Silk Road forums

Discussion => Security => Topic started by: ReUps on January 05, 2012, 01:22 am

Title: Vending soon, is my security ok?
Post by: ReUps on January 05, 2012, 01:22 am
I just wanted to check my security is OK to start vending:

1. Spoof MAC address
2. Connect to an unsecured network a few blocks away
3. Run the TOR bundle
4. Connect

All data is stored on a hidden/encrypted drive via TrueCrypt, all communication is encrypted via PGP.

Anything else I need to do?
Title: Re: Vending soon, is my security ok?
Post by: Laughing Man on January 05, 2012, 01:51 am
Not bad, better than a lot of vendors here probably, but using virtual machines to isolate each aspect of your tor operation would be better.
Title: Re: Vending soon, is my security ok?
Post by: 100% American on January 05, 2012, 06:26 am
Use pgp, a virtual machine, and set up SILC
Title: Re: Vending soon, is my security ok?
Post by: PumpkinYeti on January 05, 2012, 07:31 am
What's the current SR approved method of faking the MAC address?
Title: Re: Vending soon, is my security ok?
Post by: QTC on January 05, 2012, 08:15 am
ifconfig, or if your flavor supports it, editing /etc/sysconfig/network/ifcfg-HWID or wherever your interface's nvram is initialized from would do it.
Title: Re: Vending soon, is my security ok?
Post by: ReUps on January 05, 2012, 01:26 pm
Use pgp, a virtual machine, and set up SILC

Thanks for the replies everyone.
I've seen a lot of people talking about virtual machines, what do you mean by this?
Title: Re: Vending soon, is my security ok?
Post by: SierraRS on January 05, 2012, 04:06 pm
Quote
What's the current SR approved method of faking the MAC address?
Depends from OS You are running. In MS Windows look at Advanced Properties > Network Adress of your wifi card in Hardware Management. Change from None to specify one. For *nix OS the QTC's suggestion works.

Virtualisation software can be additional layer of performance loss or even privacy leak. This depends both from Host OS and visualization software your run. You must encrypt all parent OS drives with TrueCrypt anyway.
Title: Re: Vending soon, is my security ok?
Post by: v01d on January 07, 2012, 07:54 am
Use pgp, a virtual machine, and set up SILC

Thanks for the replies everyone.
I've seen a lot of people talking about virtual machines, what do you mean by this?

This is ideally where you want to end up:
http://xqz3u5drneuzhaeo.onion/users/secureconfig/tutorial.html
Without polipo.

But remember, technical security is only one part. You need to have good shipping methods, and switch them up to avoid profiling.
Also, have EXCELLENT customer service. Losing $50 on reshipping a package may be the difference between that customer coming back or not.
Title: Re: Vending soon, is my security ok?
Post by: Study Aid on January 07, 2012, 09:32 am


All data is stored on a hidden/encrypted drive via TrueCrypt, all communication is encrypted via PGP.

Anything else I need to do?


Do you have a decoy OS? if not you still need to create one because you could go to jail just for not giving the password. Its obstruction of justice.
Title: Re: Vending soon, is my security ok?
Post by: TravellingWithoutMoving on January 07, 2012, 07:36 pm
What's the current SR approved method of faking the MAC address?

- changing mac address for use in Tor & SR is not of much use or benefit for you as;-
                    - your local dsl router delivers your PC (if physical..) an ipaddress.., if a virtual guest the vm (software) dhcp server manages this..
                    - if Tor / vidalia is configured correctly you'll be getting a different ipaddress periodically..= the most important and use for your anonymity .
                    - change your dsl routers mac address if you really think it will help; problem is your ISP may interpret this as you're swopping out / changing router
                      hardware or after some time realise you are fiddling and worse case scenario you don't get a public ipaddress because your newly modified mac addr
                       no longer equals the one they supplied you.....doh
                    - the authorities are going to be more interested in working with your ISP to trace / track your internet activity, and will assume (?) initially all traffic
                      originating from the dsl sky / virgin circuit is your traffic coming from your physical address, because you could have 5x PC's plugged in at home and
                      you pay for the service = your traffic = your problem.

- faking / spoofing your wireless card's mac address for a neighbours "borrowed" wireless connection (without them knowing) is highly recommended.

ok?!
 ;)
Title: Re: Vending soon, is my security ok?
Post by: ReUps on January 11, 2012, 08:59 pm
Updated plan:

Set up an encrypted/hidden drive on a memory stick
Install OpenBSD
Connect through neighbors net
Run everything through the TOR Bundle
PGP encrypt everything

I'm still trying to work out what VM's are (I've got another thread on the go for that though, let's not get this thread off topic), but other than that I think I'm all set...?
Title: Re: Vending soon, is my security ok?
Post by: TravellingWithoutMoving on January 11, 2012, 09:10 pm
Updated plan:

Set up an encrypted/hidden drive on a memory stick
Install OpenBSD
Connect through neighbors net
Run everything through the TOR Bundle
PGP encrypt everything

I'm still trying to work out what VM's are (I've got another thread on the go for that though, let's not get this thread off topic), but other than that I think I'm all set...?

vm's, summary is:
- vmware / virtualbox / linux Xen ...microsoft hyperv
- create virtual machines of XP, win7 (?), linux, openBSD etc etc
- need gig's on memory to load up these, they run in "parallel" and can switch from your host to guests on the fly...
- again need fast cpus', memory (= host mb + guest1 MB + guest2...etc)
- disk space taken up is same as if it were running along on PC, need sufficient disk space to store x guest vm's..
- people want to run vm guests for eg run a purposefully setup Tor PC....but still keep the host OS, and when finished just shutdown the guest ...

- can use virtualbox and vmware player for free.
- you can buy a prebuilt vm guest from seller Security Solutions here in SR with all apps to run with on SR..

ok ?!
 ;)
Title: Re: Vending soon, is my security ok?
Post by: ReUps on January 12, 2012, 01:18 am
Thanks for all the replies!

I can't remember who posted this link but:
http://xqz3u5drneuzhaeo.onion/users/secureconfig/tutorial.html
But I think I'll just follow that tutorial.

I'm in a bit of a rush atm so I haven't read it all properly, but I could run everything there from a Mem Stick, couldn't I?