Silk Road forums

Discussion => Security => Topic started by: klaw239 on April 18, 2012, 09:47 pm

Title: BEWARE and adive from senior IT guys/gals
Post by: klaw239 on April 18, 2012, 09:47 pm
Hello all. So I go bitinstant and MTgox all set up and went to chase and made a deposit today. My funds are now at Mtgox but after My funds were accepted at MTgox I noticed a lag in PC  so I started snooping around and I found something disturbing. Has anyone else noticed this...First off I am leeching a connecting from  down the road and I am filtering My MAC address. I am running windows XP  with all updates  (bah!) I have yet to purchase any goods but I noticed MY Computer name had changed as well as my work group and My firewall all the sudden has exceptions and to top that all the exceptions are very shady and filled with holes. AIM,IE, YAHOO messenger, File and printer sharing was all the sudden enabled again after I disabled it. I have done nothing wrong  and have nothing on my computer that I would be scared for other to view but I am def doing a low level format and heeding the advice of wiser members here and either booting from USB or buying a laptop with no personal information on it and using it strictly for silk road with the hard drive wiped to zeros after every transaction but I fear My security may have already been compromised. What is even more scary by PC was renamed to the STATE I LIVE IN. Please  a higher level IT guy with  security expertise offer some insight and advice. This has me pretty spooked. Too all other NooBs let My mistake be a lesson learned for you. Don't be lazy and follow these guys/gals advice when setting everything up and remember desecration is ALWAYS the better part of valor.  I hope I did not fuck my self with a red flag in anyway.
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: Prawl42 on April 18, 2012, 10:25 pm
Hey! welcome to the forums.

Im by no means a expert but by far no novice :) I believe its safe to say you do not have a red flag up or are being watched as you said you have brought nothing from here yet and buying BTC is perfectly legal ( for now atleast) But i 100% recommend using librete from a usb drive a guide can be found in the post below.

http://dkn255hz262ypmii.onion/index.php?topic=15383.0

If you need any help with the setup just say.
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: klaw239 on April 18, 2012, 10:35 pm
Much appreciated. Thank you for taking the time to post the advice and link. I am most def going to take your advice.
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: Prawl42 on April 18, 2012, 10:46 pm
Thats alright, let me know if you run into any problems, it would be worth doing a wipe on the box that you used to run tor on previously after you create your usb just for a added layer of comfort.
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: radium1911 on April 19, 2012, 04:57 am
Stop leeching wireless, that's the source of your problems.
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: lilith2u on April 19, 2012, 05:24 am
Stop leeching wireless, that's the source of your problems.
  No shit!
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: Reece on April 19, 2012, 05:30 am
You bought BTC and now feel your security is compromised?
 ???

Are they watching you now? Go look out the window.
 :o
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: Prawl42 on April 19, 2012, 07:06 am
You bought BTC and now feel your security is compromised?
 ???

Are they watching you now? Go look out the window.
 :o

LOL!
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: kakapo on April 19, 2012, 07:20 pm
Why do people assume by using someone else's internet via their unsecured wireless is a good idea? For all you know they might be a Computer Forensics expert who loves to fuck with freeloaders in his spare time.
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: raven92 on April 19, 2012, 09:46 pm
The sad fact is that buying any amount of BTC is suspicion of money laundering, drug activity, or worse.  You can try to tell me all you want that BTC are safe, however I know for a FACT they are not. Everything is tracked and CAN lead back straight to you.  People buying BTC in the USA will be and are red flagged.  Why?  Theres no real legit reason to be purchasing BTC for the average person.  As far as your story, if a government agency was "on to you", they would NOT change all of that stuff on your computer, they would just monitor and decrypt every packet coming from/going to your specific address.  Cashing out BTC on the other hand is probably safer than buying it, because its 90% miners, but alot of miners dont report their earnings back to the IRS and the IRS has stepped up their game in this regard to catch people for tax evasion.  If you truly believe everything is encrypted and away from government eyes when using BTC, or Tor in general, I'd suggest college level networking/programming classes =).  The NSA's SKYNET(Utah Data Center) is complete and can decrypt 256bit AES and similar algorithms within seconds.  Don't be fooled by misinformation.  NO ONE IS SAFE HERE.

