Silk Road forums

Discussion => Security => Topic started by: heinz74 on March 14, 2012, 08:32 am

Title: Updating my security
Post by: heinz74 on March 14, 2012, 08:32 am
Hi there reading some of the previous post on this subject it’s got me a bit paranoid about my own security. I started off installing tor to my laptop (first mistake should have used a pen drive); also do you need to change any settings in tor?
Second: My communications with vendors are all done using PGP, I use a tormail account for buying bit coins and only pay cash into bank accounts.
I also have two wallets which I move coins between.
Can anyone recommend any good software for cleaning my computer of any trace of tor so that I can put it on a pen drive?
Any other recommendations would be much appreciated ;D ;D

Cheers
Heinz74
Title: Re: Updating my security
Post by: Oldtoker on March 14, 2012, 08:53 am
First we need to know what operating system your using.
Title: Re: Updating my security
Post by: heinz74 on March 14, 2012, 09:05 am
Windows 7.
Title: Re: Updating my security
Post by: Oldtoker on March 14, 2012, 09:23 am
You can use this to sanitize hour hard drive (It's free):  http://pcwin.com/downloads/Dod-Disk-Eraser.htm

Install the TOR Bundle and there is no need to change any settings.

I'd recommend that you learn the Bitcoin System.  Your wasting a lot of money buying Bitcoin from the Vendors on this site.  They charge premium fee's for the conversion.  I believe the norm is 10-20 percent.  You should be able to do it on your own for less than 5 percent.  Good luck!

Oh, and I would recommend not using Windows.  Use Linux on a USB Flash Drive.  That way you boot directly from the USB and have absolutely nothing on your hard drive. 
Title: Re: Updating my security
Post by: heinz74 on March 14, 2012, 09:32 am
That’s great advice thanks very much.
 I use intersango for my bit coins which like I said I pay cash into their bank account.  ;D ;D
Title: Re: Updating my security
Post by: QTC on March 14, 2012, 02:00 pm
You can use this to sanitize hour hard drive (It's free):  http://pcwin.com/downloads/Dod-Disk-Eraser.htm
Actually programs like this don't really provide any benefit over and have a few drawbacks compared to the ATA "secure erase" command. Sorry I don't have a citation but it was in a recent NIST whitepaper I read and I can't be fucked to find it again honestly. Here is a program that does use secure erase: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
Quote
Oh, and I would recommend not using Windows.  Use Linux on a USB Flash Drive.  That way you boot directly from the USB and have absolutely nothing on your hard drive.
yes this is really good advice, heinz74 you should try liberte linux's live usb flavor out
Title: Re: Updating my security
Post by: heinz74 on March 14, 2012, 08:12 pm
Took your advice chaps and gone for the liberty lynux, but for some reason cant get wireless to turn on, but it does on windows? Any ideas
Title: Re: Updating my security
Post by: Oldtoker on March 17, 2012, 05:56 pm
Took your advice chaps and gone for the liberty lynux, but for some reason cant get wireless to turn on, but it does on windows? Any ideas

That's probably for security reasons.  Wireless is not very secure.  Much too easy to hack into.
Title: Re: Updating my security
Post by: chiefrogan on March 17, 2012, 11:08 pm
Took your advice chaps and gone for the liberty lynux, but for some reason cant get wireless to turn on, but it does on windows? Any ideas

That's probably for security reasons.  Wireless is not very secure.  Much too easy to hack into.

can you expand on how secure a very long random password wpa wifi is?

if someone greatly prefers wifi and doesnt like going to the only place known with a wired connection, what to do? wheres some good public places to wire in some interenet?
Title: Re: Updating my security
Post by: alpine on March 18, 2012, 12:09 am
i had the same problem when i tryied liberte. downloaded the lastest release but no wifi conenction. i had to reformat the usb and install the lastest snapshot the same way as the first. for me after installing the snapshot the wifi worked but i got a black screen afterwards. i talked to the dev and he said that i had somekind of hardware problem but hopefully if you install the snapshot it will work for you.
Title: Re: Updating my security
Post by: killboy on March 18, 2012, 04:28 am
packet sniffing is what took down a ANON guy, who the hell does illegal shit wirelessly on their own ip?
Title: Re: Updating my security
Post by: heinz74 on March 18, 2012, 08:58 am
Took your advice mate and downloaded the latest snapshot, but now tor won't connect to the network something about bootstrap stopping at 5%. Its driving me mad.
Title: Re: Updating my security
Post by: wt on March 18, 2012, 05:29 pm
Hi there reading some of the previous post on this subject it’s got me a bit paranoid about my own security. I started off installing tor to my laptop (first mistake should have used a pen drive); also do you need to change any settings in tor?
Second: My communications with vendors are all done using PGP, I use a tormail account for buying bit coins and only pay cash into bank accounts.
I also have two wallets which I move coins between.
Can anyone recommend any good software for cleaning my computer of any trace of tor so that I can put it on a pen drive?
Any other recommendations would be much appreciated ;D ;D

