Silk Road forums

Quote from: P2P on August 08, 2013, 01:03 am

Astor, can you please explain in what specific areas having a whonix VM is superior to tails+bridges? Also, on what OS are you able to have the whonix VM? Could one pad tails with whonix?

To the group: do you or do you not recommend VPNs? I had always assumed the general consensus was that these were the major layer protecting the user from their ISP. Either that or bridges, and quite frankly I don't like the bridge concept very much (trusting random IPs for so-called "secure" connection does not sit well with me, especially when anyone can start one). And now a mix operator? I have never even heard of the concept. We need to come to a consensus on a basic list of security features the average user should have, and an advanced list for users whose security is worth more to them. Personally, however I can improve  my security, I will do it. I would simply like everyone to agree on what is the most superior security option(s).

I think at the end of the day nobody wants to endorse any one particular option as if we all end up with the "best security" we end up with no security as LE only had to figure out how to crack one system.

I will endorse Qubes, Whonix and manual isolation with virtual machines. These techniques are the current cutting edge of computer security IMO. Some people will disagree, but thing is even if you had javascript enabled on a vulnerable version of the browser in a Windows VM, feds wouldn't have been able to pwn you if you had it isolated properly. Isolation is the final strong layer of security that keeps you safe when all else has failed, and not having it means that when all else fails you are fucked.

Quote from: kybzmsrf on August 07, 2013, 11:05 am

Quote from: theauconnection on August 07, 2013, 09:48 am

to our knowledge it is near impossible for "viruses" to jump from one partition to the next on your hdd so keeping any programs(.exe files) that may be susceptible to downloading or installing viruses should be stored and run from a separate partition to your o/s,
does a "exploit" work in a similar manner and will only infect the partition it is run from?

That's total bullshit. Spreading to different drives and partitions is what virii have been capable of since the very beginning of virus coding. It was their only mechanism to replicate and spread as the internet didn't exist in its current form.
An exploit doesn't infect anything. It's just a way to run a program with privileges you actually don't have. What the program does is up to you. Doesn't matter if it's malware, starts the calculator or installs the latest version of minesweeper. It can do anything the exploited process can. Also replicate itself and run itself as a distinct process.

Quote from: theauconnection on August 07, 2013, 09:48 am

this paired with encrypting all your drives and running tor from a encrypted portable hdd with nothing else on it would effectively be sandboxing

If you run something from an encrypted hard drive doesn't make a difference because a) most encryption happens transparently and b) it will not be encrypted anyways once it's been loaded into memory.
Also do you actually know what sandboxing is and how it works?

Quote from: theauconnection on August 07, 2013, 09:48 am

and would be as safe to use for SR as a program like oracle to virtualize a operating system to sandbox in(linux) or tails, provided you keep up with tor updates and have it on the correct settings?

If copying something to an encrypted partition would be just as safe as using isolated virtual machines why would people put effort into developing things like tails?

Quote from: theauconnection on August 07, 2013, 09:48 am

( both tails and linux are written in unix

dude... really?... That's like saying "novels are written in comics"

Quote from: theauconnection on August 07, 2013, 09:48 am

we have also neglected to mention a few more security measures involving ISP that are quite hard to do with any other o/s other then windows,
as it is not mentioned on these forums this is for our own safety:).....)

Assuming you mean IPS:
I don't see in which way windows would make intrusion prevention easier than other operating systems.

Quote from: theauconnection on August 07, 2013, 09:48 am

"backdoors" are also written in linux using unix syntax, this the first thing a hacker will learn to do,
so why use any system written in unix as most if not all hackers are extremely well versed in how these operating systems work,their flaws and how to get around them?

A "backdoor" with what I assume you mean a trojan can be written in any language that is suitable for the system it's to be installed on. Again you can't write stuff "in unix".
Open source software will always be safer and most likely more frequently updated than closed source software as flaws in open source software are easier to find for everyone and thus easier to fix.

You don't know shit about what you're saying here, go to some place where you can actually hear people when they laugh at you.

you have not really explained anything here and are just having a go man....
a viruses main purpose is to replicate itself yes, but it can only do this inside the partition it is infected with this is basic computing knowledge.....
saying tails is written is in unix more like saying a novel and comic are both written in English do u have any concept of syntax? and how that works? because that statement just shows how little you really know about computing....
linux and tails are both unix based systems and malicious programs are easily written with the terminal of the operating system so we would say that u can indeed write "stuff" with unix..

