Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 5 6 [7] 8 9 ... 208
91
Security / Re: Feds Beg Not To Reveal That They've Inserted Backdoors Into Internet Encryption
« on: September 11, 2013, 02:13 am »
Quote from: kmfkewm on September 10, 2013, 03:38 am
Quote
I still like the idea of home hosting. It's the cheapest and the most legally, technically, and physically secure.

Not that good for anonymity though. I would never want to run an illegal hidden service out of my own house.

You're thinking like a criminal. Most people aren't doing anything illegal. Home hosting is the best option for privacy in general. I'm just saying people should get off "the cloud".

However, a hidden service for a legal site gives you simple NAT traversal, a free address and end-to-end encryption (without big scary warnings). And with brute forcing you can get a semi-human readable address.



92
Security / Re: Questions on the LE Spyware and what it means to us
« on: September 11, 2013, 12:23 am »
Yeah, I thought he was talking about the botnet and had concluded it was LE spyware. I've seen no evidence of that. Some blog post claimed to have identified the malware in the botnet attack, and there was no indication it was LE related.

93
Security / Re: NSA has software that does 'something' against Tor
« on: September 11, 2013, 12:18 am »
Nobody knows for sure.

I interpret "events" to mean patterns of connections that are interesting to the NSA.

94
Security / Re: Questions on the LE Spyware and what it means to us
« on: September 10, 2013, 10:04 pm »
What spyware that was propagated by the feds?

95
Security / Re: Here are some email alternatives to now fully snitched out Tormail
« on: September 10, 2013, 03:23 pm »
Quote from: Jeks on September 10, 2013, 06:15 am
How about these guys?

http://wi7qkxyrdpu5cmvr.onion/en/services/mail.html

Anything wrong with them?

That's the hidden service for Autistici: http://www.autistici.org/en/index.html

They are supposed to be a strong pro-privacy hosting provider, but I've never used them.

Doesn't make much sense to use a hidden service when the location of the servers is known, unless you just want to protect against accidental IP leaks, but there are better solutions for that, like Whonix.

96
Security / Re: IPSEC: Firsthand account of NSA sabotage of Internet security standards
« on: September 10, 2013, 03:06 pm »
Quote from: ECC_ROT13 on September 10, 2013, 05:18 am
The OpenBSD thing struck me as bizarre when it happened, but it never resulted in any hard conclusions that I saw, just allegations.

My understanding is that a thorough code review of that time period found no malicious code, but the more important point is that three letter agencies have been actively trying to subvert internet encryption for a long time, as far back as 1999. In the OpenBSD case, they wanted to break a VPN that other government agencies were using, I believe.

This all started with the fight against Zimmerman and PGP. They lost in the courts, so they turned to technical subversion, and have been trying to do it ever since, although they haven't always succeeded.

Of course, they still use the law when it is handy, such as making people sign 10 year NDAs and using secret courts cover up their illegal activities.

97
Security / Re: Majority of Tor crypto keys COULD be broken
« on: September 10, 2013, 02:33 pm »
How are they involved? I guess it depends on how you define "involved", but rransom wrote code for Tor and managed bug tickets and stuff like that. DJB and Goldberg would be more like consultants.

98
Security / Re: NSA has software that does 'something' against Tor
« on: September 10, 2013, 02:29 pm »
Quote from: ECC_ROT13 on September 10, 2013, 12:15 pm
My guess is that it's exactly what it appears to be.  A searchable database of their known Tor events.   Traffic from exit nodes, traffic headed to entry guards, traffic flows between Tor nodes, traffic matching any DPI patterns to identify Tor, all the Tor data they can extrapolate from Tor routing database, up/down for relays and nodes, all the internal data from the Tor relays they operate, etc.

So you interpret "event" to mean every detected connection to, from and between Tor relays?

99
Security / Re: NSA has software that does 'something' against Tor
« on: September 10, 2013, 02:26 pm »
Quote from: kmfkewm on September 10, 2013, 12:10 pm
I don't think anybody has actually used a Botnet to DDoS through Tor. If they did, it would likely bring down a lot of Tor nodes.

It's not necessarily to DDOS. It could be used for massive amounts of scanning. Google routinely blocks exit nodes for large numbers of search queries. The NSA could also be watching exit nodes for scans/queries/attacks/connections to sensitive targets, government computers, terrorist forums, etc.

100
Security / Re: NSA has software that does 'something' against Tor
« on: September 10, 2013, 11:45 am »
It's interesting, but "Tor events" could mean "we've detected an unusual amount of activity from your network", ie they could have been recording botnet attacks from exit nodes.

101
Security / Re: Majority of Tor crypto keys COULD be broken
« on: September 10, 2013, 11:42 am »
Quote from: kmfkewm on September 10, 2013, 04:04 am
Quote from: astor on September 08, 2013, 11:19 pm
Quote from: Bazille on September 08, 2013, 09:57 am
Tor 0.2.4.x uses the Curve25519 method for elliptical curve cryptography. That seems to be safe against side-channel attacks by the NSA.

I believe that was rransom's idea. Probably the smartest and most crypto knowledgeable guy to ever be involved with the Tor Project.

I think D. J. Bernstein and Ian Goldberg might disagree with you ;). DJB designed and implemented Curve25519, rransom decided it should be used.

That's what I meant. He didn't invent it, but he argued for its use in Tor.

102
Security / Re: IPSEC: Firsthand account of NSA sabotage of Internet security standards
« on: September 09, 2013, 07:29 pm »
Oh yeah, does anyone remember this?

http://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/

I guess that's more believable now.

103
Off topic / Re: I jerked off while fantasizing about having sex with you people
« on: September 09, 2013, 06:21 am »
Quote from: Praetorian on August 07, 2013, 10:48 pm
I have an ex that looks like Jessica Alba had a weird love child w/ Mila Kunis, but more on the Alba side.

              I don't think I'll ever forget that girl.  Most gorgeous person I've ever known.
               
                               This is relevant because when I think of her it's all 'fap fap fap fap fap ...

Was that a poem?

104
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: September 09, 2013, 06:18 am »
Quote from: tommy gun on September 09, 2013, 05:56 am
This doesn't seem to be a situation where the user has used the wrong public key to encrypt his message because when I hit decrypt it asks me for a password of the correct key name??

That's weird because a "no secret key" error means the message wasn't encrypted with the corresponding public key of any of the private keys that you have.

Not sure what to make of it.

105
Security / Re: Stepping up the crypto game... How to generate bigger/more secure PGP keys??
« on: September 09, 2013, 04:37 am »
Oh yeah, one more thing:

gpg --list-keys

You'll use that a lot. Should be obvious what it does. :)


Pages: 1 ... 5 6 [7] 8 9 ... 208