Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 61 62 [63] 64 65 ... 249
931
Off topic / what is your IQ
« on: June 19, 2013, 12:45 pm »
I have had a professional IQ evaluation in the past, and the GIQ I obtained from this test is exactly the same as I obtained from my professional evaluation, so it is apparently pretty accurate. It asks for information at the end of the test, I just put fake shit, they  ask for your E-mail address but then it takes you to results without needing to answer any messages. You can take the test via Tor, and definitely should imo. It does require javascript though, yuuck.

www.funeducation.com/Tests/IQTest/TakeTest.aspx

932
Saying Methylphenidate is generic Methamphetamine doesn't even make sense...  ???
It was meant as sarcasm and all the chemistry and "web md" "wikipedia" info you guys want to throw in is not going to convince me that the pills I took for years and years was anything short of meth from a REALITY standpoint, meaning I took the shit for years and it effected me in every way meth ever did but to a greater extent.
  Specifically I mean it kept me up for way longer then meth did in it's "best days" with the record close to 2 weeks (followed by a week of sleep) also it would paralyze me completely if I ran out a few days before the new script. Meth withdraw is some lazy unmotivated days but the withdraw from that shit was 10x worse if suddenly ran out.
  Also the euphoria was way better then meth at its finest.

if x or y then z, therefor x == y logic only works on people when arguing about emotionally charged topics.


It's the same shit only the pills are better if you ask me. It's hilarious that you think it's so different. Have you ever been prescribed to it? Or are you just talking out of your ass here?

Maybe he has looked at their molecular structures. Methylphenidate isn't even an amphetamine.

ADD or ADHD is NOT a disease! it is a behavioral characteristic treatable through parenting technique and better teacher training would be of better outcome then simply feeding children speed.
 There is a bunch of BS and bad science feeding the monster and I suspect the billions of $$ the drug mfgs rake in every  year has some influence across the board.

Although ADD and ADHD are likely greatly over diagnosed, they are indeed diseases.

933
inb4 50 book-length posts by kmf.

Haha I would +1 you if I had not already done so earlier. But in all seriousness, I don't need to post a 50 book length post. It is not surprising at all that uneducated and emotional anti child porn crusaders would pressure Russia to take action that would victimize dissidents in a misguided attempt to make engaging in completely legal behavior that they disagree with impossible, while ignoring the fact that Russians don't need Tor to go to CP sites due to the fact that CP is not illegal in Russia and that the Russian version of Facebook has as much CP on it as Tor does. Whatever lets them pat themselves on the back for thinking they protected children I guess. Of course it is worth noting that countries with legalized child porn possession have significantly lower rates of child molestation, so it is a bit strange to me that this anti-pedophile group apparently wants to pressure Russia into causing more children to be molested, but thankfully for all of the Russian children people in Russia don't need Tor for CP and therefor only dissidents will be harmed, not pedophiles or children.

934
Quote
MOSCOW, June 18 (RAPSI) - Sergei Zhuk, the leader of the Bounty Hunters, a group that aims to combat pedophilia through the detection of child pornography, has asked Russia's Interior Ministry and communications agency Roskomnadzor, to restrict access to the anonymity network known as Tor, Izvestia reports on Tuesday.

The Tor software enables online anonymity by directing traffic through a worldwide volunteer network which makes it more difficult to trace Internet activity. This technology, developed by the US Naval Research Laboratory for its own purposes, was declassified in 2002 and handed over to civilian programmers for further development.

According to Zhuk, Tor is primarily used by people creating illegal websites, which cannot operate in the legal framework. In his letter, he provided examples of online anonymity being used for mala fide purposes, adding that the .onion domain zone already contains multiple websites for pedophiles.

The activist believes that Russians consume a large portion of the content.

In the closing part of his letter, Zhuk give his recommendations on how to block Tor in Russia.

Roskomnadzor has confirmed that they have received Zhuk's letter and they are currently considering the information. The Interior Ministry's press office said they have not yet received such a letter.

