Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 181 182 [183] 184 185 ... 249
2731
Security / Re: Has anyone ever been caught/convicted for BUYING off silkroad?
« on: May 30, 2012, 03:58 pm »
Quote from: vlad1m1r on May 19, 2012, 06:57 pm
You'd need a customised version of the program to do that.

V.

Quote from: Diamond on May 17, 2012, 10:48 pm
Quote from: oscarzululondon on May 15, 2012, 04:29 pm
What you want to do is TrueCrypt a small partition, which you install your 'naughty' operating system on, and then produce two keys. One key loads the partition normally for you, the other key loads a clean operating system and wipes the naughty one (3 pass eraze) which you can give to the police during interrogation. By the time they realize what's happened it's too late. You've not broken any laws, you've given them a legit key, and they have no evidence. BINGO  8)

Woah woah woah... there are keys that will start to wipe a hidden volume? With truecrypt? Is that built in or some custom shit?

It would be a waste of a custom program too, considering the first thing forensics people do with data storage devices is make perfect copies of their contents

2732
Security / Re: Is marking "Return to Sender" a legit way to have plausible deniability
« on: May 30, 2012, 03:54 pm »
I haven't even heard of problems importing from overseas to fake names as long as a PO or PMB isn't being used and the importer doesn't live in a town with 100 people and a mailman who knows every single person on his route

disclaimer: I wouldn't suggest importing from overseas unless you have a fake ID PO or PMB. Domestic it is much less risky I very very very rarely hear of any problems at all with domestic shipments, unless they are for kilos of coke.

2733
Drug safety / Re: MDMA and speed make your penis shrink?
« on: May 30, 2012, 03:36 pm »
MDMA can make your penis explode if you use it just once, which is why taking it is called rolling (you roll around on the floor after your penis explodes). The substance itself is often called molly because after taking it that is what people will start calling you.

2734
Security / Re: Bouncy Castle WTF?
« on: May 30, 2012, 03:28 pm »
Bouncy Castle is a  library of various cryptographic algorithms implemented in Java, you will probably need to know how to program Java to use it for anything , not to mention know the PGP protocol well enough to implement it with it, I am not sure but I think it only has primitives.

edit: huh looks like it includes a pgp implementation also

2735
Security / Re: Need some help with tunneling
« on: May 30, 2012, 10:19 am »
not quite sure what you are aiming for but if you want Ubuntu in the oracle VM to only be able to send through Tor, do the following:

Step One: In the virtualbox networking section of your VM, select 'host only'

Step Two: In the virtualbox manager, go to file -> preferences -> network -> [virtual adapter #] and click on the edit icon. It will show you the internal IP address of the virtual adapter, which is probably 192.168.56.1

Step Three: In your Torrc file, uncomment the line #SocksListenAddress 192.168.0.1:9100 and replace 192.168.0.1 with the internal IP address of your virtual adapter...192.168.56.1:9100 most likely is what you want

Step Four: In the VM go to System -> Preferences -> Network Proxy. Select 'Manual proxy configuration' and go down to Socks host. Enter your virtual adapters internal IP address (192.168.56.1 most likely) in the address box and 9100 in the port box. Click 'Apply System-wide' and enter your root password when it asks. Click close after you have done this.

From there you can configure Firefox to use Tor as normal, Tor should be listening on 127.0.0.1:9100

It seems like this is probably not what you want though. Please restate your goal in a more clear manner. I don't follow why you are restoring VM snapshots, where you are clicking Firewall or Primary, where those internal IP addresses are coming from, why you are sshing to Tor and then to privoxy which you shouldn't even be using anyway, or pretty much anything that you are saying including exactly wtf you are trying to do. are you behind a restrictive firewall and need to get around it with Tor?

2736
Security / Re: Simple way to make and remember secure passwords
« on: May 30, 2012, 10:11 am »
Quote from: randomOVDB#2 on May 30, 2012, 10:05 am
Quote from: kmfkewm on May 29, 2012, 07:36 am
Quote from: self on May 29, 2012, 05:10 am
some things require passwords with a special character some without, that is why past couple years my passwd list has gotten so big.

now i just learned some can use whitespace ...

for simplicity (cut and paste) and security, (i do not need to write it down), a couple ideas.

have you downloaded your car insurance card? is the vin # on it ? copy and paste, maybe add couple *>!.

or a lot of us are on linux. since i found out i can use whitespace with truecrypt--

remembering what line in what file is easier for me than actual 20 character randomness.

so open a random file for example in /usr/src/linux/ablkcipher.c . pick something like

"if (likely(!(walk->flags & ABLKCIPHER_WALK_SLOW)))"

lines starting with #, such as

#include <crypto/internal/skcipher.h>   

are not operable in the script so you can modify to make it stronger and help you remember which line you chose. example

#include <crypto/internal/skcipher.h> <ThisOne>
hidden in plain sight. easier for me to remember file and line and copy and paste

forensics people would likely discover that password after an analysis of your machine shows the frequency and pattern with which you

I don't see this working. They have no idea about the password length. Add ".gz" (or any character basically) to the password that you've copied from the file and their routine data is useless.

