Silk Road forums

Discussion => Security => Topic started by: chino on February 20, 2012, 10:38 pm

Title: DEFENDING SR. And a Secure USB STICK for sale by SR or recomended by SR
Post by: chino on February 20, 2012, 10:38 pm
Hello all, i am a user of SR, i keep reading that our enemies are getting stronger they want to finish SR. I get the impresion that we are doing nothing about it. Here is many people that are strong in crypto and security. Is any way that SR can create a team to come up with ways to defend the site, and ways to help the users to be safe (as much as we can) using the website. Maybe a certify or sanction by SR usb stick with a good system to browse SR safe that we can buy and that we are completely sure that is safe. We could have a war chest where the users can donate for the war (defensive of course) with a good team that can bring security to vendors and users.

This guys from SECURITY SOLUTIONS had been selling from a while a product that no one is buying because they dont know if it has a trojan or a backdoor. Is anyway that SR can check this guys and come up with a solution. Please we need it.
chino
Title: Re: DEFENDING SR. And a Secure USB STICK for sale by SR or recomended by SR
Post by: livermore23 on February 22, 2012, 02:44 pm
I have bought a Stick from Security Solutions and still have to find a trojan or backdoor..i have also adjusted the image to my personal style..what i can say i impressed with what they offer and i am using it right now..

still I support your idea..and also work at an version perfectly duplicatable.

Yeah i know i havent introduced me and i am a noob here..but wait gimme some time
Title: Re: DEFENDING SR. And a Secure USB STICK for sale by SR or recomended by SR
Post by: TravellingWithoutMoving on February 22, 2012, 03:05 pm
- a buyer / vendors Tor workstation is personal responsibility, collectively yes everyone needs to do their bit but isn't any one person's responsibility, hence the
  solution is for you to research it yourself and implement it.

- there are 10 or so different working Tor solutions, as the saying goes "opinions are like arseholes, everybody has one.".
  why are there so many solutions? -because they usually based around an OS {operating system -windooz, linux, mac...}; then further broken down into flavours of OS...
  And further broken down into "my way of doing something because i want to take the solution to the N'th degree..."


- i doubt the collective SR as you put it are going to agree on a solution for the average Joe nor do they have the time to nor expertise perhaps to pick a single solution
  only for someone to piss all over in the forums.



my observations :-
1. people don't trust someone to provide an image, yet want a solution..
2. people dont seem to want to pay for the hard work gone into the build -perhaps they want it for free.
3. seems to be more interest in the scripts or how to build rather than paying someone for the service.

Who pays for or donates to these opensource projects which are 'Free to use' technologies :
- firefox
- Linux
- Torproject
- firefox plugins
- GnuPG, gpg4win
- Truecrypt
- pidgin & plugins

factors a buyer is going to have to accept:
- a (good) solution will evolve over time, it has to; software changes, patches change functionality, incompatibility, new security methods +++
- at some point you are going to have to trust someone...
- who are you going to go to after you have paid for the solution? -will you expect this for free too?!


Ask yourselves, what am I actually wanting :
- a practical solution                  = an off the shelf prebuilt
- a perfect solution                     = requires someone to build your whole PC
-  or custom self solution?!       = endless methods


I would suggest you (or anyone reading this...) to start by picking an OS, either implement it or buy an image or service that someone has provided.

Title: Re: DEFENDING SR. And a Secure USB STICK for sale by SR or recomended by SR
Post by: chino on February 22, 2012, 08:52 pm

Thank you for your time TWM, i read your coments about my "sugestion" of SR backing up or certifing a usb vendor/user workstation i understand them but i dont agree with them.


My english is not as god as yours, so i am going to try to explaing my point of view in a basic way:



My idea was not everybody collective participating in a quasy perfect democratic way (that is almost imposible), where everybody has an opinion (some good some not so good) that will take a lot time an resources, and it will be and slow process. I let the people that run SR to decide that for me.

I think that SR got many enemies, so i belive SR already is expending money and resources in security (attacks to the site, bitcoins theft, etc). If all of us the people that benefit from SR help and participate with a few bitcoins here and there. That will help SR to upgrade the type of security or achieve it faster (more money and resources will be available).

Of course in the side of our computers the buyer/vendor is a personal responsability, but in the side of SR is their responsability too. I am not trying to shift my responsability to SR. I dont know why the solution is for me to research it myself and implement the right security for me, my knowledge is very limited in this area. I think other people are better prepared than me. The problem is a matter of trust. How do we know as users that that solution is safe. Of course nothing is safe 100%. But if we have a knowledgeable team creating a solution, and a site like SR that can check if their solution is aceptable. They can check that this product is safe (with no backdoors or trojans) and certified.

Yes they are many different solutions. But the people that know in this field can choose somethings that is going to work for the majority. And if any independient vendor came up with an idea. Maybe SR can check it analize it and start selling the product or certified for an amount of money so all can benefit.

If SR sells a USB MEMORY KEY with the software, in a safe maner, with good aplications. SR as a bussiness will benefict with more security, and we the users will benefit too.

We are not paying SR Admin for the open source software, we are paying them for a practical of the shelf solution that we can buy and start using without doing a lot research.

Because security is a ongoing thing it could be updates or changes that can also be certify by SR, and we can pay and download them.
chino
Title: Re: DEFENDING SR. And a Secure USB STICK for sale by SR or recomended by SR
Post by: fyodor on February 22, 2012, 09:35 pm
I have to agree with chino that majority of the safety of this site relies on the admins and creators. They are the real security professionals that prevent attacks and hax everyday. As for the user side, buyer or seller, I think it would be a good idea to have an official setup. I think that this is mostly accomplished by Tails. Although I found that the tor-browser-bundle is still very identifiable, through browser vulnerabilities. And I think FDE (full disk encryption) is an absolute must. I also don't think it includes a GnuPG setup for email.

I also do not trust TOR itself. Majority of the nodes are hosted in the US and the FBI has the Carnivore Project that pulls in an amount of data equivalent to the US Library of Congress every 6 hours. And as we know, if the same user controls the entry and exit node of a connection, it's possible to identify the user. I also have spent much, much time researching chaining I2P to TOR, and I'm quite sure it's nearly impossible/impractical based on latency issues. Hence, I always connect to "open" wifi when I am "having fun."

I might be up for selling a usb stick of my setup once I get more approval from the Linux h4x0r community. And I would be open to selling it at usb price in the interest of open source and furthering security of SR.
---------------------------------------------------------------------------------
"Only to live, to live and live! Life, whatever it may be!"
Title: Re: DEFENDING SR. And a Secure USB STICK for sale by SR or recomended by SR
Post by: TravellingWithoutMoving on February 23, 2012, 12:41 am
chino:

...in the meantime, the best is for you to pick what you want to use...otherwise you might wait forever...

best of luck