Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 116 117 [118] 119 120 ... 208
1756
Silk Road discussion / Re: WARNING: TorMail phishing scam
« on: April 03, 2013, 01:26 pm »
You can see in the page source

<form name="fake login" method="post" action="index2.php">

Scammers don't even try anymore.

1757
Silk Road discussion / WARNING: TorMail phishing scam
« on: April 03, 2013, 01:22 pm »
Someone is sending PMs with the following links for TorMail:

jhiwjjljtqrtkr7t.onion
jhiwjjltwc23w5fb.onion

These are NOT TorMail. Do not log into them with your TorMail credentials.

This is TorMail:

jhiwjjlqpyawmpjx.onion

1758
Security / Re: We are indeed part of a revolution-- Bitmessage
« on: April 03, 2013, 05:44 am »
Bitmessage needs a lot more testing. For now I'm not recommending it to newbs.

1759
Security / Re: We are indeed part of a revolution-- Bitmessage
« on: April 03, 2013, 03:42 am »
Also note that messages are encrypted as part of the protocol, so you don't have to PGP encrypt. That's another nice feature.

Like bitcoin, the public address is a hash of a private key. Only the person who holds that key can decrypt the message.

1760
Security / Re: We are indeed part of a revolution-- Bitmessage
« on: April 03, 2013, 03:39 am »
So does anybody want to test this out with me? Here are two other threads about Bitmessage:

http://dkn255hz262ypmii.onion/index.php?topic=121341.msg833769#msg833769
http://dkn255hz262ypmii.onion/index.php?topic=136428.msg927139#msg927139

None of them got anywhere. Everybody's criticism seems to be, why use this when we have TorChat and IM with OTR?

The difference is that both parties must be online to IM. Bitmessage is more like email, except it doesn't rely on a central or third party server. The client you run is essentially your mail server, but it can get messages even when it is offline for a period of time (after being restarted).

I'm interested in this because of the recent TorMail downtime. Bitmessage is a decentralized messaging system. As long as there are *some* nodes on the network, you should be able to get your messages. Contrast that to TorMail. When it is down, all emails bounce.

[Edit: Removed setup info, for now]


1761
Something about this doesn't sit right with me...

1. How the "scammers" were able to see who was online on the main SR page... Isn't this limited to admins and DPR?

Not the SR page. I was talking about the forum.

Since at least one person mentioned that their online status is disabled and they got the messages, this must have been a more sophisticated attack. The scammer may have crawled all profiles and looked for people who had logged in in the last day, or 3 days. It makes no sense to target people who haven't been around for a while. Also, unless there's a bug in SR that exposed account names, he would have to get the names from the forum. I don't know, maybe 80% of users have the same name on both accounts, so it wasn't that hard once he found the recently active ones.

It's all guesswork, anyway.

1762
Security / Re: PGP signing and keyservers - why not?
« on: April 03, 2013, 12:37 am »
Why not?

Because GPG doesn't support Socks proxies, so the user has to run a separate HTTP proxy.

Because it requires mucking around with gpg.conf, and most people are barely able to use a simplified GUI.

And because most people are not competent enough to use key servers safely. They will almost certainly screw up and fetch keys over clearnet, so all LE has to do is ask the server admins for the logs of all IPs that fetched keys X, Y and Z of known big time drug vendors, and they are toast.

Plus, GPG has DNS leaks which one of the Tor devs is trying to patch, but it's unsafe to use for now, even over Tor.

Here's the work being done on socks support and DNS leaks: https://trac.torproject.org/projects/tor/ticket/2846

1763
ItalianMafiaBrussels, is your market username the same as your forum username?

For another data point, mine aren't, and I didn't get these messages.

1764
Quote
The data show, among other things, that the number of adults in Portugal who have at some point taken illegal drugs is rising. At the same time, though, the number of teenagers who have at some point taken illegal drugs is falling. The number of drug addicts who have undergone rehab has also increased dramatically, while the number of drug addicts who have become infected with HIV has fallen significantly. What, though, do these numbers mean? With what exactly can they be compared? There isn't a great deal of data from before the experiment began. And, for example, the number of adults who have tried illegal drugs at some point in their lives is increasing in most other countries throughout Europe as well.

Running Out of Money

"We haven't found some miracle cure," Goulão says. Still, taking stock after nearly 12 years, his conclusion is, "Decriminalization hasn't made the problem worse."

As expected, if you share my opinion that drug laws don't deter people from using drugs. All the laws accomplish is fucking up the lives of people who either suffer no serious consequences from their drug use, and merely use recreationally (perhaps 70-80% of drug users), or are sick and need mental health treatment, not jail.

1765
xpsbud, is your market account name the same as your forum account name?

1766
They get the list of people from the online status and then send PMs to them.

It's the most efficient way to do it, rather than going through the long member list, where 80% of accounts have never posted and 90% of them haven't logged in in a long time and probably won't log in again.

I'm online a lot (unfortunately :) ) and I never get these messages. Others that I have advised to turn off online status also don't get these messages anymore. I'm 99% certain that's how at least some of the scammers do it.

1767
Isn't it about time that advertising online status was disabled by default?

It's always been a security threat, but these scams and spams seem to be on the rise recently. There have been like 5 in the last week, and the scammers get the user info from the list of online people on the main page. I know, because I have online status turned off and never get these messages.

The only argument I've heard against it is that some people like to know when their friends are on. That's fine, but these people are a tiny minority. Most people don't use this feature. Their online status is enabled because they don't know they can turn it off.

Disable online status and let the people who want to use that feature explicitly turn it on and accept the risk.

1768
Security / Re: Be Careful
« on: April 02, 2013, 05:27 pm »
I'm glad you dug this thread out of the grave, Razorspyne, because it illustrates the kind of FUD that used to be spread widely on this forum.

1769
Yeah, I just read that in the other thread. Crazy.

1770
Jesus, looks like I was wrong. People did actually send him money.

Still, I wonder if the 290 BTC was a forum member or the scammer.

Pages: 1 ... 116 117 [118] 119 120 ... 208