If I know that your password contains ewiofiofj32iofiu42hf4u2ihr3ht1sk3r41it3r4ytthruthr4ugh43yhuy I don't care much if you add .gz after it

2737
Security / Re: Simple way to make and remember secure passwords
« on: May 30, 2012, 09:48 am »
PKCS5 is nice where it can be implemented. Let's say your password is "a". Normally passwords are hashed before they are used, so "a" is really translated to "3f786850e387550fdab836ed7e6dc881de23001b" PCKS5 follows this logic out thousands of iterations,

a .... 3f786850e387550fdab836ed7e6dc881de23001b .... 782338a30a2f5c1eef41288a9dddbb22751dc65f .... 7feee70fbd24f8c460d034f0c5fcfeab12b8e77b .... etc

and uses the 5,000th (or whatever) hash value as the key. If you use plain old single iteration hashing to obtain the key, the attacker only needs to hash "a" once to see if a is your password, with PKCS5 systems they need to keep hashing 5,000 times before they can see if "a" was the password. Now a normal PC can quickly find the 5,000th hash that starts with "a" as the input, but when you are testing a and then b and then c ... aa ab ac .... etc....it really adds up and it greatly increases the time required for an attacker to brute force or dictionary attack a password, since by the time they find the 5000th hash that starts with "a" they would have been able to try 4,999 other passwords if you used just a single hash of the password. Nothing stops you from making them iteratively hash out your password hundreds of thousands of times, other than the fact that you may not want to wait hours for your password to work :P. But in theory it could take a year to bruteforce the password "a", it would just take you a year to be able to use it yourself as well ;). Of course if your password is b and they start at a it will take them two years to brute force it and you can use it once every year !! 


2738
Security / Re: Sellers and users security leaks! Posting links outside .onion
« on: May 30, 2012, 09:35 am »
Everyone using Tor browser bundle should be fine. Everyone who has a totally isolated browser that never accessed the internet except via Tor should also be fine.

2739
Security / Re: Sellers and users security leaks! Posting links outside .onion
« on: May 30, 2012, 05:49 am »
this thread is full of lols. .onion sites are safe but not clearnet sites! Uh, there is no real significant difference between the two unless you have misconfigured something and accidentally don't use Tor to follow clearnet links. DNS leaks can happen for .onion or .com. Hackers can target you from .com or .onion it makes no difference. I guess it is easier to watch a clear net end point and then try to watch peoples entry guards too, but it ain't that hard to trace hidden services so it is barely an improvement.

Someone could hack you from a .onion just exactly the same as they could from a .com sure it is safer to stay entirely on SR because it reduces attack surface, but at the end of the day someone who can remotely pwn firefox can probably pwn SR then PWN you from SR server

I guess what it boils down to is, it is more secure to stay only on SR because it reduces exposure, and it is very slightly more secure to only stay on .onion because it protects you from accidentally not using Tor and ending up in server logs and might protect you from an end point timing attack a little more, but the security difference between staying .onion only versus also using clearnet via Tor is very minimal and borders on non existent if you have things configured correctly

2740
Security / Re: Sellers and users security leaks! Posting links outside .onion
« on: May 30, 2012, 05:46 am »
Quote from: _X_ on May 29, 2012, 01:24 pm
Quote from: vlad1m1r on May 29, 2012, 10:58 am
Quote from: _X_ on May 29, 2012, 10:46 am
Quote from: kmfkewm on May 29, 2012, 09:24 am
There is absolutely nothing wrong with clicking links that are not .onion

That may be true in general, but I would still be concerned with a link that  is offered and claims to verify your Tor anonymity. It may be possible that there is a way to stealthily defeat some of the protections in the Tor browser if you go to the web site.
 It may also be that the web address is only  given to SR users which would create a connection to SR.

_X_

Would it matter though if your connection is Torified?

V.

I don't think so. Your sending messages to the website and it is sending messages back --all through the Tor network. If there was a flaw in the firefox browser that could be exploited  it might be possible the website could remotely activate scripts. Then send your IP back with the Torified data.
What software does not have some security flaws?

_X_

somebody who finds and exploits a firefox vulnerability could probably root SR in the first place

2741
Security / Re: Simple way to make and remember secure passwords
« on: May 30, 2012, 05:41 am »
It is probably a better technique to remember a random sentence though.

"The red dog jumps over things and then falls down because he sucks at jumping"

if you need a reminder:

TRDJOTATFDBHSAJ

that will not leak much information if it is discovered but could jog your memory. It would be better if your sentence doesn't follow grammatical rules though, if you want to write a reminder.

Tan while went worm ready fell fuck tap dance then on

TWWWRFFTDTO will leak even less

2742
Security / Re: Simple way to make and remember secure passwords
« on: May 30, 2012, 05:34 am »
remembering passwords is easy.

an7d62k
lodi712s
oplakUU
9delma!

spend one week to memorize each of those strings. How many phone numbers do you have memorized? Now remember the order  that you memorized them in.

an7d62klodi712soplakUU9delma!

if you know any phone numbers it is pretty evident that you are capable of memorizing largely arbitrary sequences of several characters. It probably wont even take you a full week to memorize each of the substrings if you spend a bit of time on it, and make sure to practice typing it in also cuz muscle memory helps.

2743
Security / Re: How safe is using a non-Tor browser while using tor
« on: May 29, 2012, 09:27 am »
It is safe unless you are simultaneously visiting the same site with Tor and without Tor and your internet connection breaks.

2744
Security / Re: Sellers and users security leaks! Posting links outside .onion
« on: May 29, 2012, 09:24 am »
There is absolutely nothing wrong with clicking links that are not .onion

2745
Security / Re: proof that mailing drugs can be very safe and an ongoing mail investigation
« on: May 29, 2012, 08:30 am »
Quote
Is the ability to view how many others in your area using Tor available to the public somehow

It is not publicly available but a fairly weak attacker can gather the IP addresses of all Tor users who do not use bridges

Pages: 1 ... 181 182 [183] 184 185 ... 249