/os/ - Online Security

News, techniques and methods for computer network security.

Boards | Catalog | Bottom

Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.

Welcome to Online Security: Sticky Thread Endwall 07/13/2016 (Wed) 03:11:01 [Preview] No. 181 [Reply]
Hello and Welcome to /os/, Online Security.

This is a board for the discussion of online security / privacy / news in the privacy world.

>I don't have anything to hide

>GPG GNU Privacy Guard

>Privacy Guides

Message too long. Click here to view full text.

Edited last time by Endwall on 01/02/2017 (Mon) 11:02:15.

Sticky Bump Endwall 10/23/2016 (Sun) 18:54:40 [Preview] No. 624 del
TENS , https://spi.dod.mil/lipose.htm , US Air Force Live CD <-- online banking for mom and dad.
LibertyBSD http://libertybsd.net/ , https://libreboot.org/docs/bsd/openbsd.html
Edited last time by Endwall on 01/02/2017 (Mon) 11:03:40.

Meta Thread Endwall 07/12/2016 (Tue) 12:03:36 [Preview] No. 171 [Reply]
Post any comments, concerns, or requests for the board in this thread.
Edited last time by Endwall on 07/12/2016 (Tue) 12:15:00.
6 posts omitted.

Anonymous 08/22/2016 (Mon) 08:34:59 [Preview] No. 354 del
Hello. Your onion address is not working. Connection refused at TCP 25.

Anonymous 08/22/2016 (Mon) 08:50:08 [Preview] No. 355 del


Endwall 08/23/2016 (Tue) 00:49:16 [Preview] No. 356 del
I got the email. It does that because it rejects you if you try to rendevous in a country that I've banned in my exlude nodes in my torrc-defaults file. I have to comment that out, but it seems that the message got through. I'll decrypt this and see if it's the same message I read earlier.
Edited last time by Endwall on 08/23/2016 (Tue) 01:09:43.

Endwall 08/23/2016 (Tue) 01:14:18 [Preview] No. 359 del
Nope... this message was slightly shorter, but had a similar ending.
Edited last time by Endwall on 08/23/2016 (Tue) 01:17:20.

Endwall 09/04/2016 (Sun) 17:27:56 [Preview] No. 544 del
I'm back at school, so activity from me will be slower than usual until I get settled in. I won't have time to post as many news articles, but my main sources of information are as follows:

Tor News
Deep Dot Web
Soylent News
Security NewsFeeds

Feel free to post any relevent news articles you find into the news section. I'll post things here and there as I run across them. Thanks.
Edited last time by Endwall on 12/17/2016 (Sat) 00:27:04.

Online Security News Endwall 07/07/2016 (Thu) 06:09:23 [Preview] No. 149 [Reply]
See a news article or CVE bug report on an emerging computer security issue and want to share it? Post below.

I will also post links to Hak5 Threatwire videos.
Edited last time by Endwall on 07/07/2016 (Thu) 16:22:47.
368 posts omitted.

Anonymous 01/15/2017 (Sun) 18:16:53 [Preview] No. 796 del
detailed instructions and tips for hooking system calls of android for REing and profiling applications.


