Silk Road forums

Put all your drugs in a condom, then tie it off real good. Get some dental floss and tie one end to the condom full of drugs, then tie the other end to your front tooth. Swallow the condom, then once you get inside, reel it back out.

lmfao

Quote from: kmfkewm on June 11, 2012, 11:13 pm

Hm, just looked up 'secure virtual memory', and as I imagined it is the Macintosh brand name for 'encrypted swap space'. Windows calls it  'paging files'. So 'secure virtual memory' is indeed Macintosh slang for 'encrypted swap space'. Sorry I don't use a Mac so I don't know the Mac slang, but I certainly know what swap space is and as a matter of fact I correctly guessed that what they call secure virtual memory is what linux people call 'encrypted swap space'.

http://support.apple.com/kb/PH4282

Quote

Secure virtual memory encrypts data being written from random-access memory (RAM) to your hard disk. Secure virtual memory in Mac 10.7 Lion is always on, which eliminates possible security risks when swapping data between your hard disk and RAM.

Your computer’s random-access memory (RAM) contains no information when your computer is turned off. Modern computers use virtual memory to eliminate some problems formerly caused by limited memory. Virtual memory swaps data between your hard disk and RAM. If this data is unencrypted, this provides a possible security risk because sensitive information contained in your computer’s RAM would be written unencrypted to the hard disk in virtual memory and remain there until overwritten.

Sure sounds like encrypted swap space to me. Anyway thanks for proving that you are a troll in a single post.

Swap space is just one aspect of virtual memory.

http://en.wikipedia.org/wiki/Virtual_memory

Just because you've found a gold nugget doesn't mean you've found a whole gold mine. You have a very typical Windows way of thinking. You should try using a GNU / Linux or BSD Linux OS for a few months.

how is this for the gold mine?

http://osxdaily.com/2010/10/08/mac-virtual-memory-swap/

Mac Virtual Memory – What it is, the Swap Location, and How to Disable Swap in Mac OS X
Oct 8, 2010 - 23 Comments

     
     

mac virtual memory I was asked recently about the Mac OS X swapfile, specifically how to disable Mac OS X swapping entirely. I decided I will take this opportunity to talk a bit about Mac virtual memory (swap), it’s location in the Mac file system, and also to explain how to disable it.
Mac OS X Swap aka Virtual Memory

You may recall that in older versions of Mac OS (OS 8 and 9) you could manually disable swapping, then called Virtual Memory, by just adjusting a setting in the Control Panels. Mac OS X is a bit different because it’s built on top of a unix core which relies heavily on swap files and paging for general memory and cache management. Because of this, swap is actually more important now than it was in prior versions of Mac OS.

Basically when your Mac needs memory it will push something that isn’t currently being used into a swapfile for temporary storage. When it needs accessing again, it will read the data from the swap file and back into memory. In a sense this can create unlimited memory, but it is significantly slower since it is limited by the speed of your hard disk, versus the near immediacy of reading data from RAM.

If you’re curious, you can check Mac OS X’s virtual memory usage using the ‘vm_stat’ command, or by using the Activity Monitor (often erroneously called the Mac task manager by Windows converts).
Mac OS X Swap File Location

If you’re curious where the swap files are stored on your Mac, they’re located at:

/private/var/vm/

This directly also contains your sleepimage file, which is essentially what your Mac has been storing in memory prior to system sleep. This file is read again when you wake your Mac up to return to it’s previous state. Anyway, back to swap files in the same directory: they are named successively swapfile0, swapfile1, swapfile2, swapfile3, swapfile4, swapfile5. You can see them for yourself with the following command:

ls -lh /private/var/vm/swapfile*

The swapfiles are generally staggered in size, ranging from 64MB to 512MB.
Disable Mac OS X Paging / Swap

Caution: I would highly recommend against modifying how Mac OS X handles memory management and swap files. Unless you know exactly what you’re doing and why, this is not a recommended adjustment. Again, if you don’t know what you’re doing, do not mess around with Mac OS X’s swapfiles or paging ability!

