Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 141 142 [143] 144 145 ... 208
2131
Are you aware of the fact that there's no regulation or oversight of any kind at all in the foreign exchanges market?  There are enormously wealthy individuals who take advantage of this.

Also, mainly governments. They can print more or less currency notes to manipulate the value of their currency, usually for the benefit of a few and the detriment of most.

Just ask the people of Zimbabwe about how resistant to price manipulation centralized fiat currencies are.

2132
The exchange rate of bitcoins has nothing to do with mining difficulty. It is based on supply and demand. On trading platforms like MtGox, people post buy and sell orders at various prices. Let's say that BTC are currently trading for 15 USD. If a bunch of buy orders come in, then all the BTC at 15 USD will be bought up, so the next buyers will have to get BTC that are posted for 15.50 USD, then 16 USD and so on.

Conversely, if more people are trying to sell BTC than buy them, then sellers will have to post orders at decreasing prices in USD to get them sold (they are in effect competing to sell their BTC, so naturally the price will go down).

Take a look at http://mtgoxlive.com/orders

The diagonal lines indicate how many BTC will have to be bought or sold to move the exchange rate to that point. You'll notice some vertical jumps around the whole dollar marks. That's human psychology at work in the market. People are more likely to post a sell order at a round number like 20 USD, although plenty of people post sell orders at intermediate prices.

Based on all buy and sell orders, they know exactly how much BTC will have to be bought (or how much USD will have to be "bought" by selling BTC) in order to move the exchange rate to any point.


2133
Never attribute malice to that which can be explained by incompetence.

The likely explanation is that some vendors don't know they can peg the product price to USD.

2134
Security / Re: 7 Pass Secure Erase?
« on: January 31, 2013, 01:03 am »
Wright et al. found that they could recover a bit here and a bit there but not enough contiguous bits to salvage any useful data.

Does the NSA have some advanced technology not available to civilians? Maybe, but do you think LE will be shipping your hard drive to the NSA? They have bigger fish to fry.

2135
Security / Re: 7 Pass Secure Erase?
« on: January 31, 2013, 12:55 am »
The National Institute of Standards and Technology, the Center for Magnetic Recording Research, and the NSA seem to think that one overwrite is enough.

Quote
According to the 2006 NIST Special Publication 800-88 Section 2.3 (p. 6): "[F]or ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."[17]

Quote
According to the 2006 Center for Magnetic Recording Research Tutorial on Disk Drive Data Sanitization Document: "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."

Quote
Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required.[23]

Wright, Craig; Kleiman, Dave; Sundhar R.S., Shyaam (December 2008). Overwriting Hard Drive Data: The Great Wiping Controversy. In R. Sekar, R.; Pujari, Arun K.. "Information Systems Security". Information Systems Security: 4th International Conference, ICISS 2008. Lecture Notes in Computer Science (Springer-Verlag) 5352: 243–57. doi:10.1007/978-3-540-89862-7_21

Here's the CMRR publication: http://dkn255hz262ypmii.onion/index.php?topic=99520.msg699299#msg699299

2136
Security / Re: Is Liberte anonymous
« on: January 30, 2013, 06:19 am »
Is there a way to install the tor bundle into Liberte?

It's portable. You can extract the archive anywhere, including Liberte's persistent volume.

I was under the impression that using the tor bundle on your normal pc will leave traces of the sites you have been visiting. Is this true?

Only if you save bookmarks or passwords. Those will be written to files on the disk. Otherwise, it doesn't write to a cache on a disk during normal browsing. That would be a huge privacy leak. All browsing data is stored in RAM and discarded when TBB shuts down.

2137
Security / Re: Bitcoin Node Over Tor
« on: January 30, 2013, 06:14 am »
BTW, if you run bitcoin-qt over Tor, I recommend decreasing maxconnections to 3 or 4. It takes a while to build all the connections because (apparently) a lot of bitcoin nodes don't accept them. I don't think bitcoin-qt can be configured to block specific IP addresses, but there may be firewalls or ISPs interfering with connections from exit nodes.

The other concern is that you may not want to run bitcoiin-qt as a hidden service since there are known attacks to deanonymize hidden services.