And no i meant ISP internet service provider...... you my friend are a complete fuckwit maybe should consider what you are saying before you post.

You are either a troll or fucking retarded

I made another two posts about this, but I made a mistake and then took a lot of time to explain it and kind of messed my thread up, so let me give this one more shot.

This guy seems intent on finding a Tor covert channel http://www.informatik.uni-trier.de/~ley/pers/hd/l/Ling:Zhen which means they would stamp your traffic from a compromised host like the FH bust, then look for it at the ISP level after it passes the other hops. Since we live in a fully Orwellian surveillance state now this is entirely feasible.

Usually those sorts of attacks are called watermarking or tagging attacks (the source of my original confusion and mistake), but I see now that watermarking attacks actually use covert channels, so it is not incorrect to call them covert channel attacks. In any case, watermarking attacks are not particularly worrying because the attacker still needs to see the watermarked traffic at entry and exit. On the Tor network, and most other low latency networks (all implemented ones afaik), passive traffic correlation attacks can be used to accomplish everything that active traffic watermarking attacks accomplish. In the past Tor Project officials have expressed the belief that people focusing on watermarking attacks against Tor are often confused, as they are not really adding new capabilities to attack Tor (since all watermarking attacks are no more effective than passive correlation attacks against Tor traffic).

Consider tunneling your Tor traffic through Jondonym mixmaster servers.

You are a bit confused, mixmaster is a high latency E-mail specific network. JonDoNym routing nodes are called mixes, but this is hotly debated terminology (nobody else calls them mixes) because they don't actually do mixing (mixmaster routing nodes, on the other hand, do indeed engage in mixing). That said, yeah JonDoNym is often seen as a better solution than most VPN providers.

A covert channel would be impossible to follow unless they could gain cooperation of all the servers in 3 different countries. Your ISP would see a VPN connection to Germany not any Tor traffic.

Here you are misunderstanding the goal of a watermarking attack. The attacker does not need to follow the traffic flow, if they had to follow the traffic flow through all hops there would be no real point to a watermarking attack. Watermarking attacks are so that in a scenario such as this:

Alice - Node 1 - Node 2 - Node 3 - Node 4 - Node 5 - Node 6 - Node 7 - Destination

Node 1 can watermark the traffic, and then when it gets to node 7 the watermark can be extracted. This allows the attacker who owns node 1 and 7 to link Alice to her destination without having to observe the traffic as it passes from node 2 to node 6. The watermark can be seen as being sent through a covert channel from node 1 to node 7, which is why I now see that it isn't really incorrect to call these covert channel attacks (but I don't think I have ever heard them that before, almost always watermarking attacks). The thing is though that if the same attacker owns node 1 and 7, they don't even need to insert a watermark at node 1, because all of the low latency anonymity networks are already weak to passive traffic timing correlation attacks.

does this fbi exsploit work with tails 19

No for two reasons, for one the browser in tails 19 is patched from it and for two it had a payload that only targeted Windows.

Quote from: kmfkewm on August 06, 2013, 01:14 am

I never said all drug use is legal only personal use. But I guess in Czech Republic it can actually get you a small fine. But in Uruguay personal use is totally legal, they don't even have a single law on the books against it, tho it is up to a judge to decide if an amount was personal use or not.

It is illegal in Uruguay until it is voted on in Senate in October. At the end of the year the law will be updated.

In Czech Republic it is a small fine, like a parking ticket, and not a criminal offence but a civil matter. This is de facto legalisation or "decriminalisation" i.e. not criminalised. You are not a criminal for getting a parking ticket. You are not a criminal for getting a fine for having drugs in your possession in Czech.

I think you are confused about Uruguay. Personal use of all drugs is already legal there, as in it has no law against it at all. They are voting to make it legal for the government to *sell* weed as well as for people to *produce* weed. All personal use drug use in Uruguay is as legal as can be, as in has no law what-so-ever against it.

Quote from: kmfkewm on August 05, 2013, 11:21 pm

Quote from: Nero on August 05, 2013, 10:28 pm

Are we sure that the only way to be exposed to the exploit is visiting an FH website while running a non-recent version of firefox/Tor on a Windows computer?

That seems way too specific for me to believe it.

Unless people who look up CP all use the same setup. It sounds like theyre just trying to round up the low hanging fruit because all of this is easily avoidable with even a modicum of electronic security.

