Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 64 65 [66] 67 68 ... 208
976
Security / Re: A warning about antivirus programs
« on: June 19, 2013, 05:46 am »
fartsinthewind, yeah receiving drugs is the riskiest part. Check out the SR Risk Analysis for Buyers thread, that's exactly what we're talking about there.

977
Security / Re: SR Risk Analysis for Buyers
« on: June 19, 2013, 05:41 am »
I completely agree, microdotter. I have read many personal accounts of CDs and where they mention package signing, they all seem to agree that not signing for the package makes no difference. Each story is an anecdote, but a lot of them in aggregate are pretty convincing.

978
Newbie discussion / Re: Question about protecting my computer
« on: June 19, 2013, 05:29 am »
The TAILS thing is a nice concept. I just like being able to keep copies of my torrc file on hand to block known bad nodes/exits.

Bad exits are blocked automatically by all Tor clients. Blocking other nodes that you "believe" are bad makes your circuit patterns different and fingerprintable. We maximize our anonymity when we all look the same.

I've said it many times before, but I'll say it again. Quit fucking with exclude nodes.

979
I can understand the package being delivered to the wrong address right next door, but how did they also get your number to call you?

980
Security / Re: SR Risk Analysis for Buyers
« on: June 19, 2013, 04:35 am »
Im always taking the small amounts approach, in my country and most countries you will get arrested anyway for international orders as its "drugs importation". In here - even for 1 cannabis seeds, there are no love letter and when theres a CD nobody care if you sign or not, you will still have some unpleasant experience, penalty will be very easy at court maybe some fine and crap if its not a repeat felony

That seems harsh. What I gather from many years of reading about drug busts in articles and personal posts on various forums, in the United States you are much more likely to get a package intercepted in customs than in domestic mail, but the amount has to be bigger in order to get CD'ed. I have heard of 100 tabs of MDMA getting seized in customs and the recipient did not get CD'ed. On the other hand, in recent months, two cases involving about 100 g (equivalent to 1000 tabs) did get CD'ed.

I don't know what the cut off is for various drugs, and most likely there isn't a specific cut off. If the amount is within some gray area, it probably depends on whether someone in the LE hierarchy decides to pursue the case.

So, I keep my orders safely below what I believe is the gray area for the few drugs I'm interested in.

Also, love letters only come from customs. I have never heard of love letters coming from domestic mail interceptions. The purpose of a love letter is to inform you of a package that you can theoretically claim, because there are people with DEA licenses who are legally allowed to possess and import controlled substances, including hard drugs. They are mainly researchers working at official research institutions.

On the other hand, the majority of knock and talks come from domestic mail interceptions. I believe a knock and talk, where LE knocks on your door and openly asks about a package, is a type of fishing expedition. The amount is too small to spend the resources to do a proper controlled delivery, and it's not something they would want to spend money on if you decided to fight it in court, but if they knock on enough doors, a certain percentage of people will get scared and confess.

Showing once again that you should never talk to LE. They have professional interrogators. You will not outsmart them. Your best defense is to say nothing.

One anecdote: I personally know someone who got a knock and talk on a package of 30 percocets. The name he used was fake, he claimed it was a transient ("some guy I met at the bar") that he allowed to live in his house for a few weeks but kicked out days earlier ("because he was shady as hell"). He didn't get charged.

LE didn't have to believe his story. They couldn't prove otherwise. I still strongly believe in not using your real name anywhere. It is a stronger defense than not signing for the package, putting "return to sender" on it,  and most of the other suggestions for plausible deniability that I have seen. If you must receive mail under a "real" name, get a fake ID.

Hey look, we're talking about buyers again in this thread! :)

Sorry I derailed it to vendors.

Quote
Personally i think that the search-arrest-interogation is the worse part, much more than the punishment when
We are talking about small amounts, specially when you have family...

Yeah, in many circumstances, simply catching charges can fuck up your life. Instead of dealing with the legal intricacies of whether signing for the package proves I knew about its contents, I'd just rather not get CD'ed in the first place.

Quote
Btw astor - reading you technical posts has always been my pleasure n these forums

Hey, thanks man. :)

981
Security / Re: A warning about antivirus programs
« on: June 19, 2013, 03:21 am »
Oh right, I overlooked the obvious. Like a lot of people unfortunately, he probably copied the clearnet link to a regular browser.

982
inb4 50 book-length posts by kmf.

983
Security / Re: A warning about antivirus programs
« on: June 19, 2013, 02:47 am »
Er... well actually, that depends on your BIOS these days I believe.  RootKits are nasty, don't get me wrong, but if you've got a newer BIOS that supports UEFI and SecureBoot... this scenario shouldn't be possible.

