Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 31 32 [33] 34 35 ... 208
481
So, if I'm reading that correctly, they found the Tormail server, seized it and added the JavaScript exploit, which was only live on the site for a few days, between FH / Tormail going down and the operator being arrested. What's really scare is that means they found the hidden service some other way. Even though attacks on Tor exist to identify hidden services, an email server is so complicated that they may have used an application level exploit to find the server.

Still, it's worrying.

482
I was MIA for a couple of days, and I come back to this. Stunned. That's all I can say.

Thank God I usually keep scripts disabled and I run Linux (the exploit appears to target Windows specifically). All you Tails users were safe, too.

BTW, I have argued multiple times on this forum that hidden services are just as capable of serving malicious code as clearnet sites, but they have more incentive to do so, because they know their users (and operators) want to be anonymous for fairly important reasons. You should enable NoScript at least on all hidden services, while I believe in general browsing large clearnet sites is safer.

The other take away from this is that we now know the FBI hasn't cracked Tor. They had to deliver an application-level exploit, and they were lucky that the FH admin was insecure enough to use Windows, which we know he did because of the version string in his PGP key.

483
Half of onion sites were hosted on FH. The list you want to compile will be very long, as you found out from the 219 addresses someone else compiled. As an indication of the size of FH, I got a new account a few weeks ago, and all of the MySQL databases I created were prepended with a number in the 5000s. Assuming these numbers are added sequentially, there were over 5000 FH accounts -- and the number of daily hits itha received was probably only rivaled by SR.

What really sucks is they had just launched Onion Bank, which looked promising as an independent payment service (think of it as the anonymous PayPal of onionland), and now that appears to be scuttled.

Also, they had a maintenance page up on Saturday, but now they are completely down again. That doesn't look good.

484
Silk Road discussion / Re: What happened to my purchasing stats?
« on: August 03, 2013, 05:30 pm »
Well, it does raise the issue brought up by SS of how you can differentiate one year stats from all time stats unless you keep a monthly log of these basic stats. I think as long as the transaction data is gone, people are fine with it. In other words, keeping old records around of specific transactions creates a liability in the event the transaction database is compromised, and at no real benefit because old transactions are not actionable (can't go into resolution, etc.), while simple aggregate monthly statistics, stripped of identifying info about the specific buyers, vendors, and products, will suffice to build buyer stats.

485
Newbie discussion / Re: Thurgood Jenkins: MASSIVE SCAM in Progress?
« on: August 03, 2013, 08:42 am »
This would make me sad considering how much private help I have given Thurgood with his security, just to turn around and blow it like this. I hope it isn't true.

486
Off topic / Re: Favorite Quotes
« on: August 03, 2013, 08:30 am »
There are no hard problems. Only problems that are hard to a certain level of intelligence and knowledge.

487
Silk Road discussion / Re: That Darn SR....
« on: August 03, 2013, 07:26 am »
That's the great thing about a community of this size. No matter what your situation is, someone else is going through the same thing. Just found this place and don't know what to do? There are others. Having a life changing psychedelic experience? There are others. Experiencing severe withdrawals? There are others. Just got raided? There are others. We can celebrate and commiserate together, because no matter what happens, somebody knows exactly what you're going through.

488
Security / Re: In need of a safe way to upload pictures!
« on: August 03, 2013, 06:53 am »
In light of the fact that Freedom Hosting and 80% of onion sites have gone down recently, I've put up an image hosting site:

http://nfm5tbykjg6oijbm.onion/

I'm not promising it will stay up (yet), but you can use it for now.

489
Newbie discussion / GPG4USB Tutorial
« on: August 03, 2013, 06:35 am »
Since Freedom Hosting has been down for a few days, I've mirrored my GPG4USB Tutorial here:

http://nfm5tbykjg6oijbm.onion/gpg4usb/

Why use GPG4USB? It's less buggy than GPG4Win and easy to learn. Most people complete my tutorial in under 15 minutes. Somewhere between hundreds and a few thousand people have learned how to use PGP with this tutorial. It's also safer than using online services like Privnote and SMS4Tor.

If you're intimidated by PGP, give my tutorial a shot. :)

490
Off topic / Re: :(
« on: August 03, 2013, 06:25 am »
If they didn't kick down your door first, you're cool. LE doesn't send warning letters before they raid people. You will probably need to get a new shipping address though, because the one they sent the letter to is almost certainly flagged.

491
Off topic / Re: :(
« on: August 03, 2013, 06:02 am »
Perhaps if you gave a little detail about the nature of the issue. Having a security problem? Don't know how to use some part of SR? Just got robbed? Your girlfriend's being a bitch? Don't know what the burning sensation is on your balls? Help us out a little so we know if it's worth our time.

492
Security / Re: Tor / Onion privnote alternative - deadletter
« on: August 03, 2013, 05:07 am »
Oh god, you have a clearnet site too. Aren't you worried about becoming a target of LE? Especially by posting here, you are openly providing support for criminal activity.

493
Security / Re: Issue Importing Key (CRC Error - GPG Tools for Mac)
« on: August 03, 2013, 05:03 am »
Mind PMing me the key so I can try to import it? Back when I scraped 1020 vendor keys, about 10 of them wouldn't import because of various issues. Some were posted on the vendor profile wrong. At least this way you will know if it's a problem with the key your PGP program.

494
Security / Re: Freedom Hosting down?
« on: August 03, 2013, 04:46 am »
I accidentally double posted and they decided to be arseholes. :)

In any case, FH has a maintenance page up now. So either,

1) Freedom Hosting went offline because of a technical failure

2) The FH server was seized and/or admin was arrested and decided to cooperate in running a honeypot, or LE is setting up a honeypot without him.

495
Security / Re: anonymous membership query
« on: August 03, 2013, 04:41 am »
Nice work, kmf.

At this point, the main barrier to libzerocoin integration is political rather than technical. The Bitcoin developers fear that Bitcoin will be seen as a money laundering system (even more than it is now) if Zerocoin is integrated, so they are unlikely to include it in the Bitcoin protocol / Bitcoin-QT client, although their opinion may change. That doesn't stop other altcoins from integrating it, of course.
 

Pages: 1 ... 31 32 [33] 34 35 ... 208