In the Terminal, enter the following command. This will unload the dynamic pager from the Mac OS X kernel:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

Again, this completely disables the Mac OS X paging ability, do not mess around with this for fun.

Your next step would be to remove the swapfiles that are currently stored, they are generally pretty large (it is your virtual memory after all) and take up a fair amount of disk space.

sudo rm /private/var/vm/swapfile*

That’s all there is to it.

Virtual memory apparently has several different definitions. Apple uses the term "secure virtual memory"  synonymously with the more linux sounding term "encrypted swap space"
Virtual memory does include more things than just swap, and it seems like at least some people think virtual memory is not an appropriate term to use interchangeably with swap space
but that is how it is being used by Apple. Some of the things called virtual memory have absolutely nothing to do with swap space, and some people think that these things should continue
to be called virtual memory, while swap space should be called swap space.

So although in a way you have a point, in practice  you are still wrong and a dumb fuck, because as Apple is using the term "secure virtual memory" it means "ENCRYPTED SWAP SPACE" which is what I guessed it to mean
despite never hearing encrypted swap space called "secure virtual memory" before, so in summary go fuck yourself.

ps: BSD isn't linux, shouldn't you know that before you have the freebsd mascot as your avatar?

Qubes can certainly be secured more than either Tails or Liberte can be.

Just ignore oscar he is either a troll or a law enforcement disinformation agent. Nearly everything I have seen him say about computer security is a flat out lie.

In regards to the FBI not being able to break Truecrypt but Bruce Schneier being able to, they are referring to two totally different things. Bruces team didn't decrypt encrypted Truecrypt partitions, they found a way  to show the presence of hidden partitions via operating system and application level leakage. Totally different. Nobody can directly break Truecrypt, including the NSA. The only way around it is to steal the key somehow or exploit application or OS leakage.

The key is of course stored in RAM and the crypto system is vulnerable to various forms of attack while it is mounted.

I am not sure what secure virtual memory is, maybe encrypted SWAP? Encrypted SWAP can help protect you from the key leaking to the drive from memory, although in a FDE configuration your SWAP is encrypted already anyway. But it will not protect you from the RAM freeze attacks. Your best bet against those is to use encapsulation material and a chassis with intrusion detection features that you configure to shut down into a memory wipe. If LE want to bypass Truecrypt and they know that you are using it they will have a pretty easy time to do so, but if they have a powered down machine with a Truecrypted drive and you used an even half decent password, they are going to be completely out of luck.

1)You can setup a bridge not only as your first node to connect to tor, but as your exit node or middle node too. Use 3 different bridges over 3 different vps is a good idea? One for your first node, other for a middle note and other for the exit node. Does improve your security if you use one private exit node to hidden services and another one p.e.n. to clearnet websites?

Although you technically can do this (although the middle and exit would no longer really be considered bridges, and you couldn't connect to hidden services without using a public rendezvous), it is a horrible idea. Bridges are to hide the fact that you use the Tor network. You don't want to be the only person using all of the nodes on your path, and you don't want all of the nodes on your path to be linkable back to you. Stick with just using single node entry bridges. Using two entry bridges is a very good idea, but leave that for the Tor project to implement, because unless everyone is doing it (and 4 hops total are being used) it will hurt your anonymity more than hep.

2)Whats the difference between obfs bridge and normal bridge? I know obfs obfuscate the fact you are using Tor, but if your first and last node are not listed at main directory, how can someone say you are using Tor and how the obfs would help with it?

