Silk Road forums
Discussion => Security => Topic started by: ~o~WaterWalker~o~ on September 08, 2013, 02:28 am
-
What if you put up a horrendous 300 baud BBS and started a Burlap Road? (opposite of silk..lol)
even if it stayed small and low-tech would the NSA be able to do anything besides know that phone number has a BBS on it or can they snoop keywords off that traffic too?
I think CP used to use them pretty recently but I don't remember if the Feds had to get a tip off and infiltrate the site, send the SWAT team to the server, or they can just sit back and read all the traffic clear as day these days
damn I miss the 80s when it was still a wildwest
-
What if you put up a horrendous 300 baud BBS and started a Burlap Road? (opposite of silk..lol)
even if it stayed small and low-tech would the NSA be able to do anything besides know that phone number has a BBS on it or can they snoop keywords off that traffic too?
I think CP used to use them pretty recently but I don't remember if the Feds had to get a tip off and infiltrate the site, send the SWAT team to the server, or they can just sit back and read all the traffic clear as day these days
damn I miss the 80s when it was still a wildwest
Burlap Road?!~ ROFL. +1 Just for that.
As soon as the site came to the attention of the authorities, it would be taken down, They don't need the NSA for this... all they need is the site's phone number, and the telco can give 'em the address. Furthermore, IIRC, Fido and other BBS software had no equivalent to SSH/SSL -- everything travelled across the wire in the clear. Busting such a site would be trivial.
While it's fun to reminisce about the older tech, it's no longer practical for stuff like this.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
"Burlap Road?!~" LMAO! Yeah, as someone who "hacked" the early Internet via 300-2400 baud modem I can understand the reminiscence for BBS' and then the evolution of Gopher et al.
Security is in Open Source (understanding that there will be moles) development. As long as the code is open then we will know if it is broken.
Assuming we are not all, our-selves broken . . .
mushmold
What if you put up a horrendous 300 baud BBS and started a Burlap Road? (opposite of silk..lol)
even if it stayed small and low-tech would the NSA be able to do anything besides know that phone number has a BBS on it or can they snoop keywords off that traffic too?
I think CP used to use them pretty recently but I don't remember if the Feds had to get a tip off and infiltrate the site, send the SWAT team to the server, or they can just sit back and read all the traffic clear as day these days
damn I miss the 80s when it was still a wildwest
Burlap Road?!~ ROFL. +1 Just for that.
As soon as the site came to the attention of the authorities, it would be taken down, They don't need the NSA for this... all they need is the site's phone number, and the telco can give 'em the address. Furthermore, IIRC, Fido and other BBS software had no equivalent to SSH/SSL -- everything travelled across the wire in the clear. Busting such a site would be trivial.
While it's fun to reminisce about the older tech, it's no longer practical for stuff like this.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
It actually would be 'safer', but you would adapt it for modern arch and ditch the phone lines. You would ssh into a hidden freebsd jailed server that presented you with the same kind of text only interface RenegadeBBS had which would eliminate Xorg and browsers completely removing that enormous attack space. It would be pretty much impossible to remote pwn you through ssh unless whoever ran it could social engineer you into running console commands. You could also set it up so each user has an ssh key instead of passwords, remove that entire attack space of brute forcing. DDOS attacks would be difficult because they would just be dropped without a key to log in.
http://www.martini.nu/blog/2010/06/tor-vbox.html sort of describes this, but just as a shell. You'd have to write scala/python or other safe language scripts in the jail shell to access the menu. Lot's of options, SCP over your symmetric encrypted AES256 container with your order information, avoid PGP completely. Could also just write an IRC or jabber bot to take orders and host a hidden channel if you know what you're doing.
Technically, you could use use regular telnet as well, and actually use real BBS software that's still around if you were insane enough to do this. Since Tor connections are already encrypted doesn't really matter if you Telnet out of tails to the board.
-
I think you can tap 300 baud modem traffic with a stethoscope. Love the post, though. Reminds me of the opening lines of William Gibson's Johnny Mnemonic, "if they think you're technical, go crude":
I put the shotgun in an Adidas bag and padded it out with four pairs of tennis socks, not my style at all, but that was what I was aiming for: If they think you're crude, go technical; if they think you're technical, go crude. I'm a very technical boy. So I decided to get as crude as possible. These days, thought, you have to be pretty technical before you can even aspire to crudeness. I'd had to turn both those twelve-gauge shells from brass stock, on the lathe, and then load then myself; I'd had to dig up an old microfiche with instructions for hand- loading cartidges; I'd had to build a lever-action press to seat the primers -all very tricky. But I knew they'd work.
-
Great replies guys... all on point - ECC, I always think on the reverse too :)
and comsec, you blew my mind... now I might want to be insane enough to make what you said just to see the cheesy color ASCII graphics store front 'Welcome to the Burlap Road !!!'
-
modern users educated by Microsoft, they need a button to press. No button no deal. And how BBS in your home safer they dedicated server in Malaysia, to which you connecting by VPN in Luxembourg.