Silk Road forums
Discussion => Security => Topic started by: phubaiblues on June 21, 2011, 03:55 am
-
I know many are using virtual machines. I've used virtualbox in the past, but last few days, I'd been trying different distros of real bare bones linux on a flash/pen drive. I tried slax and puppylinux, as I'm used to puppy, but had trouble, as always, getting the wireless set up...this time I tried xpud, as it's a lot like the chromeos, except it's FF instead of Chrome...Wireless was great...*first* time ever, I've had zero problems w/wireless on *any* linux distro...
It made even more sense to me, than a virtual machine again, since this little fucker is easy to thro away, or hide 'on ones person' as the jailbirds say ;) I could just about eat it, if I had to, and would be real easy to get rid of, in a pinch...and all I use on it are tor, and gpg and other stuff limited to this thing...nothing else, so it's always separate. LIttle 4gb sucker is perfect, with encryption and dropbox...
I wondered if anyone else was doing that, or am I missing something vital?
-
If you don't use virtualization you can't adequately isolate firefox from Tor.
-
If you don't use virtualization you can't adequately isolate firefox from Tor.
Why wouldn't it be pretty much the same thing...are u saying a virtual machine will provide more of a buffer, than a usb with another OS? Not arguing, trying to figure out which is best, but still handy enough I can use at library or coffee shop...there's only one transaction I need to be in gpg anyway, so I probably could just keep TOR on flash, and then use VM for most of the time...
-
If you don't use virtualization you can't adequately isolate firefox from Tor.
Why wouldn't it be pretty much the same thing...are u saying a virtual machine will provide more of a buffer, than a usb with another OS? Not arguing, trying to figure out which is best, but still handy enough I can use at library or coffee shop...there's only one transaction I need to be in gpg anyway, so I probably could just keep TOR on flash, and then use VM for most of the time...
Definitely not the same thing. The basic idea behind securing Tor browsing through a VM is to put the user's system in a sandbox. Even if an attacker were to be able to gain command-line access through a vulnerability in Firefox, Flash or JAVA, they still wouldn't be able to ascertain the victim's IP address, look at their file system or gain access to any other personally-identifiable information.
-
you may want to check out TAILS.
tails.boum.org
-
you may want to check out TAILS.
tails.boum.org
That's so funny: All weekend trying to *make* something like this, and I'd never stumbled on TAILS. Was trying to build from scratch in Puppylinux or xpud, and here it was, all along...totally grateful for the tip, as I was like a dog with a bone, trying to make one, and kept having problems... :)
I'll probably put a vbox w/linux and just have both, as I agree safer to not sit at home at a certain point in transaction...gotta stay mobile anyway...
Thanks for tips and info. I love messing with this stuff. Sad truth, tho, is one bad seller with an addy, and it wouldn't matter *how* much security I'd put in there. But it might at least slow down the attacks, and they'd go for easier targets. Thanks again!
-
VirtualBox to isolate TOR and OpenBSD x64 as the guest OS. Can't get much more secure than that.
-
This may seem like a lot of extra work just to receive an eighth of the wacky tobaccie in the mail, but one can mitigate the risk posed by a "bad seller" by using po box (with fake id), or safe drops, as discussed elsewhere in this forum.
Another option is proxy re-shipping service such as one offered by Rook. combine all three to be even safer.
oh, the things we have to do just to get a lil high ... :)
-
This may seem like a lot of extra work just to receive an eighth of the wacky tobaccie in the mail, but one can mitigate the risk posed by a "bad seller" by using po box (with fake id), or safe drops, as discussed elsewhere in this forum.
Another option is proxy re-shipping service such as one offered by Rook. combine all three to be even safer.
oh, the things we have to do just to get a lil high ... :)
I like your thinking: this is the area seems when there are problems, it happens here at the end. All the virtual machines and tor and everything else, can't protect you from sloppy endings. I think most smalltime buyers need to pay much more attention to this than I hear discussed...that, and the age old weakness that puts most people away: talking too much to people that 'don't need to know.'