Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 246 247 [248] 249
3706



Quote
- not sure what the above segment is trying to say

Which part in specific did you have trouble to understand? If you isolate firefox from Tor with virtualization, even if the firefox VM is rooted the attacker can not determine your external IP address. Instead they will only be able to determine the internal IP address assigned to the VM, something like 10.0.0.1. The only way an attacker can go from being root of the VM to getting the external IP address is if they find a vulnerability in the virtualbox hypervisor and break out of it or if they find a vulnerability in the code of Tor or anything else that is bound to the virtual network adapter.

Quote
Tor bundle includes aurora (firefox) = "the client", is configured for Tor and probably wouldnt easily be able to determine this  external ip bound to the physical router.
Tor browser bundle  provides zero isolation and if aurora is pwnt the attacker can trivially get IP address. Tor browser bundle includes a security hardened browser that should be used, but it isn't isolated.


Quote
- its the OS that is being virtualised, "virtualised apps" is like citrix xen or Novell ZenWorks or where you are running a virtual desktop, a virtual desktop means the
  "virtual" instance is running elsewhere and your screen just displays the screen refreshes.

No shit it is the OS being virtualized with virtualbox? I had no idea. Guess what operating systems contain within them. Applications! Some of them need to communicate with the internet to, and those are network facing applications! I am well aware of the different types of virtualization, but right now I am talking about full hardware virtualization systems like virtualbox with host only routing (although there are other networking methods that can get the same result).

Yeah I know about networking too we are so leet

Quote
the ability of the guest OS working out its external ipaddress or public ipaddress depends on the client and whether it has been forced to use a proxy/socks or not

Why do you talk in an authorative fashin, like I am wrong, when I know what I am talking about and it is you who is failing to understand the technique? The ability of the guest OS to determine your external broadcast IP address has nothing to do with the browser or tor client or proxy settings , and this is a technique that forces every application to use tor or have no internet access also, in addition to making it so if the vm is rooted the attacker can not use their root position to immediately deanonymize you on the application layer

3707
Silk Road discussion / Re: How is this place alive?
« on: January 04, 2012, 04:29 am »
On that cheerful note...

I'm sure you have something - random key entry person - you certainly seem to know your stuff. But I also guess it's down to how badly they feel a need to 'shut it down'. Or perhaps more importantly, if they can afford the time and financial cost in the knowledge that another site will pop up somewhere anyway. Let's face it, there are an increasing number of ways to source drugs online now.

But aside from a PR coup, shutting this place down (and others) achieves nothing. The traffic here - in the grand scheme of the world drugs trade - is worthless.

I'm pretty sure that SR's life is sadly limited, but maybe it's worth their while to keep it up for a while longer so they can have a good old snoop.

But I don't buy your last point. The surveillance and privacy wars have been going on since we climbed down from the trees. I doubt one side will win anytime soon.

i never claimed they would trace SR even if they could. They will use it for a human intelligence honeypot long before that. They might never even take the thing down even if they took control of the server. Human intelligence is by far the most worrying thing. Nym sybil attacks are cheap to do on silk road and there is no trust rank system or connection to private groups to prevent someone from flooding nyms. Charging for seller accounts adds somewhat of a limitation to the size of their flood, but they do have a lot of money. Selling accounts is actually a great security measure on SR's part, although if it isnt a flat rate price it should be im not sure if it is currently auctioned off but an auction can be gamed easier by a malicious SR to tilt human intelligence nodes towards the feds. I actually have some good cryptographic solutions for a secure membership recruitment system that attempts to maintain anonymity while verifying presence in a community prior to a certain date (assuming that at some point in time feds will begin massively nym flooding public internet drug discussion forums with nyms to poison the 'probably not a fed' recruitment well)

interception is also always a worry even if you are sound on the human intelligence front, but we were working on developing a technical solution to this based on measurement and signature intelligence themes, check out the interception detection thread in security subforum here if you are interested in the technical details

and of course the privacy wars will go on forever, but all it takes is for their surveillance technology to beat your security implementation a single time before you are fucked, so i dont care if privacy gets ahead sometime in the future if the currently available privacy software wont keep my ass out of prison today

it really is only a matter of time before the feds do a massive technical bust of some sort against people using techniques that were considered to be secure very recently.