Bounty Hunters is a public association which detects child pornography on the web. The group became well known in September 2012 when it criticized Russia's largest social networking website, VKontakte, claiming that it hosted a large amount of child pornography.

I wonder if he knows that it isn't illegal to view or possess child porn in Russia.

935
Security / Re: Got a new laptop need to make it secure
« on: June 19, 2013, 10:24 am »
Whonix and Qubes are somewhat similar, the primary difference being that Whonix focuses on isolating Tor and the web browser whereas Qubes focuses on isolating everything. They both use virtualization to achieve isolation and they both offer strong protection from hackers deanonymizing you by pwning your browser. Qubes just has a much broader focus. I would suggest giving Qubes a try, but if you find that it is not suited to your needs, or if you find it too difficult to use, Whonix is a solid alternative. For the most part I would strongly suggest using either Whonix or Qubes over using something like Liberte or Tails. But you do need to keep in mind that the focus is different.

Tails: Focus is on not leaving any forensically recoverable traces, being highly portable, best suited to people who use a wide variety of wireless access points. Keep in mind that if you opt to use persistence, then you are not fully protecting yourself from leaving forensically recoverable traces. I find persistence to be almost contradictory to the original goal of Tails, making it more similar to Liberte now (although I think Liberte at least supports persistent entry guards).

Liberte: Focus is on being a portable light weight OS oriented towards simplicity of use and basic security. This is what the focus of Tails seems to have shifted toward as well, at least when it is used with persistence.   

Qubes: Focus is on protecting yourself from hackers and providing very strong security via user defined and potentially very intricate virtualization based isolation policies.  This can be utilized to encompass all of the security goals of Whonix and more. 

Whonix: Focus is on protecting yourself from hackers and providing very strong security via virtualization based isolation of Tor and your browser. The primary focus is to protect your IP address from hackers, although isolation of your browser will also protect your private keys / plaintexts provided that you encrypt with GPG on the host. For the most part Whonix is probably adequate for most of the people here, Qubes is definitely a lot more capable but Whonix does address the primary concerns.

936
Security / Re: A warning about antivirus programs
« on: June 19, 2013, 09:43 am »
They're crap. They don't work. If you use Windows, you should make a rescue disk now, because if you get infected with malware, the only way to be sure you get rid of it is to format the hard drive and do a clean reinstall of the OS.

In the vast majority of cases you are correct, but technically even wiping the drive and doing a clean install of the OS is not enough to ensure you have removed all malware. In many cases it is possible for malware to infect your video card, your mouse, your keyboard and anything else that has reflashable or persistent memory on it. Some mouses these days have their own CPU's and on board memory! In such a case it is possible to have a totally cleaned drive and freshly installed OS, and to get reinfected via your infected peripherals and other hardware.
 
Quote
JS can't deliver malware without the user clicking Run in a dialog

Javascript can be used to deliver malware via browser exploits.


937
Security / Re: SR Risk Analysis for Buyers
« on: June 19, 2013, 06:55 am »
http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm02052.htm

Quote
Rather, the prosecutor need only disclose evidence favorable to the accused that, if suppressed, would deprive the defendant of a fair trial. Id. at 675. That necessarily does not include inculpatory evidence, no matter how helpful such evidence might be to the defendant in preparing his/her defense.

so apparently the government has no legal requirement to disclose intelligence that doesn't exonerate the suspect, unless they plan to use said evidence in court.

938
Security / Re: SR Risk Analysis for Buyers
« on: June 19, 2013, 06:42 am »
Evidence in a drug case will always be in the form of the intercepted drugs, but the intelligence that leads to the interception taking place could be from a wide variety of different things, and it may never be revealed.

Now I'm not a lawyer but doesn't the prosecution have to reveal it's information during discovery?

