Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 223 224 [225] 226 227 ... 249
3361
Sorry but your integrity doesn't count for anything versus a cryptographically provable system. Honest people lie sometimes, math never lies.

Maybe I will just make my own lottery using this protocol, I bet everyone will use it since it will be possible to prove the winner was randomly selected. But I probably wont because I really don't give a shit lol.

Do your lottery however you want, you can have people trust you, or you can use a system that proves the winner is randomly selected, it doesn't matter to me (I am not the one who had people accuse me of running a rigged lottery, imo you should be happy I showed you a system that will let you prove them wrong). 

3362
Off topic / Re: Occupy Movement Planning a Philly Convention in July
« on: February 27, 2012, 10:32 am »
Quote
It really depends on the type of tax. Property taxes are moral because the land you reside on or own is within the jurisdiction of your government and it receives certain services, most notably protection from foreign invaders.

First of all, I do not recognize the legitimacy of any government or any of their claims to jurisdiction. Second of all, if I want to protect my property from foreign invaders I should just be able to voluntarily pay a fee to a private defense agency, instead of have the government force me to pay them to provide that service.

Quote
Taxation, however, is not the defining characteristic of government... take a look at Saudi Arabia, a.k.a. a "rentier state". Because the government reels in so much revenue from its nationalized oil industry, it does not tax its citizens. Thus the classic maxim of "no taxation without representation" is turned on its head and Saudi leaders assert that their citizens do not get any rights because they do not pay any taxes.

Okay I will concede that taxation is not what defines government, hmm need to think of something else that defines it. A monopoly on 'legitimate' violence I guess? This would mean government inherently has the ability to tax, but may not implement it.

Quote
Branching off on your last point, I'd love to see an experiment in anarcho-capitalism, in which the state loses its monopoly on force and the services of security, justice, and other defense will be subject to competition, effectively making the prices cheaper and the quality higher. More on that concept here: https://en.wikipedia.org/wiki/Market_anarchism

I would love to see an experiment in anarcho-capitalism too :).

3363
Silk Road discussion / Re: Why The Armory Is A Bad Idea
« on: February 27, 2012, 09:59 am »
Quote
There is no "organized government body committing genocide on an entire unarmed populace."

But there is an organized government body systematically imprisoning entire populations. They are heavily armed. We should also be heavily armed.

3364
Security / Re: DEA concerns. Paranoia?
« on: February 27, 2012, 09:30 am »
Some vendors and customers on DZF got away, pretty sure customers were busted as well, and several vendors (mostly opiate vendors) were busted. I will ask a friend who followed DZF closer than I did, my personal policy was to stay the hell away. Most personal-use-ish customer busts I know of were the result of a package being intercepted, not a targeted operation.

3365
I gather two things from it after just a quick scan over fizzys post

1. We should absolutely be using HDPP bags
2. We should probably be double or triple vac sealing

I also note that he was using a heat seal but I didn't see any mention of vac sealing. I think using a vac seal should add substantial benefits.

3366
Security / Re: Is Privnote secure?
« on: February 26, 2012, 10:28 pm »
There's no reason to choose privnote over GPG.

GPG is easy enough for young children to use. I don't understand the issues people have with it.  :-\

I would be a little nervous about dealing with a seller or buyer that didn't want to use gpg.

Most people are idiots. Not because they are stupid per-se but rather because they automatically assume they are stupid so they don't even try. Also a lot of people are just stupid. Also a lot of people are lazy as hell. And also most people don't really care about security at all because they think they will never possibly be targeted because there is a bigger fish out there so who cares about lil ol them.

3367
Security / [intel] substantial amount of drugs trafficked via mail
« on: February 26, 2012, 09:29 pm »
http://www.therepublic.com/view/story/fedex-drugs022212/fedex-drugs022212/

Quote
It didn't surprise former U.S. Customs investigator Jamie Haase that a drug trafficker testified in federal court about cocaine sent from Mexico into the U.S. via FedEx.

Haase said the FedEx Express world hub in Memphis, which handles about 1.5 million packages on a typical night, just doesn't have enough people, drug dogs and detection gear to catch everything.

"The sheer volume of packages that goes through there makes it a win-win for drug traffickers," said Haase, who works in loss prevention in Greenville, S.C., and advocates for a group that favors liberalization of drug laws.

"Only a small percentage of cargo is getting flagged for inspection."

It's unclear how much narcotics traffic moves to and around the United States through air cargo carriers like FedEx and UPS, but it's presumed to be substantial.

"I think it's an unknown number, and I think it is huge. I don't think it's all international, either. It's domestic, too. From California, where (medical) marijuana is legal, they're shipping all over the country," he said.

In a U.S. District Court trial in Memphis this month, trafficker-turned-witness Orlando Pride, testifying against former associates, said they loaded 200 kilograms of cocaine in a coffin-sized box in Mexico and shipped it by FedEx across the border for distribution in Memphis and the South. Pride said there were 45 FedEx shipments valued at more than $4 million each.

Pride's testimony raised questions about what air cargo carriers are doing to stem the flow of illegal drugs and how much of the nation's illegal drug trade is moved by the same networks that support e-commerce and bring us iPods from China.