Bridges are only concerned with a local attacker being able to determine that you use Tor, remote attackers still know you are using Tor as you exit from a publicly listed exit node, as you should. Obfsproxy obfuscates the traffic fingerprint associated wtih Tor. Normal bridges give you membership concealment by hiding the fact that you are connecting to a Tor router IP address, as the IP addresses of bridges have limited exposure (or no exposure if they are private and you configured them yourself). This prevents or hinders many weaker attackers (like your ISP most likely, or network admin of your network) from being able to determine that you are connecting to a Tor router based on the IP addresses that they see you connecting to (sort of, there are still ways around it, bridges are developing technology not perfected. For starters an attacker could try and use every IP address they see you connecting to as a Tor bridge and see if it works. But that still requires them to target you in the first place, and how will they know who to target since they don't know bridge IP addresses? I think this flaw is being worked on anyway.)

However, Tor traffic has a very distinct fingerprint. For one example out of several, all packets are 512 bytes plus headers. This is not the same for most internet traffic. So even though an attacker may not be able to tell that you are using Tor based off of the IP addresses they can see you connecting to, they can still tell that you are using Tor by analyzing your traffic stream. Obfsproxy takes care of this by obfuscating the traffic stream, trying to make it blend in with other traffic and not stick out as Tor traffic.

3) Which one is better for user concealment: setup your private obfs bridge or normal bridge?

Certainly setting up your own private obfs bridge is the best option for membership concealment.

4) What is the difference between setup a bridge in a private VPS offshore and setup it on Amazon EC2 cloud? What are the advantages and disadvantages of each?

Either should be fine.

5) If you setup openvpn over a vps, is a good idea use it before to connect to tor and after your exit node (off course, you would be using two different vps in this case)?

No you should use a private obfsproxy bridge for entry and exit through a normal Tor exit, although in some circumstances using a Tor exit may not work (like working with some shitty e-currencies / exchangers) and in these cases it is okay to chain a VPN to the end of a Tor circuit, but this does more to hurt your anonymity than to help it (for one it makes things much more linkable, although it may help your untraceability somewhat)

6) When connecting to obfs browser bundle, I just can see 3 or 4 relays. This doesn't mean the obfs is unsafe?

Not sure what you mean. I doubt it is really using only 3 or 4 relays, but yes that would not be safe.

Quote from: kmfkewm on June 10, 2012, 01:02 pm

That is very realistic attack and is why you should be using obfsproxy bridges.

This would seem to be easier said than done!

I make a habit of requesting the latest bridges each day by e-mail and have been adding them to my version of Vidalia, however these are publicly available Bridges so there's no way of knowing who's running them. I understand that obfsproxy also encrypts the first "hop" of your connection to the bridge which is the most vital.

I see that one user on SR SarahWalker is actually selling a guide on how to get set up with obfsproxy bridge which is appealing as the current implementation of the browser is out of date so it would be good to know how to do it from scratch - however finding a private bridge which supports obfsproxy is another problem altogether. Would appreciate your thoughts.

V.

You shouldn't be using so many bridges it lessens the purpose of using bridges and it makes you more vulnerable to end to end attacks as you expose yourself to more entry points. You could always configure your own vps to be an obfsproxy bridge, other than that you need to find yourself .

not smoking weed

Quote from: kmfkewm on June 09, 2012, 12:11 pm

The host is very unlikely to find illegal content on the server, most of them will not even glance at what you are hosting unless they get abuse complaints, so unless someone finds the IP to file an abuse complaint there is a near zero chance of illegal things on your server being discovered. At least this has been my experience with hosting providers. I always host offshore on dedicated server though.

Perhaps you can answer this kmfkewm - why is Freedom Hosting seen as the best place to host onion sites? Are they particularly obscure / reluctant to cooperate with LEO? By the time I'd come on the scene they'd been overrun and people are asking stupid prices for invite codes.

V.

Because they are pretty much the only place to host onion sites, at least for a long time they were the only place offering to host sites for free. I would avoid using any hosting provider like freedom hosting and opt to host things yourself, but they have been around for a long time and they host a LOT of EXTREMELY illegal things and would likely go to prison for life if ever located, they must be taking good security precautions, but they say straight up that if they are ever compromised they will cooperate fully with law enforcement to get the best outcome for themselves as possible.