Cheers
Heinz74

Windows 7 is perfectly fine in my opinion, though to be safe I would highly recommend installing TrueCrypt.  With TrueCrypt you can either fully encrypt your pen drive or create an encrypted virtual hard drive.  Then install Tor to that encrypted device and use it from there, which doesn't (as far as I can tell) leave any trace of Tor usage on your Windows installation (can anyone confirm this?). 

I also would install cygwin to that encrypted drive and then do all text-editting / GPG-encrypting through it's command line interface. 


Title: Re: Updating my security
Post by: wt on March 18, 2012, 05:34 pm
Oh, and also:  If you go with Cygwin (or some Linux installation), the program 'shred' is good for completely wiping out files. 
Title: Re: Updating my security
Post by: alpine on March 18, 2012, 09:33 pm
Hi not sure whats the problem with your network , does not sound like what happened to me but in the end i had to switch to tails. tails never saves anything which is nice and it still wipes memory clean and everything. i would have to say liberte has some extra features but if you follow what i did you might accually be better off. so everything you need is mostly online. (tormail/silkroad/ect) the only thing you need to save is gpg. aleast for me. so what i did was start tails but on the language page hit the tab key then type truecrypt. then when tails loads download gpg4usb which is portable, save it to the desktop for now. generate your keys then use truecrypt to make a container and put the gpg4usb in it. once the container is encrypted upload it to any storage site like mydrive.net which is located in switerland with high privacy laws. after that you want to run a dod wipe on the free space of any os or usb drive that had anything to do with silkroad. i use shredder which is free and offers a wide array of options including 35 pass gutman. now if you do that nothing is stored on any usb or computer you have. and the only private data that is stored is on a remote server everything else is wiped after you shutdown tails.

Hope that helps, Alpine
Title: Re: Updating my security
Post by: Dipset420 on March 18, 2012, 11:27 pm
Wow I'm no longer in my 20's and didn't grow up with the internet and I think it would be easier to learn Mandarin than figure our all this security shit.  Where can I go to learn the basics so I may know what the hell you guys are talking about.  Much thanks
Title: Re: Updating my security
Post by: mrsalve on March 19, 2012, 01:50 am
my setup
win7 dekstop full dcisc encryted(truecrypt) preboot pass is hybrid small secure pass i know+programmed yubikey long random static pass.
all sites logins are via yubikey with lastpass all random passes with 12-15 for the crappy sites and 25 char for  sites that accept those that high

i use virtualbox with live tails iso for tor stuff and reboot after use

at work i just boot up/deploy a vps with lives tails iso and leave hdd unmounted ;P delete vps after use :P

if u go the truecrypt+yubikey route using secondary slot as static pass u must ensure u buy two yubikeys(one white one black) and program same static pass or else ull be locked out if u lose your main yubikey also prepending/appending a secure 6-12 pass before/after the static pass from the yubikey ensures that even if ur captured with yubikey they wont be able to crack into your truecrypted drives without knowing your pass as well :P


winning combo 2 yubikeys +1yr lastpass subscription
https://store.yubico.com/store/catalog/product_info.php?products_id=13&osCsid=171584ad19a7e24cb3338d13b35e6e6e

how to setup yubikey with truecrypt
http://static.yubico.com/var/uploads/pdfs/TrueCrypt%202011-03-23.pdf

need help pm me :D
Title: Re: Updating my security
Post by: Heyenezz on March 19, 2012, 05:09 am
I'd use Truecrypt to encrypt my entire hard drive. Don't write any passwords down, tell them to anyone, or use any more than once.

My passwords are all different from each other and contain strings of random characters. Most of my passwords are saved insie a Truecrypt container since I can't remember a bunch of strings of random characters.
Title: Re: Updating my security
Post by: wt on March 25, 2012, 09:51 am
I Second not writing your passwords down (at least, not for long).  Just memorize them and resign yourself to a complete data loss if you ever forget them.