Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 162 163 [164] 165 166 ... 249
2446
Security / Re: So am I being anonymous enough? How can I learn to ship.
« on: July 15, 2012, 09:26 am »
Quote from: fuckthepolice101 on July 15, 2012, 05:14 am
Using public wifi hotspots is not needed when you use tor. If you understand how tor works you will realize that connecting from a public wifi spot is being paranoid.cs

Things you should be more worried about than what connection you use when accessing the tor network:

-Trojans/keyloggers on your machine
-shoulder surfers reading your screen
-narcs, rats and informants
-fingerprints, hair and other forensic evidence  in/on your packaging
-items that have identifiable signatures in your packing (examples: if you use a unique type of envelope that is only available at one store. the use of specialized fonts for lablers that can only be purchased from a single online store, invisible ink 'fingerprints' from color printers that give the serial number/make/model of printer that was used)
-a routine that allows LE to predict your movements
-opening your fat mouth to people about your private business

these are just a few that come to mind.

As far as being secure - tor is not the weakest link in the chain (imho)

Using random WiFi in addition to Tor is strongly complimentary. Tor is very good at keeping some x% of your sessions anonymous some y% of the time against most attackers, but these numbers are not 100 even against relatively weak attackers. If you surf Tor for a year maybe the attacker deanonymizes one of your sessions. This is not extremely unrealistic, and is actually probably likely to happen to at least some of the people surfing silk road in a given year, even with a relatively weak attacker. If the dreaded day comes that the attacker deanonymizes one of your sessions while you are visiting SR, you are fucked if you are using your home connection but you are still quite likely to maintain anonymity if you are using a random WiFi hotspot and taking the proper precautions while using random WiFi. So although it is definitely not absolutely required that you only connect from random WiFi access points, it does offer a significant amount of additional protection and I would suggest that bigger vendors in particular seriously consider never connecting to SR from an access point that can be tied to them.

2447
Security / Re: Removing all traces of Tor without complete format
« on: July 15, 2012, 09:18 am »
Quote from: ecspl0ded on July 13, 2012, 01:18 pm
complicated topic

the only sure way to remove all traces is to remove your hard drive and take a sledge hammer to it

I'm no expert, but traces are probably left everywhere. Perhaps you still have a page file enabled? disk erasor tools don't work with SSD drives and there are many caveats of usage -- personally I would say if you are even considering using one of these tools you should consider yourself compromised.

if you are only buying personal amounts of drugs over the internet though, who cares?

Taking a sledge hammer to your drive is exactly what forensic data recovery people want you to do. They can recover data from severely damaged drives but they have a much much much harder time to recover data from a drive that has been overwritten even once. The best method is to overwrite once on track center and once off center using firmware like ATA secure erase. There are currently not any known techniques for recovering data from drives wiped in such a way, but spin stand microscopy will pull a fuck ton of data from a drive that is smashed into even a thousand pieces with a sledge hammer.

2448
Off topic / customs officer arrested for buying drugs off silk road - one other arrest too
« on: July 12, 2012, 06:33 pm »
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10819029

Quote
A Customs officer has been found to be a member of a secretive online marketplace which offers global delivery of illegal drugs, pornography, firearms and fake passports.

The officer, who has name suppression, has already appeared in Waitakere District Court on several methamphetamine-related offences, including supply of the class-A drug.

But the Herald understands that when police seized his personal computer, he told them they would find software and electronic history showing access to a hidden site called Silk Road.

Authorities worldwide have struggled to combat the site's growing popularity because encrypting software makes it difficult to trace or identify its users.

Silk Road claims to be an anonymous online marketplace where electronic currency is used to sell and buy illegal drugs and contraband - from cocaine or LSD to fake passports.

A sister site called The Armory offers weapons and ammunition.

They function just like legitimate online shopping sites and feature sellers' profiles detailing their trading history and customer feedback.

Article continues below

Sellers offer to vacuum-seal and post orders internationally, with a false return-to-sender address.

Yesterday, a NZ Customs spokeswoman - when asked if the site had affected attempts to import drugs - said there had generally been a significant increase in interceptions.

But the volume of drugs found on each occasion was often less than normal, meaning the total seized had not grown significantly, she said.

In a post on Silk Road's forum this week, an "official New Zealand thread" warned fellow Kiwis to keep a low profile.

"The more we boast about it, the easier our mail becomes to profile and target and we would be stupid to think that law enforcement doesn't browse these forums."

This year, a Dunedin university student and his associate used the site to arrange for 165 Ecstasy pills to be mailed from the Netherlands.