Yeah, that's true. Good point. Secure Boot should help.

Unfortunately, it's a pain for other reasons, like installing alternative operating systems. It also may not be turned on by default. I believe Microsoft only mandated it on devices with ARM processors (ie, running Windows RT). In other cases, the computer vendor is free to choose.

Quote
Oh, yeah... as for Java: don't just disable it.  If you don't actively use it, just outright uninstall the entire JRE or JDK (runtime environment / developer's kit).  BTW: how the Hell did a Java app execute from the Tor browser, anyway?

Not sure. TorBrowser is supposed to be isolated to the folder it is extracted to, so it shouldn't know that Java is installed. That may only be the case for the Linux version.

984
Security / Re: A warning about antivirus programs
« on: June 19, 2013, 02:26 am »
Let me be more clear. You should make an actual disk, on read-only media, because a rescue partition can be infected too.

985
Security / A warning about antivirus programs
« on: June 19, 2013, 02:16 am »
They're crap. They don't work. If you use Windows, you should make a rescue disk now, because if you get infected with malware, the only way to be sure you get rid of it is to format the hard drive and do a clean reinstall of the OS.


Remember when a bunch of people got messages on SR saying that someone had recorded them getting drugs out of their mailbox, and they could view the video on some site? The site had a Java app that turned out to be malware.

At the time, someone in our community clicked the Java app and got infected. He asked me what to do. I told him to format the hard drive and do a clean reinstall. He didn't listen to me, and instead spent 3 days removing the malware.

Or so he thought.

Today this person told me that he got the password reset for his SR account. I didn't know he had to reset his password, but he should have been suspicious from that alone, although he never mentioned it to me. When he logged in, all his BTC had been withdrawn. It was not a trivial amount of BTC.  While talking to him, he rescanned his computer and found more malware. I experienced this myself when I infected a WinXP VM on purpose with the Trojan downloader on that site, "cleaned" it with an antivirus program, rebooted it and found the same rootkits.

Since the malware came from someone targeting SR users, he got infected with it, and his account was later compromised, it is very like this is the thing that stole his login credentials. He adamantly denies it could have been a phishing site or other things, but in my experience, when people are 100% sure about something, that it absolutely could not have been something, most of the time they are wrong.

Anyway, all this could have been avoided if he had done a clean reinstall.

986
renton sells FH invites on the market for $17 last time I checked. Search for his vendor name. The listing is kind of hard to find otherwise.

987
Security / Re: Tor problems
« on: June 19, 2013, 12:20 am »
If you have no open circuits at all, then yeah your firewall is probably blocking Tor.

988
Off topic / Re: Time for DPR to select new mods?
« on: June 18, 2013, 11:58 pm »
Censorship isn't particularly libertarian.

Why? You can do what you want with your property, and what is more libertarian than property rights?

Free speech is a contract between the government and its citizens. In an anarcho-capitalist society there is no government, only property, and what people choose to do with their own property.

If someone doxed you, would you be ok if the mods refused to remove it because they didn't want to censor anyone?

There's all kinds of stuff that should be censored: spam, scams, doxing, people accidentally revealing too much info about themselves, and anything that threatens the site's security or our security -- as a start. Personally I would censor that hate speech that occasionally pops up on the forum, but whatever, it's not my property.

989
Security / Re: SR Risk Analysis for Buyers
« on: June 18, 2013, 06:43 pm »
Yeah, a VPN or even a free bridge blocks this attack, assuming LE hasn't enumerated all of the bridges. China did, but the Tor people detected it. I have not seen them mention that they detected anyone else doing it. Of course, maybe others are just better at doing it surreptitiously, or the Tor Project was served an NSL, oh my.

Most likely, Western LE don't care enough about Tor users to do it. Obviously, since this attack has not been performed as far as we know, they don't care about SR vendors enough to do it.

Stealth packaging and safe shipping operations are far more important for vendors. Don't get your fingerprints on the packages, change your mail drop locations, don't carry a mobile phone with you, that kind of stuff.

990
Security / Re: TOR meant to hide your IP something I dont get?
« on: June 18, 2013, 06:33 pm »
Proxies have real IP addresses, they're just not *your* real IP address.

If you want a response from the web site, you have to put a real IP address in the packet header. The only time people don't is if they're doing syn floods and stuff like that (basically DOS attacks).

Pages: 1 ... 64 65 [66] 67 68 ... 208