I believe they have to reveal all of their evidence but not all of the intelligence they used to obtain the evidence. A quick search turns up the following Wikipedia page:

https://en.wikipedia.org/wiki/Brady_disclosure

Quote
Brady disclosure consists of exculpatory or impeaching information and evidence that is material to the guilt or innocence or to the punishment of a defendant. The term comes from the U.S. Supreme Court case, Brady v. Maryland,[1] in which the Supreme Court ruled that suppression by the prosecution of evidence favorable to a defendant who has requested it violates due process. Following Brady, the prosecutor must disclose evidence or information that would prove the innocence of the defendant or would enable the defense to more effectively impeach the credibility of government witnesses. Evidence that would serve to reduce the defendant's sentence must also be disclosed by the prosecution.

    The prosecutor must disclose an agreement not to prosecute a witness in exchange for the witness's testimony.[2]
    The prosecutor must disclose leniency (or preferential treatment) agreements made with witnesses in exchange for testimony.[3]
    The prosecutor must disclose exculpatory evidence known only to the police. That is, the prosecutor has a duty to reach out to the police and establish regular procedures by which the police must inform him of anything that tends to prove the innocence of the defendant.[4] However, the prosecutor is not obligated to personally review police files in search of exculpatory information when the defendant asks for it.[5]
    The prosecutor must disclose arrest photographs of the defendant when those photos do not match the victim's description.[6]
    Some state systems have expansively defined Brady material to include many other items, including for example any documents which might reflect negatively on a witness's credibility.[7]
    Police officers who have been dishonest are sometimes referred to as "Brady cops." Because of the Brady ruling, prosecutors are required to notify defendants and their attorneys whenever a law enforcement official involved in their case has a sustained record for knowingly lying in an official capacity.[8]

So in summary they must reveal if they have evidence against the defendant that they plan to use in court, and they must disclose if they have information that could prove the innocence of the defendant. If law enforcement obtains information from a human intelligence agent that a suspect will be transporting drugs, and then the police monitor the suspect and pull them over due to a routine traffic violation, I do not believe they need to disclose that the original reason they pulled the defendant over was because of intelligence that they were transporting drugs. The defendant still broke a traffic law and was legally pulled over, if the officer then smells drugs or believes the suspect is 'acting suspiciously' or whatever, the car could then be searched and evidence found. If they don't believe they need the testimony of the undercover agent, I don't think they will even mention the existence of the undercover agent, as doing so would identify their intelligence asset needlessly, and it doesn't appear to be required as testimony from the undercover agent would not prove the innocence of the suspect (but rather the guilt).

I also am not a lawyer though and if a lawyer corrects me I will stand corrected. I have seen several examples of cases where it appears that intelligence was used to obtain evidence, without the intelligence ever being disclosed.

939
Security / Re: SR Risk Analysis for Buyers
« on: June 18, 2013, 05:54 pm »
Quote
  C. Are you getting bitcoin using a method that is under scrutiny from LE?

Which methods exactly are under the most scrutiny? 

Quote
LE orders a package and gets the vendor's city. I calculated the average density of Tor users in the United States, based on my estimate that there are 250,000 monthly Tor users in the US (the global numbers vary too much by country to be useful). That's about 80 in a city of 100,000, and 800 in a city of 1 million. Actually, the number of daily connecting users is 80,000, and some of them are different people on subsequent days, so the number of people who connect every day like a typical vendor is probably more like 60,000. That's 20 people in a city of 100K, and 200 people in a city of 1M.

LE works with the local ISP to identify these users by watching for connections to entry guards, a list of about 1200 IP addresses. From there they correlate the people connected to entry guards with the vendor's online activity. They could send messages to the vendor and look at the response times, and if the vendor posts on this forum, look at the post times. Anyone not connected to the Tor network at the time of a vendor activity is not the vendor (or so they assume). They could exclude most of those Tor users in a short period of time, probably a couple of weeks. They wouldn't be able to exclude everyone, because some people are always connected, but if they have a list of 5 to 10 people, and the vendor is pushing a lot of weight, it could be worth investigating all of them through traditional means to find the vendor.

This is quite scary to me and I am not a vendor.  Could small-time buyers also potentially go down using this technique?

