/os/ - Online Security

News, techniques and methods for computer network security.

Boards | Catalog | Bottom

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.


Meta Thread Endwall 07/12/2016 (Tue) 12:03:36 [Preview] No. 171 [Reply]
Post any comments, concerns, or requests for the board in this thread.
Edited last time by Endwall on 07/12/2016 (Tue) 12:15:00.
7 posts omitted.


Anonymous 08/22/2016 (Mon) 08:50:08 [Preview] No. 355 del
-----BEGIN PGP MESSAGE-----

hQIMA4+CmcGphSl/AQ/+N6TWeHxYgpXZIElx6ENAilKQNxebHOilSgFWHC2dvGk1
5DDeeG51vr5u9g5hjmFVkeCdSAYWHjjry4RTefp/lLYCeYLgnuCISmJOeauHtXHp
XlyJ1Q/U+U1WFl37YxPHK6xcA3H7d7sTabO8S5TFVQqht3RTdnREuq51akUmfhpg
rAEN/QYz2bTvfj9Lt5KXhMLc0rSTcO7NxbecCAc+DFEuFU60dBKO+aYjRQMlILmr
xz3/TtFN83xNENQDe7aVfdF0/6YKbRFXiTtkSbfxPsv/c7D+qrjNHgxhbm3iAYog
L0BHRF6f/RuQ22sr7SteqJia4787YfD8pBH8bedCOzUmXJmQSOI1pqntktYonUyT
opLS/hfAgdMCuIIXd7BZUZRcLRGd2+qv8UAVHbCXlfxIXnXUFQAA3h3wDOQM658G
5fbBhug8kzd0PbWsT1RrwSSjKBta8p4eWgCtS/mkPEjsL2xeH8cJAg1x6d+vPW1j
VuyspOzjECGq3gtnk7hMLEY9WlemkO/sD3EQ9LvIoqrnWUi3BUZMhyaeljvX/aaY
ZDWZyYMt628dYCw0V7p6Q826fGdEkj3gV5Z4at2dDvTBd9/kH+M1unUFZNvnzjXe
+b7u7/jY07jwyG9UKnXljxf6iFtgnd3JO4MLt7/4Kjd16aIY+TrVtn1cGzeOtqvS
RgEkF0O1GY4S+BR7JqH/M/s4ggrN0brY2P06NqnzXju8aGD89AqYcidnI0mlCGNd
Y5III3Q/flZyl3fHyLb+wI1/3KknwWs=
=mLnz
-----END PGP MESSAGE-----


Endwall 08/23/2016 (Tue) 00:49:16 [Preview] No. 356 del
I got the email. It does that because it rejects you if you try to rendevous in a country that I've banned in my exlude nodes in my torrc-defaults file. I have to comment that out, but it seems that the message got through. I'll decrypt this and see if it's the same message I read earlier.
Edited last time by Endwall on 08/23/2016 (Tue) 01:09:43.


Endwall 08/23/2016 (Tue) 01:14:18 [Preview] No. 359 del
Nope... this message was slightly shorter, but had a similar ending.
Edited last time by Endwall on 08/23/2016 (Tue) 01:17:20.


Endwall 09/04/2016 (Sun) 17:27:56 [Preview] No. 544 del
I'm back at school, so activity from me will be slower than usual until I get settled in. I won't have time to post as many news articles, but my main sources of information are as follows:

Tor News
http://tornews3zbdhuan5.onion/
Deep Dot Web
http://deepdot35wvmeyd5.onion/
Soylent News
http://7rmath4ro2of2a42.onion/
Security NewsFeeds
http://kenblog2vwew64r5.onion/

Feel free to post any relevent news articles you find into the news section. I'll post things here and there as I run across them. Thanks.
Edited last time by Endwall on 12/17/2016 (Sat) 00:27:04.


Anonymous 03/21/2017 (Tue) 02:50:26 [Preview] No. 859 del
https://orca.tech/?action=proxy-checker
Useful to use before proxycheck.sh because it is much faster like seconds for a thousand proxies. But proxycheck.sh is still useful because it weeds out the proxies that give certificate errors in the google or youtube check.



Welcome to Online Security: Sticky Thread Endwall 07/13/2016 (Wed) 03:11:01 [Preview] No. 181 [Reply]
Hello and Welcome to /os/, Online Security.

This is a board for the discussion of online security / privacy / news in the privacy world.

