Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 240 241 [242] 243 244 ... 249
3616
Security / Re: why was the arrests and paranoia thread deleted?
« on: January 22, 2012, 07:48 pm »
I 2nd this. As a newb, it would be nice to have a subforum on SAFETY & SECURITY. But as was stated in my thread asking for such a thing, it seems as though NOT having an SOP is what keeps it secure. I was told if everyone went by a SOP, then SR would be compromised more easily. But it's also very hard to decipher all the information from all the slurry, and even harder to know what's right or wrong, with all the argumentation.
I feel that any censorship is wrong.

Safety and security is quite different from intelligence. Safety and security should include things like computer security tutorials etc. Intelligence should include law enforcement documents, academic papers on the tools we are using, news stories related to what we are doing, case studies, etc. Mixing news stories in with the technical security forum is a good way to have a disorganized mess that nobody feels like contributing to or sorting through.

3617
Security / Re: SR Users been arrested?
« on: January 22, 2012, 07:46 pm »
Hopefully I am wrong though. One thing that is clear to me is that SR puts profit for SR first and security for their users second. To be fair SR uses better security than many many private forums do, but I certainly see user and network security coming into conflict with the personal interests of SR. I still have faith in this project though, and hope to find that everything has been a misunderstanding.

I see it the other way that user and network security are not conflicting but intertwined with the financial interests of SR.

But deleting threads does not fill people with confidence, and breads distrust.

fruity.

It isn't very smart from a marketing perspective to give your customers access to information that indicates there is a higher probability of being arrested for giving you money than they otherwise would realize. From a network security perspective it is important though, since intel can be gathered.

3618
Security / Re: why was the arrests and paranoia thread deleted?
« on: January 22, 2012, 07:43 pm »
It will quickly grow to that point just by copying info over from private forums it would quickly result in a sub forum with several dozen to a hundred valuble posts

3619
Atheists also don't "believe in nothing."  Being an atheist is the absence of belief in traditional theology.  Atheist views are based in facts and theories that are empirically proven and demonstrable.

Athiest views are NOT based on facts that can be empirically proven. There is absolutely no evidence to suggest that we simply cease to exist after death, just as there is no evidence to suggest that we go on to heaven. There is no evidence for a "soul" or a "divine creator", but there is also no evidence against it. It's difficult to comprehend this concept at first, but when you look at the nature of the scientific method you realize there is no way to collect information on what happens after death (because noone has been able to come back and tell what happens) and thus it is impossible to come to any substantial conclusion on this matter. It for this reason that athiesm is a FAITH, because it is the belief in something without any evidence.

This is where the philosophical "demarcation problem" comes in. Where do we draw the boundaries between science and pseudoscience (i.e. religion). Does science accompany everything or does religion not apply to its laws?

Furthermore, a huge criticism of anything scientific and of anything that anyone believes in is the philosophical question of the problem of induction. This is the problem of "presupposing that a sequence of events in the future will occur as it always has in the past." We cannot assume that all swans are white because on every OBSERVABLE occasion they were white. This is an easy analogy to picture, but how about the laws of physics? Just because every time we've jumped up and gravity has pulled us back down to earth, we cannot conclude that it will do the same next time. Inductive reasoning =/= knowledge.


Once you come to that conclusion though, you feel very liberated.  You are free from "judgement" in the Christian sense.  Life becomes more meaningful and infinitely more beautiful when you come to terms with the fact that it is finite and fleeting.  Every experience becomes more sublime when you don't superimpose a theological purpose and meaning on top of it.

Whenever someone brings this up I immediately quote one of my favorite bits from The Matrix: Cypher talking to Agent Smith once he sells out.

"Cypher: You know, I know this steak doesn't exist. I know that when I put it in my mouth, the Matrix is telling my brain that it is juicy and delicious. After nine years, you know what I realize?
[Takes a bite of steak]
Cypher: Ignorance is bliss."

