Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 24 25 [26] 27 28 ... 208
376
Not a good idea. https://bitmessage.org/forum/index.php/topic,1666.0.html

377
No. There are only two outcomes for centralized, third party cloud storage. They either decrypt your data and hand it over to LE, or they shut down like Lavabit did (and Silent Circle did with its mail service). If they make it technically impossible to decrypt your data, LE will compel them to change that until they are forced to shut down.

378
Security / Re: Is PGP Still Safe Enough for us?
« on: August 10, 2013, 11:52 pm »
Yes, it's still safe, if used properly. Todays quantum computers are not usable to crack encryption yet. They couldn't even run Tetris on it.
As far as we know publicly.

The good news is that LE is unlikely to make that news public in a case against you or me. Therefore evidence acquired through its use will be inadmissible in our court cases.

379
Silk Road discussion / Re: Security warning and advisory
« on: August 10, 2013, 07:49 pm »
Since the SR forum seems to require a real email, and many have used tormail email addresses there, is it safe to switch in a fake, nonexistent email for now?

The forum doesn't require a real email address. Make something up. If your email address isn't visible, you can even leave your defunct Tormail address, although you might want to change it to unlink your forum identity from that address (unless it's the same username or something).

380
A full disk wipe is the only way to be sure you've securely deleted all copies of a file (which may have been moved around during defragmenting or written to a journal, depending on the file system and OS).

381
Security / Re: Making the Leap to Linux
« on: August 10, 2013, 07:40 pm »
Linux mint mate and cinnamon editions are both nice, I would download linux mint 13 maya because it is a stable LTS release supported until 2017.

The newer versions of distros usually still have a lot of bugs and are not supported for as long as the LTS releases.

One good thing about the most recent version of Linux Mint (15) is that there's an option for full disk encryption in the installer. It's the first version to include this option. If someone is thinking of switching to Linux, I highly recommend going ahead and setting up FDE.

382
Security / Re: Whonix
« on: August 10, 2013, 07:35 pm »
/etc/dhclient.conf doesn't exist. These are the only uncommented lines in /etc/dhcp/dhclient.conf

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

request subnet-mask, broadcast-address, time-offset, routers,
    domain-name, domain-name-servers, domain-search, host-name,
    netbios-name-servers, netbios-scope, interface-mtu,
    rfc3442-classless-static-routes, ntp-servers;

383
I was really hoping this would be a thread about the importance of VM isolation...

kmf, I've told you before you need to learn how to pick your battles. A lot of people could improve their security from VM isolation, but it's easy for them to hand wave away this advice when you obsessively argue about CP everywhere.

Luckily, I have the power this time.

GET THIS SHIT OUT OF SECURITY.


Edit: And fuck you Jack for starting this here.

384
For some strange reason, I still had access to the forum while it was "down" for the rest you. Maybe it's because circuit handling works differently in Whonix than in TBB, but it got down to three people on the forum. onion.to and onion.sh are both down now (I checked), so I'm not sure how the others accessed the forum, but it was just the three of us. I got bored from the lack of new posts, so I started reading some of the earliest posts on the forum, looking at the first people who registered, etc. I looked at kmf's first post and it was amazingly prescient in light of the FH exploit.

Take a look:

http://dkn255hz262ypmii.onion/index.php?topic=7998.msg72828#msg72828

Of course you should isolate firefox and other network facing applications using virtualization technology. You can even isolate Tor to a VM that runs a secure OS. Anyone who says this is counter productive to anonymity has no idea what the fuck they are talking about. Don't be confused by police PSYOP agents and the countless people who speak their (incorrect) opinions as if they are certainly factual. It really boils down to this:

If you do not isolate network facing applications, if they have critical remote code execution vulnerabilities (they do, although none may be publicly known at any given time), an attacker can take over the permissions of the application. After doing this, the attacker can deanonymize you without breaking Tor by by passing it on the application layer, for example instructing firefox to send data around Tor to a malicious server. This is only one of many ways the attacker could get your IP address after identifying a vulnerability in one of your network facing applications.

If you do isolate your network facing applications using virtualization software, even if an attacker exploits a vulnerability in one of them and roots your VM, they will not be able to get your external IP address. The VM itself is unaware of your external IP address, only knowing an internal IP address assigned to it. Now the attacker needs to find an additional vulnerability in Tor, or a vulnerability that allows them to break out of the virtualization solution, before they can get your external IP address with a proxy by pass attack. It is worth noting that if an attacker roots your VM they will be able to reduce the anonymity Tor provides you from traffic analysis attacks to roughly the same as Tor provides to hidden services, which is substantially less than Tor provides to non-hidden service clients. This is because an attacker can force a hidden service to open an arbitrary number of new circuits, but can not force a normal client to open an arbitrary number of new circuits. However, if the attacker has rooted the VM of a network facing application that routes its traffic through Tor, they can force Tor to open an arbitrary number of circuits.

