Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 183 184 [185] 186 187 ... 249
2761
Drug safety / Re: noob Q
« on: May 26, 2012, 10:44 am »
I suggest eating MDMA, you can sniff it but it fucks your nose up very quickly and it burns like hell

One hit per person is pretty acceptable dose for most LSD, although once you get experience you may find that you prefer taking two or even five or ten hits. Some people prefer taking half a hit even, but I think one is a great starting dose for your first time, provided it is close to average dose (~100-200 ug).

2762
Off topic / Re: Using SR in SE Asia
« on: May 26, 2012, 10:39 am »
Cops randomly making you piss in a cup on the spot and giving you a potential death sentence if you fail? Oh well, they are just doing their jobs, peeps gotta eat rite? LOLOLOLOLOLOLOLOLOLOLOLOLLOLLOL><LOLOLOLOLOLOLOLOLO

2763
Security / Re: so is Truecrypt 100% safe??
« on: May 26, 2012, 03:31 am »
The recover disk is in case of corruption

2764
Off topic / Re: So what's the darknet mostly used for?
« on: May 26, 2012, 03:00 am »
Quote from: Gary Oak on May 26, 2012, 01:46 am
The most I've really seen apart from porn, drugs, scams and the like are just discussion sites and archives of books/information. Most of it's too boring to be bothered with. :-\

This. But hidden services are a tiny fraction of what Tor is used for. Most Tor users probably never go to a .onion

Tor is used for anything that you want to do online anonymously. It is also used for a variety of goals such as getting around firewalls.

2765
Security / Re: Defences against Cold Boot Attack (LEO breaking disk encryption)
« on: May 26, 2012, 02:54 am »
properly done CCTV might be good for protecting from a sneak and peak keylogger being covertly installed, but that just knocks down the number of ways they can steal your encryption keys from 1,000,0000 to 999,999. You could have your house all set up with alarm systems and CCTV and have memory in encapsulation material and sit on a dead mans switch that wipes ram when the pressure is off of it and have a chassis with intrusion detection that wipes RAM when the case is opened and use an on screen keyboard and always work out of your basement with a laptop running off of battery in the hopes that it will shield adequately from a TEMPEST attack. That will make stealing your passphrase pretty difficult, but would be much more beneficial if you were hiding a bunch of CP versus trying to hide the fact that you are selling drugs.

2766
Security / Re: blackopsecurity.net - partially bullshit ?
« on: May 26, 2012, 02:32 am »
Polyfront (made with the help of some of the people from BOS) fixed most of the problems with BOS, which shut down many years ago. BOS had errors though. So did Polyfront. If Polyfront were to be done again today it would fix some other things most likely, probably would suggest using hardware isolation instead of virtualization based isolation. Regardless BOS and Polyfront were both cutting edge underground security sites in their time. The people who made them learned more over time, but I don't know of any comparable comprehensive black market security resources, all of the others are playing catch up. BOS was teaching thousands of people how to use Tor and GPG when the majority were using Hushmail or no encryption and shitty or no anonymity solutions. Polyfront was the first underground security site to teach people how to use any sort of isolation at all, the first to warn people about checking tracking with Tor. What has Sheltan done?


2767
Security / Re: so is Truecrypt 100% safe??
« on: May 26, 2012, 01:08 am »
There are different ways to take over a computer. FDE protects from someone with physical access to the machine getting to the encrypted contents (ie: the entire contents of the drive, minus the bootloader in most cases) without the password. They can't crack good encryption algorithms or passwords. They could always try to steal them with physical keyloggers and such though, or they could cold boot the memory and dump the key from it if they get it while the drive is mounted.

FDE also does nothing to protect from hackers. When you connect to SR you expose your system to the internet via Firefox. A vulnerability in Firefox could be exploited that will allow the attacker to take over the permissions of firefox, and probably quickly EOP to root via a desktop environment leak. Now they can remotely steal your encryption keys from memory, plus spy on everything you do and generally control your system. FDE only protects from local attackers, not remote attackers.

2768
Security / Re: Fingerprints on stash?
« on: May 26, 2012, 01:02 am »
I would always make sure to wear gloves when handling drugs that can have prints pulled from them, like LSD sheets or pharmaceutical and mdma tablets.

2769
Security / Re: Defences against Cold Boot Attack (LEO breaking disk encryption)
« on: May 26, 2012, 12:57 am »
Quote from: unknownuser2012 on May 25, 2012, 11:38 pm
Pedo's with a lot of sick porn should really take heed in this advice as it is the computer contents that will convict. Us dope fiends? Maybe not so much, but perhaps I'm being a bit naive...

IMO you are correct. FDE has applications and I always make sure to use it. But realistically it wont do much to protect me if the feds know I am using it and really want to get around it. And it would be much more useful for trying hide ten thousand CP pics, versus ten thousand grams of PCP. It is still an extra layer of security though, and it could always save the day in some cases.

2770
Security / Re: Defences against Cold Boot Attack (LEO breaking disk encryption)
« on: May 26, 2012, 12:51 am »
Quote from: vlad1m1r on May 25, 2012, 06:40 am
Quote from: kmfkewm on May 25, 2012, 12:09 am
It isn't that low risk, specialized police do cold boot attacks all the time.

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10641927

hm there was a news article not that long ago where police were talking about internet drug scene using encryption, and how they are starting to train agents to get memory while it is still live, but I can't find it right now. They talked about several of their tactics for getting to encryption keys in memory though.

www.ncjrs.gov/pdffiles1/nij/219941.pdf

there is a LE guide for first responders on how to deal with memory in ways that maximize the chance of obtaining encryption keys

Thanks for this article, it was most interesting!