I remember being much happier as a child or even teenager when I went to sunday mass and was simply unaware of all the startling evidence against all that I was taught to believe. I find all this knowledge to be weighing me down rather than liberating. In every experience I DO think about how everything is finite and fleeting and it makes me think "what's the point?" The best of Keats' poetry is almost exclusively about the nature of immortality, and in "Ode to a Grecian Urn" he makes the argument that its better to be frozen in a state of eternal anticipation (such as the lovers depicted on the urn) than for them to reach their climax, for once they reach that peak their love and energy and passion can only diminish. I almost don't want to experience anything anymore because the pain of not being able to have something again (for example, a girl that was truly amazing) is a million times worse than not having it in the first place.

I would also add that community, and social acceptance, is a primary motivator behind people choosing to be religious.  Like it or not, there is still a social stigma attached to being an atheist.  The communal aspects of religion, however, are in my opinion one of its most positive and fruitful aspects.  Religion provides a way for people to be involved in something greater than themselves, and gives them a way to get rid of some of the loneliness and alienation that is all too common in our modern society.

Golden words drip from your lips (or fingers, whichever) my friend. Loneliness is possibly the most horrid feeling in the world and religion is certainly a terrific remedy for it. Wow, all this contemplation is making me depressed. Time to go hit some acid.

This is why I consider myself agnostic instead of athiest. However I think science can prove that some faiths are incorrect, because many of them make claims that are scientifically provable as false. Of course you could argue that an all powerful God could make things appear to be different to science than they actually are in reality, but at that point you can also say God can make 1 + 1 look like it = 3 when it really = 2, so at some point you really need to either draw a line or accept everything and nothing as true simultaneously (and if you do this you are pretty much saying you know nothing, which means you take knowing nothing as being true, which means you know something)

3620
First of all the first post is clearly humor and not to be taken seriously, second of all I don't think it should be state enforced because I non-humorously think that the state should also be rapidly exterminated

3621
Faux-edgy and dumb stoner-logic. And I'm an atheist. As long as christians don't fuck with me and are cool with social issues then I don't care what they believe in. Live and let live.

You sound 15 years old btw

I love christians that is why I want to send them to paradise and help them avoid the potential risk of ending up in hell. I honestly have no problems with christians. And I am actually making fun of christian logic. If they really think they will go to eternal bliss after they die, but not if they kill themselves, they should be crossing their fingers that somebody kills them already. Plus even though a small minority of christians are not totally insane control freaks who want everyone who doesn't think exactly as they do to repent or burn in hell, enough of them are fucking insane enough and bad enough for humanity that I really am not sure I would miss them as a whole (actually I certainly wouldn't, although I certainly would miss individuals).

3622
Security / Re: SR Users been arrested?
« on: January 22, 2012, 04:49 pm »
What's wrong with speculating about how LEO will handle or not handle SR? It's just a discussion between competent adults.
It's going to scare away new users who are either not aware of or have cognitive dissonance about the risks involved. This leads to less sales, which leads to less commissions, which is against the interests of the admin. Just calling it like I see it.

This is how I see it also, particularly since threads discussing people getting arrested for ordering drugs online are being deleted by the admins. Hopefully I am wrong though. One thing that is clear to me is that SR puts profit for SR first and security for their users second. To be fair SR uses better security than many many private forums do, but I certainly see user and network security coming into conflict with the personal interests of SR. I still have faith in this project though, and hope to find that everything has been a misunderstanding.

3623
Security / Re: SR's internal BTC tumbler?
« on: January 22, 2012, 04:45 pm »
The SR mixing system might hide which vendor you ordered from (although it might not if you load a unique amount of money that is associated with a certain vendors product, or other similar things) but it doesn't hide the fact that you use SR. And it doesn't use blind signatures so it offers no protection from anyone who has pwnt SR or SR himself. I wouldn't put any faith in the SR mixing system keeping you anonymous, but it is better than nothing. Look into Open Transactions.

