Silk Road forums

this dude molested a child and got a 6 year sentence

http://myfox8.com/2012/02/25/former-pastor-sentenced-for-child-molestation/

from a time served perspective he prob be out sooner than someone busted trafficking 100 grams of MDMA

even in the really fucked up cases of hardcore child rape the people convicted generally get sentences that they could have gotten for trafficking drugs in the amounts many of my friends do , enelysion could of prob molested a baby and gotten out of jail faster than he will

Believing false things about reality is actually the key to happiness

www.cs.fsu.edu/~yasinsac/Papers/YM02.pdf

Just thinking out loud here;

What if there was a standard macro or ASCII that preceded and followed things like addresses for orders, to merely add disposable dummy text to the encrypted block, broadcasting a misleading amount of info.

ggg

that is generally called padding (or morphing, which is a more sophisticated way to apply padding). Really don't need to pad GPG messages though. Do you care if the attacker can determine how many characters your message is, as long as they can not determine what they are?

Tor already uses basic padding to protect some from some sorts of website fingerprinting (which makes it much nicer than VPNs which almost never have any features like this) .... 

I think that's not what he meant, maybe a wrong choice of words, but this site also shows that runs Apache 2.2.14 under Ubuntu with display_errors = 1 and that nothing is actually being deleted from DB when you order it to do so...
This means a poorly hardened server for Tor environment, unless you have no concern for your data, that is.

***PARANOIA ALERT BEGIN***
Let me put this to the worse scenario; let's put to option that an exploit is found for Apache 2.2.14 which allows an attacker to inject and use it as proxy, so he could make SR to fetch www.fbi.gov/sr_hook.txt, Apache would go fetch that file out of Tor dropping SR's real IP Address and, therefore, location.
Also I do prefer to be sure that when an order is put in transit my address is blanked out of the DB rather than just a fag switch saying "deleted = 1" or when or if this goes down we go along.
***PARANOIA ALERT END***

So yes, DPR has to take some shit and fix these potential holes before shit gets serious, don't you think?

I would hope that the web server is in some sort of jail and doesn't have any ability to send data outside of Tor (or to know any external IP addresses associated with the server).....but I doubt that this is the case

anyway your paranoia alert was stupid because it pretty much boils down to

"let's say a vulnerability is found and somebody exploits it!!!"

well no shit sherlock ;P

lets say that the earth blows up suddenly oh noez we r all ded
 
SR really should be changing server location frequently though. I think that is the single biggest thing that he could do for the security of this site and the people that use it. Feds gon trace a hidden service eventually if they have not yet figured out how to do it (which kind of amazes me), but the process is going to take time...so the best thing is to constantly be changing servers location in the hopes that you change server location faster than the feds can trace a hidden service. But everyone knows if you just leave a Tor hidden server in one spot that eventually it is going to be traced.

Interesting switch: «AND `deleted` = 0»
So... SR never actually deletes anything from DB and uses a switch instead to hide it? Nice to know...

not nice to know that SR didn't know to not leave error reporting on

A Database Error Occurred

Error Number: 1146

Table 'market.favorites' doesn't exist

SELECT COUNT(*) AS `numrows` FROM (`favorites`) WHERE `type` = 'user' AND `object_id` = '1444' AND `deleted` = 0

Filename: /var/www/libraries/Extras.php

Line Number: 1842

My guess would be that the table market.favorites doesn't exist, and this is causing problems with the code on line number 1,842 in the Extras.php file

Hit size is not really a reliable way to determine potency.