It seems the vulnerability itself is exploited with javascript, so that is why only users with javascript enabled are affected. Who knows why they only targeted Windows, the same exploit works theoretically against Linux as well but the payload was analyzed and it makes several Windows specific OS calls and will not work on Linux. The attack is not a 0-day but rather an exploit that was published a little over a month ago, which explains why the most recent browser is not affected. It is entirely possible that they didn't want to release a 0-day for analysis, and most people using Tor are thought to be using outdated Browser Bundles on Windows. The attacker was probably pretty sure that whatever attack they used would be analyzed to hell and back by a shit ton of security researchers. Also, 0-day attacks are usually used for really really high priority targets, they are more likely to burn one of those on somebody who has like kidnapped a child and is holding them ransom, or a suspected terrorist, than they are somebody who is running even the biggest CP site in the world.

I would add, based on my reading of the exploit, that you would have had to visit the FH main onion address, the Tormail web site, and perhaps some specific CP sites hosted on FH. The exploit set a cookie and had to be run from each site you visited to update your Tor Browser cookies with a specific ID. I haven't seen any evidence that they served the exploit on all onion addresses that were hosted on FH.

I think the bigger issue for this community is all the intel they are going to gather from unencrypted Tormail messages.

To the best of my understanding they did indeed inject it into all sites hosted by freedom hosting.

What could they do, anyway?

You accessed a webpage that said "Down for maintenance".

Not a website that contained smut.

Surely, you can't get into trouble for accessing a webpage that contains nothing but "Down for maintenance", even if it was a CP website.

All they have evidence is that you accessed a webpage that had nothing on it when you accessed it.

In the past FBI has set up pages that had nothing at all on them, told people they were CP, and then busted any poor soul who happened upon them. They don't need to catch you in the act of having CP or distributing CP to be able to raid you for CP, at the very least they can make a good case against you for intent to possess CP. The thing to realize about CP is that in the process of loading a single CP page you have essentially broken a few hundred laws. Automatically you are guilty of at least attempt to download CP, attempt to transport CP, attempt to possess CP. If there are perhaps fifty images of naked 16 year olds on the page, for every one of those you will be charged and end up with 50 counts of downloading CP, 50 counts of possession of CP, 50 counts of transporting CP, 50 counts of viewing CP. If they really want to fuck you they will probably add 50 counts of importing CP and 50 counts of causing CP to cross state lines.nIf you used a proxy they will tack on evading the police, etc. If you use a proxy like Tor they might even triple your counts of transporting CP * 3 or * 6 to take into account each Tor node you caused CP to move through. Seriously, doing god damn anything with any amount of CP at all can be stretched out into hundreds of charges, it is absurd. Clicking a single wrong hyperlink and you can easily find that you are facing hundreds or even thousands of felony charges punishable by 5 years in prison each. Almost everybody who is fucked with CP in any context is facing a potential life sentence because of this. Now you are not likely to actually get a life sentence for a few reasons. The first is because the prosecution will drop 399 of your 400 charges if you plead guilty to 1 one of them, and there is an extremely high chance that you will do this, so you will only get 5 years maybe. But it depends on the type of CP you have, the amount you have, what you did with it, etc. The truth of the matter is that in 99% of CP cases, you WILL get whatever sentence the prosecutor and judge decide you deserve, and if you take it to a jury trial you will probably get life in prison. That is how CP works. In the vast majority of CP cases, you are facing 0 to life, and at the total mercy of the prosecution and judge. If you take it to a Jury trial you will probably get close to life. The USA has the harshest penalties for CP in the entire world out of all countries where any porn at all is legal.

Not only that but you will likely spend your time in prison being raped, beaten, tortured and generally degraded. Many people who take their case to a jury trial are sentenced to a life time of rape and torture. It is probably part of the reason why a large percentage of people arrested with CP end up killing themselves before it makes it to trial. That and the fact that even if the plead guilty and only serve a decade in prison, they will be registered sex offenders for the rest of their lives, none of their friends will like them anymore, they will be humiliated in their communities, forced to live in tiny ever shrinking zones to the point that eventually a lot of them just end up homeless living under bridges or in sex offender ghettos that are most similar to the ghettos the Nazis made the Jews live in. Nobody will hire them, they are banned from using the internet in many cases despite most of them being heavy to very heavy internet users prior to their arrest, they are humiliated publicly all the time, where ever they go, for the rest of their miserable lives.

Seems pretty fucking harsh for looking at some naked 16 year olds who are legal to fuck, but death to the nonces ahhhhhhhhh /me rips his eyes out and stomps on them screaming death to the pedophiles rolling around on the ground foaming at the mouth