/fucko/
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
/fucko/ General Thread v0.7.6 r
"Get on the ground, fucko! Squad, take his computer and all other electronics!"
This edition:
We know #privacy matters, so #everyone should too.
ITT:
>Computer security
>Home security
>Online privacy
>PC and data destruction methods
>How to hide sensitive images, video, audio, etc. i.e. ste(ga)nography
-==COMMONBULLSHIT==-
>B-butIdonthaveanythingtohide!
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565&
https://archive.is/P6mcL
>B-butifyou'vedonenothingwrongyoushouldhavenothingtohide!
If I've done nothing wrong there is no reason to search me.
-==TOOLSTOUSE==-
>LiveUSB/LiveCDReview v1.1
http://pastebin.com/BbmZ8hiR
>WebPostingAssessment v.2
http://imgur.com/T8q7eB0
>TrueCrypt 7.1a [Lastofficialrelease]
https://www.grc.com/misc/truecrypt/truecrypt.htm
http://istruecryptauditedyet.com/
https://wiki.installgentoo.com/index.php/Encryption
>The Paranoid #! (now#!!) Security Guide
http://pastebin.com/tUvq8Jzj
>Fakeinfo Generator
http://www.fakenamegenerator.com/
>PrettyGoodPrivacy[PGP]
http://www.gpg4usb.org/
https://www.gnupg.org/
>OffTheRecord messaging[OTR]
https://otr.cypherpunks.ca/
>Cell Phone guide for Protesters
https://www.eff.org/deeplinks/2014/08/cell-phone-guide-protesters-updated-2014-edition
>Team1:#Squad
http://pastebin.com/PxcDYUr0
>Team2:#squad
http://pastebin.com/jd1sEwKL
>/fucko/squadirc
#[email protected]
All and any supportive comments, template contributions,are welcome and encouraged. NSA shills need notapply.
(semi outdated) Template ALWAYS here: https://wiki.installgentoo.com/index.php/Fucko
Previously on /fucko/:
How to handle the weakest link in computer security: humans?
Anonymous file distribution, anyone?
What is better from a privacy standpoint. Using a VPN that says not to log, or hosting a VPN service on a VPS that doesn't log and using that.
so someone either more knowledgeable or more paranoid, tell me. What's the case for encrypting drives in one's desktops? Laptops, I get, since they can pretty easily get lost or stolen, and facing a demand for a search at a border or something is a realistic threat. But if some three-letter agency gets physical access to my desktop and the room its in, they obviously already know who I am and have at least some significant suspicions. Aren't I already pretty thoroughly screwed by that point?
>>53504610
as I understand it, either way you have to trust them to do what they say they'll do with regards to not logging.
-== CHANGELOG v0.7.6.r ==-
- chronicle article since now it is suscription based
https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
+ the "why privacy matters' paper
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565&
+ "people are turning into profitable stats" article
https://archive.is/P6mcL
-== PROPOSED ADDITIONS ==-
>+ easy safe passwords (dicewaring)
like in pic rel, strong enough and memorable
http://world.std.com/~reinhold/diceware.html
>+ learn how to write your own ciphersaber (crupto)
like a jedi learns how to build its own lightsaber
http://ciphersaber.gurus.org/
>+ privacy tools
for your daily needs and for those you love
https://www.privacytools.io/
>+ external software guides
to break free from the botnet programs
https://prism-break.org/en/all/
http://droid-break.info
>+ software shilling
to spread the word
https://alternativeto.net
>>53504685
I meant that the self setup VPN wouldn't log, I don't think the VPS provider can reliably link traffic from the VPN user which is encrypted at their network level and only decrypted on the RAM of the actual instance, to the traffic a user is requesting which might not be encrypted but belongs to an arbitrary user.
Then again the VPS provide would have my billing details, I don't know in how far they could keep me responsible for any traffic towards the instance/VPN provider.
>>53504818
Some providers set things up to minimize the financial records they have - mine has some other company handle billing (which can be done conventionally or with cryptocurrency), and that other company calls the VPN provider and says "Account id# 1234 got paid for". The VPN provider associates that number with your actual account and login. Idea being that the payment processor might know your identity from payment information, and the fact that you paid for an account with the VPN provider, but not which one it was. The VPN provider knows what your account is, but not the real-life identity behind it.
