Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 166 167 [168] 169 170 ... 249
2506
An anonymous tip by itself is not enough to raid someone afaik

Not even if they were investigating someone and then had the opportunity to fuck them for more than they thought? For example in this case they think he is dealin locally and then someone gives them a bell saying "Oh he is shipping xyz to abc" and then they can do them for traffickin as well? If they had people outside the house watching it wouldn't be hard to watch them walk out the house with a box and take the opportunity.

Obviously I'm not American so I dunno but I know SOCA might do that so I'm judging from that.

I am not 100% positive, but I am 90% sure that a tip is only enough to watch a person until they find enough evidence for probable cause. For example, if someone gives a tip that you are selling drugs they cannot afaik immediately raid you but rather have to wait for you to do something like throw out drug packaging supplies with residue on them. Or they could pull you over for a traffic violation. If an anonymous tip was enough to raid someone, it would turn into a tool to get people who piss you off raided for no reason.

2507
Security / Re: How VPNs work
« on: June 28, 2012, 06:26 am »
i cant seem to get my bridges working can anyone help?
I said this a couple of days ago,but what is the weakness in connecting to SR from a clean laptop purchased with cash using a wireless prepaid USB for net purchased with cash (fake name) and booting that laptop with an OS on an external USB that is encrypted and hidden(physically hidden) when not using. This laptop/USB/wireless net would only be used for connecting to SR. surely this is overkill as a buyer but as a vendor i see this would be necessary. I fail to see how i could be traced if i did all that.
The question isn't how you would be traced, it's why you would be traced and who would trace you. Remember, everything the government does costs money, the setup you described would be hard to trace, in other words, expensive.

But the thing is the government doesn't need to target him. They target Tor in general, and he might get scooped up in that.

2508
something connecting to port 8333 is using Tor and may be leaking DNS. It looks like it is probably your Bitcoin client.

2509
An anonymous tip by itself is not enough to raid someone afaik

2510
Security / Re: FKIN HEAD BURNT
« on: June 26, 2012, 12:12 pm »
Because his inherent lack of interest in and knowledge of properly securing himself is contradictory to the thought of him being good at doing things that require being properly self secured?

I wouldn't say that asking for help on something is an "inherent lack of interest", I would say it shows quite a bit of interest actually. It seems quite cold just to turn them away given that.

I'm not sure if you realize this Kmf but not everyone that isn't amazing with computers is a lower life-form to you yano. No need for the sociopath-esque remarks that imply you think that.

OP if you want a hand give me a shout. I don't mind showing you how to do it.

You are right I didn't mean to come off in the way I did, I just find it amusing in the way I would find it amusing if someone told me they are very good at playing basketball but are looking for someone to take care of the ball passing and shooting for them so they can focus on what they are good at. I suppose the joke is on me as people do get away with selling drugs without encryption etc quite frequently, but I think that says more about the feds lack of skill  than it does the skill of the people not using such techniques.

I would have been much more polite by ignoring this thing that I saw as humorous and perhaps asking him exactly what he wants assistance with?

Also, I used inherent when I should have used apparent .

2511
Security / Re: FKIN HEAD BURNT
« on: June 26, 2012, 11:08 am »
Because his apparent lack of interest in and knowledge of properly securing himself is contradictory to the thought of him being good at doing things that require being properly self secured? 

2512
Security / Re: FKIN HEAD BURNT
« on: June 26, 2012, 10:46 am »
i really wnt to sell on SR ,but i no good with computers ,and im concernd about my security obv,ppl keep going on bout pgp ,where do i get this?????and is it easy to use ,wish i new someone who could just fkin set it all up for me and let me get on with what im good at,lol,

What are you good at doing? Obviously not selling drugs if you don't know what encryption is .

2513
Security / Re: How VPNs work
« on: June 26, 2012, 04:37 am »
There is not a single way in which VPNs work, there are a few different types. However, there are some general things we can say about VPNs. First of all, if they are low latency they are weak to the general anonymity attacks against all currently known low latency anonymity systems. This means that they provide anonymity from passive attackers by making it difficult for them to see where your traffic enters AND exits. If an attacker can see the entry AND exit of your traffic, they can deanonymize you regardless of the sort of VPN you are using or if the VPN nodes themselves are compromised. This deanonymization attack can also be carried out regardless of the number of intermediary nodes that you route your traffic through from entry to exit. If an attacker can not simultaneously monitor your entry and exit points, they will need to either work their way from your exit point to your entry point (if they are, for example, the website you are visiting, or someone who is monitoring it), or from your entry point the the exit point (if they are watching you and trying to determine which website you are visiting). This is speaking strictly in terms of what I would call signals intelligence, there are attacks that can identify pre-fingerprinted websites through the encryption that is provided by the *overwhelming majority* of VPN providers, and this could allow such an attacker to determine the website you are visiting even if they can not observe your actual exit traffic.