3708
Silk Road discussion / Re: How is this place alive?
« on: January 04, 2012, 03:57 am »
Sorry I just thought this was an underground security subforum not yahoo answers. When people on underground security subforums say retarded shit they get called on it lest their misinformation enter the propagation cycle. Misinformation is dangerous. If people think hidden services are very anonymous they might do retarded things like use TorChat or the message system on Liberte Live and get themselves traced. In reality it is much easier to trace hidden services than regular Tor clients, and there are numerous ways in which it could be done by a significantly motivated and powerful attacker. Tor resists law enforcement well for clients, and fairly well for servers, but it does have known limitations and those limitations are very likely to be more significant than the average Tor user is aware of, particularly for hidden servers.

edit: oh it actually isn't the security subforum

3709
Security / Re: SR forum records IP addresses for posts
« on: January 04, 2012, 12:18 am »
Tor hidden services record the local host IP address for every single user, as far as the web server cares we are all coming from 127.0.0.1 or some other internal IP address.

3710
Silk Road discussion / Re: How is this place alive?
« on: January 03, 2012, 10:24 pm »
Also I was the first person to introduce this technique to the scene so please spare your breath trying to explain things to me that you indirectly learned from me anyway.

See, this is the kind of thing that makes rational people not take you seriously. Rational people don't care about the messenger, they care about the message. Two plus two is still four, even if a two-year-old who doesn't know his numbers is saying it, and Jesus never mentioned McDonald's in the Gospel of John, even if the Pope says he did. Nobody here cares what you introduced where - except your own head up your ass, apparently - so please don't mention it.

Rational people take me seriously because I provide cites with my claims and explain things in detail, rational people don't take the other poster seriously because he said a bunch of bullshit that was quickly proven wrong, and then instead of show a single citation backing up his feelings he said he thinks papers from world professionals are wrong and his completely uneducated opinion should still be taken seriously. He also accused me of simply googling for papers and acted like he is an expert and I know nothing about what I talk of, and I don't have the patience to force myself to be nice to cocky retards. Be cocky all you want if you actually have anything intelligent to say but if you are going to make shit up and act like an expert when you don't know shit at all don't expect me to be nice to you.

Rational people care about the substance of the message, the way the message is delivered may tell them a thing or two about the messenger but it doesn't influence the content of the message. Irrational people ignore the angry person who backs up his claims with citations and years of experience in favor of the somewhat more friendly sounding person who is spewing a bunch of bullshit from his mouth.

As far as virtualization being used for isolation, no it doesn't matter who introduced it, but when someone is going to argue with me that I am giving a bad example

Quote
That's a rather disingenuous example to use.

when my example was of a technical solution for tracing tor hidden services, which the other poster claims do not exist

and then they continue to explain that in addition to using a bad example, I am actually WRONG about the trace taking place

Quote
In that example, they used an apache exploit to gain root access to a VM. So they 'destroyed' thousands of images by deleting them and pwning the server. But being in a VM, even then they couldn't get the physical location of the hidden service and the hardware it was running on.


Quote
But being in a VM, even then they couldn't get the physical location of the hidden service and the hardware it was running on Rooting a VM won't get you its location.

And then they continue to give a technically incorrect explanation of the security benefits of virtualization, which they know about because I explained them in a technically correct way in the first place

I may let them know that they are wasting their breath


3711
Silk Road discussion / Re: How is this place alive?
« on: January 03, 2012, 09:03 pm »
Quote
That's a rather disingenuous example to use.

It is an example of a technical solution for tracing a hidden service isn't it? Application layer exploits are one of the main technical solutions for tracing Tor hidden services. Also, if you remember, I also gave links to three papers, one of which explains traffic analysis based attacks for deanonymizing Tor hidden services, two of which explain measurement and signals intelligence attacks for deanonymizing Tor hidden services, and I also gave a link to freehaven which has over a dozen papers discussing technical solutions for tracing hidden services from a variety of security disciplines. So I think my *abundance* of cited examples showing that there are various methods from various fields which can be used for tracing Tor hidden services is adequate. Seriously what the fuck else do you want to be convinced, I never could understand people that ignore abundances of evidence dumped in front of them or how I can convince them to change their mind about subjects if not by an abundance of documented research from world experts.



Quote
In that example, they used an apache exploit to gain root access to a VM. So they 'destroyed' thousands of images by deleting them and pwning the server. But being in a VM, even then they couldn't get the physical location of the hidden service and the hardware it was running on. Rooting a VM won't get you its location.

No in this case the hidden services were not being run isolated in virtual machines, the servers were fully deanonymized and located in the united states. This is not the freedom hosting case, isolation protected them from deanonymization when they had virtual machines rooted. Anyway being in a VM in itself offers zero additional protection from application layer traces, you need to have network facing applications isolated in virtual machines away from external IP address and away from Tor. Also I was the first person to introduce this technique to the scene so please spare your breath trying to explain things to me that you indirectly learned from me anyway.

