Silk Road forums

Discussion => Security => Topic started by: lex on March 30, 2012, 01:21 am

Title: Silk Road's server - what precautions are taken?
Post by: lex on March 30, 2012, 01:21 am
In the unlikely event Silk Road's main server is seized, what precautions are in place? Is the hard-drive encrypted? I am very curious about the deletion of buyers addresses - what happens when an address is deleted? Is it just moved to free space on the server or does it actually get overwritten? If a police computer forensics expert were to analysis the server and recover all of the buyers addresses that would absolutely suck.
Can anyone give reassurance as to the precautions taken around this? Just curious.
Title: Re: Silk Road's server - what precautions are taken?
Post by: mdmamail on March 30, 2012, 01:39 am
Use GPG when pasting in your address to whoever you order from, problem solved.
Title: Re: Silk Road's server - what precautions are taken?
Post by: radium1911 on March 30, 2012, 04:42 am
You seriously think DPR will tell you what security measures he has? I'm sure he's done a damn good job, seeing how SR is still running.

Mdmamail has it right with using PGP, so that even if the server is seized, your address is safe.
Title: Re: Silk Road's server - what precautions are taken?
Post by: CharasBros on March 30, 2012, 05:40 am
it can be sized .... if DPR want it to do sized. but as I understand him, he will not sale it for any money, for him it will be like to sale his soul.

with server behind private tor nods in different unfriendly to US feds countries, chances are zero. it cannot be located and sized. each time you connecting to SR traffic goes via TOR and then to private TOR, each time different rout. so locating it would be impossible.
Title: Re: Silk Road's server - what precautions are taken?
Post by: Laughing Man on March 30, 2012, 05:44 am
SR does NOT have a good security history. Multiple SQLI and XSS vulnerabilities have been found, SQL errors are shown when they occur, and I'm pretty damn sure the whole thing runs on an out-of-the-box Ubuntu Server LAMP setup.
Title: Re: Silk Road's server - what precautions are taken?
Post by: lex on April 02, 2012, 02:13 pm
it can be sized .... if DPR want it to do sized. but as I understand him, he will not sale it for any money, for him it will be like to sale his soul.

with server behind private tor nods in different unfriendly to US feds countries, chances are zero. it cannot be located and sized. each time you connecting to SR traffic goes via TOR and then to private TOR, each time different rout. so locating it would be impossible.

Tor does have potential vulnerabilities like it or not, nothing is fool proof. Saying "chances are zero" is patently untrue.
Title: Re: Silk Road's server - what precautions are taken?
Post by: QTC on April 02, 2012, 02:20 pm
SR does NOT have a good security history. Multiple SQLI and XSS vulnerabilities have been found, SQL errors are shown when they occur, and I'm pretty damn sure the whole thing runs on an out-of-the-box Ubuntu Server LAMP setup.
SR runs nginx but +1 to the general idea of your post. Admin is kind of a genius when it comes to marketing and making business models but he's been a pretty bad netsec guy in the past.
Title: Re: Silk Road's server - what precautions are taken?
Post by: lex on April 02, 2012, 02:31 pm
SR does NOT have a good security history. Multiple SQLI and XSS vulnerabilities have been found, SQL errors are shown when they occur, and I'm pretty damn sure the whole thing runs on an out-of-the-box Ubuntu Server LAMP setup.
SR runs nginx but +1 to the general idea of your post. Admin is kind of a genius when it comes to marketing and making business models but he's been a pretty bad netsec guy in the past.

This isn't very reassuring. I hope buyers addresses aren't lingering anywhere on the box at the very least (in free space or elsewhere). Surely he can pay someone to do this kind of basic security. I would have that server fortified so much.