The drugs were intercepted by Customs and the Herald understands they were found to be pure MDMA - a rarity for Ecstasy in New Zealand.

The 18-year-old told police that he agreed to let the pills be sent to his address to help fund a 12-month exchange trip to Canada.

The extent of the Customs officer's use of Silk Road is unclear.

The Herald has been told that he claimed he used the site as research for his work. However, it is understood the Customs Service decided this explanation was unlikely.

Yesterday, the officer told the Herald he "wasn't using" Silk Road.

When asked why it was on his home computer, he said: "I knew about it, because I worked for Customs. But since I have name suppression, I'd like to make no comment".

The Herald accessed Silk Road and found a sidebar showing categories of listings.

There were more than 2000 listings for drugs such as cocaine and cannabis, with accompanying pictures, price-tags and product descriptions.

Forged drivers' licences and passports were among other offerings.

One US-based trader was selling custom-made John Key blotters - preprinted sheets of blotting paper that can be dipped in an LSD solution - "for all you Kiwi bastards".

Increased media attention has led to the site's community growing and, with that, a rise in scammers.

Last month, the Customs officer appeared in court on a total of 11 methamphetamine-related charges.

It is understood the man's alleged offending was uncovered during police inquiries into another crime.

The alleged offending was not directly related to the man's work.

Although the amounts of methamphetamine involved were small, a decision was made to press charges because of the nature of the man's employment.

HOW IT WORKS

* Silk Road is accessed through browsing software called Tor - The Onion Router - which bounces users' connections off multiple servers worldwide. This is said to make identity untraceable.
* Tor was developed by the United States Navy, and has been hailed by campaigners as a way to retain free speech and avoid censorship.
* Two US senators have urged the United States Attorney-General to crack down on Silk Road and the digital currency that enables purchases on it, Bitcoins.
* Goods on Silk Road can only be bought using Bitcoin, an independent online currency.
* The peer-to-peer currency, which works via a piece of open-source software, aids anonymity on Silk Road because it is not linked to any institution.
* Bitcoin developer Jeff Garzik has previously said that because the currency log is public, it's possible that buyers could be tracked. "Attempting major illicit transactions with Bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb," he told Gawker.com.

2449
Off topic / Re: the ascii art thread
« on: July 12, 2012, 06:05 pm »
on a kinder note:

Code: [Select]
  jP _*"_*" a@"_*" _m^"_a*^"__gw***^^^^^^**mu___"^m,_"*s_ 9w_"*_ "u_"u_"q_
 p" p" p" j@ j*"_w^"_w^"_a*^""                ""*m__"*u_"N, "q_"h_ 9g 9p 9p
  _@ _P _# _A"_p" w@"_w@"     ___aww   mwu___      "Ns_"*_ 9s "q_"b_"b_`b `
 jP j" g" p" j" w@ _*"    _a*^"___ga   ug___"9*u_     "q_"*_ N_ 9p 9_ 0_ b_
 F j" g"_@ ,A _@ _*"   _wM"_a*^""___   ,___"9*u_"9w_    "u_"b_`b `b 5p 9_ 0
  j" d jP jF g" g"   _p" a*"__m*""__   ,__"^m,_"*s_"q_    9_ 9_ 0_`b "L 9_
 jF g^ @ jF g" d    jF a@ _*"__*^""_   __"9*,_"N_ 9u "s    "M Np 0 `h 3p 0
 0 jF g  @ j" 0    g" p"_p"_p" _m*""   ""^m__"q_"*_ 4_ b    `L 9_ b dp 0  k
 F 0 jF d  F j^   g" # j@ jF a@"_m*"   "*u_ 9u "s ?p 0_ b    9p # ]L 0 `L 0
  jF d  F d  @   jF d  @ j" g"_p"_a*   *u_"*_ 0_`k 9p # `L    # ]p # jL # j
  jL # jL # jL   d  F d  @ j^ # jF j   s 5p 0  # 7p # ]r #    0  # 0  # 0
  t  # t  # t    0 jF 0 jF 0 jF 0  "   `  B jF 0 jF 0 jF 0    t  # t  # t
  t  # ]p # ]p   0  # 0  & t_ # `         " d  @ jL # jL #    d  # d  # J
  JL 0 JL 0 JL   `L 0  L 9_ 0      m   m    " d _@ jF 0 jF    0 jF 0 jF 0 j
 p # ]p 0 `L 0    0_ b ?M 9      *u_   jm*      # jF g" 0    jF 0 jF d  F j
 & ]p # `L 0_ b    0_ b_"^   __"*w__   __a*" _    " J" 0     @ jF 0 jF d  @
 9p 0 `k 9_ # `L    9p "    __"*u___   "__a*^"_s   " jP    _0 jF j" 0 jF d
  0_ b dp 9_ 0_`b_       -u_ "*u__""   ""__a*@"_w-        j@ jF j" g _@ jF
 _ 0_`b "L ?p 9_ 9g     *u_"9*u__"""   """__a*^"_a*     _p" g" J" d _@ jF j
 9_ 0_ b_`b_`q_"q_ *,     "9mg__""^^   ^^""___m*"     _y" j* j@ _@ jP jF j"
  9p 9_ 9p 9_ "u_"q_ 9u_      """^*m   e*^F""      __*" a*"_*" p" p" g" p"
 b_`b_"6_"q_"*_ "q_"*u_"9m,__                  __a*" _w@ j*" w@ a@ _# _@ _#
  A_ 9g 9L "*_"*s_"9w_"9m__""**ug__________aw*^""_a*""_*" _m" a*  D.H. 1992

