Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 143 144 [145] 146 147 ... 208
2161
Silk Road discussion / Re: A message to SR forum newbies (< 6months)
« on: January 25, 2013, 03:55 am »
When you cut through the bloviating bullshit, it boils down to this:

Quote from: Roky Erickson on January 25, 2013, 03:32 am
unless, like in the case of roads and hospitals in the real world, it is practical (spam threads).

So we agree that SOME censorship is acceptable, the rest is a matter of degree and nuance.

I think it's practical to censor trolls. It promotes a healthy, vibrant community.

If you want to know what absolute free speech looks like, find an abandoned forum. They turn into shit really fast.

2162
Security / Re: PGP / Problem potsing question
« on: January 25, 2013, 03:17 am »
If you never sent them your public key, then there was never a way for you to decrypt their messages.

I would hope that a vendor would have figured out PGP enough to ask for your public key, maybe that's not the case.

There's a notable vendor on SR right now getting rave reviews, and I was very close to ordering from him, but when I imported his key I realized it was only 1024 bits. Red flag. Who knows how good the rest of his security is. I never ordered.

Sometimes you have to lose a few battles in order to win the war.

2163
Security / Re: Touchpad with tails..
« on: January 25, 2013, 03:03 am »
Can you find out what the error message is?


2164
Security / Re: PGP / Problem potsing question
« on: January 25, 2013, 02:51 am »
You create a pair of keys that are mathematically related to each other, one is public and the other is private.

Never share your private key with anyone. [It is used to decrypt messages to you.]

Give your public key to your friends. [It is used to encrypt messages to  you.]

Collect public keys from your friends. Use their public keys to encrypt messages to them.

They use your public key to encrypt messages to you.

You use your private key to decrypt messages. [Meaning you have to select your key in the interface.]

2165
Security / Re: PGP / Problem potsing question
« on: January 25, 2013, 02:43 am »
Quote from: rosannebar on January 25, 2013, 02:33 am
Now,  when they reply back to me, i am assuming they use their own public key to encrypt,  so I copy it, paste it into my gpg4usb box and click that vendor from the right,  and hit de crypt.   And that error box comes up.

Quoting my tutorial:

Quote
They [your friends, vendors] use your public key to encrypt messages to you. You use your private key to decrypt messages.

You have to select your key to decrypt the message, not theirs.

If they encrypted the message with their public key, then only they (with their private key) could decrypt it. These keys are mathematically related.

Quote from: rosannebar on January 25, 2013, 02:33 am
Even if I copy paste what I just encrypted using the vendor public key, and try to de crypt what I just typed with that same key I just used, it say's the same.   Now, shouldn't it be able to de crypt what I just encrypted?    This is what is so confusing.

No, because you encrypted it with THEIR public key, not yours. You can only decrypt message that are encrypted with your public key, because you have the corresponding private key that is used to decrypt.

2166
Security / Re: multiple ailias under pgp?
« on: January 25, 2013, 02:32 am »
What midlandsmafia says is true, but for newbies, I would strongly recommend maintaining separate PGP programs so there's less chance of accidentally mixing them up. This happened to SS and I'm sure others. It's the reason why Tor is distributed as a separate browser rather than a Firefox add-on like it used to be. Accidental privacy leaks are too easy.

I recommend using GPG4USB which is portable and can be extracted anywhere. So extract one copy into a folder called Work and another copy into a folder called MY SUPER ILLEGAL SHIT and you're much less likely to get them mixed up. :)

2167
Security / Re: PGP / Problem potsing question
« on: January 25, 2013, 02:21 am »
Quote from: rosannebar on January 25, 2013, 01:54 am
so,  I copy pasted what he said on Sr,  placed it in the box that I use to type my own messages,  clicked that vendor from the right,  and hit decrypt.      Error decrytping pops up,  say's decryption failed, no secret key,  no private key with id ******* present in key ring.

So,   I just sent a message to another vendor,   encrypted using his public key,  then copy pasted exactly what I sent him back into my gpg4usb,  hit decrypt using the same key that I just encrypted it with,  and same thing.  Same message.   Now I made that encryption.... so i'm totally lost.   What am I missing here?    Anyone got any ideas?

Either,

A) Two vendors mistakenly encrypted messages to the wrong key
B) You sent the wrong public key (ie, someone else's public key in your key ring) to both of them
C) Somehow your private key was deleted.

Following my tutorial, can you make a backup of your private key? Does the key ID match the key that they are encrypting their messages with? Does it match another public key in your key ring?

Edit: Hang on, I just caught this:

Quote from: rosannebar on January 25, 2013, 01:54 am
I just sent a message to another vendor,   encrypted using his public key,  then copy pasted exactly what I sent him back into my gpg4usb  hit decrypt using the same key that I just encrypted it with,  and same thing

If you encrypt a message with someone else's public key, only they can decrypt it with their private key. (That's why it's a good idea to encrypt it to the recipient and yourself)

What you describe in the second paragraph is not the same thing that you describe in the first paragraph.

