520

I dunno, why don’t you ask, eg: Russia?

Because by law in certain countries, homosexuality is persona non grata, and a filter needs to be there to legally operate in such countries.

Is this for a family PC?

Yep! Such container breakouts exist even today in Citrix !

Shit like this was what got me into cybersecurity

I learned to program when I was 10 on a Commodore 64. And we would wear an onion on our belt which was the style at the time… Sorry, where was I?

Totally get that, but we live in a much more dangerous and predatory computer landscape these days. It would be foolish not to take some precautions.

Standard Ubuntu should have you covered.

One word of warning though, don’t be too egregious with the parental controls. If your kids are motivated enough, they will find a way around it.

Education really is your best weapon here. Tell them about the dangers of the modern web and computing.

Woodworking and rock climbing scratch the problem solving itch in different ways, on top of the creative (in woodworking) and physical exercise (rock climbing) itches common in most people.

Yep! The security guard is also given a bunch of rules to follow such as “don’t let anyone outside of our neighbourhood (aka your local network) contact door 22”, which will also determine whether messages get delivered or not

Imagine your computer is a big block of flats and your applications are all people who live in the building.

Mail sent to the building address alone isn’t going to reach the intended recipient, because the postman doesn’t know what flat to post it to. So they need additional information such as ‘Flat 2C’

That’s the basic concept of ports. It’s basically additional addressing information to allow your computer to direct internet traffic to the correct applications.

When an application is actively listening on a port, it means that they are keeping an eye out for messages addressed to them, as designated by the port number. While an application is sending or receiving messages using a given port number, that port number is considered ‘open’.

Now, all sorts of applications do all sorts of things. Some are for the public to use and there are some that are useful within trusted circles, but can be abused by malicious people if anyone in the world can send messages to it. Thus, we have a firewall, which acts as a gatekeeper. A firewall can ‘block’ a port, denying access to a given group of people, or ‘unblock’ it, allowing access.

VPNs are a totally different thing. They are literally middlemen for your internet traffic. Instead of directly posting a message to somewhere and receiving a direct reply back, imagine you flew out to Italy to use a post box there and receive replies from there.

What they mean is if you are a affiliated with a national government. You might also be a target if you are very very rich.

If you’re an average Joe, they probably won’t burn it on you.

Ah. That’ll do it.

And desktop mode doesn’t help?

Zygist is a way of hiding the fact that you have root access . Likely your bank changed absolutely nothing.

That it is, but at least it’s not sending your card details to me.

There’s also the fact that on Win/Mac/Linux, you’re interacting with the bank via a browser and not a bespoke app.

That’s actually got a solid reason behind it.

It’s because the OSK is just another program as far as Android is concerned. It can’t directly look into the application, per Android specifications, but it CAN record key presses, even for passwords. It even receives context hints based on the metadata on the input box, so it knows when you’re putting in a password. Then it can send your data off to unknown servers.

Mario. Also Zelda

It’s been milked endlessly but definitely not disrespected a la Sonic. You know when you pick up one of these you’re in for a good time. It’s the kind of reputation Nintendo knows it relies on.

The security implication from a USB boot are probably more severe but also more the fault of the people configuring your work machine. It is expected that people will plug things like pen drives in, to a degree. It is your job to block it with configurations.

The real problem is that once you start adding or removing internal hardware, that configuration no longer stays a trusted one because they’ve meddled with the components.

I mean it likely isn’t an issue for org security (assuming they’re using bitlocker appropriately etc.)

Data loss/leak prevention would vehemently disagree. It’s a potential exfiltration point, especially if the org is blocking USB writes.

Networking might have a thing or two to say about it as well, as it is essentially an untrusted setup on company networks

Danger Will Robinson! Do NOT fuck with company hardware!

You are going to potentially set off a shit ton of alarm bells, and risk your job, by even attempting this.

First of all, almost all such devices come with a BIOS lock. You’d need to get the password before you could even begin this (again, do not do it!)

Secondly, they’ll be able to tell something is up from the foreign UEFI entries.

Thirdly, if that doesn’t expose you, Intel IME will. Doesn’t matter what operating system you’re running.

And you’re going to create some royal fucking headaches for a lot of people in your company.

Let’s start with security. Remember when I said you’ll set off alarm bells? Well, I mean some mother fucking alarm bells. Security will have a god damn aneurysm over this, and they will believe you may be doing this to bypass security, possibly for nefarious reasons. A foreign hard drive with its own OS looks shady as shit.

Then there’s the regular tech people. You’re going to cause various headaches for them too. Not least because under many service agreements, the company itself may not be authorised to open up the workstations themselves. Many workplaces rent their workstations nowadays, and it is not uncommon to see this language in their SLAs.

Then there’s the fact that the OS image on the original drive potentially cannot be trusted any more, so they have to wipe the fucker clean and do a fresh image install.

TL;DR, You are giving your company several solid reasons to fire you for cause by doing this.