I wish I knew half of what you do kmf...but you do have anger issues my friend :)

Maybe. I certainly have issues with people spouting off a bunch of bullshit acting like they are experts about things they know nothing about. I also have serious issues when these same people ignore all evidence. These are dangerous people who will lull noobs into a false sense of security, people like this put others lives in serious danger and it pisses me off.

Quote
You give us a whole spiel about how tor isn't secure then link us to an apache exploit as an example  ::) (btw, didn't freedom hosting handle all of that pretty well, and arn't those child porn websites up and running again? The best anonymous could do was grab the mysql database and determine the server was somewhere in the USA.(http://pastebin.com/88Lzs1XR)(anon isn't the best example but a quick one to procure and they arnt amazing hackers but there was some skill involved with their attacks)

Again, I gave reference to ways hidden services can be tracked with hacking, signals intelligence / traffic analysis and measurement and signature intelligence attacks. I also gave a link to freehaven, which documents many more technical solutions. Nobody specified that the technical solutions for tracing hidden services had to be from any particular field, but I think selecting attacks from three fields, including two which have been carried out on the live Tor network and resulted in deanonymized hidden services, is more than adequate to support my claim that hidden services can be traced with known technical solutions. The police in the mentioned story were not related to anonymous and the hidden services that they deanonymized on the application layer were not hosted by freedom hosting, although similar attacks were done against freedom hosting isolation saved them from being traced.

Quote

What you are telling us is that tor hidden services are 'fucked' and can be tracked, but only you and a few other people know how.

Anyone with the time to read through some of the documents on freehaven, who has a basic knowledge of networking and can program, can do many of these attacks against hidden services.

Quote
Now I'm not saying TOR hidden services are perfect, but they do seem to be holding up atm, and while silkroad may be the sole target of the DEA, all the child porn sites, the 'terrorist' sites, and other illegals are  targets of other organizations, and they are still running. So until we start seeing other hidden services get de-anonymized we shouldnt have reason to believe that SR is in imminent danger/compromised.

If real terrorists used Tor they would be traced by the NSA in a matter of seconds. NSA can break though many layers of isolation and are not stopped by systems like ASLR, they also stockpile very sophisticated exploits and have teams that constantly analyze software looking for vulnerabilities. SR and all Tor hidden services are in imminent danger of having their servers deanonymized, they just don't currently have any competent attackers. DEA doesn't have any Tor experts working for them.

Quote
By the way, calling other people names, being condescending, and tooting your own horn is not a good way to convince people of anything.

This is true, although the people I care about will ignore the way I talk and instead be convinced by the huge amount of research papers I have linked to.


Here is the worst traffic analysis attack against tor hidden services:

The attacker adds some nodes to the Tor network, this is called a Sybil attack. Now, the attacker uses a malicious client to open an arbitrary number of connections to the target hidden service. A hidden service opens a new circuit for every connection request, so the client can force the hidden service to open an arbitrary number of new circuits. Now the attacker can send data modulated in a specific pattern to the hidden service, and scan all of the data passing through their sybil nodes looking for that pattern in interpacket arrivial times. Before Tor had entry guards this attack was carried out live against the tor network and it resulted in research hidden services being traced in time periods ranging from 24 hours to one week, exact time required depended on a number of variables. Tor attempted to mitigate this attack by introducing entry guards, three nodes through which a Tor client enters all of its traffic into the network. The theory was that unless the attacker owned one of the entry guards, they would never be in an active position to observe the interpacket arrival pattern reaching the hidden service. However, it is inherently obvious that now this attack will result in the deanonymization of three nodes each one hop away from the server in a matter of time ranging from approx 24 hours to one week (maybe a little longer now the network is bigger than when this attack was carried out). After identification of these servers, the compromise of any of them will allow the attacker to identify the hidden services IP address. This compromise can be legal, technical, etc, probably le will use a trap and trace pen register order and get the ip of hidden service in 24 hours if any of the entry guards are in USA, otherwise it will take a little bit longer for international cooperation but international cooperation will come fairly fast no matter where the entry guards are located. Even if the node owner doesnt participate in the attack, somewhere upsteam will for sure and they will do a passive attack.

That is one of many traffic analysis attacks directly against Tor hidden services. I will explain a few more pure signals intelligence attacks if people are interested.