Endwall 01/17/2017 (Tue) 02:48:40 [Preview] No. 799 del
E Hacking News
Italian siblings arrested for cyberattack
Monday, January 16, 2017
Italian police have arrested a nuclear engineer, Giulio Occhionero, 45 and his sister, Francesca Maria Occhionero, 49 for hacking into 18,000 high-profile email accounts, including the former Prime Minister. Authorities suspect that the siblings may have ties to the Freemasons, because the malware used in the hack was called Eye Pyramid believed to be a reference to the all-seeing eye of God, or Eye of Providence, a symbol typically associated with Freemasonry. The name of the software may also have been a play on his own surname – Occhionero means “black eye” in Italian. The widespread cyber-attack compromised communications of prominent Italian institutions and individuals, including Vatican’s two former Prime Ministers, Vatican cardinals, bank executives and other high profile targets, which prosecutors claim was used to conduct insider trading. Mario Draghi, the president of the European Central Bank was also among the targeted individuals. Former Prime Minister, Matteo Renzi was also one who resigned in December last year after losing a constitutional reform referendum. The attackers, who have dual residencies in London and Rome, are accused of spearphishing attacks using malware to gain access to victims' email accounts and illegally accessing classified information and breaching and intercepting information technology systems and data communications since 2012. The siblings were most recently living in Italy. Vatican officials have not yet commented on the attack and it is yet unknown to what extent sensitive Vatican information may have been compromised. There are indications the malware campaign may have been running from as early as 2008. In total, just under 1800 passwords were allegedly captured by the Occhionero siblings, who exfiltrated around 87 gigabytes of data to servers in the United States. Mr Occhionero who had strong links to the Masonic movement allegedly developed software that infected email accounts, enabling him to access the information. Several of the compromised accounts belonged to Mason members. Whether or not there are ties to the Masons, cyber security experts believe it is highly unlikely that the sibling pair acted alone. The illegally accessed information was stored on servers in the United States, leading to an ongoing investigation with the assistance of the FBI’s cyberdivision. The stolen data has been seized by Italian police and the FBI. Italian police believe the siblings used the stolen confidential information to make investments through a firm operated by Mr Occhionero, a nuclear engineer by profession.

Anonymous 01/17/2017 (Tue) 14:33:06 [Preview] No. 800 del

Endwall 01/19/2017 (Thu) 03:34:25 [Preview] No. 801 del
Is WhatsApp Secure? - Threat Wire - Duration: 8 minutes, 2 seconds.
https://youtube.com/watch?v=0yenDWEXpo0 [Embed]

Endwall 01/19/2017 (Thu) 03:37:39 [Preview] No. 802 del
Jupiter Broadcasting
Internet of Voice Triggers | TechSNAP 302
The Github enterprise SQL scare, malware that lives in your browser, Dan’s mail server war story, your feedback, a righteous roundup & more!

Secure OSes Anonymous 05/09/2016 (Mon) 18:21:17 [Preview] No. 37 [Reply]
What is the best OS option for a secure setup?
How do OpenBSD and Linux with patches compare in terms of the security they offer?
47 posts and 1 image omitted.

Anonymous 01/09/2017 (Mon) 04:10:39 [Preview] No. 783 del

What's this?

FuguIta is the Live System which was based on OpenBSD operating system and has following features;

Similar to HDD installation
This Live System is intended to be similar to HDD installation as much as possible.
After bootstrap completed, you can login to the environment like the one which was just installed on HDD.
In this environment, many ordinary files have replaced to symbolic links. So you can replace or modify them by yourself.
Portable workplace
You can save your own environment into Floppy Disk and/or USB flashdrive. Then you will be able to retrieve it at next boot time.
Low hardware requirements
Unless you will use X, this Live System requires 48MB of memory to run.
Following stable version
We're trying to track the OpenBSD-stable version, and to apply all errata patches.

Message too long. Click here to view full text.

Anonymous 01/12/2017 (Thu) 06:40:58 [Preview] No. 786 del
I've had great luck with Alpine on my servers. Yeah, binary packages but it's been amazingly stable for me over a few years.

Alpine is getting pretty popular though, for awhile ncopa was threatening to shut down development for lack of time (he couldn't afford to work on it after losing a sponsor). I used to donate to him.

Then suddenly Docker made its announcement regarding Alpine and everything changed. All mentions of a way to donate on the Alpine website disappeared, development surged, and they get major donations of hardware as well. Has me a little bit worried that it could be sold out. Lots of new names on the contributors list on recent versions.

