Silk Road forums
Discussion => Security => Topic started by: mito on September 13, 2012, 05:54 pm
-
So we can chat with each other anonymously?
That'd be fucking awesome, to be able to hear our voices.
:P
-
Good idea in principal, but a pretty glaring security concern, don't you think? :)
-
no one wanna hear me sing?
-
http://vocaroo.com/
-
Picture a call where you hear your own words back say, 2-3 seconds after you've said them. To put it mildly, conducting a conversation under those conditions is literally painful.
Guru
God don't I know it. If you think 2 to 3 seconds is an issue, try waiting 3 min after saying "Okay, Houston, we've had a problem here."
-
let's do it.
I wanna hear your voices under the influence of lsd, mxe and molly.
-
For anyone who understands the idea of having a good ear.... for anyone who knows different voices and artists upon the first second of hearing them..... Talking to anyone is likely the worst idea ever.
-
I can undrestand you want to talk with others here in sr but i bit no one would even come to say a hello.
People use tor to be anonym and buy selling with btc to be anonym etc, and dont think any one would be that dumb to come for a voice conversation. :-X
-
You don't appear to be illiterate so I don't understand why you would want to audio chat
-
You don't appear to be illiterate so I don't understand why you would want to audio chat
Cuz it'z so kewl maine !
-
You don't appear to be illiterate so I don't understand why you would want to audio chat
wanna hear your voice.
-
Jesus, it'd sound exactly like a Stephen Hawking convention.
I mean, everybody would be obfuscating their voice.
More importantly, there are anonymity problems with this concept due to timing attacks and/or intersection attacks, see my post here:
http://dkn255hz262ypmii.onion/index.php?topic=44183.msg476928#msg476928
I actually do think it is a cool idea mito, it's just that it's impractical for us. In fact I don't know why I haven't heard of this occurring before, audio forums or something, where everybody in a thread can talk to each other, some kinds of sophisticated limitations so there isn't too much confusion, aided with software, some kind of 'pass the talking pillow' system. It's an interesting software idea although there are obviously lots of caveats, I wonder if there's any implementations out there on clearnet. Hmmmmm...
-
If this ever happened I'd pretend to be Sean Connery. Yeashhhh.
-
I actually do think it is a cool idea mito,
A cool idea was tossed up hh. If an attacker owns a botnet with a susbstantial amount of nodes, they would have all nodes run as Tor relays. Then they could remove relay nodes out of the network one by one and wait for somebody to shut up in the middle of his singing. The relay node would be checked for the IP of the entry node. After the entry node is traced, you are only one hop away. The attacker now can compromise it and get your real IP address. Group sex IRL on lsd, mxe and molly is much safer. This will be my opinion on talking anonymously over Tor hehe
If an attacker has a botnet with a substantial amount of nodes and they run all the nodes as Tor relays they will all be banned from the Tor network. Tor directory authority servers have a lot of systems in place to prevent an attacker with a huge botnet from suddenly turning the entire thing into a bunch of Tor nodes. They would need to slowly add the nodes over time. There is a limit to how many new nodes can join the network at a time. That said, they would not even need to take their relays down one at a time. They can see the data arrive at the other end. If you can see a packet transmitted through Tor at any point on its path, you can use a timing attack to identify that packet at any other point you can see it at. So the attacker in your proposed scenario can simultaneously monitor traffic and immediately determine if a packet they see being routed through one of their nodes is the same packet they see arriving with the voice data at the end of the circuit.
-
Jesus, it'd sound exactly like a Stephen Hawking convention.
ROFL!!!!!!!! ;D ;D ;D ;D
-
If this ever happened I'd pretend to be Sean Connery. Yeashhhh.
From Brits I expect to hear Cockney, or GTFO!