3712
Off topic / Re: can I get a list of censored subjects please?
« on: January 03, 2012, 08:31 pm »
You think wanting to end your own enslavement is trolling? Is it living under a bridge to want to lock people up for harming nobody? When islamic terrorists create biological and chemical hazards that kill thousands of people they are killed, what issue do you have with the same logic being applied to other terrorist organizations?

3713
Off topic / can I get a list of censored subjects please?
« on: January 03, 2012, 07:14 am »
I see my post about the federal police being sub-human scumbags who deserve to die was censored, well before it got to play out to its intended potential. Is it possible for me to get a list of censored topics so that I can make sure not to say anything offensive please? I apparently mistakenly thought that this was a forum that supported free speech.

3714
Silk Road discussion / Re: How is this place alive?
« on: January 03, 2012, 07:11 am »
Your sense of 'too long' will be redefined when you are in jail because you didn't have enough time to learn basic computer security

3715
Silk Road discussion / Re: How is this place alive?
« on: January 03, 2012, 05:07 am »
Sorry for the epic triple post but here is a link to an article about how the feds traced a few tor hidden services with application layer exploits. There are roughly infinite potential application layer exploits that could be used to trace a Tor hidden service, but even if you don't count that class of attack there are plenty in the field of signals intelligence (and at least two in the MASINT field).

Is late 2011 recent enough for you?

https://www.tmcnet.com/usubmit/-dutch-police-trace-hidden-child-porn-websites-/2011/08/31/5743979.htm

3716
Silk Road discussion / Re: How is this place alive?
« on: January 03, 2012, 04:54 am »
Seriously I am sorry to focus my anger at you but I am *so* sick of people who make factual statements about things they have absolutely no clue about and when they try to justify their totally incorrect position it makes me even more irritated, especially when they shrug off links to papers from field leading experts and instead think their own completely wrong opinions are right

3717
Silk Road discussion / Re: How is this place alive?
« on: January 03, 2012, 04:15 am »
Quote
Well, you get the "flaming douchenozzle of the day" award.

Funny I also got the "knows about security" prize, and the "provides links to academia for citations" award, you got the talk out of your asshole award for flapping your lips about shit you know absolutely nothing about

Quote
I'm not convinced of the viability of any of those approaches, and yes I've read them, and many others. Shout when you find a paper published sometime recently with something new in it.

Well who gives a fuck what you think you are not a SIGINT specialist you are not a MASINT specialist you are not a hacker, the people who wrote those papers have PH.ds in many cases you have your opinion which doesn't mean shit write a paper and get it peer reviewed if you think Tor can resist the theoretical attacks against it and we already know it is weak to many of the documented attacks against it because they have been run on network simulators or in some cases even live on the network.

Quote
I'm not going to try to convince you, because clearly you're one of those people who makes large unsupported assumptions to puff up your own ego.

You aren't going to try to convince me because you have absolutely no facts to back up your complete and utter bullshit claim, I gave cites to academic papers on traffic analysis in my post, you gave a pile of shit that you barfed up out of your mouth, if you don't know what you are talking about instead of trying to say something to seem like you are educated on the matter or helpful, shut the fuck up instead lest we turn this forum into a pile of stinking shit instead of a high quality resource with factual information available and easy to filter out of the shit

Quote
Rather than try to convince you that something is secure, because clearly that is a futile point to be made (nothing is "secure"...which is why I used the phrase "no KNOWN technical solution"), I'll instead appeal to a more common sense argument, one that can be followed by people who aren't sure what to make of your blustery hand waving and quick use of google to find research papers from half a decade ago that detail theoretical approaches which can be mitigated and are of questionable use in the first place.

Tor does have KNOWN technical solutions for tracing it, just because you don't know them doesn't mean they don't exist you know, I know of several, I gave you links to several I gave you a link to a website with over a dozen, you don't know a fucking thing about what you are talking about and you ignore the evidence I linked to you so go fuck yourself and stop wasting my time please. Quick use of google no I actually have been reading papers from freehaven for the past six years over which time I tought myself computer security and traffic analysis to a professional level, but no I am not as good as the people in the papers I linked to although I certainly put you to shame.

None of the things I linked to have been mitigated, the most serious traffic analysis attack against hidden services was partially mitigated but it only changed tor hidden services on the live network from being traceable in 24 hours by researchers to three nodes each one hop away from the hidden service being traceable theoretically (not live afaik, it hasnt happened yet) in the same time frame. Show a paper showing how tor mitigated these issues or the age of these articles makes no sense. The earth being round was discovered a long time ago do you think it went flat because you haven't seen any breaking academic research regarding it?


