Silk Road forums
Discussion => Security => Topic started by: Mikeno1887 on November 11, 2012, 12:01 am
-
Hi, I typically lurk on these forums as there is an abundance of knowledge, most of which is very useful and enjoyable to read. However I have come to find concern with downloadable files from SR.
Not to long ago I bought some documents from various book vendors and have been hesitant to view them as I cannot be sure there isn't something else attached to them! I bought them out of interest and necessity as I had one large sale but still hadn't met the five required so I did not want to continue to have to FE. So I bought some books as to balance out my buyer stats. I have now had these books sitting around for quite a while and have decided I want to read them.
Now before you think I'm a moron for not looking around the forums first I have read pines article on this very same subject! Frankly, I'm feeling a rather lazy and would like to be able to download and view my files using an alternative virtual machine to the one discussed in that thread. I would like to be able to download and view my files securely using tails as this is what I am most familiar with using and creating. I also did post on that thread a while ago but did not receive a response...
So again, I would just like to make sure that I could not get any viruses or malware from viewing the various books I have purchased using tails.
Now would removing my hard drive from my computer and using tails to download these files to a flash drive for viewing on another (perhaps public) computer be adequate? Or am I completely missing the fundamentals of how to do this securely (much more likely).
I apologize that I am rather clueless in regards to a lot of this but I would just like to learn and understand! This forum has taught me a lot about security and I hope to continue with that trend!
Thank you in advance to any responses I may receive!
-
u can prolly run a virus scan on it..
it can't be that bad to open a PDF on the fly tho.. most pdf files are only MB..
trojans need like a small kb or .exe to be opened
-
While that is true a virus scan would probably be fine I'm more interested in keeping the file isolated from everything else...
I don't really trust that a virus scan could catch everything and even if it does I would still prefer to open files in an isolated environment.
-
The primary danger of pdf's and .doc files is (from what I understand, need an expert's opinion) that those files, when opened, can access the internet by themselves to download additional content. That characteristic can be abused by a hacker, to make the pdf make contact to the internet outside of Tor, and in that way give away your identity.
A decent way to solve that is through a virtual machine that has no contact to the internet.
Another way that probably works is to install Linux on a USB stick, then boot from the USB stick, disconnect the computer from the internet and open the pdf in that Linux environment.
A final quick and dirty trick (which is not how I generally like to do business) would be to just pull out the internet cable of your computer before you open the PDF. Then it cannot contact the internet by itself, which should take away the main concern of it giving away your IP address.
-
So the risk isn't really downloading the files it's more so with opening them. So with tails I could go on download the files and then simply disconnect my computer from the internet and view the files in this environment?
Would using public wifi be a better environment to do this?
-
Yes, as far as I'm aware, that is the main security risk of PDF's. When downloading the file, don't click "open" but click "save as". Disconnect from the internet, scan it for viruses and then open it.
What kind of internet connection you use shouldn't matter if you properly disconnect from the web.
-
Awesome thank you!
The reason I ask is that if the hacker were able to turn my wifi back on then I wouldn't be compromised in a public location. Although that is probably a step past paranoid.
I wouldn't have given this much thought initially but after a book vendor we all know was compromised for a period of time thus I had to be sure I access these safely.
Thanks again! I'll leave this up if anyone has anything further to input into this!
-
Only thing to add is don't trust anti-virus scans to reveal anything of importance.
Non-detectable, encrypted exe's are very easy to get/make, exploits exist that don't have 'signatures' and anything 0-day etc. would not be detected. Also if you (or a group you are in, say dark web people) are a specific target, highly sophisticated and targeted malware will not be detected think from an 'agency'.
The point; you are now above 'average consumer' in threat/operation level. Don't rely on consumer tools to secure you ;)