I see that in this case this man Moore had a huge kiddy porn collection which he managed from an external hard drive. Some undercover police in NZ kept him busy chatting on IRC while his their buddies moved in. Moore desperately tried to switch off his machine but they restrained him in time.

I daresay none of us will shed a tear that there's one less CP distributor walking the streets but it seems Moore had poor physical security as he had flatmates and his girlfriend living with him at the time any one of whom could have let the investigators in - this would mean that he wouldn't have had the minute or so's warning that comes from hearing your door being battered down.

Interestingly enough he was originally tracked down by US Investigators - I can only assume he didn't Torify his connection to the IRC channels he managed?

Another blunder he seems to have made is stored details of further passwords on the external drive itself, which of course allowed them to unlock more of his files. It seems it only took five days for LE in New Zealand to retrieve incriminating information.

The logic of writing down a list of all one's passwords and protecting them with a single password seems to be that you can store passwords much longer than those you can remember in your head. My own solution which I posted about in a separate thread is to use an old school book cipher to protect your password list which would be impossible to crack without the associated key text and also doesn't have to be stored on your computer - I don't want to veer too far off topic but the above article is a clear example of why protecting all your passwords with a single one is a bad idea!

V.

Most likely he used some VPN solution, I never could find the anonymity solution that he was using though. He had CCTV cameras positioned outside of the flat in the hopes that he could spot the party van before the feds smashed his door down, but it didn't save the day for him because he was distracted on IRC. He should have had his doors and windows hooked up to an alarm system and configured his PC to shut down into a memory wipe as soon as a breach was detected.  This is merely one case of police pwning someone with FDE, there are other cases where they actually did cold boot attack after the suspect had managed to shut down his computer, but not enough time had passed for the RAM to clear. You probably will not have anywhere near a minute after your door is battered down, LE can get access to the blueprints of your house and use various techniques to guess the room that your PC is in, so they pretty much know exactly where to go. Also they have adrenaline pumping and are going full speed and the door will be on the ground when the front runners hit it the first time if they use a battering ram and then the rest of the team can just keep running full speed into the home and to the location they are trying to get to. five to ten seconds after you hear the door hitting the floor is a more realistic amount of time imo.


 

2771
Security / Re: German government can crack PGP encryption - if they can then do can the NSA
« on: May 25, 2012, 08:02 am »
Quantum computers can pwn RSA with Shors algorithm. Quantum computers have already been used for prime factorization just against really small numbers. A quantum computers ability to pwn RSA is dependent on the size of the key versus the number of qubits the quantum computer has. Real cryptographers are worried about quantum computers though, and the number of stabilized qubits is indeed growing at a steady rate. I have heard that RSA with realistic key size is probably going to be dead within a decade or so. Bit for bit ECC is significantly stronger than RSA, although it is still weak to quantum computing attacks, it requires significantly more qubits to pwn ECC based algorithms than RSA, bit to bit. There are public key encryption algorithms that are so far immune to quantum computing, traditionally they have had very large key sizes and very large ciphertexts (measured in megabytes instead of bits) but I believe there are some other quantum resistant techniques that have more practical parameters. Merkle hash tree signatures are quantum resistant, and there are quantum resistant multi-variable quadratic PK crypto schemes  for signatures and session key encryption, also goppa code pk schemes that are quantum resistant. NSA currently suggests using elliptic curve PK crypto, they don't even include RSA on their list of suggested algorithms, but it is still thought to be secure against all but quantum computer attacks once you get to ~2,048 bit keys. 

2772
Security / Re: German government can crack PGP encryption - if they can then do can the NSA
« on: May 25, 2012, 07:43 am »
The German gov probably thinks they have found some big cryptographic secret, but really their police just still have not figured out that everyone else knows not to use ECB mode ;)

2773
Security / Re: Federal agnets bust in... USA
« on: May 25, 2012, 12:36 am »
So much bullshit in this thread. Dogs can smell through cover scents with no problem. Dogs don't give a fuck if your house smells like cats. Dogs can be trained to smell more than one type of drug.

2774
Security / Re: Defences against Cold Boot Attack (LEO breaking disk encryption)
« on: May 25, 2012, 12:24 am »
Also some other points:

A. They don't need to carry in a vat of liquid nitrogen they just need a can of compressed air held upside down

B. 128 bit encryption is very secure, most algorithms are designed for 128 bit security in the first place and then extended to 256. In some cases 128 is even more secure than 256 due to issues that arise with the key scheduling of 256 bits. 256 is more quantum resistant though. A classical computer is not going to pwn 128 bit any time soon though.

C. The best defense from a cold boot attack is to encapsulate the memory in some material that needs to be removed before they can dump it in a forensics laptop, and use chassis intrusion detection hardware that immediately shuts down into a memory wipe when they case is opened

D. If you are identified in the first place you are relying on your attacker being retarded, there are a billion ways to steal passphrases and keys and FDE is only going to protect you if your attacker doesn't know what they are doing 

2775
Security / Re: Defences against Cold Boot Attack (LEO breaking disk encryption)
« on: May 25, 2012, 12:09 am »
It isn't that low risk, specialized police do cold boot attacks all the time.

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10641927

hm there was a news article not that long ago where police were talking about internet drug scene using encryption, and how they are starting to train agents to get memory while it is still live, but I can't find it right now. They talked about several of their tactics for getting to encryption keys in memory though.

www.ncjrs.gov/pdffiles1/nij/219941.pdf

there is a LE guide for first responders on how to deal with memory in ways that maximize the chance of obtaining encryption keys

Pages: 1 ... 183 184 [185] 186 187 ... 249