It was the latest drug investigation with a FedEx connection. In 2010, a Korean crime gang was accused of smuggling methamphetamines from Mexico to Korea by FedEx. In 2009, the son of actor Michael Douglas was charged with shipping meth by FedEx from California to New York.

The U.S. Drug Enforcement Administration's National Drug Threat Assessment for 2010 said drug traffickers' use of air cargo is declining in favor of land shipments across the Southwest border.

    Brandon Fried, executive director of the Airforwarders Association and cargo security expert, said people who facilitate imports and exports have been focused primarily on keeping explosives off planes, but he believes heightened security awareness helps curb drug flows too.

"The amount of drugs smuggled into the United States by couriers and in cargo aboard commercial aircraft is significantly less than the amount smuggled by other means," the report said.

Commercial air conveyances in 2009, the report said, accounted for 24 percent of heroin seizures, 15 percent of ecstasy, 6 percent of cocaine, and less than 1 percent each of methamphetamine and marijuana.

The next drug threat assessment report, issued last year, did not include details about air conveyances.

Nationally, Customs seized nearly 5 million pounds of narcotics in fiscal 2011 and 4.14 million the year before. Customs in fiscal 2010 processed nearly 334,000 flights with cargo and screened more than 57 million regular and express air waybill records.

An agency spokeswoman, citing the ongoing trial, declined to discuss drug enforcement efforts at the Memphis airport and FedEx hub.

Spokesmen at FedEx and rival UPS, citing the sensitive subject, declined to discuss cargo screening aimed at rooting out contraband.

Chris Stanley at FedEx and Norman Black at UPS said both companies require shippers to follow all applicable laws.

A Customs news release dated last July 15 provided a glimpse into the inner-workings of the FedEx hub in Indianapolis, the company's No. 2 hub in the U.S. It said Customs agents intercepted 99,253 illegal drug paraphernalia items there in the fiscal year that began Oct. 1, 2010.

Haase said Customs officers and security personnel use sophisticated intelligence and technology tools to identify suspicious packages and set them aside for closer examination.

"The mass volume is too much to handle," he said. "They can put new procedures in place and catch what they can catch. It's going to be very minuscule, and it makes you wonder if it's going to be worth it."

Brandon Fried, executive director of the Airforwarders Association and cargo security expert, said people who facilitate imports and exports have been focused primarily on keeping explosives off planes, but he believes heightened security awareness helps curb drug flows too.

"The visibility is high on air cargo, a lot of procedures are in place, and walking off the street and giving a package to an air freight company is just not done any more," he said.

(Wayne Risher is a reporter for The Commercial Appeal in Memphis, Tenn.)

3368
Silk Road discussion / Re: SR Future
« on: February 26, 2012, 09:08 pm »
There is also the possibility that SR was created by and is operated by DEA types (directly or indirectly).

The security seems plausible but then it would need to for the operation to work.

I have thought this before too but really I highly highly doubt it. There are two things that I take into consideration. First, SR is pretty near the pinnacle of security when it comes to cyber crime. Tor hidden service, Bitcoin with mixing sort of built in and highly suggested, GPG highly suggested, probably a somewhat hardened server, many people using hardened linux distros, etc. Most cyber crime groups are not using anywhere near the security we are, they are picking up wires with fake ID's, using web proxies or VPNs, trusting safe-mail to keep their communications encrypted, using non-hidden servers and everyone on windows etc. And those are the people who are actually better than average when it comes down to it. The only people I see using better security than is suggested and partially enforced on SR, are super l33t hackers with botnets bigger than Tor is who are also well versed with crypto, programming and computer security concepts, and intelligence agencies (and usually there is significant overlap between them and the super l33t hackers).

Even if you think of mail traffick groups who are not on the internet our security pwns them, most of them are not using vac seals at all (instead using strong cover scents) and they generally package shit in such a way that it fits the profile used to look for drug mail.

So compared to everyone else our security and protocols are really pretty high end. Why would the feds encourage that? Not to mention SR can't break GPG or trace Tor or mixed bitcoins etc anymore than anyone else can....

which brings me to my next point.

The technology we are using really isn't enough to prevent someone who really knows what they are doing to fuck us, especially if they have some money to throw at it. Tor hidden services can be traced fairly easily, even Tor clients can be traced pretty damn fast by an attacker who has 50 entry guards (what was it, 11% chance of not being deanonymized after one year, if the attacker can watch the end point and they own 50 entry guards?) I mean there are a lot of methods for seriously hurting the anonymity provided by Tor. Even if people are using open/cracked WiFi + Tor (which I highly doubt many do) there are a lot of potential ways to narrow in on a person using open WiFi that they would need to be protecting themselves from.

GPG is great encryption, but it doesn't prevent you from being hacked and having your plaintexts/private keys stolen. And even though many people here are using above average computer security (linux distros, security oriented linux distros, isolation techniques, etc) a lot are still not. And nobody here is using cutting edge computer security techniques I doubt more than 1% of people here have ever written a mandatory access control profile and probably nobody or very close to nobody here is using physical hardware isolation for Tor/firefox or air gaps for encryption. Plus even if you don't look at the computer security component, an open market is pretty easy to nym flood with human-intelligence-bots for address harvesting.

