about rogue IT admins here, don't change the topic.
Whatever, you have no idea the level of courtesy you just got by me even bothering to reply one more time to you.
LOL, get bent buddy. You are a noob.
Like I said, put up or shut up. Set up a server with ssh and wheel access and I'll show you how to get root. That is what this is all about, don't change the topic. Hell I can even access your precious SSL keys in a way you won't even know who it was. You don't know what you're talking about here.
What is your hourly consulting rate? PM me.
(post is archived)