Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 128 129 [130] 131 132 ... 208
1936
Security / Re: How often does this happen to you?
« on: March 14, 2013, 10:55 pm »
Clean house.

If your shit isn't encrypted, DBAN it.

Deny any knowledge of the package and refuse to answer any other questions.

1937
Off topic / Re: New hidden market accepting Litecoins (LTC)
« on: March 14, 2013, 10:04 pm »
The litecoin community is so small that you can mine coins with a desktop GPU. That's the best way to get them, and they are rewarded every 2.5 minutes instead of 10. There's nothing more anon than coins with no transaction history, provided you're running your litecoin-qt over Tor.

1938
Silk Road discussion / Re: FH invite to spare? (1 BTC reward)
« on: March 14, 2013, 09:43 pm »
Here is the press release  (clear net) http://pastebin.com/hquN9kg5
It's an interesting read. Did it do much good however? As far as I know those sites are still running.

That's because it was bullshit. mikeperry and Formless Networking have nothing to do with FH.

It is most likely funded or run by Russians and it is almost certainly not hosted in the United States.

1939
Silk Road discussion / Re: FH invite to spare? (1 BTC reward)
« on: March 14, 2013, 09:40 pm »
I can get you an invite. PM me.

1940
I am very interested in how you solved this problem.

1941
Anyway, I'm thinking more of the browser idea. Your keys may be saved server side but all the enc/dec happens on the browser client alone. That way you can be positive my site never reads any messages.


If the keys are stored on your server, and the crypto is done with server-supplied JavaScript, the threat always exists that you can decrypt the messages.

Even if the private keys are symmetrically encrypted with the user's password, you supply the key to their browser and it uses the password to decrypt it on the client side, you could change the code later and steal the password (that's what Hushmail did, except with Java). This is the problem with running server-supplied code that is downloaded fresh each time the user visits a site. It can change each time, so it's a security threat every time they use it.

An open source program like GPG4USB can be security audited once, saved on the user's encrypted thumb drive, and the code never changes (as long as they don't update it).

Like I said, you already need to have the portable browser bundle with you to be on Tor. You can save portable GPG4USB in the same place, so it is always available when you need it.

And it's pretty easy to use. Over a hundred people have told me that they didn't understand PGP until they read the tutorial, and there are probably many hundreds more that I don't know about. I have no doubt that even the most technologically illiterate people can learn to use a PGP program, if they're willing to trade a little inconvenience for significantly better security.

1942
Astor, I appreciate what you're saying but tonnes of people on here use Privnote assuming it's safe and probably as many use iGolder. At least I'd know I could use my own site and that's a start!

I know, and many of the prominent posters in this Security forum, myself included, have argued that they should stop.

I even wrote a super simple tutorial for GPG4USB, which is portable, so you can save and run it from the same place as your browser bundle, *which you already need to have with you.*

Check the link in my signature.

1943
I like how they rationalized it away. Goes to show that we get paranoid over nothing sometimes. Straight people are naive. If you weren't admitted for a drug overdose, the fact that you might have taken drugs while laying in the hospital bed is the last thing on the nurse's mind.

1944
Server side encryption is a showstopper. Most people have learned from the example of Hushmail. Not everyone, of course. You would get some users, but not many.

An open source browser plugin that can be audited and works with locally stored keys is much safer. Why don't you talk to SelfSovereignty about his project, MetaSilk. He is planning on adding PGP support to it and could use some help.

http://dkn255hz262ypmii.onion/index.php?topic=121039.0

1945
Since you store the private keys, it all boils down to trusting you.

What's to stop you from snooping on people's messages, getting their personal info and blackmailing them?

1946
Hey, this is really coming along. :)

A lot of people have asked for sort by price.

1947
Yes, that can be dangerous. Not only can add-ons potentially bypass proxy settings (although the TorBrowser is patched to better prevent this), but add-ons that modify web pages can be used to fingerprint you.

The Tor people recommend keeping the defaults so we all look the same. You reduce your anonymity set when you start getting creative.

1948
What did they say?

1949
Silk Road discussion / Re: CAN SOME ONE HELP ME WITH IRC CHAT?
« on: March 13, 2013, 03:49 am »
I see a lot of activity when i use the browser: open, connecting, closed
But when the page has loaded everything is on "open".

When i try to connect through mIRC nothing at all happens.

Edit: This was a result of astor's instructions.

Oh, that's bad. That means Tor isn't trying to reach the server. As Hash said, there could be some problem with mIRC. I was able to get mIRC to connect when I tested it in a Windows VM, but who knows.

You could try with Pidgin. Pidgin works well with Tor. It even has a Tor mode. Use all the same configuration settings except use the onion address for server, not the IP address. Remove the mapaddress line in torrc.

In the proxy settings, use Tor/Privacy (SOCKS5) instead of the SOCKS5 option.

1950
Security / Re: Mt Gox not accepting BTC from SR?
« on: March 13, 2013, 03:38 am »
Best one is  https://blockchain.info/wallet/new

Although instawallet.org is sufficient if you are transferring the coins there for a short amount of time.

Don't lose the full Instawallet URL, though.

Pages: 1 ... 128 129 [130] 131 132 ... 208