Quote
Put simply: If they could crack Tor, who would they go after? The terrorists, the child pornographers, or the drug traffickers?

How is this what you said put simply? this is completely unrelated to what you said. If "they" could trace tor they would go after the drug traffickers the child pornographers and the terrorists simultaneously dumbfuck. Guess what, child porn people say the same shit about drug traffickers carders say the same shit about drug traffickers drug traffickers say about carders and child porn people fuck osama bin laden probably thought the nsa was to busy with SR to go after him judging by my experiences with every single other type of criminal, don't fall into this PSYOP cognitive trap...btw your cognitive trap has been identified and labeled in the field of intelligence analysis its called mirror imaging and it means the person who interprets intelligence thinks that his adversary thinks as he does and interprets the intelligence through his eyes instead of his adversaries...you think you are not a target but you are THE target of the DEA not a pedophile

Quote
That, of course, proves nothing. But linking to a bunch of PDFs you found with google doesn't do much more.

No I quickly found those pdfs without google because I am extremely well versed in security and particularly traffic analysis and I actually know more about the Tor network than almost anyone else in the world who knows anything about Tor and doesn't work for a signals intelligence agency or do post-grad work in a traffic analysis research group. If PH.d research papers don't prove much about the topics they are written on then obviously you are a fucking retard.

Put simply:

If hidden sites were traceable, there are several dozen that would have been shut down years ago.

That doesn't mean TOR is secure. It does, however, support my original statement that there are "no known technical solutions for tracing TOR hosted sites".

I never said law enforcement can trace tor hidden services right now, just that some people can with varying degrees of ease. Law enforcement are way behind the bell curve when it comes to security and intelligence but guess what they are catching up fast and you shouldnt count on a network with known anonymity vulnerabilities against its hidden services to keep a hidden server anonymous plain and simple. Even Roger dingledine said Tor hidden services are fucked in the #tor IRC room, did you even know #tor had an IRC room? His name is Arma there and he is the lead Tor dev, I suggest you ask him if he thinks there are no known traceability attacks against hidden services but you probably already know better than he does

3718
Silk Road discussion / Re: How is this place alive?
« on: January 02, 2012, 11:18 pm »
The key to success is actually to use security measures that your adversary can not realistically defeat. This used to be easy enough but the surveillance technologies of tomorrow are going to neutralize the privacy software of today, and tomorrow is coming extremely fast.

3719
Silk Road discussion / Re: How is this place alive?
« on: January 02, 2012, 11:13 pm »
Even better, there is no known technical solution to determine where a TOR-hosted site actually physically gets hosted from.

New rule: if you say something as a certainty and it turns out to be complete bullshit, you get a 'I can't be trusted at all' title under your name. You get that title, please refrain from flapping your lips about things you know absolutely nothing about because your misinformation is dangerous. There are MANY 'technical solutions' for tracing Tor hidden services, here is a small selection:

http://freehaven.net/anonbib/cache/hs-attack06.pdf
http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf
http://www.cl.cam.ac.uk/~sjm217/papers/usenix08clockskew.pdf

you can find papers on a few dozen other methods of tracing Tor hidden services here:

http://freehaven.net/anonbib/date.html

and of course almost all of these papers are on pure traffic analysis / signals intelligence attacks, let's not forget that application layer attacks being used to by pass Tor are often the best solution for deanonymize Tor using targets....and last I checked these are technical solutions.

Thanks for wasting your time talking out of your asshole though.

3720
Silk Road discussion / Re: How is this place alive?
« on: January 02, 2012, 11:11 pm »
I doubt the DEA will shut this website down. The DEA isn't exactly the brightest law enforcement agency and shutting this website down would require alot of technical skill. The DEA does not have the capabilities to shut down SR they are a bunch of corrupt drug using cops that arrest other people for the same stuff that their agents do daily. It is much more likely that if any US law enforcement agency shuts this website down that it would be the FBI. The FBI is the ONLY US law enforcement agency that might care about shutting this website down AND has the skilled people that it would take to shut this place down along with the money and resources.

As for the DEA, mainly what they do is suck on dick. The FBI though is scary because they are professional cops.

ICE is also worrying. Professional cops don't have technical skills usually. Also, by definition all dea agents are professional cops. So are all other cops. FBI are scary because they have computer people and many of them have intelligence training as well.

Pages: 1 ... 246 247 [248] 249