Follow the tutorial linked above that OVDB admin made, but do not use polipo. Polipo is insecure and has anonymity degrading bugs in it, and should not be used. Modern versions of firefox allow for socks proxy routing without the need for an additional http proxy, you probably need to allow proxified DNS in your about:config though. Nobody should be using polipo anymore. But do follow the linked tutorial just skip the polipo portions.

OpenBSD provides a wide range of automatic security features which further increases your security from application layer exploits. For example, if you have a 64 bit CPU and or CPU with nx bit capabilities , OpenBSD will prevent an attacker from exploiting entire classes of potential vulnerabilities that may be (read: are) present in your network facing applications.

You may also be interested in reading about mandatory access control systems, like the previously mentioned virtualization technique mandatory access controls  offer security via isolation. However, it is harder to use mandatory access control systems to isolate applications from Tor / external IP address.

Law enforcement are going to start doing all of their wiretap and tracing operations on the application layer, because they can't break GPG or reliably break Tor (although they probably can break it for small random selections of users, they can't break it for a given selected target in the majority of cases), but they can exploit one of the endless streams of vulnerabilities in applications like Firefox. They are starting to work with corporations that sell them prepackaged exploit kits for such attacks.

It is worth noting that law enforcement will have a much easier time to trace SR users with such attacks after they have taken over the SR server, although it is not impossible for them to 'leap frog' the server (for one example, GPG has had remote code execution vulnerabilities that allow an attacker to launch arbitrary code merely by having the target decrypt exploit ciphertexts...such a ciphertext could be sent through a secure non-compromised SR server).

It is also worth noting that the NSA stockpiles as mny remote code execution vulnerability intelligence / exploits as possible, and can trace through Tor on the application layer / steal plaintexts / keys on the application layer, with ease.

385
Legal / Re: Conspiracy to possess a controlled substance
« on: August 09, 2013, 07:12 pm »
My understanding is that you need to make a specific agreement. So submitting an order definitely makes you guilty of attempt to purchase a controlled substance. Telling a vendor you are transferring bitcoins and will submit your order tomorrow probably makes you guilty of conspiracy to possess a controlled substance. Telling a vendor that you want to purchase from them, or will do so "in the future", but it's an unspecified time frame, probably means you can't be prosecuted, or they would have a hard time doing it, so they wouldn't try.

386
Silk Road discussion / Re: How credible is a review really?I
« on: August 09, 2013, 07:02 pm »
Forum reviews are definitely more informative than feedback on the market. After a while you will start to recognizing people on the forum, and you will get a sense for who the informed reviewers are. I've gotten to know people in the community than I can ask directly about vendors of specific drugs, and I know I can trust their reviews. That saves a lot of time in the long run.

387
Security / Re: Clearnet via tor security concerns?
« on: August 09, 2013, 06:55 pm »
I use https everywhere, which not all sites use, and tend to cycle(request new identity) if I use clearnet. Does the cycling between clearnet/onion aid in keeping myself free from identification query attacks?

That's really only a concern if you are visiting two clearnet sites simultaneously. Those TCP streams my be leaving the same circuit at the same exit node, so it can correlate them. Otherwise, changing identities between browsing clearnet sites and hidden services doesn't help anything, because clearnet sites are accessed through exit nodes while hidden services are not, so they are definitely not using the same circuits (although they may be sharing part of a circuit).

388
Security / Re: How to destroy keyloggers...
« on: August 09, 2013, 06:51 pm »
I have increasingly been using virtual machines for my Tor activities. Actually, I exclusively use VMs now that that we've seen deanonymizing server-supplied exploits in the wild. I install an operating system in VirtualBox and immediately export it as an appliance. I do this for several operating systems: WinXP, Win7, and a few Linux distributions. That way I have clean images that I can re-import if I suspect something bad has happened to one of my VMs, like it was infected with malware. It's easier than reinstalling an OS on the whole computer, and you can isolate Tor from the browser by putting them in separate VMs, making it much harder for an exploit to get your real IP address. You can also store sensitive files outside of the VM that you browse in, so exploits can't access them.


389
Security / Re: non IT expert need answers
« on: August 09, 2013, 06:44 pm »
Also can data be recovered if TBB is deleted from the computer?

The browser bundle leaves specific traces behind, depending on your operating system. Assuming you're on Windows, look at this post:

http://dkn255hz262ypmii.onion/index.php?topic=148291.msg1152452#msg1152452

390
Security / Re: non IT expert need answers
« on: August 09, 2013, 06:43 pm »
TBB doesn't cache anything on the hard drive. All browsing is cached in RAM for that session and discarded on shutdown. That is by design to protect your anonymity. It would be retarded if TBB cached stuff to disk. However, if you save bookmarks, those will be stored on disk. Also, if you install add-ons, or you configure add-ons in unique ways that you make you fingerprintable, for example if you whitelist a specific combination of sites in NoScript, that will be stored on disk.

Pages: 1 ... 24 25 [26] 27 28 ... 208