Is 2FA via mobile phone still a good idea when phones are the most exposed device?

Everyone knows that two factors are better than one. My problem is that often the only second factor allowed is text messages to your mobile phone. This creates two concerns:

1) I travel frequently overseas and lose access to 2FA accounts any time the associated SIM card can’t touch a network.

2) Your phone is inherently your least secured device. I install way more software and download way more files on my phone than anywhere else with much less ability to verify sources or control access. For example, nearly every app requests sweeping permissions to function correctly. Even apps that aren’t granted explicit permissions have been found to backdoor those permissions through google services.

I feel like linking my phone to sensitive accounts (such as banking) would actually make them more exposed to attack and more difficult to maintain legitimate access.

How do we cross-verify if the device is doing exactly what it is supposed to do?

I am very sorry for misleading and confusing title as this was best I could think of.

What i meant to ask is, how do we know any device is doing what it is supposed to do? like for example, Android is an open source OS (ignore google libraries for now) and they do claim that all passwords will be store on device only, but what if they are storing it on their servers and this piece of code is not there in the open source version but it is there only in pre-compiled libraries so, How do we check that the same code is there in the actual phone and open source version? same goes for other devices like iphone, routers, desktops etc.

Also most manufactures now a days have encryption enabled which makes it impossible to monitor the actual content on the tcp/ip packet.

We can always remove existing os and install the open source version but thats not possible in all cases as in some, it might be really confusing and might even need lot of extra stuff that people dont have usually.

So my general question is how do we verify if the same code is there in the open source version and pre-compiled binaries? I can think of reverse engineering but that would require great knowledge and skills which most people dont have.

No audio device in Ubunutu after i installed wine

I installed Winehq with following commands:

sudo add-apt-repository ppa:cybermax-dexter/sdl2-backport sudo apt install wine 

Now i have no sound, i uninstalled wine with this commands:

sudo apt --purge remove wine sudo apt --purge remove wine64 

But still no sound. When i go to the Settings -> Sound there is no Output device. How to solve it? Ubuntu Disco Dingo

How to set audio device priority in Linux Mint (PulseAudio)?

I use a T430 and would like to set up audio device priority between my laptop, bluetooth headphones, and external monitor. Essentially, I would like the headphones with highest priority, and when thats not connected, I would like it to route through the external monitor (Audio through miniDP port, provided by the nVidia driver). When the laptop isnt connected to either, then it should play through the internal speakers.

I can set the bluetooth headphones as a fallback device, but when its disconnected, it prefers the laptops internal speakers, and then I have to choose the external monitor ones. However, once I connect bluetooth headphones, I then have to make it route through the headphones again.

Is there a way to add a device as priority, and if unavailable, then to ignore it? I’m using Linux Mint 19.1 and PulseAudio 11.1 (if it matters)

Many thanks.

How to corectly clear space for “No space left on device” for /boot

The production server I’m using has a /boot partition of 400MB. And every once in a while if I want to install something from repositories, it tells me that it cannot do that because there is No space left on device

I cannot change the server configuration, because I’m not the owner.

I have seen some tutorials (like this one) on how to delete the old kernel packages. However, they all seem sketchy. I don’t want to endup having a non-bootable system.

uname -r shows me:

4.15.0-30-generic

and dpkg -l 'linux-*' | sed '/^ii/!d;/'"$ (uname -r | sed "s/\(.*\)-\([^0-9]\+\)//")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*//;/[0-9]/!d' shows me:

linux-headers-4.13.0-36 linux-headers-4.13.0-36-generic
linux-headers-4.13.0-39 linux-headers-4.13.0-39-generic
linux-headers-4.13.0-41 linux-headers-4.13.0-41-generic
linux-headers-4.13.0-43 linux-headers-4.13.0-43-generic
linux-headers-4.13.0-45 linux-headers-4.13.0-45-generic
linux-headers-4.15.0-24 linux-headers-4.15.0-24-generic
linux-headers-4.15.0-29 linux-headers-4.15.0-29-generic
linux-headers-4.15.0-65 linux-headers-4.15.0-65-generic
linux-headers-generic-hwe-16.04 linux-image-4.13.0-36-generic
linux-image-4.13.0-39-generic linux-image-4.13.0-41-generic
linux-image-4.13.0-43-generic linux-image-4.13.0-45-generic
linux-image-4.15.0-24-generic linux-image-4.15.0-29-generic
linux-image-extra-4.13.0-36-generic
linux-image-extra-4.13.0-39-generic
linux-image-extra-4.13.0-41-generic
linux-image-extra-4.13.0-43-generic
linux-image-extra-4.13.0-45-generic linux-libc-dev:amd64
linux-modules-4.15.0-24-generic linux-modules-4.15.0-29-generic

What is the best way to delete old kernel packages to free up /boot space?

Non-upgradable usb device against badUSB

Lot of posts about badUSB (here and there) suggest to use a PS/2 connector for mouse and keyboard or to whitelisted USB devices or even use a hardware firewall that only allows whitelisted commands.

The purpose is to protect the usb device (specifically here a wired keyboard and mouse) firmware from being editing when switching between computers. The easiest solution is to use non-upgradable device (with ROM and not flash memory to store the firmware). But as suggested it’s really hard to know which memory is used from a specific vendor.

  • So first, is there any known vendor that sell non-upgradable USB peripheral ? (But of course the security will only rely on the vendor that claims to use such a configuration).

  • Alternatively, hardware devices exist, such as the USG firewall for USB, which only allows whitelisted commands to pass through. However, as each vendor can implement the commands the way it wants to, can such a device prevent a firmware update that runs under “normal” commands (for example special arguments used with “write function” will start the update) ? And has anyone used that device before ?

Converting LVM root block device to an encrypted one

Is their an easy way to convert a vanila install with unencrypted root partition to an encrypted one (eg LUKS) in Ubuntu 16.04? I know that Android offers equivalent functionality, but am unaware of a “Linux” equivalent, and posit that this is OS specific and non-trivial.

I note the root filesystem is EXT4 and /boot is a seperate partition. I am aware of the possibility of backing up my data and reinstalling the OS, I’m just wondering if there is a more expedient way.

Can a wireless headphone contain malware which can infect an Android device?

I go to conferences and a number of the stalls have free bluetooth earbuds and headsets.

If I pair them with an Android device, is it possible for them to infect the phone with a virus?

I have read some other posts which talked about security of the bluetooth connection to the device. However I am worried more about the possibility of malware on the headphone and the malware being transmitted to the Android phone (Android 9.0).

Would appreciate any thoughts on whether this would be easy for someone to do or is fairly difficult.

Thanks