bah this thread is rather pointless as there are already big archives of the stuff where formatting is not so easily fucked up (where I got this peace sign from, for example). However I wanted to draw a transexual DEA agent with a small wiener, so that's that I guess.

2450
Off topic / the ascii art thread
« on: July 12, 2012, 05:50 pm »
.
 .
  .
   .
    .
     .       
      .
       .
        .
          .
            .
              .
                   .
                       .
                        $    .
                         $         .
                          $                  .
                           $                          .
                           $                                     .
                           $                                               .
                           $                                                          .
      _________$___________                              |### .
     |       |-------/     |~~~    ^         |                                |#####  .
$$|      |        /      |~~~  | _ |       |                                |###### .
     |       |___/       |~~~  |    |       |                                |### .
     |    _________________ |                                       .
                                                                                       .
                                                                                     .
                                                                                  .
                                                                               .
                                                                            .
                                                                           .
                                                                           .
                                                                          .
                                                                          .
                                                                          .
                                                                          .
                                                                          .
                                                                          .
                                                                          .
                                                                          .
                                                                           .
                                                                           .
                                                                            .
                                                                            .
                                                                            .
                                                                             .$$$
                                                                             .$$$
                                                                             .$$$
                                                                              |             ())))))
                                                                               #####()()()()))
                                                                              |             ((()))))
                                                                              (OO)
                                                                             .
                                                                              .
                                                                              .
                                                                               .
                                                                               .
                                                                               .
                                                                               .
                                                                               .
                                                                               .
                                                                               .
                                                                                .
                                                                                .
                                                                                .
                                                                             .
                                                                         .
                                                                      .
                                                                 .
                                                             .
                                                         .
                                                     .
                                                  .
                                                 .
                                                 .
                                                 .
                                                 .
                                                  .
                                                  .
                                                 .
                                                  .
                                                  .
                                                  .
                                                 .
                                                 .
                                                  .
                                                    .
                                                    .
                                                    .
                                                   .
                                                .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                             .
                                              .
                                           .
                                             .
################################
################################
################################
################################
################################ 

2451
Security / Re: PrivNote Key Flaw - GreaseMonkey Script *UPDATE*
« on: July 12, 2012, 08:29 am »
Ah wasn't aware that they were doing it in such a way , that does make it much safer than I thought it was although nothing stops them from changing the javascript.

2452
Security / Re: PrivNote Key Flaw - GreaseMonkey Script *UPDATE*
« on: July 12, 2012, 07:42 am »
The decrypted message must be available to privnote, there is no such thing as entirely server side encryption that is secure from the server providing it. If I understand privnote correctly, the key to decrypt is in the URL. So they generate the key for you. That means they have access to the plaintext.

2453
Off topic / Re: Would the government spread propaganda through discussion forums ???
« on: July 12, 2012, 07:26 am »
Well I don't imagine they spend hundreds of millions of dollars on persona management software for nothing

http://dissociatedpress.com/2011/02/on-the-internet-nobody-knows-you-are-a-personality-management-software/

Quote
.....“persona management” software that allows the user of the software to appear online as an army of commenters to manipulate opinion and erode online trust, much like Digg Patriots.  It’s questionable how effective the tool would be at this point in terms of creating credible personas, but what is actually more worrying about this kind of tool is the latter notion. We’re already bombarded daily by various forms of phishing attempts, but what if all our social network interactions, blog commenting, and Twitter/RSS feeds were partially tainted by an intelligently-crafted stream of consensus manipulation, as that DailyKos piece suggests? Oh, and by the way. The US government is an interested customer. I look forward to your comments, even if you ARE just a piece of sentiment-manipulating software.

