Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Left Coast Kratom Buy Kratom Extract   Kraken Kratom Red Vein Kratom   Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   North Spore North Spore Mushroom Grow Kits & Cultivation Supplies

Jump to first unread post Pages: 1 | 2 | Next >  [ show all ]
InvisibletheGODSmademedoit

Registered: 03/04/16
Posts: 516
Shoul i have been using tor while im on this site..
    #23571965 - 08/24/16 06:24 AM (7 years, 5 months ago)

Is that what people do??


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: theGODSmademedoit]
    #23572005 - 08/24/16 06:42 AM (7 years, 5 months ago)

If people want to browse the shroomery like it's 1999 in order to keep their ISP provided WAN IP address private, sure. For others, being smart about what is posted and shared with the community is protection enough.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
InvisibletheGODSmademedoit

Registered: 03/04/16
Posts: 516
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor]
    #23572035 - 08/24/16 07:10 AM (7 years, 5 months ago)

Elaborate on what you think is protection enough through sharing is..no pics?..no personal info or locals obviously...really would appreciate more of you input hold..


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: theGODSmademedoit] * 1
    #23572167 - 08/24/16 08:22 AM (7 years, 5 months ago)

Vice is not a go-to site for opsec discussion, but this post does adequately address the flaws in DPR's opsec preceding his demise. Look to it for real-world examples of what not to do. Bear in mind, obfuscating your ISP provided WAN IP through the use of Tor is not a sure-fire way of guaranteeing anonymity. For if you are tasked (which you would likely have no knowledge of) and go through the trouble of using Tor whilst accessing the Shroomery, but also access other sites and/or resources during your session (Shroomery uses  compulsory HTTPS, which we will assume has not been compromised on an unrelated note, if mass-surveillance were a goal, exploiting cloudflare would be one way to do it, as cloudflare's functionality relies on being able to inspect all traffic that passes between the client and server.), it's likely that accessing those other sites and/or resources will allow your surveillant to glean more information about you.

Here is more discussion on reddit RE: cloudflare ssl and things to consider when using https://www.reddit.com/r/privacy/comments/41cb4k/be_careful_with_cloudflare/

Favorite quote: "Cloudflare is the cancer of the internet."

:grampofapproval:

Sure cloudflare does some things very well, namely DDoS mitigation, DNS, and content delivery optimization. Cloudflare also offers a "WAF" Web Application Firewall, though it's functionality still relies on being able to view the traffic, regardless if it is HTTP or HTTPS. However, cloudflare should not be relied on to secure truly sensitive communications.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor]
    #23631367 - 09/10/16 04:38 AM (7 years, 4 months ago)

Https is already compromised on the State level. Just in time for it to be the new standard.


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: tdubz]
    #23631452 - 09/10/16 06:51 AM (7 years, 4 months ago)

Citation would be a nice side to go with that ambiguous statement. Yes, misconfigured SSL/TLS server settings and malicious CA's like WoSign and StartSSL are a threat to SSL/TLS connections. However, a properly configured server (properly configured as a whole, comprehensive network security, IDS, services hardening, et al.) with no threat of rogue CA's issuing certificates for the domain(s) for individuals other than the domain owner, should stand a good chance against even nation-state adversaries.

Even within the last month, a new attack on SSL/TLS was disclosed. However, the attack relies on the server being configured with less than ideal settings. https://access.redhat.com/articles/2548661

Again, reputable sources to cooberate the claim above would be nice.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 2 hours, 47 minutes
Re: Shoul i have been using tor while im on this site.. [Re: tdubz] * 1
    #23631468 - 09/10/16 07:03 AM (7 years, 4 months ago)

Quote:

tdubz said:
Https is already compromised on the State level. Just in time for it to be the new standard.





Citation needed.

If what you say is true, that would be big news.  Do you have some kind of amazing secret that you are hiding, or are you just talking out of your ass?


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: Shoul i have been using tor while im on this site.. [Re: Alan Rockefeller]
    #23631507 - 09/10/16 07:46 AM (7 years, 4 months ago)

https://en.wikipedia.org/wiki/Bullrun_(decryption_program) It's not that it's a big secret more so than it is just something the general public does not care to know.