Anonymous 01/12/2017 (Thu) 11:08:41 [Preview] No. 787 del

yeah alpine is really cool.

they are currently the only major distribution that supports musl as standard c library.

gentoo has musl-hardened/vanilla branch but it still has long way to go for stabilization

Anonymous 01/12/2017 (Thu) 20:45:27 [Preview] No. 788 del
why no linux-libre kernel for alpine
what are they trying to hide

Anonymous 01/15/2017 (Sun) 22:12:14 [Preview] No. 798 del

if you don't know how to compile kernel, don't buy hardwares that requre firmwares to work properly in the first place

Compile Thread Anonymous 11/27/2016 (Sun) 20:44:39 [Preview] No. 692 [Reply]
Endwall guy should keep irrelevant compile instructions in this thread by editing the OP or edit the Sticky thread before purging said irrelevant posts in various threads. Just remind them to compile from source and redirect them to this thread.
5 posts omitted.

Tor mods Endwall 12/04/2016 (Sun) 06:01:18 [Preview] No. 709 del
change this to

digest_algorithm_t alg = DIGEST_SHA1;
digest_algorithm_t alg = DIGEST_SHA256;
Leave this alone it will break tor if you change it.


change to

Message too long. Click here to view full text.

Edited last time by Endwall on 12/22/2016 (Thu) 05:15:38.

Install torsocks from source Endwall 12/04/2016 (Sun) 06:01:50 [Preview] No. 710 del
Install Torsocks from source

$ su
# pacman -S git
# apt-get install git
$ mkdir -p ~/git
$ cd ~/git
$ git clone https://git.torproject.org/torsocks.git

or if tor is already running with previous version of torsocks
$ torsocks git clone https://git.torproject.org/torsocks.git

$ mkdir -p ~/tor
$ mv torsocks ~/tor
$ cd ~/tor
$ cd torsocks
$ ./autogen.sh

Message too long. Click here to view full text.

youtube-dl from git Endwall 12/04/2016 (Sun) 06:02:28 [Preview] No. 711 del
Install Youtube-dl from source git

$ cd ~/
$ mkdir -p git
$ cd git
$ torsocks git clone https://github.com/rg3/youtube-dl.git
$ cd youtube-dl
$ su
# torsocks pacman -S zip pandoc
# pacman -Rc youtube-dl
# exit
$ make
$ ls
$ cd ~/bin
$ ln -s ~/git/youtube-dl/youtube-dl youtube-dl
$ cd ~
$ export PATH=$HOME/bin:$PATH

Message too long. Click here to view full text.

Tor from git repo Endwall 12/04/2016 (Sun) 06:03:18 [Preview] No. 712 del
Clone tor from git repo


$ mkdir ~/git
$ cd ~/git
$ torsocks -i git clone http://dccbbv6cooddgcrq.onion/tor.git
$ cd tor
$ cd src
$ cd or
$ nano or.h
$ nano routerparse.c
$ nano circuituse.c
$ cd ..
$ sudo su

Message too long. Click here to view full text.

Anonymous 01/15/2017 (Sun) 22:04:32 [Preview] No. 797 del
is there reason to use torsocks over git's builtin socks5 proxy?

wouldn't it be better if you just register as http.proxy and https.proxy variable by git config?

Not sure what revision of git your distro ships with but using torsocks should be considered depreciated hack for applications with builtin socks5 proxy support.

SSH privacy Anonymous 05/11/2016 (Wed) 18:16:01 [Preview] No. 42 [Reply]
How can I anonymously ssh into something? Going through Tor and using a freshly generated key for identification is obvious, but how can I make sure that there is no data leakage above all that? I haven't been able to find any guides on that, even though it seems like something a lot of people might be interested in doing.
2 posts omitted.

Anonymous 05/11/2016 (Wed) 21:01:41 [Preview] No. 45 del
>posting in the little retard's pet board
>captcha required

post this somewhere else if you are interested

Anonymous 10/21/2016 (Fri) 05:56:34 [Preview] No. 620 del
you gotta make suer your ssh deosn't show your key files to the server too

Anonymous 10/21/2016 (Fri) 12:05:39 [Preview] No. 621 del
Commenting out
SendEnv LANG LC_*
can help too.