With many VPN providers they will offer a limited number of entry and exit points. An attacker going against these services is less concerned with middle nodes. For example if you use a provider with many nodes that only allows entery with a node in USA and exit with a node in Netherlands, the attacker doesn't necessarily need to get logs from the middle nodes if they can identify the provider who owns the exit you are using and determine which entry you must have used. So in these cases a true back or forward trace of logs may not be required as the attacker knows where the logs they are really interested in are stored already.

The anonymity of a VPN is largely provided by how the provider is structured. If the nodes you are using are in ten different countries but are owned by a provider in USA, a single warrant in USA is probably all that is required to compromise all ten of their hops. Some of the better VPN providers have structured themselves in such a way that a warrant is required to the operator of each hop, and this is certainly advantageous from a legal resistance perspective.

At the end of the day, a VPN can provide anonymity that is fed resistant. This can be seen by simple open source intelligence gathering, there have been numerous cases where the botnet operator could not be traced until they forgot to use VPN. Of course, one must also take into consideration the fact that misinformation could be being fed through open source channels, giving the impression that the botherder forgot to use VPN when in reality their VPN was compromised. However, at the end of the day there are no cases of people who used Tor being traced by law enfocement, and there are thousands of cases of people who used VPN providers being traced by law enforcement. It is largely a matter of time for either of these solutions, eventually you can be traced. Even with extremely anonymous solutions such as mix networks it is largely just a matter of time before a global passive attacker deanonymizes you, unless there is constant rate cover traffic. And low latency solutions provide absolutely no protection from global passive attackers.

It is really an enormously large topic and I am going to need you to ask something more specific than "how does vpn work and how is it anonymous" to give you a good answer, without typing out a very large amount of information, especially as you apparently would need a large amount of terminology explained to you before the merits of a VPN can be properly analyzed.


2514
Off topic / Re: I hate racism
« on: June 26, 2012, 04:18 am »
Why is it racist to think that black people don't often use psychedelics? I doubt many Jewish people play in the NBA does that make me a racist lol.

Different cultures seem to use different sorts of drugs. It is very largely cultural and marketing based though. After the Thizz thing caught on the number of black people who used MDMA skyrocketed where as before it was more prevalent in primarily white cultural communities. Genetics may also play a role in which drugs a population uses, drugs effect different people differently and to a substantial degree the different effects a drug produces are caused by genetics.

The thing to take away from this is that it is not racist to recognize differences between races, it is racist to judge people for their race instead of their individual achievements. Or even more summarized, collectivism is bad and individualism is good :)

2515
Off topic / Re: DXM a "pathetic" drug?
« on: June 26, 2012, 03:46 am »
Yes cigarettes are pathetic.

I would not call DXM pathetic, but it's certainly a BAD drug. It has a nasty body load to it, horrible side effects, and there are plenty of drugs that are far better than it in it's category, and other categories.

I look down on people who use it the same was I look down on people who huff freon from A/C's, and people who inhale butane or duster. It's really bad. Don't do it. I'm not a snob, I'm just sensible. ;)

Comparing DXM to huffing freon or duster is just stupid. DXM has a mechanism of action that is separate from "brain cells dying from asphyxiation".  I think DXM is a pleasant enough drug, but I do think it can cause  bad long term side effects if it is used frequently. I think ketamine and DXM are similar, but with ketamine being better in every single possible way. 

2516
Security / Re: Tor Bridges and why you should use them
« on: June 26, 2012, 02:32 am »
Quote
a person advocating murder and baby rape.

"Murder and baby rape" is my new favorite reverse euphemism for freedom.

Quote
I run a cash to BTC service for goodness' sake!

Yes this is the only service I know of you offering that isn't inherently sketchy as fuck. It is rather strange that you manage to obtain cash in the mail to supply bitcoins specifically for use on SR without being arrested, but maybe you have worked out some way to pull this off. Anyway, that is a risk on you not your customers.

Quote
I admit I make a small profit out of it but it was always my plan to expand into new areas and one of those is providing an affordable and convenient solution for users to access SR safely.