Edited by tdubz (09/10/16 08:06 AM)


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor]
    #23631550 - 09/10/16 08:09 AM (7 years, 4 months ago)

Quote:


Encryption standards and Bullrun

The Enigma system had been developed by a small group of inventors who believed the messages it encoded to be practically undecipherable. They turned out to be anything but when a much larger group of analysts applied themselves to cracking them. Solving a puzzle is so much more motivating than creating one! The modern encryption methods used by most businesses are open standards. They are designed so that understanding how they work is of no help in deciphering a message without knowing the right key, and they can be scrutinised by all the mathematical brains in the world who care to look. The fact that the inner operations of the methods are common knowledge makes them no less secure. On the contrary, opening them up to analysis before they enter general use greatly reduces the chance that ways to attack them will be discovered in the future.

The organisation that evaluates and standardizes the encryption methods that are generally used in global commerce, and probably by most governments as well, is a U.S. government agency called the National Institute of Standards and Technology (NIST). In 2013, Edward Snowden revealed the existence of a secret National Security Agency (NSA) programme known as Bullrun. Its aim was to undermine the effectiveness of commonly used encryption methods. Among the tactics employed were attempts to subvert NIST standards. It is alleged that, over several years in the mid-2000s, the NSA had taken control of the authorship of a NIST standard that specified a supposedly secure method of generating random numbers called Dual_EC_DRBG. Randomness forms the basis of a number of encryption methods. In reality, the NSA is claimed to have had a secret way of predicting which numbers the method would generate. Messages that had been encrypted using techniques based on this random number generator would have been open to being decoded by the U.S. authorities.

In the event, the NSA’s attempt to introduce an ineffective encryption method had already attracted attention well before the Snowden revelations. Question marks over the mathematics the standard was based on were raised even before it was adopted in June 2006. By the summer of 2007, details of how to crack it had been published, and November 2007 saw the first suggestion that the flawed method had been deliberately planted by the American security services. On the one hand, this is a tremendous vindication of the theory that open standards lead to secure encryption. On the other hand, it is telling that the standard continued to be available in a number of important software products even after it had been demonstrated to be ineffective. In one of them it was even the default option, which meant anyone who was not up on encryption would be likely to end up using it.

The Bullrun documentation that is in the public domain claims that the NSA has the capacity to defeat a great deal of the encryption in common use on the Internet. Exactly what this entails remains a secret, partly because Snowden did not have access to all the information himself and partly because the NSA has persuaded journalists not to reveal further details for reasons of national security. However, in the light of the Dual_EC_DRBG story, it seems probable that most of the Bullrun capabilities result from software that either uses outdated encryption methods or that has some other kind of flaw the NSA can take advantage of.


Although it is certainly possible that the NSA has discovered secret mathematical means of cracking commonly used encryption standards, this is most likely to be the case for standards that are no longer quite state-of-the-art. It would be genuinely astounding if the NSA were so far ahead of the curve that they had managed to defeat encryption methods that most mathematicians still regard as watertight. Because of their open nature, most of the world retains their trust in the best of the NIST standards even in the light of the revelation that there have been active attempts at sabotage.

The advice that encryption methods should always be subject to open review is repeated like a mantra by many security experts. Surprisingly, however, the U.S. security services choose to ignore it at least some of the time. The National Security Agency maintains a Suite A of encryption methods that are kept secret, while Suite B constitutes the standard NIST methods known to everyone else. As the choice of letters betrays, the NSA regards Suite A as the more secure option and employs it for especially sensitive information. That they use Suite B at all is a consequence of the fact that Suite A encryption can only be used for communication between organisations that can be trusted to keep the hardware and software that perform it under lock and key. Otherwise, the computers could be analysed to reveal how the methods work.

While it is true that an attacker attempting to eavesdrop on Suite A communications would have to figure out how the encryption method worked before she could start trying to crack it, this hardly seems to make the task all that much more difficult. After all, mathematicians all round the world have tried to attack the well-known Suite B methods, and none has succeeded, otherwise the methods would have been removed from the canon. Even if the National Security Agency does have an unmatched team of world-class experts, it remains possible that one or more of the Suite A methods has a weakness none of them has noticed. It seems surprising that they value secrecy over the additional assurance offered by free reviews.