How well does this work? Who the fuck knows, really. It's nice that they say all this, and it seems from what I can see that they're actually doing it, but at the end of the day there's no getting around the fact that you're trusting the VPN provider to do what they say they'll do. Be that with logging policies, billion information, and whatever else. The only thing you can do is decide either yes I trust them, or no I don't, and if you don't, layer their service with something else (eg, Tor) so that the whole house of cards doesn't come tumbling down if it turns out that they're not trustworthy.
>>53504685
more or less, yet if you have sensitive stuff you can still guarantee it can be cracked if you used a good password and you're not tortured to say the pass
unless you don't have any valuable information (protip if you're/needto asking very probably you don't) or you are a high profile or economically powerful individual (protip if you don't have that money/power you're probably safe), if you don't you're most probably going to be harassed
>>53504952
>you can still guarantee it cant be cracked
fixed
kill yourself
We know #privacy matters, so #everyone should too.
>How can anon help spreading the word to the world?
https://www.youtube.com/watch?v=Qe5pv4khM-Y
https://www.youtube.com/watch?v=TDapEhBGuQc
https://www.youtube.com/watch?v=4F-S6rgf1-E
http://www.pcworld.com/article/182180/top_5_social_engineering_exploit_techniques.html
http://krebsonsecurity.com/2012/01/phishing-your-employees-101/
>this is the future you choose.jpg
>>53505021
PeerBlock 1.2
Base PeerGuardian code copyright (C) 2004-2007 Cory Nelson
PeerBlock modifications copyright (C) 2009-2013 PeerBlock, LLC
Based on the original work by Tim Leonard
>>53504795
>The message was clear: a warrior confronted by a powerful empire bent on totalitarian control must be self-reliant. As we face a real threat of a ban on the distribution of strong cryptography, in the United States and possibly world-wide, we should emulate the Jedi masters by learning how to build strong cryptography programs all by ourselves. If this can be done, strong cryptography will become impossible to suppress.
bumping with aes gif
why use truecrypt when veracrypt exists?
>>53505439
>>53505439
>pros
fixed some issues of the truecrypt last audit
>cons
no audit and source available not free as in freedom
>>53505439
what does /g/ think of cryptomator
it acts as an easy way for clientside encryption in your cloud storage
How to escape the Google botnet?
>Search
https://search.disconnect.me/
https://searx.me
Your own YaCy peer proxied by your own Searx instance
>Chrome
https://en.wikipedia.org/wiki/GNU_IceCat
>GMail
https://protonmail.com/
https://www.ghostmail.com/
Your own Mail-in-a-box https://mailinabox.email/
>Drive
https://owncloud.org/providers/
Your OwnCloud
>Hangouts
https://tox.chat/
>DNS
http://www.opennicproject.org/
http://dnscrypt.org/
>>53504541
>truecrypt
>no tomb in the OP
4/10
>>53506266
(using) tomb is in the paranoid hashtag linux guide anon
2/10 made me reply
>>53504541
-== PROPOSED ADDITIONS ==-
- The Paranoid #! (now#!!) Security Guide (pastebin)
+ The Paranoid #! (now#!!) Security Guide (OP)
http://crunchbang.org/forums/viewtopic.php?id=24722
>>53505712
sorry i intended to quote >>53504541
what does fucko listens to?
https://www.youtube.com/watch?v=F9L4q-0Pi4E
>>53504541
>>53500948
why are two fucko threads
>>53508058
to teach the basics of backup
>>53508093
What's up with MEGA? Why isn't it secure?
>>53508822
Basically Kim Dotcom said in a QA that a known chinese fraudster has shares of MEGA
>Kim Dotcom Q&A
https://yro.slashdot.org/story/15/07/27/200204/interviews-kim-dotcom-answers-your-questions?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Slashdot/slashdot+%28Slashdot%29
>Article (one of many)
http://uk.businessinsider.com/kim-dotcom-data-not-safe-filing-sharing-site-mega-2015-7
>MEGA Response
https://cloudup.com/c1aDRFoEYRI
>MEGA 3.0?
http://www.wired.co.uk/news/archive/2015-07/31/kim-dotcom-mega-3
If you don't trust MEGA host or get a free provider for your OwnCloud. At least this is what (common sense) I do with the free 50GB from MEGA: encrypt my shit in it.
>>53508822
Also not free as in freedom
>>53504541
bumping cause i didn't even know what fucko was until today
any other thoughts on DNS and DNS-Crypt?