No; this scenario depends on having a basic geographical location to start within -- as described, they get that by ordering a package and finding all the Tor users in the originating city. Unless you order from a cop, they aren't going to have a city to start from.  I also can't imagine they'd ever bother for somebody buying a few dime bags here and there, etc..

Yep. The attack Astor pointed out is a very real concern for vendors, but not at all for customers. In addition to needing the rough geographical location of the target, the attacker also needs to go to quite a bit of trouble to carry the attack out. It is unlikely that they would bother going to so much trouble to bust somebody who is only buying for personal use, but they couldn't even if they wanted to because they don't know the rough geographical location of customers with enough precision that they could even get started. And if they do know where the customer lives to a small enough radius that this attack would be realistic, chances are they already have the customers address anyway. For a big vendor it is a totally different story though. Even more worrying is that they may be able to enumerate Tor clients simply by long term observation of the directory authority servers (ie: without cooperation of ISP's local to the vendors area of operation). This is prevented in cases where vendors use bridged connections, as bridges act as directory guards as well. Bridges also make it less likely that a vendor will be detected as a user of Tor even in cases where the attacker gains the cooperation of the vendors local ISP's.

940
Security / Re: SR Risk Analysis for Buyers
« on: June 18, 2013, 05:33 pm »
The best thing you can do to protect yourself from getting arrested is to order amounts that are small enough not to get you CD'ed.

There are two potential strategies imo.

The first strategy is to keep your orders so small that they are unlikely to be detected, and that if they are detected you are not likely to get CD'ed. Certainly smaller orders are less likely to be intercepted, and indeed they are also less likely to get you CD'ed (although I would never count on that for specifically scheduled drugs higher than schedule 3, regardless of the amount). This strategy is also beneficial in that in the case of an interception, the charges that can be brought against you will be relatively less severe than if you order large amounts.

The second strategy is to order large amounts infrequently. If you order 1 hit of LSD every week, it is less likely that any of the individual hits will be intercepted (although LSD is not the best example, since even sheets weigh very little and can be disguised as letter mail), but due to the frequency of ordering it is possibly more likely that SOME of your individual hit orders will be intercepted. If you order 100 hits of LSD once every two years you are much more likely to be charged for it if it is intercepted, and the charge will be much more serious than if you had ordered a single hit. Additionally, with many drugs, ordering two years worth of it at a time is going to result in a shipment that is more likely to be intercepted than a single dose of the drug would be. The advantage is that now you only need to get 10 shipments over 20 years to keep yourself supplied with LSD, versus getting 96 shipments through over the same 20 year period if you order one weeks supply at a time.

I have generally gone with the second strategy, ordering a year or two supply of drugs at a time. I can totally see the validity of your strategy though. Your strategy is also the strategy a friend of mine uses. Usually he orders a months worth of drugs at a time. This means that he receives many packages, but they all contain relatively small amounts. On the other hand, I tend to buy drugs a year or so in advance. This means that I get large shipments, but much less frequently.

941
Security / Re: SR Risk Analysis for Buyers
« on: June 18, 2013, 05:11 pm »
Although interception due to screening or random chance is likely the most common reason for a customer to be arrested, we must keep in mind that we may not know the cause of an interception. It is entirely possible that some interceptions that appear to be due to screening or random chance are actually due to technical attacks or even more likely human intelligence. I have seen cases where multiple large shipments to different people were sent out at the same time, and all of them were intercepted. There are many possibilities of how this could have happened. It could be that they were randomly screened for contraband, it is possible that they were flagged, it is possible that one of them was intercepted and the others were identified due to sequential tracking numbers, it is possible that the one that was flagged was flagged because tracking was checked with Tor, it is possible that an undercover compromised the shipper, etc etc. In a case where a technical attack leads to an interception, it is entirely possible that the technical attack that leads to the intelligence will never be revealed in court even. There is a big distinction between intelligence and evidence, intelligence points the agents to where they must look for evidence. Evidence in a drug case will always be in the form of the intercepted drugs, but the intelligence that leads to the interception taking place could be from a wide variety of different things, and it may never be revealed.

