Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 184 185 [186] 187 188 ... 208
2776
Security / Re: Issue with PGP
« on: December 26, 2012, 01:57 am »
Also, are you using GPG4Win? The general consensus here is there it sucks.

Use GPG4USB instead: http://32yehzkk7jflf6r2.onion/gpg4usb/

2777
Security / Re: Silkroad Wikipedia Login URL
« on: December 26, 2012, 01:51 am »
Members when ANYTHING IS not a normal SR LOGIN then back off it.. An second Why is it sooo hard to BOOKMARK THIS PAGE?? Or highlight copy open notepad PASTE it then Save as to a USB stick?

I would love for everyone to save important data locally and not rely on untrusted third parties like easily vandalized Wikipedia, but you have to consider that some people don't have full control of their computer. They share a computer with family or roommates, or they go to a library, university, or internet cafe, and they don't want evidence of accessing SR on disk. An encrypted thumb drive is their best option, and I plan on writing a tutorial for that in the coming days.

As for recognizing a phishy site, they don't even have to remember the entire 8 characters after silkroad. Memorizing 5piz3 is enough, since the probability of finding a private key that hashes to silkroad*5piz3* is extremely small. It would take ages to search the key space for a private key that hashes to a domain name containing those two strings. Looking for 5piz3 after silkroad will block 99.99% of all phishing attempts.

2778
Security / Re: Issue with PGP
« on: December 26, 2012, 01:36 am »
The #1 reason why this happens is because a valid PGP block must have five dashes before and after the text on the BEGIN and END lines, and missing a single dash will cause it to be unrecognized by the PGP program. You may have missed the first or last dash when copying, or the vendor may have missed the first or last dash when pasting the message. This happened to someone the other day. They were copying all the text, but the vendor had only posted 4 dashes before the text on the BEGIN line. You need to count the dashes and manually add them if there are fewer than five on each side. It should look like this

-----BEGIN PGP MESSAGE-----

<encrypted message>

-----END PGP MESSAGE-----


2779
Security / Re: Is Microsoft Bitlocker safe?
« on: December 26, 2012, 01:30 am »
Security experts will tell you that no proprietary software is safe. Corporations can collude with the government to introduce backdoors, and Microsoft is known to have a cozy relationship with law enforcement. They provide software like COFEE

https://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor

Open source software is safer because it can be reviewed by independent experts. TrueCrypt is open source. GPG is open source. BitLocker is not open source, and some of the Windows ports of GPG may not be open source, so be careful, and choose open source security solutions over proprietary ones.

2780
Hey Astor,
Thanks for the guidance. I am new to this clandestine stuff. My Key ID is D028DEFF
Here goes

Hi brokedownpalace, Merry Christmas to you too, but I can't send you an encrypted message without your public key, and the key ID alone doesn't help unless you've uploaded your key to a key server where I can search for it (not recommended if you want to stay anonymous, unless you upload to a hidden service key server like qtt2yl5jocgrk7nu.onion, but you would have to configure your PGP software to use Tor). You need to publish your public key in a forum post so others can encrypt messages to you (I don't see a public key in your comment history).

Take a look at this: http://32yehzkk7jflf6r2.onion/gpg4usb/

2781
@stiffneck

-----BEGIN PGP MESSAGE-----

hQIMA1ewgXaB/e6sARAAjQGBd4epCtzhvZnfvg6pdLJH04zowV1G+pyDp5yM9Ao+
cUfios9Ozj0CJY76/Icn7ClG4yTsmLUy1sit75vbtrC0pace16lJET1ROfF113r3
eseVLvxnT2yr1K64pDZrGLXfOP4fXCv5TUcWoevxMSVcl/3qOKKMByZsNS9Ti86R
Tc6nTZZZHEneLG/0G+3P3BcoXg4o4CBccM84X1Gil1vACxFBAIncwO28+ExWbpe5
f2vKGKDimcg4TmksNmR4/liTGNdE8aLtvEGy/A/Kz2CaqNdCKhoR3p++qlDitBfF
12KloUc349aiIuFn/nDrOKBvoEu4jHEfGq7L6fpGPoO6FeW9iKsPsz8Iv+abvGRm
jbPGckQCM2wcRZEJyiyKQ4YY+maLU3NqY57oGSXHgulifyGnn1WE4cuilhPyes5O
sniQsxn2CcjQlM+IM9xGLXd23sLrw+siZ8V5SsRR43ksPVyl/ArbwnlyHxUh55mK
myym5U1goISP/G3cwRFLkAlLGIb2c/B05dZkzpYKw+Y8Fsw+C1EQDAS0plk3hnLm
1sflKxOfIesDXeRkgBVbUk8exnNpTy2noq2fxAwW1A6Ar/SwtCqz4zgndBg4R5dB
dz397f1ywhPqP0O8N0L61CAUdnAiu/Q/0FdOe04zZi0pkinA5md/L0wc/7ZtiuvS
wEUBcMbuLHnshI/tgY9jFZgk96qUuDUI76yDryn6EhByncc6oolZ+hsNoAdSXiC3
n6S+nUEWQrAcEWRC3utMoN6cYiYXGSabK9SN+/pZb5Nn3EfGEM+rH2EIbT8NJIs1
N3gOXV0EeFx+vnNf6oU8SrG/qS7S3fUuXlV8sRJ20fCpNjUioVvkXOABWtWgCC7H
cu1N1C1s3XXbi5sHmgfgO5jEvyG9Y8XbLqCBsBXU9jQgsrytDuMgCBAXugydhhQV
gLoON9LoLUlsMlUPSux82dRhMXsBcJWEe9txVrngkS4GVcygWqV5gfACBpwcqU27
rcKM89QQ2W2GfEbFTFhCoOKP3XJz2jA=
=5xhW
-----END PGP MESSAGE-----