>I don't have anything to hide
https://archive.is/TkcLz

>GPG GNU Privacy Guard
https://emailselfdefense.fsf.org/en/
http://deepdot35wvmeyd5.onion/2015/02/17/basic-guide-pgp-linux/

>Privacy Guides
https://thetinhat.com/index.html
https://archive.is/zq2Ip
http://crypty22ijtotell.onion/handbook/
http://yuxv6qujajqvmypv.onion
http://deepdot35wvmeyd5.onion/security-tutorials/

Message too long. Click here to view full text.

Edited last time by Endwall on 01/02/2017 (Mon) 11:02:15.


Sticky Bump Endwall 10/23/2016 (Sun) 18:54:40 [Preview] No. 624 del
TOP BUMP
Additions:
TENS , https://spi.dod.mil/lipose.htm , US Air Force Live CD <-- online banking for mom and dad.
LibertyBSD http://libertybsd.net/ , https://libreboot.org/docs/bsd/openbsd.html
Edited last time by Endwall on 01/02/2017 (Mon) 11:03:40.



Secure OSes Anonymous 05/09/2016 (Mon) 18:21:17 [Preview] No. 37 [Reply]
What is the best OS option for a secure setup?
How do OpenBSD and Linux with patches compare in terms of the security they offer?
55 posts and 2 images omitted.


Anonymous 03/24/2017 (Fri) 07:32:18 [Preview] No. 860 del
http://spi.dod.mil/ This doesn't work for me.


Anonymous 03/24/2017 (Fri) 07:38:06 [Preview] No. 861 del
nvm, I had to use a normal firefox profile then accept the unknown certificate manually.


Anonymous 04/03/2017 (Mon) 22:40:37 [Preview] No. 873 del
you can load syslinux from a librebooted grub


Anonymous 04/09/2017 (Sun) 07:45:36 [Preview] No. 877 del
>>873
you can't have full disk encryption if you do that.



Internet Security General Anonymous 04/16/2016 (Sat) 07:56:30 [Preview] No. 4 [Reply]
Continuing from >>>/tech/597
https://archive.is/INR3l
This is for non specific, general tips for anonymous web browsing and downloads, tips on browsers and browser configurations for the security concious that you don't want to make a new thread for.
35 posts and 1 image omitted.


Anonymous 09/07/2016 (Wed) 18:29:36 [Preview] No. 558 del
>>321
Are you enabling do not track? I wouldn't suggest that.


Endwall 09/07/2016 (Wed) 23:21:30 [Preview] No. 559 del
>>558

I didn't post >>321, but I'm glad someone did. I incorporated the extra header bit into my setup and into the Endware scripts. I personally don't enable the do not track button. That seems to be the recomendation from JonDonym to not send that request. Thanks for pointing this out. Perhaps I should write up new instructions for setting up links2. I'll do that on the weekend.


a@a 11/07/2016 (Mon) 03:47:53 [Preview] No. 665 del
Random trivial info: the tor browser uses 1000x600, so if you're using a hardened iceweasel or something pretending to be tor, change your window resolution to 1000x600 and doublecheck via ip-check.info


Proxychains workflow Endwall 04/23/2017 (Sun) 05:00:20 [Preview] No. 884 del
Repost of a good workflow from another user (a@a?)
originally posted here >>>/pol/39627

Rationale: Use the Tor network to obscure your originating IP, use an ssl proxy or socks5 proxy to obscure Tor network use
Stragtegy Flow: Tor -> SSL Proxy -> Clearnet
Alternate Strategies: VPN ->Tor -> Clearnet ; VPN ->Tor -> SSL Proxy -> Clearnet ; Tor -> Clearnet ; Tor browser on Tails

Proxychains Workflow

################ Materials List ##############################
you will need:
1) proxycheck.sh from >>>/os/
2) tor
3) proxychains
4) an ssl proxy

############### Work Flow ###############################

Message too long. Click here to view full text.

Edited last time by Endwall on 04/23/2017 (Sun) 21:04:59.


Anonymous 04/23/2017 (Sun) 17:56:33 [Preview] No. 885 del
>>884
>Congratulations you are anonymized.
This is misleading. Anonymity is much more than just "use this".

Stop treating Tor and other tools as a complete solution to anonymity.

Stop suggesting such complicated methods. The users who need this are better off using the Tor Browser with security settings on high, preferably on Tails.
Point people to information like the official Tor documentation, if you think they are lacking try to improve them.