Disabling pubkey auth is important. If you have passwordless key or have key loaded in ssh-agent, option
disables pubkey auth completely.

Also, there's this thing to demonstrate deanon by ssh key:

Anonymous 12/28/2016 (Wed) 01:52:02 [Preview] No. 748 del
Finally, my almonds have been activated.

Anonymous 01/08/2017 (Sun) 19:31:59 [Preview] No. 782 del
In ~/.ssh/config so you don't leak your username if you forget to specify one.
host *

user root

(25.07 KB 274x237 1480165941744.jpg)
Non ICAAN controlled domains Anonymous 01/02/2017 (Mon) 18:30:10 [Preview] No. 760 [Reply]
I have a website but I'm afraid that it won't stay up within the first year that Trump gets in. I would eventually pay for my own static IP but before then, I need to really decide on what website domains I should use that isn't too expensive. Some territorial domains have specifications as to what can and can't be done while other domains are controlled by FVEY. .is BTW, is super expensive, I was told that the price is around $500.

Anonymous 01/02/2017 (Mon) 18:33:10 [Preview] No. 761 del
mispelt ICANN

Anonymous 01/06/2017 (Fri) 22:33:59 [Preview] No. 770 del
.is Is great, archive.is people are smart people.

Anonymous 01/07/2017 (Sat) 04:06:07 [Preview] No. 772 del
Come to think of it, I think that pricing was an error on their part, should be 89 to 99 USD per year.

I wish I was Norwegian so that I can get a .no instead. Besides .no, I was thinking of .fi but then I realized that EU nations are potentially bad. .tv is under Australia but I might have to settle for that if I really don't want to pay up for .is

Anonymous 01/07/2017 (Sat) 18:42:17 [Preview] No. 774 del

Real answer is "onion".

Anonymous 01/08/2017 (Sun) 19:22:37 [Preview] No. 781 del
or .i2p

Endware Endwall 05/03/2016 (Tue) 08:54:28 [Preview] No. 32 [Reply]
Endware is a suite of programs geared towards internet privacy, security, and anonymity.

Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.

Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.

Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.

Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.

iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.

spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.

alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.

mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.

Message too long. Click here to view full text.

133 posts and 2 images omitted.

BSD Endwall 12/16/2016 (Fri) 05:37:12 [Preview] No. 726 del

Speaking of which, I've really neglected this port. I'll have to work on this more this Christmas and port the latest versions to BSD as best I can.

Its high priority-ish.
Edited last time by Endwall on 12/16/2016 (Fri) 05:41:40.

Updates Endwall 12/20/2016 (Tue) 04:35:49 [Preview] No. 731 del
1) I have updated endtube and fixed some bugs. I will work on this incrementally as I get ideas / as I use it.

endtube.sh version 0.39

2) I fixed some bugs in endlists.sh and endsets.sh. The rule insertion was messed up, and was over indexing leading to some rules not getting added, this is fixed now. Also I added the --help and --version options.

endlists.sh version 1.24
endsets.sh version 1.29

3) I have added a new tool called rmpac-files.sh . This is specific to arch/parabola and pacman. It's a utility to remove files that "already exist in the file system" which prevents updating. This seems to be a perenial error with pacman. Be careful with this file as I have used it to mess my install up, and I required a rescue disk. I thought I'd share it anyways.

rmpac-files.sh version 0.02

Message too long. Click here to view full text.

Endtube Endwall 12/22/2016 (Thu) 05:44:10 [Preview] No. 735 del
endtube.sh version 0.40

fixed some bugs added some options:

Default operational mode is switched back to using the site root as the referer. You can use the more modern site based pull with the flag --grab-refer

I changed this back due to my fear that there is some type of signalling that can be correlated between the url referer grab and the second download.

To use a random referer from a list place the file referers.txt into ~/bin and load it up and use the flag --rand-refer. If you use --grab-refer it will put the referer pulls into this file for later use with the flag --rand-refer.