2782
That actually doesn't sound too bad. Someone should whip up a quick program that automatically fills it the username, password, and PIN with random letters/numbers. Shouldn't be hard at all. You could even use a program that's made for automated processes like this.

Usernames composed of random strings would be too obvious. There are "random [funny|cool] username generators" though. You could pull usernames from those lists. You would also want to vary the strength of the passwords.

2783
I wont book mark, to risky to leave it on my computer for personal reason's.

Buy a USB thumb drive and copy TrueCrypt onto it, then create an encrypted file that contains TBB and your PGP software, along with a text file with URLs and strong passwords. TrueCrypt can even be set to autorun when you insert the thumb drive.

http://www.truecrypt.org/docs/?s=truecrypt-portable

I think this will be my next tutorial, because there's a big need for secure data storage in the community. Too many people rely on untrustworthy third parties to get the URL.

BTW, storing the SR URL and your password in plaintext on hosted email isn't risk free.

2784
The form action is this URL:

http://www.tectite.com/hosted/001204/brentbook.com/formmail.php

There's also a reference to tectiteformid bd11a1e3463f77ee364149936a2a84d3.

Just saying in case someone finds this info useful.

Do you think brentbook.com is connected to the phisher?

2785
Security / Re: Silkroad Wikipedia Login URL
« on: December 25, 2012, 05:14 pm »
You should store TBB and your PGP software on encrypted media, then you can bookmark the URL or save it in a text file and avoid this problem.

2786
You've labelled your key "Anonymous <anonymous@unknown>", but it's better to label it as something useful, like your forum username or your Silk Road username, so that people can find your key more easily among the scores of other keys they have on their keyring.

Yeah, that was a minor annoyance with the people I was helping in the last few pages. I imported 8 keys and 2 or 3 of them used a different name from their forum name, so I had to reimport the keys to figure out which one to use.

2787
Security / Re: need some simple help!
« on: December 25, 2012, 03:31 am »
Instawallet is an intermediary like a mixing service, but nowhere near as safe. Some people believe it's enough to offer plausible deniability, ie, someone follows the bitcoin trail back from your SR address to an Instawallet address to the exchange. The exchange knows who you are but you can claim that you sent the coins to someone else, and as long as you access Instawallet over Tor, nobody can prove it's you.

I'm not particularly convinced of that method. I'd rather not be identified in the first place, which is why if I bought coins in a non-anonymous way, I'd properly mix them.

2788
You can grab my key from the link in my signature and send me a message, if you want. Don't forget to post your public key.

2789
Security / Re: Tor and Bitcoin
« on: December 25, 2012, 01:58 am »
You'll want to configure the Bitcoin-QT client to run over Tor, otherwise it could list your IP address as the "Relayed by IP" in the block chain. So if you're sending coins directly from your client to SR, you could be deanonymized.

Take a look at any random transaction and you'll the relayed by IP

https://blockchain.info/tx/95855cbb856458834fb26d948cd8a5b8bf2644ce829a0a77d128c5aced5df30b/95855cbb856458834fb26d948cd8a5b8bf2644ce829a0a77d128c5aced5df30b

Honestly, if you've never used bitcoin before, I suggest using an ewallet like the one that blockchain.info offers. With the standard client, you need to download the entire block chain before you can use it, plus the index file, and that's like 4 GB of data and rapidly increasing.

2790
Silk Road discussion / Re: BUSTED THREAD!!! Please contribute
« on: December 24, 2012, 11:13 pm »
also, not sure why, but over the last week or so i've received orders from people who have put their addresses and PHONE NUMBERS unencrypted

It's  funny because there's so much debate on the forum, and people go to such lengths to get coins anonymously, then turn right around and post their plaintext addresses on the server.

Pages: 1 ... 184 185 [186] 187 188 ... 208