Online Security News Endwall 07/07/2016 (Thu) 06:09:23 [Preview] No. 149 [Reply]
See a news article or CVE bug report on an emerging computer security issue and want to share it? Post below.

I will also post links to Hak5 Threatwire videos.
Edited last time by Endwall on 07/07/2016 (Thu) 16:22:47.
402 posts omitted.


Endwall 04/06/2017 (Thu) 23:14:22 [Preview] No. 876 del
Jupiter Broadcasting

Wifi Stack Overfloweth | TechSNAP 313
http://www.jupiterbroadcasting.com/113571/wifi-stack-overfloweth-techsnap-313/
April 5, 2017
Your Wifi Stack is under attack! But dont worry, Apple’s got the patch & we’ve got the story. Then the latest ATM hacking tips that will only cost you $15 & Dan does a deep dive into Let’s Encrypt!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0313-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0313.mp3

And then the murders began | BSD Now 188
http://www.jupiterbroadcasting.com/113621/and-then-the-murders-began-bsd-now-188/
April 6, 2017
Today on BSD Now, the latest Dragonfly BSD release, RaidZ performance, another OpenSSL Vulnerability & more; all this week on BSD Now!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0188-432p.mp4
http://traffic.libsyn.com/jbmirror/bsd-0188.mp3


Endwall 04/16/2017 (Sun) 01:59:48 [Preview] No. 878 del
Hak 5
Better Border Protections for Your Electronic Devices - Threat Wire - Duration: 6 minutes, 4 seconds.
https://youtube.com/watch?v=E8aGl4kisUM [Embed]

Linux Terminal 201: Networking Commands You Should Know! - HakTip 152 - Duration: 9 minutes, 52 seconds.
https://youtube.com/watch?v=F1geJWP4Yvs [Embed]


Endwall 04/16/2017 (Sun) 02:07:30 [Preview] No. 879 del
Jupiter Broadcasting

Cyber Liability | TechSNAP 314
http://www.jupiterbroadcasting.com/113781/cyber-liability-techsnap-314/
Posted on: April 12, 2017
We cover some fascinating new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom and Dan does another deep dive, this time on everyone’s favorite database, PostgresSQL.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0314-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0314.mp3

Codified Summer | BSD Now 189
http://www.jupiterbroadcasting.com/113836/codified-summer-bsd-now-189/
Posted on: April 13, 2017
This week on the show we interview Wendell from Level1Techs, cover Google Summer of Code on the different BSD projects, cover YubiKey usage, dive into how NICs work & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0189-432p.mp4
http://traffic.libsyn.com/jbmirror/bsd-0189.mp3


Endwall 04/20/2017 (Thu) 03:15:39 [Preview] No. 882 del
Hak 5
ShadowBrokers Release New NSA Docs - Threat Wire - Duration: 7 minutes, 46 seconds.
https://youtube.com/watch?v=oM3SGXmOLgE [Embed]


Endwall 04/20/2017 (Thu) 18:46:42 [Preview] No. 883 del
Jupiter Broadcasting

Tales of FileSystems | TechSNAP 315
http://www.jupiterbroadcasting.com/113981/tales-of-filesystems-techsnap-315/
April 18, 2017
We’ve got the latest gossip on Apple’s brand new filesystem & why you should care! Plus Dan dives deep into the wonderful world of ZFS and FreeBSD jails & shows us how he is putting them to use in his latest server build.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0315-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0315.mp3

The Moore You Know | BSD Now 190
http://www.jupiterbroadcasting.com/114041/the-moore-you-know-bsd-now-190/
April 20, 2017
This week, we look forward with the latest OpenBSD release, look back with Dennis Ritchie’s paper on the evolution of Unix Time Sharing, have an Interview with Kris Moore about FreeNAS & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0190-432p.mp4
http://traffic.libsyn.com/jnite/bsd-0190.mp3



Endware Endwall 05/03/2016 (Tue) 08:54:28 [Preview] No. 32 [Reply]
Endware is a suite of programs geared towards internet privacy, security, and anonymity.

Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.

Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.

Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.

Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.

iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.

spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.

alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.

mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.

Message too long. Click here to view full text.

166 posts and 3 images omitted.