It always seems like DNS is one of the big things alot of folks forget about and gets glossed over in all the privacy and paranoia talk
>>53509288
I guess it should be implemented by default on any Os, no excuses since it is fairly easy to set it up nowadays
>>53509259
great anon, it was sometimes derailed by shills
>>53504541
>>OffTheRecord messaging[OTR]
>https://otr.cypherpunks.ca/
I feel like otr/pidgin are sadly going out of date, not exactly many people use the chat providers through pidgin anymore
>>53504541
FUCKING POSTING AGAIN DUE TO ANOTHER FACKU
EPOXY YOUR FUCKING RAM
EPOXY YOUR CMOS BATTERY
BIOS PASSWORD
FDE! <-- deserves !
PAIR PHONE WITh CoMPUTER, IF CONNECTION IS BROKEN WIPE RAM AND SHUTDOWN <-- fucking code it
ON UNKNOWN INSERTIONS OF USB DEVICES OR ANY OTHER MEDIA FUCKING DISABLE KEYBOARD, WIPE RAM AND SHUTDOWN
YOU -> 3G Modem -> VPN -> VPS -> TOR -> INTERNET
IF YOU DONT UNDERSTAND WHY FUCKING END YOURESELF
/thread
>>53509674
There's still Tox
>>53509749
Ok anon just chill
>>53509749
that's highly impractical even as industry standards
but this is imperative
>YOU -> 3G Modem -> VPN -> VPS -> TOR -> INTERNET
>>53504541
>im hiding cp general
>>53509674
I hope slack adds this feature, they addded video chat, and otr doesn't seem that complicated to do
>>53509812
get the fuck out
>>53509798
depending on what you do it really is not, but to most, i guess. then again, if serio
>>53509884
fucking shit keyboard
if serious then it's needed. dread pirate roberts wouldnt had left his laptop open with that.
>>53509818
>inb4 trusting your business telecom on slack
>inb4 trusting your business telecom not on your own
this is something very important since most businesses are going to slack while it really offers little to no security if TLS is defeated
>>53507262
seems really chill, thank you for this
>>53509900
i guess your double dubs confirm the truth anon,
and this is something that will go slowly (but surely if we start endorsing this practices and teaching others)
also who here a sysadmin?
>THE
VAPOR
Here, maybe a little legal action will help.
https://www.change.org/p/bill-gates-satya-nadella-bad-microsoft-stop-pushing-windows-10-on-consumers-uninvited?recruiter=505227647&utm_source=share_petition&utm_medium=copylink
>>53510045
lol hivemind anon I was about to repost it
>>53510045
>>53509971
>>53507501
>>53508181
is openwrt or ddwrt better if I wanna mod my router for security?
>>53509868
Its not your fault if you like licking 9 year old tummies
>>53510243
ddwrt all the way
http://pastebin.com/c47eVqWU
Hiding the SSID is bad, because.... it's dangerous not to broadcast the SSID! This sounds absurd, but I'll try to explain it.
To begin with, it's technically impossible to stop the SSID broadcast entirely. Because there are at least four other ways in which a router still discloses a "hidden" SSID to the world.
Together with many data packages that the router sends, it still sends the SSID. Not encrypted. Easily receivable by everyone who's in the neighbourhood. The SSID is therefore still being broadcast, even when you've "hidden" the SSID in the configuration of the router!
With common network scanners, like Kismet, it takes only several seconds before a hacker picks up a "hidden" SSID.
Hiding the SSID even creates an extra risk: when you've disabled broadcasting of the SSID in the network router, the connected computers have to disclose their presence continually. So they spread the SSID everywhere they go. Your laptops will therefore, everywhere you turn them on, start shouting (at short intervals): "hey, is there a network around named XYZ?".
That makes your laptops an easy target. An attacker can set up an access point with the SSID of your network, so that your laptop will connect with it automatically, without asking for permission. The attacker then can monitor all of your network traffic and maybe even access the hard disk of your laptop.
A MAC address filter is useless, because an attacker can easily see which MAC addresses gain access to the router. Then the attacker can simply falsify (spoof) his own MAC address in order to get access.
With a MAC address filter you only make things more difficult for yourself. For example when you want to access the internet with another (new?) computer. Or when you've a visitor whom you want to grant the possibility to use his own laptop, to access your internet connection.
Disabling DHCP is a pure waste of time. It'll stop an attacker for 10 seconds at most.
DHCP automatically distributes IP addresses. Disabling this is useless. An attacker can almost immediately see the IP scheme of the network and grant himself a valid IP address.
Just kill yourself
WEP is a very weak protection, which an attacker can crack within a minute. It's better than no encryption at all, but that's about it...