So in the end I doubt SR is run by LE, but I also doubt it could withstand them if they had the slightest clue what the fuck they were doing. If they have some Tor zero day and have managed to pwn 150k+ people it would be a pretty epic operation, and really it is not out of the realm of possibility.

3369
Silk Road discussion / Re: spooky SR trend
« on: February 26, 2012, 06:26 pm »
in most of Europe police are not even allowed to do reverse sting operations against customers. Hell in parts of Europe it isn't even illegal to buy drugs for personal use. U.S.A. is really is a shitty place to live if you want freedom. Has large amounts of Jesus though.

3370
Shipping / Re: Arrested, Charged or police come knocking?
« on: February 26, 2012, 05:26 pm »
Those of you saying that threads are deleted to "hide the evidence" that may cause the Silk Road to lose money are dumbasses.


But anyway, I was arrested in December because I had drugs (from the Silk Road) on my possession, but it wasn't directly related to the Silk Road I guess...

Maybe maybe not. Why did they delete previous threads like this?

3371
Feature requests / Re: Registration fee for any SR account
« on: February 26, 2012, 05:02 pm »
I don't want to get bitcoin I use pecunix :(

3372
Blugh nobody wanted to play the game :(. So I will simply explain.

If I have the following cipher text:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQEMAwRh9rcEwAqAAQf7BgY44mNJkmAyQZH6C52eCWP6PA7iC4cXM6ArH0hM974/
iwuBk5D/xmdj7C8R6HwR3MeNgdOKFmPN8ctuImkXdgSWUqKqf6X/JPGjtr5I6+JB
lSzJrVNydGmQJ62gL8YZHR9spS/iLpXu4lrx6h1ZYOpdpZRWlGDFeMtEwW6zaK7o
03Cu00wx//ETDwGRZlrM8uSopSv+yy2LWGFpiKLnvSaHkUKIOi3DStPTHVfpVkL/
WoyvKQW2xC8a16kbrpr3buhzOlnhzrV/lXUULIPI2/SACa20DhJpQsTwXynrznY3
PLO2L5OOAZmP+yNu3SuKxXzuD7iqTqN3t5uu90vwZNJKAf39QBMn/NvT6alQjrTT
rwipvq75UgpR3xL0ptmhUi/cgtD3CeiwESe2kgqhmDxJWpx74ymOkzSrm4LsT5ZL
H2Z783xIxZZ1A6E=
=1bIX
-----END PGP MESSAGE-----


which is sent from Alice to Bob, and Bob says the message decrypts into "kmf is a stupid fuck" when I ask him what the message is (Alice of course claims that it decrypts into "kmfw is awesome"), I can quickly prove that Bob is lying because the size of the ciphertext is 479 bytes (as it would be if the plaintext was "kmfw is awesome") and the ciphertext of "kmf is a stupid fuck" would have been 486 bytes. Of course I also need to know Bobs public key parameters. Also the message could very well have been "kmf is a fool!" ... but it certainly could not be "kmf is a stupid fuck"

The moral of the story is that GPG ciphertexts don't disguise the size of GPG plaintexts.

This could be very bad if you made an encryption system that only encrypts objects from a set. Even though an attacker can not break the encryption algorithm, they can still figure out what is going on.

This is also the theory behind website fingerprinting attacks. An attacker could run an exit node and make a list of all of the websites accessed with it over a certain period of time. Then they could spider the websites visited. Then they could see the size of every page of a given website and the size of every page linked to off of that page. Then they could determine the size of every page linked to off of every page linked to from that page, etc. Now they can measure encrypted stream size at the entry node as their target surfs. Then they can use the process of elimination to determine the sites that the target is not visiting, and make a pretty good guess as to the site they are visiting (since the pattern will match and show that the target is potentially visiting that site, but certainly not visiting any of the sites for which their traffic pattern could not match).

tl:dr : given a ciphertext encrypted to a known key, you can determine what the ciphertext will NOT decrypt into, and what it COULD decrypt into...but without breaking the encryption algorithm you can not determine what the ciphertext WILL decrypt into.

3373
Silk Road discussion / Re: How did you find SR?
« on: February 26, 2012, 12:58 pm »
I first saw it on the bitcoin forum

3374
I am not sure how practical it can be made to vacuum seal glass, but the people I talked with suggested it is the best way to not have any of the scent permeate through the material.

Here is a way to do it with glass ampules (https://en.wikipedia.org/wiki/Ampoule):

http://www.ilpi.com/glassblowing/tutorial_ampule.html

I really would rather get a formula for determining how long a normal vac bag will hold scent in though :P.

3375
Silk Road discussion / Re: My public statement
« on: February 26, 2012, 12:31 pm »
Even though he is probably a fuckwad there really isn't any possible way to say "Give me a higher score or I will call the cops on you" and not look like the bad guy.

Pages: 1 ... 223 224 [225] 226 227 ... 249