Yes there are such things already that don't involve giving your IP address to someone on silk road, or using potentially bugged hardware from someone on SR. I wasn't so much calling your credibility into question as I was pointing out that what you are doing is not beneficial for the security of end users. You strongly advocate for security by policy, and often it is you who is setting the policy. So you advocate for security via trusting you. This in itself is bad, but you also don't have the technical understanding to realize that even if you are legitimate some of your ideas are fucking all around bad for security, for example concentrating SR users to an identifiable bridge.

Quote
Apparently using Pay as you Go 3G isn't as secure as using your home internet connection to access SR - I'm not exactly sure why but I made the offer to sell dongles in good faith but was told it wasn't a good idea. How many 3G dongles have you seen for sale on my vendor page since that time?

No it is better to use anonymous dongles than to use home internet, as I explained before. What is not better is to use anonymous dongles that you buy for the explicit purpose of remaining anonymous while engaging in illegal activity, from someone on an illegal forum. I suggest you read about how shadowcrew was taken down to learn why what you are doing is sketchy as hell.

Quote
It's also  more anonymous than ordering from Amazon.

It is more anonymous to be in the set size of people who ordered tablets from someone on silk road, for the explicit purpose of doing illegal things on silk road, than it is to be in the set size of people who bought an android tablet at any official store in the entire world? You better get local security expert OZ to back that up because it doesn't seem like it makes any sense at all to me.

Quote
That is a loaded question - that's not what's at stake, nor would they necessarily deserve to die if it was.

Vlad please tell everyone I know in prison facing life behind bars for drug charges that life is not at stake. They want to ruin our lives. Even if you are a small customer they want to severely hamper your life. They have no reason to do this other than greed and power. Each of them, deserves to be beaten to a pulp and shot through the fucking head. To say that someone who wants to effectively end your life, and is trying their damndest to end your life, does not deserve to die, is more similar to how some Buddhist monks think than how I do. 

2517
Security / Re: Tor Bridges and why you should use them
« on: June 26, 2012, 02:09 am »
Quote
our concern for my welfare is very touching(!) but so far OZ has proven himself to be correct on every point I've asked him. I know this because believe it or not he's not my only friend on SR and I have run security related answers to questions I've asked him past others over the past few weeks.

OZ was wrong about what secure virtual memory is, he was wrong about Linux being a type of BSD, he suggested that SR have a private bridge for all of its users to directly connect to, he said not to use Truecrypt because it has backdoors, he is a fucking retard if not a fed and you are the only one I see who is supporting him as anything else.
 

Quote
The "air gap" I was referring to was between an Android Device and your home computer - I appreciate this isn't the common understanding of the phrase, how would you best describe it?

An airgap (which you probably learned about from me) is a *total* disconnecting from the internet of a device that handles security critical operations.

Quote
unless you want to ferry encrypted data back and forth on a USB stick between devices

That would break the airgap, see if you actually knew about security you would realize that ferrying encrypted data back and forth on USB entirely defeats the purpose of using an airgap. If you don't believe me just look at how stuxnet got to its target.

Quote
I already mentioned the advantages of a conventional cold boot attack not being possible as far as I can see?

The RAM of a tablet can be frozen and dumped in exactly the same way as the RAM of a laptop or desktop, it might slow the attackers process of obtaining the RAM down enough to be helpful but you can use encapsulation material to do the same things with desktop.

Quote
I also think a tablet wouldn't give off the same kind of EM emissions as a regular monitor/keyboard which could be picked up by the kind of SIGINT spying. There's also the fact it's far less susceptible to malware given that there's appreciably more viruses out there for other Operating Systems (admittedly that's changing!).

Think think think, you should talk about things you know, ask questions or shut the fuck up. You are not even right about what signals intelligence is, that is a measurement and signature intelligence attack. Tablets are not any more resistant to malware than anything else, you should learn the difference between a targeted attack and a dragnet attack. I don't know how susceptible a tablet screen is to TEMPEST attacks, I would *guess* about as much as a laptop display.

2518
Security / Re: Tor Bridges and why you should use them
« on: June 26, 2012, 02:03 am »
You are going to have OZ audit it well that is a good move, OZ is probably a fucking fed and is certainly a troll who doesn't have the slightest idea what he is talking about. It would be stupid to buy a security product audited entirely by someone who thinks BSD is a type of Linux even if it wasn't created by someone whose sole security experience comes from reading a single Schneier book, let alone the fact that these products are being sold on an illegal forum by the same person who tried to get people to give him their IP addresses with the guises of offering a private bridge / 3G WiFi dongles. I don't give a damn if you don't give a damn what I think, I am just warning people that buying those services/products from you would be fucking retarded, it is the same type of shit that feds do.