-
I actually do think it is a cool idea mito,
A cool idea was tossed up hh. If an attacker owns a botnet with a susbstantial amount of nodes, they would have all nodes run as Tor relays. Then they could remove relay nodes out of the network one by one and wait for somebody to shut up in the middle of his singing. The relay node would be checked for the IP of the entry node. After the entry node is traced, you are only one hop away. The attacker now can compromise it and get your real IP address. Group sex IRL on lsd, mxe and molly is much safer. This will be my opinion on talking anonymously over Tor hehe
If an attacker has a botnet with a substantial amount of nodes and they run all the nodes as Tor relays they will all be banned from the Tor network. Tor directory authority servers have a lot of systems in place to prevent an attacker with a huge botnet from suddenly turning the entire thing into a bunch of Tor nodes. They would need to slowly add the nodes over time. There is a limit to how many new nodes can join the network at a time. That said, they would not even need to take their relays down one at a time. They can see the data arrive at the other end. If you can see a packet transmitted through Tor at any point on its path, you can use a timing attack to identify that packet at any other point you can see it at. So the attacker in your proposed scenario can simultaneously monitor traffic and immediately determine if a packet they see being routed through one of their nodes is the same packet they see arriving with the voice data at the end of the circuit.
So it's doable, right?
What are we waiting for???
:P
-
So it's doable, right?
What are we waiting for???
:P
why not, I know really... ;)
Intelligence Agencies have to have tor nodes in use, set up for nefarious activities. It is a given.
-
Buy large directional wifi antenna, drive into large city, get out and sit somewhere away from cameras if possible, change MAC address, connect to AP a few blocks away, then at random points go to a different area of the city and do the same thing.
I say fuck "live" audio chat. Just record yourself talking, screw with the voice using the appropriate software, and upload the wav file to an onion site. Just pretend you're talking to people outside of the solar system and the messages are inevitably delayed by physics lol
-
ok, I'll upload an audio with greetings from my couch.
stay tuned.
-
We are as expectant as a SETI project. Comrade Mito readies his comms equipment in preparation for the signal.
(static)... through the deep chill of space, across the light year long gas clouds and pulsation of the solar winds, we await this solitary intergalactic ping...(static)
<sigh> There is no good science fiction any more. Mito is the last remaining cocoanut. (I meant cosmonaut but just couldn't bring myself to edit the post)
-
If an attacker has a botnet with a substantial amount of nodes and they run all the nodes as Tor relays they will all be banned from the Tor network. Tor directory authority servers have a lot of systems in place to prevent an attacker with a huge botnet from suddenly turning the entire thing into a bunch of Tor nodes. They would need to slowly add the nodes over time.
I agree with you that it wouldn't be possible to stick the whole botnet in the Tor network fast. It's easier to stick a rail up LEO asses.
If an attacker doesnt have enough of relay nodes, can they dudos relay nodes forcing them to go down? Check if someone has stopped talking then. If a client is run as a relay node the task has been done. Even if a client is not run as a relay node the attacker may get logs from the relay and determine one of the client's entry guards.
Yes that sort of an attack is possible, I believe that would be some variant of an intersection attack
-
Buy large directional wifi antenna, drive into large city, get out and sit somewhere away from cameras if possible, change MAC address, connect to AP a few blocks away, then at random points go to a different area of the city and do the same thing.
I say fuck "live" audio chat. Just record yourself talking, screw with the voice using the appropriate software, and upload the wav file to an onion site. Just pretend you're talking to people outside of the solar system and the messages are inevitably delayed by physics lol
I guess that the unique properties of the vibrating elements of your wireless network card leave a fingerprint in outgoing packet streams that can be forensically correlated with the device that sent them. So spoofing MAC address may not be enough, rather using a throw away wireless device for every session. I had heard about this sort of attack before but I still do not know the details of it, however recently I heard a bit of debate in regards to if the logs left at the AP will contain enough information to fingerprint a unique device, or if specialized equipment would be required to take and later detect the fingerprints.
