Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 247 248 [249]
3721
Silk Road discussion / Re: How is this place alive?
« on: January 02, 2012, 11:03 pm »
Do they simply not care?


But they can't arrest technology, they can't lock up the mathematical secrets of encryption, and they cannot seize the headquarters of an ephemeral website than can be re-hosted 1/2 way around the world at the click of a mouse.

Man, I bet that pisses them off.

They could by pass Tor and steal your encryption keys with application layer exploits after identifying a vulnerability in the code of firefox though. They also could trace silk road with traffic analysis, Tor is pretty over rated in its ability to keep a hidden service anonymous, although it is much better for clients.

3722
Security / interception detection technology thread
« on: January 02, 2012, 10:19 pm »
It would be a shame to lose this. We were discussing the idea on OVDB. It was Enelysions idea.

Interception detection chips. They consist of photovoltaic cells, volatile memory and battery powered extended range RFID chips. The volatile memory contains a secret 'not compromised' string and is attached to the RFID. It also contains some simple programs, primarily a program that broadcasts the secret string after some time delay (alternatively broadcasts the secret string in response to another secret string being broadcast to it, although this requires broadcast of the pick up agent and may deanonymize them if LE are waiting for them with radio frequency analysis equipment at the pick up location). The device is set wirelessly after being placed into a closed package. If the photovoltaic cell is triggered by light, for example when customs opens your package, the secret string is removed from volatile memory so customs agents can not reconstruct it. After some time delay, the extended range battery powered RFID begins to transmit the secret string, or perhaps begins to transmit a pseudo random pattern that uses the secret string as the seed (this will allow for verification of the secret string being present and make it so that law enforcement can not rebroadcast the secret string if they identify the chip and rebroadcast what it transmits after the time delay runs out).

Now you can tell if your package was opened prior to picking it up from your fake ID box, merely by analyzing the radio frequency spectrum near your box location. Extended range RFID can broadcast signal significant distances, and as no broadcast is required to activate the interception detection chip it will be very difficult for law enforcement to identify anyone performing such radio frequency analysis near the box store.

Additional detectors / triggering mechanisms can also potentially be integrated, such as oxygen sensors with the chip vacuum sealed with drugs, or x-ray sensors, etc.

This sort of defense is strongly related to concepts from the field of measurement and signature intelligence, MASINT.

Such chips would likely cost under $10 each to create, although some custom programming would be required to configure them. As far as size goes, they could be pretty small, probably about the same size as a quarter maybe a little thicker.

3723
Of course you should isolate firefox and other network facing applications using virtualization technology. You can even isolate Tor to a VM that runs a secure OS. Anyone who says this is counter productive to anonymity has no idea what the fuck they are talking about. Don't be confused by police PSYOP agents and the countless people who speak their (incorrect) opinions as if they are certainly factual. It really boils down to this:

If you do not isolate network facing applications, if they have critical remote code execution vulnerabilities (they do, although none may be publicly known at any given time), an attacker can take over the permissions of the application. After doing this, the attacker can deanonymize you without breaking Tor by by passing it on the application layer, for example instructing firefox to send data around Tor to a malicious server. This is only one of many ways the attacker could get your IP address after identifying a vulnerability in one of your network facing applications.

If you do isolate your network facing applications using virtualization software, even if an attacker exploits a vulnerability in one of them and roots your VM, they will not be able to get your external IP address. The VM itself is unaware of your external IP address, only knowing an internal IP address assigned to it. Now the attacker needs to find an additional vulnerability in Tor, or a vulnerability that allows them to break out of the virtualization solution, before they can get your external IP address with a proxy by pass attack. It is worth noting that if an attacker roots your VM they will be able to reduce the anonymity Tor provides you from traffic analysis attacks to roughly the same as Tor provides to hidden services, which is substantially less than Tor provides to non-hidden service clients. This is because an attacker can force a hidden service to open an arbitrary number of new circuits, but can not force a normal client to open an arbitrary number of new circuits. However, if the attacker has rooted the VM of a network facing application that routes its traffic through Tor, they can force Tor to open an arbitrary number of circuits.

Follow the tutorial linked above that OVDB admin made, but do not use polipo. Polipo is insecure and has anonymity degrading bugs in it, and should not be used. Modern versions of firefox allow for socks proxy routing without the need for an additional http proxy, you probably need to allow proxified DNS in your about:config though. Nobody should be using polipo anymore. But do follow the linked tutorial just skip the polipo portions.

OpenBSD provides a wide range of automatic security features which further increases your security from application layer exploits. For example, if you have a 64 bit CPU and or CPU with nx bit capabilities , OpenBSD will prevent an attacker from exploiting entire classes of potential vulnerabilities that may be (read: are) present in your network facing applications.

You may also be interested in reading about mandatory access control systems, like the previously mentioned virtualization technique mandatory access controls  offer security via isolation. However, it is harder to use mandatory access control systems to isolate applications from Tor / external IP address.

Law enforcement are going to start doing all of their wiretap and tracing operations on the application layer, because they can't break GPG or reliably break Tor (although they probably can break it for small random selections of users, they can't break it for a given selected target in the majority of cases), but they can exploit one of the endless streams of vulnerabilities in applications like Firefox. They are starting to work with corporations that sell them prepackaged exploit kits for such attacks.

It is worth noting that law enforcement will have a much easier time to trace SR users with such attacks after they have taken over the SR server, although it is not impossible for them to 'leap frog' the server (for one example, GPG has had remote code execution vulnerabilities that allow an attacker to launch arbitrary code merely by having the target decrypt exploit ciphertexts...such a ciphertext could be sent through a secure non-compromised SR server).

It is also worth noting that the NSA stockpiles as mny remote code execution vulnerability intelligence / exploits as possible, and can trace through Tor on the application layer / steal plaintexts / keys on the application layer, with ease.

Pages: 1 ... 247 248 [249]