It is similar to when people are 'randomly' pulled over and subjected to a drug search. In some cases they may have committed a minor traffic violation and been pulled over for that, in some cases they may have acted in a suspicious way and been flagged for that. Indeed, in the majority of cases somebody arrested for transporting drugs via a vehicle will probably have originally been pulled over for unrelated traffic violations or for having been behaviorally flagged. However, in many of the cases they will have already been identified as having drugs due to human intelligence, or due to technical intelligence, but this will not be revealed if the conviction can be obtained based upon the evidence obtained during a 'routine' traffic stop.

942
Security / Re: Got a new laptop need to make it secure
« on: June 18, 2013, 08:36 am »
It depends on what you are looking for. Tails and Liberte have the primary goal of not leaving any forensically recoverable traces after you shut down. In some ways this can be even better than FDE, primarily there is nothing encrypted for you to be forced to turn over encryption keys for. On the other hand, if you use persistence then you are back at using FDE. Tails has a MAC spoofer for breaking linkability between WiFi access points and sessions. Additionally, Tails also doesn't keep entry guards for Tor which removes a fingerprint of entry guards if you use WiFi from multiple different access points (or even the same access point over sessions). On the down side, not having entry guards means that you will be much more quickly traced in the first place. I see Tails as being largely a mobile OS, for somebody who uses WiFi from many different access points.

Whonix is more focused on preventing you from being traced by hackers than it is on making sure that it doesn't leave behind any forensic traces of what you did. It does this by isolating the browser away from Tor, and also such that it is unaware of its external IP address. You can still use FDE to prevent forensics teams from recovering logs and such, however you could be held in contempt of court if you refuse to turn over your passphrase, depending largely on where you live and how badly they want you. There is also always the risk that you could be subjected to a cold boot attack or similar.

I personally lean more towards Qubes than anything, it has functionality really similar to Whonix but it takes it several steps further such that everything is isolated into its own user defined security domain. This means you can protect your private encryption keys, your external IP address, Tor, etc. It also has advanced features such as hardware isolation, and a variety of different security tools based on its isolation techniques.

943
Security / Re: Liberte Vs Tails Vs Ubuntu?
« on: June 18, 2013, 04:44 am »
I think TAILS supports persistent entry guards now, but it did not the last time I used it so I am not positive.

No :(

Are you sure? It definitely has persistence now, so I don't see why you cannot have persistent entry guards.

https://tails.boum.org/contribute/design/persistence/

944
Security / Re: Plain text addresses
« on: June 18, 2013, 04:37 am »
Quote from: me
Alright I lied, I'm not done.  This anger and these insults are unbecoming, and I would like to apologize for them.  Here is my calm response:

I also would like to point out that I am not angry at you, and that insulting you was not my primary goal. I merely wanted to express some irritation I had with some of your posts, indeed with a very tiny minority of your posts. I don't have any problem with you at all and don't want to fight with you (although I do love to debate things!), and I probably should have expressed myself in a less hostile way. So I apologize for any hostility perceived from me.

Quote
I did not intend to ever, at any time, state that Privnote is universally as secure as PGP encryption.  If that is what you believe I meant, then you were absolutely correct in making sure to point out I was wrong.  If what I said sounded like I really meant that, then some of the fault is indeed with me.  That statement is a false one.

Yes that is definitely how I took what you said.

Quote
Again, I didn't mean to say that.  Now is there anything you would like to continue arguing about?  Because I believe that is the root of this disagreement, and whether you like me or I like you aside, I believe that the discussion is done.  I am, however, here and willing to participate in it further if you desire.  So: are we done?

I didn't mean to insult you personally, out of all of your 2,077 posts there have only been about 5 that bothered me. I just wanted to let you know how irritating I found you to be in those 5 posts, is all. If you want to continue arguing for or against javascript based cryptography, or related things, then I am game for that. However, otherwise I don't really care I think we both made all of our points related to Privnote and each other lol.