Anonymous 03/19/2017 (Sun) 17:25:05 [Preview] No. 858 del
>>857
Here is a pf configuration that only allows tor.
set skip on lo

block log
pass out inet proto tcp user _tor


Endwall 04/02/2017 (Sun) 03:42:23 [Preview] No. 870 del
Endstream
endstream.sh version 0.20
https://github.com/endwall2/endware/raw/master/endstream.sh

-Added more channels,
-Added a second menu that is accessed with the keys m and n ( m, n , q )

-I have to add some randomized user agents, headers and referer stuff to this, and reorganize the channels, I'll do that next weekend or actually probably in two weeks from now.

EndTV
endtv.sh version 0.04
https://github.com/endwall2/endware/raw/master/endtv.sh

-Grab cookie file with curl ( still doesn't work)
- fixed while loop for menu , use m and n to switch between the two menus
- fixed the stream dropout problem, using --loop=inf

Message too long. Click here to view full text.



Anonymous 04/02/2017 (Sun) 17:05:57 [Preview] No. 872 del
Use git for the change log and version information instead of cluttering the scripts.


filmon.tv Endwall 04/16/2017 (Sun) 18:25:46 [Preview] No. 880 del
endtv.sh is currently broken along with all of the filmon.tv channels that are cross listed in endstream. I get the following error message.

Playing: https://www.filmon.com/tv/bbc-news
[ytdl_hook] ERROR: bbc-news: Failed to parse JSON (caused by JSONDecodeError('Expecting value: line 1 column 1 (char 0)',)); please report this issue on https://yt-dl.org/
bug . Make sure you are using the latest version; type youtube-dl -U to update. Be sure to call youtube-dl with the --verbose flag and include its complete output.
[ytdl_hook] youtube-dl failed, trying to play URL directly ...

Well it was fun while it lasted. Someone please bug report this to youtube-dl.

I'll try to replace DW,RT,BBC,PressTV, with streams from some other source eventually. Hopefuly the youtube-dl developers just fix this.


Endwall 04/17/2017 (Mon) 21:12:10 [Preview] No. 881 del
>>880

endtv.sh seems to be working again somewhat. I'll keep the filmontv channels out of endstream for now however.



Hardware Endwall 09/18/2016 (Sun) 18:31:31 [Preview] No. 580 [Reply]
Discuss hardware and alternative hardware concepts to increase computer and online privacy and security.
Edited last time by Endwall on 09/18/2016 (Sun) 18:50:04.


Anonymous 12/24/2016 (Sat) 17:47:43 [Preview] No. 740 del
Lynxchan installation tutorial
https://archive.is/t15RP


Anonymous 02/22/2017 (Wed) 05:31:33 [Preview] No. 835 del
(23.44 KB 500x327 dunno.jpg)
RISC-V looks pretty cool.



Compile Thread Anonymous 11/27/2016 (Sun) 20:44:39 [Preview] No. 692 [Reply]
Endwall guy should keep irrelevant compile instructions in this thread by editing the OP or edit the Sticky thread before purging said irrelevant posts in various threads. Just remind them to compile from source and redirect them to this thread.
5 posts omitted.


Tor mods Endwall 12/04/2016 (Sun) 06:01:18 [Preview] No. 709 del
tor/src/or
or.h
#define DEFAULT_ROUTE_LEN 3
change this to
#define DEFAULT_ROUTE_LEN 6

routerparse.c
digest_algorithm_t alg = DIGEST_SHA1;
digest_algorithm_t alg = DIGEST_SHA256;
Leave this alone it will break tor if you change it.


or.h

#define CBT_DEFAULT_RECENT_CIRCUITS 20
change to
#define CBT_DEFAULT_RECENT_CIRCUITS 10

Message too long. Click here to view full text.

Edited last time by Endwall on 12/22/2016 (Thu) 05:15:38.


Install torsocks from source Endwall 12/04/2016 (Sun) 06:01:50 [Preview] No. 710 del
Install Torsocks from source

$ su
# pacman -S git
# apt-get install git
$ mkdir -p ~/git
$ cd ~/git
$ git clone https://git.torproject.org/torsocks.git

or if tor is already running with previous version of torsocks
$ torsocks git clone https://git.torproject.org/torsocks.git

$ mkdir -p ~/tor
$ mv torsocks ~/tor
$ cd ~/tor
$ cd torsocks
$ ./autogen.sh

Message too long. Click here to view full text.



youtube-dl from git Endwall 12/04/2016 (Sun) 06:02:28 [Preview] No. 711 del
Install Youtube-dl from source git

$ cd ~/
$ mkdir -p git
$ cd git
$ torsocks git clone https://github.com/rg3/youtube-dl.git
$ cd youtube-dl
$ su
# torsocks pacman -S zip pandoc
# pacman -Rc youtube-dl
# exit
$ make
$ ls
$ cd ~/bin
$ ln -s ~/git/youtube-dl/youtube-dl youtube-dl
$ cd ~
$ export PATH=$HOME/bin:$PATH

Message too long. Click here to view full text.



