Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 57 58 [59] 60 61 ... 208
871
$0 - 50 -> 10%
50 - 150 -> 8.5%
150 - 300 -> 6%
300 - 500 -> 3%
500 - 1000 -> 2%
over 1000 -> 1.5%

872
Newbie discussion / Re: TOR
« on: June 30, 2013, 10:42 am »
Are you sure you're typing it into the Tor Browser and not your regular browser?

873
The implication of your statement is that there are no logs kept, and there's therefore no way to discover abuses of power or even just simple mistakes.  Either that or you're so busy that you can't stop to check who deleted the threads and shoot them a brief email asking for their reasoning.

Neither of these are impossible... but frankly, I don't buy either of them. So the only other logical explanations I personally see are that someone has altered the logs (oh dear, that can't be good...), or you have no intention of ever disclosing any further information regarding the matter.

My understanding is that there is a trash bin where they can see deleted threads, but there's no indication of who deleted them.

Still, unless it gets cleaned out often, they should be able to see the deleted threads, and we've given enough information about them -- NSA in the title, mention quantum computing and I2P -- that they should be able to find them and discover the OP, which is what Libertas wants.

I could put up an SMF forum for us to play around with and find out exactly how that aspect works. ;)


874
Shipping / Re: Homeland Security Seizure- Questions
« on: June 30, 2013, 12:25 am »
So I know people who have gotten these messages over the last 5+ years for prescriptions meds and such and it seems like a "hey we took your shit but we're way too busy to fuck with you" warning but since it was Schedule I or II I am a bit concerned about getting on some list.

So now I want to go back to domestic orders only but do I need to figure out another address?

I'd like to think that the government is a giant bureaucracy, where ICE doesn't talk to USPS, or they are extremely inefficient at sharing info, but with computer databases these days, it could be trivial to share lists of flagged addresses. Should you use another address? I don't know. You might try shipping something to your address that looks like drugs, a bag full of baking soda or something, and see if it gets opened. DON'T order one of those parcels with drug smell on it.

875
Computer electronic bags provide this protection.  Id be surprised if MBB didn't.

Some MBBs come with static shielding, but some don't.

Here's how antistatic bags work:

"A Faraday cage operates because an external static electrical field causes the electric charges within the cage's conducting material to be distributed such that they cancel the field's effect in the cage's interior. This phenomenon is used, for example, to protect electronic equipment from lightning strikes and electrostatic discharges."

And here's how MBBs work:

"Two primary moisture barrier technologies are used for bags. Barriers of aluminum foil and aluminized polyester are used where low MVTR is required. Most SMD's are packaged in a metal barrier bag. Thick layers of plastic can also be used to provide limited barrier for very short-term applications."

A few mm thick layer of aluminum won't block phone signals. The antistatic bags that computer hardware is sold in may not be strong enough to completely shield phone signals either. I don't know for sure, haven't found any references, but I'd do some research before basing my safety on one of those bags.

876
Security / Re: New Vendor unsafe practise
« on: June 30, 2013, 12:00 am »
No I haven't bought from him. I don't wanna come out and say the name of the vendor cause I think that's just kinda wrong but I was interested in 'listing' an item for him to sell for me. What he does once the item sells he gets the customers address then sends it to Privnote to encrypt and then sends it back to you. Like what?  ???

It makes no sense at all. We are on SR's site why expose the customers address by sending it to Privnote of all things and then sending it to me so I can ship out the item. Why not just send the address in a message through SR..and using privnote out of all things, ffs. If anyone wants to know the vendor you can message me.

According to this vendor DPR assured him this was safe for small transactions. I think this vendor is very confused. I tried to offer advice and let him know what he's doing is exposing his customers and he seems ignorant of that fact.

Shit like this pisses me off. If I went out of my way to protect my info by encrypting it myself, and some idiot dumped it on a third party site, I would be furious.

This is a good think to know about a vendor. Ultimately I think they should be free to run their business however they want. If they don't accept PGP encrypted addresses, or they post the address on Privnote, or email the plaintext to their shipping associates, that's up to them, but I'd like to know about it, so I can ensure I never buy from them.

877
Security / Re: Security update for TBB
« on: June 29, 2013, 11:52 pm »
You can extract it into an existing folder. The Tor people recommend not doing that, and extracting to a separate folder each time. If you have bookmarks saved in the old one, you can export them into the new one (although you should only save bookmarks if TBB is on an encrypted volume).

Personally I just extract over the old. The only time it was a problem was when they upgraded Firefox from version 10 to 17. Then I had to extract to a new folder. The yellow flashing update thing doesn't go away immediately in that case, but it's not a big deal. Goes away after a few hours.

878
How did they identify all those vendors? Did they make purchases from them or something?

Not sure exactly, but they started the investigation in December 2012, so it's been going on for 7 months. They like to take their time and identify everyone possible.

879
Security / Re: need link to tor update
« on: June 29, 2013, 11:25 pm »
Did you extract the browser bundle into the folder of the previous version? Apparently it does that unless you extract into a new folder.

As long as you're using the newest version, the flashing will go away after a while.


880
Off topic / Re: Silk Road chat via SILC now resides in IRC!
« on: June 29, 2013, 11:43 am »
Yes, just use the default. On Tails 0.19 all you have to do is fill out the nick and server.

881
Off topic / Re: DMtryptamine Presents The Silk Road Free Library
« on: June 29, 2013, 10:30 am »
Those are some interesting books. How big is the library?

882
Off topic / Re: Hosting a Tor hidden service website/forum
« on: June 29, 2013, 10:10 am »
Are you guys really that paranoid?

They have over 200,000 customers, and 4800 staff, and I'm discussing a concept that would arguably not even be illegal.

Then you don't need to run it as a hidden service. But if it is illegal, you just told LE which hosting provider to work with to find your site.

883
What I am (somewhat ineptly) driving at is that 'm not sure that a standard  type of privilege escalation attack would work on tails since (AFAIK) the root account is disabled completely if chosen at start-up.

Your access to it is disabled, but the point of a privilege escalation attack is that it exploits bugs in the security mechanisms that normally prevent you from logging in as root.

The root account isn't gone, if that's what you're thinking. Root is the first user and most system services must run as root, since they must be owned by someone.

Open a terminal in (non-admin) Tails and type:  ps aux | grep root

It still exists.

884
Yes, but once you choose whether to have admin privileges or not then that can't be changed for the rest of that session. So unless you opened an infected file while you were logged in with admin privileges then there could be no escalation and thus no changing of firewall rules, no?

A "privilege escalation" exploit, as the name implies, is where malware gains unauthorized privileges (such as root) by exploiting bugs in the security mechanisms. These do exist, potentially on Tails.

https://en.wikipedia.org/wiki/Privilege_escalation

885
Tails has an option to login with root privileges or not. It's the first dialogue you see.

The issue is that an exploit with root privileges can disable the firewall and/or Tor and "phone home" over clearnet, deanonymizing you.

Running Tor in a separate VM, as in the Whonix setup in my guide, is much safer.

Pages: 1 ... 57 58 [59] 60 61 ... 208