PS: Since we play argumentum ad hominmen, I couldn't give a fuck less about the opinion of someone who wants to murder people for looking at pictures and suck the dick of the cops who want to put us in prison for using drugs.

2519
Security / Re: Tor Bridges and why you should use them
« on: June 26, 2012, 01:59 am »
/me thinks about selling a spyware infested "secure USB!" configuration and making pop ups come up on customers screen questioning why they were so stupid to trust a product they bought on SR
vlad you seem more and more sketchy to me with your assortment of plans to offer products that could be used to deanonymize people, 3G dongles from you, private tor bridges from you, USBs from you, tablets from you.....why suddenly the interest in selling such things?  Nothing like this is good for people to buy here, especially bridges tablets or dongles. I really don't think you mean any harm, but it strikes me as strange to see your sudden plans to offer such things. Also

..Do you think people should cosy up to the man who wants to legalise kiddy porn and murder police officers instead?

I've said it before and I'll say it again : I do NOT need your approval to be a vendor on here, my record speaks for itself, there's a link to it at the bottom of this message if you want to see testimonials from people who have purchased their Bitcoins safely using cash through my service.

I don't have to justify myself to you but in case anyone else was wondering I am planning on offering a way which will increase people's security through using SR not reducing it. I have been transparent about my plans and since I won't even be handling the products in question I fail to see how I could tamper with them. As I said I'm in the process of writing a guide in conjunction with another seller (who is based in the US) to show people how to access SR safely from their Android devices. I have asked OZ and two other more established members on the forum to edit the guide once the first draft is ready and you're welcome to read it yourself to verify it is simply a way to help people to secure their own device from being monitored through installing a Tor browser, enabling full device encryption and so on.

As for selling USB devices and 3G dongles, I seem to remember saying that when I first started selling on SR I suggested this as the ones already available were far too expensive but as I stated above, there's too much of a risk that the setup will not be secure which is why I did not follow through on this  - I'm not exactly sure how someone could interfere with a 3G dongle in that way but of course you know best as always.

You may not agree that my plan to sell secure Android Tablets for SR users this is a good idea - here's a newsflash for you, I don't give a damn.

I already made it clear when you advocated murdering Police Officers that I don't want to do business with you. You are a pathetic, twisted individual and frankly I think you're giving us Brits a bad name on here.

V.

Nice argumentum ad hominem, have fun carrying on like a fed. Anyone who uses USB dongles, hardware or bridges or VPNs from you or anyone else is fucking retarded, end of story.

2520
Security / Re: Tor Bridges and why you should use them
« on: June 25, 2012, 07:31 am »
/me thinks about selling a spyware infested "secure USB!" configuration and making pop ups come up on customers screen questioning why they were so stupid to trust a product they bought on SR

fully open source, full tutorial on how it is configured step by step, or gtfo

vlad you seem more and more sketchy to me with your assortment of plans to offer products that could be used to deanonymize people, 3G dongles from you, private tor bridges from you, USBs from you, tablets from you.....why suddenly the interest in selling such things?  Nothing like this is good for people to buy here, especially bridges tablets or dongles. I really don't think you mean any harm, but it strikes me as strange to see your sudden plans to offer such things. Also

To anyone selling preconfigured live OS: unless your preconfigured live OS or other software is open source and step by step details for configuring them are released for everyone to audit, then only idiots will buy it. There are already free security oriented distros out there made by professionals why the fuck would anyone buy one made by somebody with little experience and sold on an illegal forum for profit (profit here implying that it will not be open to public audit)? , leave configuring security oriented operating systems to professionals. If you don't know what mandatory access controls are, you have no place in selling pre-configured live operating systems. I have studied security for years and have years of linux and BSD experience and still do not consider myself properly qualified to offer a truly hardened OS (then again, I don't consider tails or liberte to be truly hardened OS distros either) .

It is nice to see people with interest in security and wanting to offer products, but if you don't have extensive study of such things you will fuck up enormously without being aware of it . The only way around this is to gain experience or to have a lot of support from people with such experience who are willing to audit your products. If you don't follow an open source publicly audited model for making products available you will never be trusted by anyone with a brain. My suggestion is make it open source and free, document every single step and ask for donations from your users, that is the only way any system from you or anyone else will ever be considered trustworthy.

Pages: 1 ... 166 167 [168] 169 170 ... 249