The past year or two in particular they have been spending a lot of money and time on software that lets a single agent easily manage hundreds of nyms with distinct personality characteristics. The two primary purposes I can think of for such software are increasing human intelligence capabilities (instead of a case officer managing 100 paid human intelligent agents, they can simulate being 100 human intelligent agents on the internet by using the software), and of course polluting the view of consensus on the internet in psychological operations.

2454
Security / Re: quick privnote question
« on: July 11, 2012, 01:01 am »
Quote from: Guru on July 10, 2012, 09:21 pm
Quote from: Drewington3258 on July 10, 2012, 08:19 am
My Vendor request I use it instead of PGP - just a one off.

1. Do I need to access it via tor.

2. If so, it says I must have javascript enabled to use it. How?

Pardon my technical incompetence.


Many thanks.

As a customer, I think you can be cut some small amount of slack in this regard. However, a vendor who either cannot -- or worse yet  -- will not -- use PGP is another thing altogether.  I wouldn't do business with such a vendor, regardless of what he is selling or at what price. It only stands to reason that a vendor is more of a target for the authorities than a customer. If a vendor does not make the fullest use of the best tools available to protect both himself and his customers, then I have to call his competency into question.

Ask yourself, do you really want to deal with a vendor who is either too lazy (or too incompetent) to use the best tools to protect _your_ information?
If you do business with this guy, that's exactly what you're doing.  Personally, I wouldn't touch him with a barge-pole.

Guru

I disagree entirely. It is almost entirely the customers risk if GPG is not used. Vendors are barely more vulnerable if they use GPG or not provided they take all the other required counter measures. So I think customers who do not use GPG can not be cut slack, since using GPG is almost entirely to their advantage.

2455
Security / Re: Do you think Police would dust for prints?
« on: July 11, 2012, 12:58 am »
Quote from: Shroomeister on July 11, 2012, 12:11 am
U.S. here

The outside of a package I think would not be able to be counted as anything once it has entered the postal system. It becomes "compromised"

The inside. Couldn't tell you, but I would imagine a good lawyer could get the idea that it was "compromised" when it was opened.

Just don't go putting finger prints all over your packaging tape. ;)

Do you really need to ask if the police will dust for prints? That seems like about the most obvious thing in the world to me. They will dust the outside as well, there is a little something called an intersection attack. If pack one has fifty peoples prints on it and yours and pack two has fifty peoples prints on it and yours, if the fifty people are different they can intersect the crowds and narrow in on you as the person who likely shipped both of the packages.

2456
Security / Re: Question! TOR on installed booted Ubuntu safe?
« on: July 10, 2012, 12:28 am »
Doing physical damage to the platter is certainly the least sure way to destroy data off of it unless you literally melt it or grind it into dust particles. Just user the magnet already on the drive head to wipe it, that is secure and it doesn't ruin the drive.

2457
Off topic / Re: omg urgent message to DEA agents
« on: July 08, 2012, 05:30 am »
hopefully we will see the scientology phenomenon at play, where a very impossible to believe belief system is spontaneously introduced and people in a certain social sphere are dramatically more likely to adhere to it than the average population (ie: so many people in the Hollywood  scene are firm scientologists)

Of course my goal is for this new spiritual concept of ultra heaven to spread through the social sphere of federal law enforcement agenies....

in the ultimate form of UNCONVENTIONAL WARFARE. shit i probably indirectly killed at least one fed, I mean people in hollywood believe in spaceship god why can't dea agents believe in ultra heaven :<


2458
Off topic / Re: omg urgent message to DEA agents
« on: July 07, 2012, 10:59 pm »
Who is a higher authority than the LAWD their God????

2459
Shipping / Re: Prosecution after signing for it?
« on: July 07, 2012, 09:25 pm »
Quote from: killerbunnies on July 07, 2012, 08:52 pm
The Controlled Delivery just validates their warrant to search the residence. If they dont find any drugs or paraphernalia and the person that signed for the package has not opened the package then it would be very difficult for the prosecution to make the charges stick. But this combination of factors rarely happens if ever. Your best bet is to just not sign for packages that you know do not require a signature.

this. you should be grateful that they give themselves away by asking you to sign for shit and simply turn it down. if a neighbor you never saw before says that your mail was delivered to them and asks you to take it from them, deny that also, that is a trick they have used in some CDs.

2460
Off topic / Re: omg urgent message to DEA agents
« on: July 07, 2012, 09:18 pm »
See even Jesus said it, it must be true. Hurry up and kill yourselves you don't want to miss out on ultra heaven!!

Pages: 1 ... 162 163 [164] 165 166 ... 249