945
Security / Re: Plain text addresses
« on: June 18, 2013, 04:19 am »
... you are a fucking... retard.  I mean you really are like some fucking idiot savant pedophile, aren't you?

I pretty openly admit that I am mildly autistic, with traits of savantism, in addition to being non-exclusively ephebephilic, which is colloquially considered to be pedophilia in a minority of the world. If you meant that as an insult to me it didn't really come across as such. 

Quote
1. I do not know more about cryptography than you do.  You know more about it than me.  I freely admit that.

I am not trying to compete with you. Mostly I am trying to get you to start reading things through before you comment on them. This was the straw that broke the camels back for me. It was also the most insidious of your misconceptions, if you think Zerocoin is impossible it doesn't really matter, but when people hear a respected member of the community say that Privnote is just as safe as GPG it leads to very real insecure practices.

Quote
2. In the real world, my friend, you have tasks that need to be accomplished.  To say a tool is unsuited to a task when it can accomplish it is blind idiocy.  To say it is NOT THE BEST tool for the job is perfectly rational, but it is what goes into that conclusion that matters.  WHO GIVES A FUCK IF JAVASCRIPT IS SLOW AND INEFFICIENT AND FUCKING BLOWS TO WRITE?!  Does it get the job done -- yes?  Then who gives a fuck -- other than you, nobody sane should.

You are not comprehending the problems with javascript. Javascript being slow doesn't matter, javascript not being able to carry out operations in fixed units of time makes it unsuitable for cryptography. Javascript can not accomplish a secure implementation of a cryptographic algorithm. You can implement AES to specification in javascript, but the fact that it is implemented in javascript will make it an insecure implementation even if it perfectly follows the specification. The articles I linked to also point out a variety of other issues, ranging from lack of secure CSPRNG, lack of ability to protect from MITM attacks, etc. Javascript crypto is death by a million side channel attacks. I don't even claim to be a professional cryptographer, because I am not one. I know enough to implement some basic block ciphers, pseudorandom number generators, etc, but I sure as hell cannot design something like AES or even implement something like AES. But I listen to professional cryptographers, and the thing I always hear from them is that javascript and cryptography do not mix. Interpreted languages and cryptography do not mix. You can end up with something that looks like it works, and something that follows the specification, but the inherent weaknesses of the languages run time environment will side channel the shit out of the cryptosystem. Browser based javascript is even worse, in addition to having all of the problems of javascript it also has the weaknesses to MITM etc that come from it being browser based.

So to answer your question: professional cryptographers give a fuck. The people who don't seem to give a fuck are people who know how to program in javascript and write web applications, but who have absolutely zero education in programming cryptographically secure applications. It seems everybody who knows how to program thinks that they are inherently a cryptographer because of it.


Quote
This is fucking pointless, I'm not going to itemize pages and pages and pages that have NOTHING TO DO with what I said.  No one in their right mind would claim Javascript is BETTER than any other language for crypto.  But how many languages does EVERY FUCKING BROWSER in the world implement?  Javascript is about the only fucking one.  Therefore it was the right tool for the job of Privnote.  I don't understand why you don't get that or why the fuck you would try to argue about it?  I mean you do understand how browsers and interpreters work... right?

You are the one who clearly doesn't understand how interpreters work, and how that is contradictory to the goals of cryptographically secure programming.  Privnote is an extremely poorly designed cryptosystem that was written in a language that shouldn't be used for implementing cryptographic algorithms in, in the worst way they could have used the language to implement their broken system. I do understand that javascript was the 'right tool' for the job of Privnote, but what you don't seem to understand is that the right tool can sometimes make the wrong product. A hammer is the right tool to make a wooden box with, it doesn't mean you should build a wooden box with a hammer and then try to use it as a submarine. It also doesn't mean that you can build a submarine with a hammer.

Quote
You are a truly pathetic little man, my friend.  I sincerely hope you enjoy your life.  I really do.  And with that I am done.

k thanks

Pages: 1 ... 61 62 [63] 64 65 ... 249