2138
Security / Re: Bitcoin Node Over Tor
« on: January 30, 2013, 06:07 am »
I don't understand.  What's the advantage to this, other than flooding the Tor network with even more packets...?

The network is only carrying about 60% of its advertised capacity:

https://metrics.torproject.org/bandwidth.png

Encrypting the data seems to be the rate-limiting step.

That being said, the more users there are, the more diverse they are, and the more diverse the traffic, the safer and more anonymous everyone is. Bitcoin clients only download and upload about 100 MB a day (although that depends on how many connections they maintain), so this isn't like bittorrent traffic.

Just tunnel bitcoind through your Tor program and let it operate as usual: I'm not aware of anything an exit node can do that would harm you even when you're going through one to get to the next bitcoin node?

That's true, there's really no advantage to connecting to a hidden service as opposed to a regular bitcoin node over Tor, and the connections tend to be much spottier.

Bitcoin nodes only maintain 8 active connections.  I don't see how it's helpful to have other nodes trying to make incoming connections, when you can just make your 8 as outgoing and would start blocking the incoming ones regardless...?

You can specify however many connections you want in bitcoin.conf:

maxconnections=N

You can even specify the nodes you want to connect to (that's how connecting to onion addresses works, actually, you have to tell Tor to map private IP addresses to onion domains using the mapaddress feature and then tell bitcoin-qt to connect to those IP addresses).

Anyway, I don't think there's a distinction between incoming and outgoing connections.

2139
Security / Re: Bitcoin Node Over Tor
« on: January 30, 2013, 02:25 am »
Yep, there are a bunch of bitcoin nodes running as hidden services that you can (try to) connect to.

https://en.bitcoin.it/wiki/Fallback_Nodes#Tor_nodes

I've found it to be difficult, though, with frequent dropped connections.

2140
Security / Re: im a moron I cant figure shit out
« on: January 30, 2013, 02:08 am »
In the meantime, you can visit the following sites (THROUGH TOR!)

  On GPG4Win (for windows users)

GPG4Win can be buggy and a lot of people have problems with it.

A lot of us who spend time in the Security forum highly recommend GPG4USB.

There's a tutorial on how to use it linked in my signature.

2141
Security / Re: im a moron I cant figure shit out
« on: January 29, 2013, 02:57 pm »
This is personally what i would be most happy using, i am willing to put in the time and effort and learn how to efficiently use Linux as it interests me somewhat. I understand you put a lot of time and effort into helping people out over here on the security forum but would you mind pointing me in the right direction and what Linux OS to use, or topics discussing this method. Basically just a more in depth explanation of this option.

Any vanilla Linux distro will work, although Ubuntu or Linux Mint will be easiest to install and have the best hardware support out of the box. The latest version of Ubuntu (and by extension Linux Mint, since it is based on Ubuntu) includes a one-click option at install time to set up FDE. The main difference between them is the default desktop environment. Ubuntu includes a DE that a lot of people don't like, although there are derivatives such as Kubuntu, Xubuntu, and Lubuntu that use a different DE by default. Linux Mint uses its own DEs.

The way to choose is to read up on and look at screen shots of Unity, XFCE, LXDE, KDE, Cinnamon and Mate, and choose the one that you like. You can also boot Live CDs and test them out. Keep in mind that once installed, you can switch between any of the DEs by installing them from the software repository. It is even possible to install the Cinnamon and Mate DEs (of Linux Mint) on Ubuntu and vice versa, so it's not a choice that you should be laboring over.

Any normal Linux distro will have a normal filesystem layout without the complications of Tails. You will also be able to install any software available in the repos, unlike Liberte.

My other gripe with Tails and Liberte is that they are "experimental" distros at best. They have been around for less than 3 years and have one (in the case of Liberte) and maybe a handful (in the case of Tails) of developers behind them. In my experience, and judging from dozens of threads on the forum, they are buggy as hell. It would be easier for a newb to use Ubuntu and Linux Mint, which have been around for a lot longer and have more developers behind them.

Once you've committed to installing one of the Ubuntu/Mint spins, it's not that hard at all. The main barrier seems to be in the cost or inconvenience of committing a whole computer for this purpose.