When you change the configuration settings of your router, always do that when connected with a (temporary?) wire (ethernet cable). A wireless connection is too unreliable for this.
In the configuration settings of some routers, you can even restrict access to the configuration of the router, to wired connections. Thereby excluding wireless access to the configuration. Unfortunately, not every router offers this option. But when your router does, apply this restriction.
Check on the website of the router manufacturer, whether there's a firmware update available for your router. If so, apply it. Firmware updates solve security issues and fix bugs.
The SSID (network name) should always be broadcast and therefore not be hidden. No exceptions
Change the default SSID (network name) to one of your own invention, from which it's not possible to deduce the brand and/or type of the router. Note: the name shouldn't contain spaces or special signs! Therefore not: Anon's network, but AnonsNetwork.
Don't kill yourself.
The signal encryption should at least be WPA Personal. WPA2 Personal is even better, when both your router and your wireless card allow for it. Every reasonably modern router offers the possibility to set the encryption to WPA. Is your router so old that it can't handle WPA? Then definitely buy a new one. As soon as possible.
>>53504795
AES is the most modern and secure form of WPA encryption. So set it at "AES only". And therefore not at the older and less secure TKIP. Also not at "TKIP + AES", because in that case the encryption is still backwards compatible with TKIP.
For clarification: "AES only" is best, but TKIP is not bad. WPA with TKIP is still reasonably safe.
>>53510260
and it's not yours for being a cock reaming faggot
>>53510467
why shouldn't you broadcast the SSID?
Create your own WPA key and discard the WPA key that the manufacturer of your router may have installed on it. Choose a key with at least 32 characters length, among which capitals, figures and special signs.
>>53510572
should*
>>53510572
>2016
>>53510358
http://security.stackexchange.com/questions/38365/how-risky-is-connecting-to-a-hidden-wireless-network?lq=1
http://www.howtogeek.com/howto/28653/debunking-myths-is-hiding-your-wireless-ssid-really-more-secure/
http://www.brighthub.com/computing/smb-security/articles/1211.aspx
>>53510558
are you mad
Turn on the firewall of the router. Most routers offer the possibility in their configuration, to enable a built-in firewall. Use that possibility.
Note the possible effect this may have on certain online games: sometimes you have to open a certain port in the firewall for those.
Change the administrator password of the configuration screen of the router. Normally, when you want to access the router configuration, you have to type an administrator password in order to gain access to the configuration (usually "admin" or something like that). Change this in a password of your own making. Don't fuck with spaces!
Be extra careful with the use of unprotected or shared networks of others (hotels, campings, airports). Everyone within reach of the unprotected wireless access point, is able to 1. monitor all of your wireless traffic and 2. attack your laptop directly.
The solution to both problems is, to assume that there already is an attacker that has complete access to your network traffic, and network access to your laptop. Send only encrypted information: always use https (whenever possible). Keep your OS updated. Enable the firewall (in the terminal: sudo ufw enable) and check SSL certificates of websites.
Most modern routers have the feature Wi-Fi Protected Setup (WPS). This feature is usually enabled by default. It's intended to make it easier for people with little knowledge of wireless security, to connect devices wirelessly without having to type long passphrases.
However, as could of course be expected from a feature like this (sigh...), WPS poses a massive security risk. With a simple brute-force attack, a remote attacker can recover the WPS PIN code in less than an hour, thus exposing the WPA/WPA2 pre-shared key of the wireless network.
The only solution is: disable WPS in your router straightaway. Some routers don't have the option to disable WPS; in that case, buy a new router that does. Buy it today.
Has WPS been enabled on your router? Then change the WPA/WPA2 key right after disabling WPS. Your network may have been fucked already...
>>53510624
no I'm not
>>53510045
bumpo
https://www.grc.com/dns/dns.htm
this is a pretty good test to run
I want to leave FB, so what's the simplest IM to replace that?
Because that's actually the only thing I'll miss, being able to contact people so easily. E-mails are not direct conversation, and SMS are a bit of a hassle to write compare to writing on keyboard.
Also what are some decent alternative "safe" social networks?
>>53511708
I hardly use social networks anymore but GNU Social looks bretty good.
Bumping a great thread. I started reading and can't stop.
Anybody have a copy of swatted ?
>>53504541
Thanks for the URLs, senpai.
>>53511534
Running Unbound, IANA root servers for resolution.
Pretty good, I'd say.
>>53515387
able to run dnscrypt as well on top of that?