Tor from git repo Endwall 12/04/2016 (Sun) 06:03:18 [Preview] No. 712 del
Clone tor from git repo

Clone
https://git.torproject.org/tor.git
http://dccbbv6cooddgcrq.onion/tor.git

$ mkdir ~/git
$ cd ~/git
$ torsocks -i git clone http://dccbbv6cooddgcrq.onion/tor.git
$ cd tor
$ cd src
$ cd or
$ nano or.h
$ nano routerparse.c
$ nano circuituse.c
$ cd ..
$ sudo su

Message too long. Click here to view full text.



Anonymous 01/15/2017 (Sun) 22:04:32 [Preview] No. 797 del
is there reason to use torsocks over git's builtin socks5 proxy?

wouldn't it be better if you just register 127.0.0.1:your_tor_port as http.proxy and https.proxy variable by git config?

Not sure what revision of git your distro ships with but using torsocks should be considered depreciated hack for applications with builtin socks5 proxy support.



SSH privacy Anonymous 05/11/2016 (Wed) 18:16:01 [Preview] No. 42 [Reply]
How can I anonymously ssh into something? Going through Tor and using a freshly generated key for identification is obvious, but how can I make sure that there is no data leakage above all that? I haven't been able to find any guides on that, even though it seems like something a lot of people might be interested in doing.
2 posts omitted.


Anonymous 05/11/2016 (Wed) 21:01:41 [Preview] No. 45 del
>posting in the little retard's pet board
>captcha required

post this somewhere else if you are interested


Anonymous 10/21/2016 (Fri) 05:56:34 [Preview] No. 620 del
you gotta make suer your ssh deosn't show your key files to the server too


Anonymous 10/21/2016 (Fri) 12:05:39 [Preview] No. 621 del
>>620
Commenting out
SendEnv LANG LC_*
can help too.

Disabling pubkey auth is important. If you have passwordless key or have key loaded in ssh-agent, option
-oPubkeyAuthentication=no
disables pubkey auth completely.

Also, there's this thing to demonstrate deanon by ssh key:
https://github.com/FiloSottile/whosthere


Anonymous 12/28/2016 (Wed) 01:52:02 [Preview] No. 748 del
Finally, my almonds have been activated.


Anonymous 01/08/2017 (Sun) 19:31:59 [Preview] No. 782 del
In ~/.ssh/config so you don't leak your username if you forget to specify one.
host *

user root



(25.07 KB 274x237 1480165941744.jpg)
Non ICAAN controlled domains Anonymous 01/02/2017 (Mon) 18:30:10 [Preview] No. 760 [Reply]
I have a website but I'm afraid that it won't stay up within the first year that Trump gets in. I would eventually pay for my own static IP but before then, I need to really decide on what website domains I should use that isn't too expensive. Some territorial domains have specifications as to what can and can't be done while other domains are controlled by FVEY. .is BTW, is super expensive, I was told that the price is around $500.


Anonymous 01/02/2017 (Mon) 18:33:10 [Preview] No. 761 del
mispelt ICANN


Anonymous 01/06/2017 (Fri) 22:33:59 [Preview] No. 770 del
>>760
>>761
.is Is great, archive.is people are smart people.


Anonymous 01/07/2017 (Sat) 04:06:07 [Preview] No. 772 del
>>760
Come to think of it, I think that pricing was an error on their part, should be 89 to 99 USD per year.

I wish I was Norwegian so that I can get a .no instead. Besides .no, I was thinking of .fi but then I realized that EU nations are potentially bad. .tv is under Australia but I might have to settle for that if I really don't want to pay up for .is


Anonymous 01/07/2017 (Sat) 18:42:17 [Preview] No. 774 del
>archive.is
NSAflare

Real answer is "onion".


Anonymous 01/08/2017 (Sun) 19:22:37 [Preview] No. 781 del
>>774
agreed
or .i2p