As exemplified in the discussion of the San Luca code above, an encryption method whose inner workings are understood can be hacked by simply testing all possible keys until one is found that decrypts a code to sensible text rather than nonsense. Like most encryption techniques, the standard NIST methods are not immune to this sort of brute-force attack. The problem is addressed by allowing such a large number of possible keys that trying them all out one by one would take an impracticably long time.

However, the power and speed of computer hardware is constantly increasing. One common estimation is that it doubles every two years. A brute-force attack that is infeasible now could come within the reach of attackers in several years’ time. Encryption guidelines published in 2016 by the German Federal Office for Information Security state unequivocally that they only apply until the end of 2022. This means that any systems intended to operate past this point have to allow for the eventuality that, in the future, the encryption methods with which they are originally designed to run might have to be replaced by new ones. Making this possible is a sensible precaution anyway, because nobody can predict when a breakthrough in mathematics might reveal a previously undiscovered means of cracking a currently secure encryption method.




Source: https://cybertwists.com/bullrun/

Emphasis mine.

Because a configuration is commonly used does not mean it should be used. Which leads to my earlier point..

Quote:

h0ldthedoor said:
Yes, misconfigured SSL/TLS server settings and malicious CA's like WoSign and StartSSL are a threat to SSL/TLS connections. However, a properly configured server (properly configured as a whole, comprehensive network security, IDS, services hardening, et al.) with no threat of rogue CA's issuing certificates for the domain(s) for individuals other than the domain owner, should stand a good chance against even nation-state adversaries.

Even within the last month, a new attack on SSL/TLS was disclosed. However, the attack relies on the server being configured with less than ideal settings. https://access.redhat.com/articles/2548661





--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor]
    #23631581 - 09/10/16 08:22 AM (7 years, 4 months ago)

Pleeease dude let's talk quantum encryption. You don't believe a quantum computer could crack all the certificate keys of HTTPS?


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: tdubz]
    #23631593 - 09/10/16 08:27 AM (7 years, 4 months ago)

Quote:

tdubz said:
Pleeease dude let's talk quantum encryption. You don't believe a quantum computer could crack all the certificate keys of HTTPS?




:underageban:

Quote:

the system can’t crack RSA yet. But it does put in place the fundamentals needed to create a computer capable of it.




http://www.digitaltrends.com/computing/mit-five-atom-quantum-rsa/

It's inevitable encryption will be cracked, period. That's applicable to virtually all encryption methods. quantum methods notwithstanding

https://www.sciencedaily.com/releases/2010/08/100829202008.htm


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Edited by h0ldthedoor (09/10/16 08:31 AM)


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor]
    #23631603 - 09/10/16 08:33 AM (7 years, 4 months ago)



Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: tdubz]
    #23631608 - 09/10/16 08:35 AM (7 years, 4 months ago)

Quote:

The original research team recommended that websites use 2048-bit Diffie-Hellman keys and published this Guide to Deploying Diffie-Hellman for TLS. The team also recommended SSH users upgrade both server and client software to the latest version of OpenSSH, which favors Elliptic-Curve Diffie-Hellman Key Exchange. Update: Nicholas Weaver, a security researcher at the University of California at Berkeley and the International Computer Science Institute, said the researchers' theory is "almost certainly correct" has analysis here.




Quote:

tdubz said:
http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ :yawn:




Please, at least read what you post before using it to support your argument.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor]
    #23631626 - 09/10/16 08:44 AM (7 years, 4 months ago)

No offense I'm not sure what we are arguing about is HTTPS compromised? Yes.