2142
Security / Re: im a moron I cant figure shit out
« on: January 29, 2013, 05:49 am »
There's a fundamental contradiction between these statements:

i want the extra measure of security

Which is the most user firendly?

Sorry, but security is hard. If you want strong security, it won't be easy. You'll need to learn programs and possibly operating systems that you've never used before, and that might be twice as hard if you're a computer newb in general.

I see these demands all the time. People want strong security but make it easy. They want bitcoins that are fast, cheap, and anonymous. You can't have the world.

You need to pick a level of security that you are comfortable using and/or smart or dedicated enough to learn. Here's how I would break it down:

No Security: You use TBB and PGP on an unencrypted hard drive. Everything you do can be discovered by an adversary.

Low Security: All sensitive files are stored on an encrypted thumb drive, partition, or some other volume. This is low because the contents of such volumes can be leaked onto the unencrypted parts of the hard drive. For example, if you are a vendor who stores info in MyDrugClients.txt and you open that file in Notepad, the path and file name will be stored in the Recent Documents list. An adversary can discover the kinds of info stored on the encrypted volume and that alone can get you in trouble. The other problem is that you are still using the malware and shit infested Windows operating system. Microsoft cooperates with LE and even provides tools for forensic analysis of its OS. Your next KB134235325 proprietary binary blob update could be spyware pushed to your computer on behalf of LE.

Medium Security: A portable Linux distro like Tails or Liberte. Better, because they are open source, the developers don't work for a corporation that bows to government pressure, and they use isolated encrypted volumes that don't leak data. The trade off is that you get a lot of little annoyances with the weird filesystem layout, installing applications beyond the defaults that come with the distro can be a pain even for a seasoned Linux user (read the recent thread about getting bitcoin-qt runnin on Tails), and constantly having to reboot between sessions.

High Security: A Linux distro installed on the main hard drive with FDE. It offers the highest security because nothing about your computer can be known to an adversary except the kernel used to boot the system. They can't even prove the computer belongs to you if you purchased it with cash from a Craigslist seller. The main trade off is that this is the costliest option, because you need to dedicate a computer full time for this purpose. If you are wedded to your current OS, you'll need to buy a second computer, which can cost over $100 even for a used one.


Broadly speaking, those are your options. You have to choose how much time, money, effort, and brain cells you are willing to spend on your security.

2143
Silk Road discussion / Re: Cancelling/Deleting Buyers Account
« on: January 29, 2013, 02:00 am »
They used to delete accounts if you didn't log in for some time (I've heard different numbers, but it was around 5-6 months). I don't know if that's the case anymore.

2144
Security / PDFs in TBB
« on: January 29, 2013, 01:46 am »
A new post on the Tor Blog says that they are going to add the PDF.js extension to TBB next month, allowing users to read PDFs in the browser.

 https://blog.torproject.org/blog/new-firefox-17-and-tor-alpha-bundles

Apparently they are confident that they can make this safe and prevent links from going over clearnet since the extension is contained within TorBrowser. That should make the building of disposable VMs for reading PDFs obsolete.

2145
Security / Re: slightly anonymous work office BUT no wifi plz help.
« on: January 28, 2013, 11:25 pm »
Is there and a easy to use guide on stealing wifi with software???

If it uses WEP, it can be cracked pretty easily.

https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
https://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_attack

If not, you could still try to brute force it and hope they use a weak password.

https://en.wikipedia.org/wiki/Aircrack-ng

Remember to change your MAC address!


i have seen some a while ago but they look quite hard to use. What is the connection like once connected?  can it be used everyday with no problems??

The connection shouldn't be any different.


I need wi fi to do real work on a clean computer if i get a isp in my office in my real life work name and use my naughty computerthere as well with a  vpn-tor every day  in my office. will this bring me problems ??? 

Probably not, unless you're doing something to draw attention to yourself, like sending/receiving large amounts of traffic.

Tor with bridges works just as well. Actually, slightly better since it's one less hop and one less layer of encryption than a VPN + Tor.

Pages: 1 ... 141 142 [143] 144 145 ... 208