2168
Security / Re: General Consensus On Which Security Setup Is Best?
« on: January 24, 2013, 10:10 pm »
Quote from: The Drugstore Cowboy on January 24, 2013, 06:16 pm
Is there a setup the more seasoned users all agree on and it's buried in old posts or is there so much variation that it's kind of hard to truly decide?

There is no single best setup because people have different needs. Ideally you would use full disk encryption with or without a hidden volume (I'm not sold on the effectiveness of hidden volumes at stifling LE investigation, but it probably wouldn't hurt to use one either). However, some people can't use FDE for whatever reason. They may share a computer with others or only get internet access at a library or cafe, so they use a bootable distro like Tails, or they keep their sensitive files on an encrypted thumb drive.

Likewise, Linux is safer than Windows, and OpenBSD is safer still, but most people are wedded to Windows/OS X for one reason or another.

Security in practice is weighed against the trade offs of convenience and practicality, and the optimal trade off point will be different for everyone.

2169
Security / Re: Warning! Tails 0.15 and .16 Firewall Disabling Script Waits For Exploitation
« on: January 24, 2013, 02:04 pm »
Quote from: kmfkewm on January 24, 2013, 10:54 am
I can't believe they even posted that nonsense on Cryptome.

That's not the first time I've seen Cryptome sensationalize a security (non)issue -- or at least repost someone else's sensationalizing.

2170
Silk Road discussion / Re: At what point does the freedom of speech vs. Censorshuip actual end?
« on: January 24, 2013, 05:06 am »
That Agreement sounds like the standard boilerplate you might get with the forum software, or by Googling "what's a good forum user agreement". :)

That being said, it sounds good to me.

2171
Security / Re: Warning! Tails 0.15 and .16 Firewall Disabling Script Waits For Exploitation
« on: January 24, 2013, 04:50 am »
A Tails developer responds in the next message on the link you posted.

Pretty much, if someone roots your copy of Tails, they can disable the firewall anyway, by either shutting down iptables or flushing the rules.

Even worse, they can copy all your super secret files like your PGP private keys.

I haven't seen the script, but I accept the explanation that it makes certain firewall operations easier for someone who wants muck around with Tails as root. However, an adversary with root privileges can fuck you way harder than that script can.

2172
Security / Re: Howto configure a vendor-specific tor hidden service?
« on: January 24, 2013, 03:13 am »
Here are some tips for maximum security: http://dkn255hz262ypmii.onion/index.php?topic=100998.msg705761#msg705761

2173
Security / Re: For vendors: Ways to setup alerts or notifications or mobile setup
« on: January 23, 2013, 08:51 pm »
Quote from: Creamsicle on January 22, 2013, 10:50 am
Obviously there is no direct way of doing this but I am wondering with all the apps that are out there etc if anyone has come up with a creative way to stay on top of their vendor accounts when they are on the go?

This is technically possible with a Python script (and a few Python libraries). You could use urllib to download a copy of your vendor messages or orders page, generate a hash and compare it to a stored hash. If the hashes are different, the page has been updated, meaning there are new messages or orders. Then use the smtp library to send yourself an email. Some carriers allow you to send emails to an address like 2221113333@sprint.com and you receive it on your phone as a text message.

I could write something like this. The problem is that it's horribly insecure and I won't do it. :)

2174
Silk Road discussion / Re: At what point does the freedom of speech vs. Censorshuip actual end?
« on: January 23, 2013, 04:17 pm »
There's nothing wrong with censoring ass hats. Good moderation is required to maintain a healthy community. AskScience is considered one of the best subreddits on reddit precisely because the mods are ruthless in deleting off topic posts, jokes, memes, etc. Now,  you don't have to go that far, because this community engages in a wider range of discussions, but a good line to draw is, "is this person annoying the piss out of everyone?"

BTW, as I said in the other thread, freedom of speech is a right granted by a government not to interfere with your expression. It doesn't mean ass hats can use someone else's property to spout off. There's an old saying that freedom of speech belongs to him who can afford a printing press.

Or in this case, a server.

2175
Security / Re: Stingrays aka IMSI-catchers
« on: January 23, 2013, 07:16 am »
Quote from: inigo on January 23, 2013, 03:36 am
I wasn't talking about communications being intercepted, I'm primarily concerned with tracking.

In that case, IMSI catchers are the least of your concerns. A functional phone is tied to a carrier who can triangulate your position or at least get the closest tower to put you within a radius.

A mobile phone is a snitch in your pocket. As others have said, the best defense is not to use one.

You should ask yourself how often it is necessary to make or take calls when you're away from your house. Yes, it's convenient, but if you're honest about it, you could leave your phone at home 95% of the time you go out and get those calls when you come back. That would go a long way toward protecting your privacy. Also, use cash as much as possible. Your credit/debit card is another snitch in your pocket.

Pages: 1 ... 143 144 [145] 146 147 ... 208