Silk Road forums
Discussion => Security => Topic started by: Dread Pirate Roberts on August 05, 2013, 05:07 pm
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
With all of the news and rumor around freedom hosting being shut down, I thought it a good time to post a signed message here on the forums to show that I am still in control of Silk Road.
I have yet to receive any hard evidence regarding what happened with the FH bust. At this point, Silk Road appears to be totally unaffected by it. Of course if you registered on a compromised site with your Silk Road credentials, you should change your SR password and PIN asap.
As we watch this unfold, please contribute any new information to the existing threads on the subject and let's hope that the damage is well contained.
DPR
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJR/9vfAAoJEAIiQjtnt/ol6voH+wdoNRPWqk2KNZKokhYMrtg2
dWKwxWrVNrKy6E0xys17DYpeXyQLTrep+4YkHnR/CDM4HquVt/bl7nryPaC93rWj
CiYw3iUsB+htBrmQgo+r5qo+EcAEcAVhUbXFIe1c1espkNFPbqR9asjTPOFtwVor
YfqfxTW/alW/oESA7XQbewlfKCdfxcbeB81v5j/bCnqCA7VlBMloPWwkXb8D060g
n85o9GDxM8QOCbPwajcTHoRB2PvJydyFVYOOYFrwwYAx0b+nafFAA5OXp0qL+KW5
rXE4nmLISykq9uVlA6ZtubSjn8h1RQUyq4vQRdj/F7dQbm9YlAf0X8UteMS2xco=
=kRgK
-----END PGP SIGNATURE-----
-
Cheers!!
Peace, Love & Hugs to ya, DPR 8)
ChemCat
O0
-
You Go BOY!!!!
We love you DPR.
Serioustly.
I fucking LOVE you!!!
(Okay a lot of MDMA in me this weekend...)
Modzi
-
Thanks
-
I'm really worried about vendors, some of whom used Tormail daily.
A couple things to note about this:
1. If you used PGP, the content of your emails is safe, but the metadata -- who you emailed and when -- is in the hands of the FBI.
2. If you used a desktop email client like Thunderbird, you would not have been exposed to the JavaScript exploit (assuming you also didn't visit other FH sites), and old emails would not be on the server.
If you visited FH or the Tormail web interface recently, and you were on Windows and had JavaScript enabled, and you are a large vendor, you should assume that you have been compromised and take proper security precautions. Most importantly, don't keep any drugs in your house.
-
Glad to know things are still under control.
OT, does anyone know what happened to hatter26?
-
DEA now using NSA obtained intel to help them bust/frame drug suspects:
http://www.chicagotribune.com/news/sns-rt-us-dea-sod-20130805,0,5453047.story
They are simply covering up where the original tipoff came from, and arriving at the perfect time to bust people. I'd start upping the game here.
http://darkernet.in/hacking-attack-on-tor-allegedly-linked-to-saic/
Claims entire C-block of that domain that was sending your info from the FH hack is all owned by NSA and their contractors Booz Allen. Luckily this time, linux/bsd/OSX users weren't affected. Next time they will be.
-
Subbing. Thanks, guys.
-
I'm really worried about vendors, some of whom used Tormail daily.
A couple things to note about this:
1. If you used PGP, the content of your emails is safe, but the metadata -- who you emailed and when -- is in the hands of the FBI.
Unless like me, you used a nymserver email remailer; then you're OK.
-
thanks for the good news
-
Long live the DPR!
-
Where can I get DPR's public key from? Because the copy on the wiki at http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing returns "BAD signature" for DPR's above post.
-
Where can I get DPR's public key from? Because the copy on the wiki at http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing returns "BAD signature" for DPR's above post.
I'm having the same issue. I import DPR's public key, and when verifying the PGP signature above it's stating that it's a bad key. Anyone care to ellaborate?
-
The signature verifies for me. Probably an encoding problem when copying the text out of the forum post.
-
The signature verifies for me. Probably an encoding problem when copying the text out of the forum post.
Thanks probably a stupid newb mistake I'm making with PGP. I've got my head wrapped around the public key and messaging process but the signature part still has me a bit confused.
-
The signature verifies for me. Probably an encoding problem when copying the text out of the forum post.
You're right. I investigated and webkit replaces the with U+00A0 (nbsp), whereas the original signed text just uses U+0020 (space). Which is annoying - arguably correct, but makes gpg verification on this forum more of a hassle. But anyway, I'm just pleased the signature is GOOD :)
-
I've just gone through my options and my white list includes sites like hotmail,google and yahoo.I have disabled java and silverlight in 'embeddings' but do I delete the obvious sites in the white list?These are there under the defult settings.
-
Thanks for the assurance DPR