-
(in either case it is very safe to assume that NSA level attackers can uniquely identify wireless networking cards regardless of their MAC addresses)
-
Yeah, that seems to be on the level of the tempest attack and monitoring the fluctuations of electrical current in your home as a form of keylogger, at least the level those kinds of attacks were on back in the day. I guess it's time to buy a bunch of cheap USB wifi adapters capable of receiving an external antenna. Today's NSA tricks become tomorrow's LE investigation tools.
-
you guys are trolling my topic nicely with your sci-fi chimera.
-
you guys are trolling my topic nicely with your sci-fi chimera.
You trolled your own topic from the first post
-
I guess that the unique properties of the vibrating elements of your wireless network card leave a fingerprint in outgoing packet streams that can be forensically correlated with the device that sent them. So spoofing MAC address may not be enough, rather using a throw away wireless device for every session. I had heard about this sort of attack before but I still do not know the details of it, however recently I heard a bit of debate in regards to if the logs left at the AP will contain enough information to fingerprint a unique device, or if specialized equipment would be required to take and later detect the fingerprints.
Interesting. Is this signature just timing-related? Wouldn't it be thus usually obliterated by the AP when it is forwarding your packets? In any case, do you have a link with more info? Thanks.
-
LOL. The idea of the local cops using Van Eck phreaking or NIC vibration signatures. These guys have enough trouble using wire taps for Christ's sake.
Ok, I admit it's possible. And that just because you use equipment doesn't mean you need to understand why/how it works. But still...
Anyway, the defenses are trivially easy to implement against such things, even places like banks or embassies do it (not that it helps if all the bars and restaurants in a certain radius are bugged, ha!).
1. Obtain a cheap Chinese NIC with cash or rip one out of a second hand computer from a garage sale.
2. Turn a room into, or easier still, put a protective Faraday cage over your hardware. For people who were asleep in physics, replace Faraday cage with "metal box". e.g. Trash can.
Ta da!
-
you guys are trolling my topic nicely with your sci-fi chimera.
You trolled your own topic from the first post
:'(
:-[
-
you guys are trolling my topic nicely with your sci-fi chimera.
You trolled your own topic from the first post
:'(
:-[
Don't worry mito! kmfkewm is a cold heartless monster :)
:D :D :D
-
LOL. The idea of the local cops using Van Eck phreaking or NIC vibration signatures. These guys have enough trouble using wire taps for Christ's sake.
Ok, I admit it's possible. And that just because you use equipment doesn't mean you need to understand why/how it works. But still...
Anyway, the defenses are trivially easy to implement against such things, even places like banks or embassies do it (not that it helps if all the bars and restaurants in a certain radius are bugged, ha!).
1. Obtain a cheap Chinese NIC with cash or rip one out of a second hand computer from a garage sale.
2. Turn a room into, or easier still, put a protective Faraday cage over your hardware. For people who were asleep in physics, replace Faraday cage with "metal box". e.g. Trash can.
Ta da!
Ta da, now you can't use your wireless card because it is inside a Faraday cage!
-
LOL. The idea of the local cops using Van Eck phreaking or NIC vibration signatures. These guys have enough trouble using wire taps for Christ's sake.
Ok, I admit it's possible. And that just because you use equipment doesn't mean you need to understand why/how it works. But still...
Anyway, the defenses are trivially easy to implement against such things, even places like banks or embassies do it (not that it helps if all the bars and restaurants in a certain radius are bugged, ha!).
1. Obtain a cheap Chinese NIC with cash or rip one out of a second hand computer from a garage sale.
2. Turn a room into, or easier still, put a protective Faraday cage over your hardware. For people who were asleep in physics, replace Faraday cage with "metal box". e.g. Trash can.
Ta da!
Ta da, now you can't use your wireless card because it is inside a Faraday cage!
OH YOU COLD HEARTLESS MONSTER!!!!
teh logics!
:D :D :D
Only kidding, love ya really :)