3624
How about those of us who just read this and want to know what to do with their "tainted" computers? I've been running the tor browser through windows, and I've got GPG and all that installed. Should I dBAN my drive, reinstall windows and install my non sr-related programs?

You should Secure Erase your drive, DBAN (and everything else) doesn't wipe magnetic residue on track edges so data fragments can still be forensically recovered even after 35 pass wipes

3625
In what way is a hidden service easier trace than a client...? Hidden services is what's keeping the physical location of the Silk Road servers a secret...
Parts of this paper are obsolete, especially with the development of persistent entry guard nodes, but it's still a good starting point: http://www.onion-router.net/Publications/locating-hidden-servers.pdf

Persistent entry guards will only slightly slow most attackers down, hidden services should not be considered anonymous from any decent attacker. It boils down to this: any attacker can make a hidden service open as many circuits as they want it to. If the attacker has a few nodes on the Tor network, eventually the circuits they force the hidden service to open will be using nodes they own. Entry guards make it so if the hidden service hasn't selected attacker nodes to enter through, that the attacker can only trace it to its entry guards. Which is fine, other than the fact that after the hidden services entry guards are located the attacker can use a pen register / trap and trace order (or tons of other things, but for feds that will be the easiest route to take) to deanonymize the hidden service. Until Tor starts using multiple chained guard nodes for hidden services they shouldn't be considered anonymous for more than about a week or two after they are targeted by any competent attacker.

3626
Security / Re: why was the arrests and paranoia thread deleted?
« on: January 22, 2012, 04:17 pm »
I'm disappointed I missed the thread, I would have liked to read what people were posting. And to echo doublemint's question: People have actually been arrested from ordering online? This is the first I have heard of it and if true I am disappointed in the mod who deleted the thread...this is the kind of stuff that needs to be discussed, isn't that why we have a 'Security' board?
Well I never though nobody was arrested but I figured if you took the right precautions, no. I would love to learn from others mistakes, I think that it's awful that the moderators are censoring things just to keep profits up.
If they actually did censor it.

Likely thousands of people have been arrested for buying drugs on the internet, I know of a little over a dozen cases of people I know/knew personally. Entire drug forums have been brought down in federal operations, for example in Operation Raw Deal the DEA compromised the poorly implemented encryption system of Hushmail and harvested addresses of vendors and customers, then raided several dozen people. There was also Operation Web Tryp which targeted research chemical vendors and some customers were visited by feds but I don't think any were charged. Then there was DZF which was an FBI operated sting forum. Then there are several cases of individual vendors and customers being arrested after interceptions / being snitched on by competition etc. Many of these cases have information on them which is useful for learning from the mistakes of others. Not to mention there is a wealth of intelligence to be gathered from law enforcement documents and other things.

Keep in mind that even though I know personally over a dozen people who have been arrested for drug charges linked to the internet, that  I have been involved with groups that buy/sell drugs on the internet for about a decade now. There are many many more cases of people being arrested for getting drugs in the mail without a clear link to the internet, statistics show that every year the USPI arrests around two thousand people for getting drugs in the mail (if we had an intelligence forum I would dump a few dozen USPI documents with these sorts of statistics and case studies in them). This does not include people who are arrested by the DEA or ICE. Usually these are larger orders, but many have been arrested for personal use orders also. Of course you want to learn from others mistakes, that is why almost every single forum has an intelligence or at least news section for the gathering and analysis of this sort of information (of course most forums are community oriented and not aimed at making a profit for anyone in particular). I find it very strange that when I say the only reason SR wouldn't have such a subforum is because they are worried it will scare people away from using SR and hurt their profit margins, that the entire thread almost instantly vanishes without a single reason being given. I also can not seem to get any response about adding an intelligence sub forum no matter how many times I mention it. It would be a shame if profit is more important than security, let alone free speech. I will still keep my hopes up that it was merely moved to a mod only section, but honestly if the mods here are going to delete my security posts (and the entire threads that they are made in) when people being secure is counter to SR making money, I will not be sticking around here for much longer.