To use a random character string as the website name use the flag --ranstr-refer

Post below if you have any problems, experience bugs, or have any suggestions for features and or new products. Thanks.

Endware fork Endwall 12/22/2016 (Thu) 05:56:51 [Preview] No. 736 del
Also someone forked endware. This is a good thing.



I hope these guys make endware great again, because I've been slowing down due to school and work commitments. I'll keep an eye out for what these guys fix / change with the code. But yeah its good that some other coders are on the case now, I can't wait to see the results. See anything else about endware out there, then post links below. Thanks.

Endwall 12/30/2016 (Fri) 12:07:27 [Preview] No. 757 del
endtube.sh version 0.41

minor bug fix. Now --referer deactivates the auto referer, I use this to put in the real referer when I'm on youtube. for instance if I go to say Russia Today and grab a video I will use the /videos as the referer by right clicking and copying the link into the terminal.

$ endtube --referer https://www.youtube.com/user/RussiaToday/videos https://youtube.com/watch?v=1IJMLfUPBug [Embed]

or if I have a list of videos from a single source channel I'll do this

$ endtube --list news.txt --referer https://www.youtube.com/user/RussiaToday/videos

where news.txt is the list of vidoes from Russia Today. Try it out.

Any bugs, comments, complaints, or requests, post below. Thanks.

Internet Security General Anonymous 04/16/2016 (Sat) 07:56:30 [Preview] No. 4 [Reply]
Continuing from >>>/tech/597
This is for non specific, general tips for anonymous web browsing and downloads, tips on browsers and browser configurations for the security concious that you don't want to make a new thread for.
33 posts and 1 image omitted.

Endwall 08/20/2016 (Sat) 19:48:35 [Preview] No. 345 del
Regenerate intermediate term signing key:

$ tor --keygen

This will ask you to create a passphrase and then generates the key, make up a strong passphrase before hand and store it somewhere
$ passgen

Endwall 09/04/2016 (Sun) 23:37:16 [Preview] No. 550 del
If you're forced to use Windows, and you want to browse the internet behind tor you can use the links2 windows binary,


and chain it to the tor expert bundle binary. I just tried this out and it worked fine.


endtorrc works with this setup but you have to comment out the Sandbox variable.
and place the torrc, torrc-defaults, geoip, and geoip6 files in the directory C:\Users\user\AppData\Roaming\tor\

Anonymous 09/07/2016 (Wed) 18:29:36 [Preview] No. 558 del
Are you enabling do not track? I wouldn't suggest that.

Endwall 09/07/2016 (Wed) 23:21:30 [Preview] No. 559 del

I didn't post >>321, but I'm glad someone did. I incorporated the extra header bit into my setup and into the Endware scripts. I personally don't enable the do not track button. That seems to be the recomendation from JonDonym to not send that request. Thanks for pointing this out. Perhaps I should write up new instructions for setting up links2. I'll do that on the weekend.

a@a 11/07/2016 (Mon) 03:47:53 [Preview] No. 665 del
Random trivial info: the tor browser uses 1000x600, so if you're using a hardened iceweasel or something pretending to be tor, change your window resolution to 1000x600 and doublecheck via ip-check.info

Youtube Replacements Endwall 06/11/2016 (Sat) 08:29:50 [Preview] No. 78 [Reply]
Google engages in sophisticated datamining of your video viewership. Youtube is also a prism service provider.

List any substitutes for youtube for use with youtube-dl or endtube below:
27 posts omitted.

Anonymous 07/26/2016 (Tue) 18:06:45 [Preview] No. 221 del

Anonymous 07/26/2016 (Tue) 22:33:02 [Preview] No. 222 del
My greasemonkey Viewtube script didn't support it.
sage for you

Endwall 08/03/2016 (Wed) 10:41:53 [Preview] No. 247 del

Endwall 10/29/2016 (Sat) 16:29:00 [Preview] No. 633 del