Uhm, SKYNET can decrypt 256bit AES in seconds? Unless its using some bizzare number of rounds not recommended by NIST its not going to be cracked with 100 skynets (or they have the private key and your password is stupid simple).

https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: raven92 on April 19, 2012, 11:00 pm
Not to get into an internet fight, but do you really think with acres of gpu servers, that they cant decrypt encrypted information in seconds?  This was the whole purpose of SKYNET brother, decrypting information that was never meant to be.

Unless they've broken AES, I don't care how many acres of GPU servers they have...

Quote
Brute-forcing a 128-bit key will require, on the average, roughly 4 x 10 ^ 36 tries. If we assume that attacks are limited to ten billion years, that's roughly 3 x 10 ^ 17 seconds to attack it in. That means it's necessary to try about 10 ^ 19 keys per second to get an average of one 128-bit key broken each ten billion years. If a machine can try one key a nanosecond, that means we need ten billion machines, and we have to have means to power them after the Sun dies. If we want to brute-force it in ten years, that's ten billion billion machines.

So your saying they have 10,000,000,000,000,000,000 GPU's, how many nuclear power plants fuel this thing? Then they could crack a 128bit key in 10 years... plus the power that would require...

The only feasible answer to them being able to break AES is that AES is broken, not that they have enough power to do it. You can't brute force AES 128/256, without getting extremely lucky, like shake a jar create a universe lucky...
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: klaw239 on April 20, 2012, 02:07 am
Both you guys  are correct  in some ways. I have to lean towards eeee's  thoughts on this matter though. There is nothing that can't be decrypted and yes no one is safe here. All we can do is take all the precautions we can and pray to whatever god it is we worship and hope we  can enjoy our goods without having to spend yrs in a cage. Odds are most of us here are good honest decent  people who just enjoy getting a buzz and relaxing. The law  said booze was against the law at one time. To law enforcement who may be reading this. Do you really think we are all  bad people who are pieces of shit that need to be locked in a cage and taken from our kids and family and friends just because want and in many cases need a chemical to make us happy or to relax us? and you look at us like that and think these things cause a piece of paper says its  wrong? but if that peice of people got changed cause some CROOKS in Washington (the politicians AKA the real crooks and pieces of shit that lie and care about themselves only) said all the sudden it was ok to use drugs just like they did with prohibition on booze  you would change your mind about us? I highly doubt you look at ppl in a bar sippin  jim beam as pieces of shit do you? take second to sit back  and reflect on what is truly right and what is truly wrong morally
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: mdmamail on April 20, 2012, 02:22 am
Nobody can decrypt AES or Twofish or any other modern cipher that's using a password with high entropy and has been properly implemented to avoid side channel attacks. Maybe if your password is "lolpassword321" or they seize your computer with the power on and can bleed the key from memory.

Title: Re: BEWARE and adive from senior IT guys/gals
Post by: radium1911 on April 20, 2012, 03:14 am
Quote
Nobody can decrypt AES or Twofish or any other modern cipher that's using a password with high entropy and has been properly implemented to avoid side channel attacks. Maybe if your password is "lolpassword321" or they seize your computer with the power on and can bleed the key from memory.

People here assume the NSA/FBI has an "in" to reduce cracking time for those ciphers. (I find a PGP backdoor to be unlikely, as it is open source.)

Even IF they did have one that reduced cracking time by 95%, it still wouldn't be efficient to use for small time buyers on here.

If you were Osama Bin Laden-level, then it'd be worth using all the 10+ nuclear power plants it would take.
Title: Re: BEWARE and adive from senior IT guys/gals
Post by: klaw239 on April 20, 2012, 03:24 am
mdamail no disrespect intended so please don't take this comment the wrong way but the  word "impossible" is found only in the dictionary of fools. I assure you it can be.Easy to do? A task that some one  would invite upon themselves? Hell no..not even the best of hackers would want to attempt it. But yes it can happen. We can agree to disagree though. I have been waiting for a response from support  for 24 hrs now guys. Does it normally take this long?