3627
So basically you're just selling freeware on a truecrypt (also freeware) encrypted drive? Am I missing something? And you think the police don't have more capabilities than a stupid hacker?

You're definitely not someone I would trust with my security lol

Most police have substantially less capabilities than even the stupid hackers do, in a cyber environment anyway.

  ::) They have full time computer forensic teams just for situations like this. They are paid to do nothing but stuff like this. Hackers, not so much... don't be silly.

Have you seen the skill level of the average computer forensic team? Nine out of ten times they are just trained to use forensics applications that were actually designed and implemented by non-law enforcement hackers in the first place. Law enforcement are generally way behind and the only reason they are catching up is because non-law enforcement hackers are starting to sell more sophisticated tools to them.

3628
Christians believe that after they die they will go to heaven and live in bliss for all of eternity. Many of them believe that if they kill themselves they will not go to heaven but rather will burn in hell. If atheists start killing christians they will in the view of christians be sending them on a first class trip to eternal bliss. The atheists will also end up killing some christians who otherwise would have gone on to commit suicide, thus saving them from eternal damnation in hell. Plus after all the Christians are dead the world will be a much freer and happier place and scientific progress will move forward at an extremely fast rate. It will improve the quality of life on earth for us, and the christians will all be chilling in eternal paradise so who are they to complain? The same thing should also probably be done for Muslims and Jews. If any Christians Muslims or Jews disagree with this I guess it just goes to show they lack faith. Anyway who are they to know Gods plan (maybe he plans for us to kill all of them).

Thoughts?

3629
Security / Re: Is Privnote secure?
« on: January 21, 2012, 10:34 am »
Actually we don't know how privnote works, only how they claim that it works. It might just store everything unencrypted, or it might store the encryption keys for employees and law enforcement to use.

We do know how PGP works. You can download the source code, inspect it, compile it, and even compare the compiled binaries to the ones that are being distributed to see if they differ.

Privnote should be considered insecure for 2 reasons. The first, we can't prove that it is secure, so it is safer to assume that it is insecure. The second, it is insecure. I explained why in my last post. If you send a privnote link over the SR messaging system, SR can read the contents. So why not send the message over SR unencrypted in the first place?

This man knows what he is talking about (on this particular issue anyway...not sure about others)

Quote
Can anyone explain to me what the purpose of sending someone a privnote link over SR messaging is supposed to accomplish security wise? How is it more secure than a normal unencrypted SR message?

It is not more secure, and is less secure

Quote
Before someone says that the message can only be read once, proving that SR read it before the intended recipient, stop and think about it for a minute. SR could just read the message, create a new privnote with the same data, and then pass that along. The entire thing could be scripted. SR messaging sees a privnote link, reads the data, creates a new privnote, modifies the message and then sends it to the user it was intended for.

Classical man in the middle attack. To be fair SR could do the same thing during GPG key exchange and this is why measures against this must be taken.

Quote
On the subject of PGP through SR, there is still the flaw that buyers get the PGP keys for sellers through SR. The best thing that could be done here is for SR to provide a daily or weekly archive of all of the seller PGP keys so that people could easily compare to see that they all have the same archive, and sellers could make sure that their actual key is the one in the archive.

Yup yup

3630
Quote
Some experts disagree and believe virtualization makes things more vulnerale but there are just as many who believe it offers additional security through isolation and obfuscation and is an effective tool to delay the recovery of data.

You obviously have no understanding of how isolation actually works, and all security professionals seem to agree that paravirtualization pwns full hardware virtualization when it comes to security. And if you don't want your guest OS to be pwnt by a hacker you should certainly not be using full hardware virtualization but rather should be using paravirtualization. You really are either a troll, a fed or a complete dumb fuck.

Pages: 1 ... 240 241 [242] 243 244 ... 249