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: tdubz]
    #23631630 - 09/10/16 08:46 AM (7 years, 4 months ago)

:dawerp:


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor]
    #23631636 - 09/10/16 08:48 AM (7 years, 4 months ago)

:gombypls:


Extras: Filter Print Post Top
Invisibleh0ldthedoor
HODOR
I'm a teapot User Gallery


Registered: 06/25/16
Posts: 510
Loc: North of The Wall
Re: Shoul i have been using tor while im on this site.. [Re: tdubz]
    #23631641 - 09/10/16 08:49 AM (7 years, 4 months ago)

At this point it feels a lot like

:Trollface:

There are only two likely scenarios, you are grossly misinformed and uninformed or are trolling.


--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you.

– Petyr Baelish


Edited by h0ldthedoor (09/10/16 08:50 AM)


Extras: Filter Print Post Top
InvisibleCelestial Traveler
Random Observer
Male User Gallery


Registered: 03/03/11
Posts: 7,639
Loc: Idaho
Re: Shoul i have been using tor while im on this site.. [Re: h0ldthedoor] * 2
    #23632101 - 09/10/16 11:42 AM (7 years, 4 months ago)

I have no idea wtf any of this means.  :lolsy:


--------------------
Funny Video              Pokemon But With Animals Instead              B


Extras: Filter Print Post Top
InvisibleMoabfighter
Tam Fighter
 User Gallery

Registered: 12/13/15
Posts: 2,710
Re: Shoul i have been using tor while im on this site.. [Re: Celestial Traveler]
    #23643341 - 09/13/16 11:10 PM (7 years, 4 months ago)

I can't understand a word of what's been posted 


Is there any chance at all my cable provider (also Internet provider) looks up ever subscribers most recent pages visited and sees that Joe down the streets top site is something about mushroom cult?

I feel pretty safe. Very much NOT selling. No ones EVER been to my house. Have one friend I trade to for herb. Don't leave my lights on at night or anything. Keep mail to an absolute minimum 

Sound like I'm alright?


--------------------
KSSS And PE WBS.
 


Extras: Filter Print Post Top
OfflineBrian Jones
Club 27
Male User Gallery

Registered: 12/18/12
Posts: 12,342
Loc: attending Snake Church
Last seen: 12 hours, 53 minutes
Re: Shoul i have been using tor while im on this site.. [Re: Moabfighter]
    #23643843 - 09/14/16 05:25 AM (7 years, 4 months ago)

No idea what OP is talking about. HoLDthedoor and the last poster made sense. Gee whiz you think maybe not giving your location or posting pictures, is a good idea or not? I haven't done anything illegal in years, and almost all my posts are on sports.


      I'm no genius, but unless you are, I think any attempts at internet encryption probably attract more attention than just regular posting with normal judgement.


--------------------
"The Rolling Stones will break up over Brian Jones' dead body"    John Lennon

I don't want no commies in my car. No Christians either.

The worst thing about corruption is that it works so well,


Extras: Filter Print Post Top
Jump to top Pages: 1 | 2 | Next >  [ show all ]

Shop: Left Coast Kratom Buy Kratom Extract   Kraken Kratom Red Vein Kratom   Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   North Spore North Spore Mushroom Grow Kits & Cultivation Supplies


Similar ThreadsPosterViewsRepliesLast post
* tor/privoxy configuration w/ azureus? atlas 757 1 03/06/06 08:17 AM
by OJK
* Tor and Privoxy Zepplin 2,914 1 11/16/06 04:38 PM
by OJK
* Tor/Privoxy does nothing? Disco Cat 1,762 15 03/25/07 05:18 PM
by Taharka
* Use encryption! + some common sense tips
( 1 2 all )
Quake3 5,402 26 01/22/09 11:45 AM
by flip3084
* Tor: An anonymous Internet communication system garbage 932 1 04/10/05 08:59 AM
by newuser1492
* Tor - What Do You Know About It? daimyo 626 7 10/21/05 05:29 AM
by spooky
* NSA: Secure Configuration Guidelines for a Number of Operating Systems ivi 332 0 10/30/05 11:48 AM
by ivi
* Encrypting IP address, to block tracking of Downloads BowlKiller 1,805 6 10/26/04 01:45 PM
by BowlKiller

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Enlil, Alan Rockefeller
1,468 topic views. 0 members, 1 guests and 0 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.03 seconds spending 0.007 seconds on 17 queries.