Fucko thread: TTP edition

soruce: spit.mixtape.moe/view/5561b378#xxeP0Dm9NySwzuf5cWHreFV0piRZu7sC
/fucko/ General Thread v0.7.6

"Get on the ground, fucko! Squad, take his computer and all other electronics!"

This edition:

How to handle the weakest link in computer security: humans?

ITT:


-==COMMON BULLSHIT==-


chronicle.com/article/Why-Privacy-Matters-Even-if/127461/


If I've done nothing wrong there is no reason to search me.

-==TOOLS TO USE==-


pastebin.com/BbmZ8hiR


imgur.com/T8q7eB0


grc.com/misc/truecrypt/truecrypt.htm

istruecryptauditedyet.com/

wiki.installgentoo.com/index.php/Encryption


pastebin.com/tUvq8Jzj


fakenamegenerator.com/


gpg4usb.org/

gnupg.org/


otr.cypherpunks.ca/


eff.org/deeplinks/2014/08/cell-phone-guide-protesters-updated-2014-edition


pastebin.com/PxcDYUr0


pastebin.com/jd1sEwKL


#Fucko @ irc.rizon.net

All and any supportive comments, template contributions, are welcome and encouraged. NSA shills need not apply.

Template ALWAYS here: wiki.installgentoo.com/index.php/Fucko

Previously on /fucko/:

Security of truecrypt, stenography, told "i-don't-need-security-:^)"-fags and much more.
External related threads.
Holla Forums 's TTP thread >>>Holla Forums8900444
Board related.
Truecrypt's original author was an international arms dealer and drug cartel leader - arcnives
part 1: archive.is/cHLbO
part 2: archive.is/nPrsn
part 3: archive.is/Xqkp7
Part 4: archive.is/2M5K9
Part 5: archive.is/rThKK
Part 6: archive.is/po7UA
Internet Security
Freenet De-Anonymization
effective ghetto cctv/home security
Encryption under attack (again) >>562505
lock picking thread
Ham radio

Other urls found in this thread:

en.wikipedia.org/wiki/Stenography
en.wikipedia.org/wiki/Steganography
bleachbit.org/
imgur.com/T8q7eB0
chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/
dailydot.com/crime/tor-harvard-bomb-suspect/
technet.microsoft.com/en-us/library/ff829846(v=ws.11).aspx
technet.microsoft.com/en-us/library/jj649838(v=wps.630).aspx
twitter.com/NSFWRedditImage

Also forgot to add >>>/eternalarchive/
and building a router from scratch to the OP.

May as well add >>>/hamradio/, >>>/wrol/ and >>>/polarchive/ while you are at it. Recommening /polarchive/ despite it being a political board due to the fact that it is a pretty neat archive board with a lot of lurkers, absolutely everything gets stickied to ensure nobody can spam the information is on away

No.
en.wikipedia.org/wiki/Stenography
en.wikipedia.org/wiki/Steganography
Learn the difference you fucking nigger.

Hush! That's how we hide the fact we use it. The first rule of steno is you don't talk about steno!

I prefer Gregg over Pittman anyday.

DMcrypt + luks you faggot. Also, you should include some VPNs and the fact that you should be using non-free (as in beer) VPNs

OLD MAN HENDERSON TIER:

Bump

Apparently those field sobriety tests exist to do three things:

1. Get you to admit that you're drunk.
For example, if they say "Sir, please recite the alphabet backwards", they're hoping that you'll say "Shit! I can't even do that sober!". Then they have an admission of guilt.

2. Test your ability to follow instructions.
They don't so much care about the end result as they care about you doing exactly what they say. A drunk person is likely to have trouble following the exact instructions (and those instructions are exact). Do exactly as they say exactly when they say it.

3. Delay you for 20 minutes.
A breathalyzer test is only admissible evidence if the reading was at least 20 minutes since the last time a person drank. If they can get you to wait 20 minutes, they can breathalyze you and get accurate results.

I don't think anyone here is going to have trouble following a list of instructions, regardless of what they're on. :^)

The top and bottom halfs could be summed up in one sentence

Except the bit about police searches.

Remember kids, clean yourself and make your bed, don't fucking hoard. keep black boxes in the wall, under the house or under the ground. Don't drive long distances. don't answer to *Anyone* unless you know them personally. Say no to taxes. Save power.

Why?
I sort of get the first and second ones, but why this?

I think that "follow the pen with your eyes" test they do could reasonably detect a drunk if they're having trouble seeing straight, but at that point they're falling over drunk and there's no way the cops could mistake it.

Bump

r8 my privacy

I have thought about file encrypting but I do not see a reason for encrypting my files.

nice

3/10
upgrade security with grsec and libre kernel

any reason to believe your VPN provider isn't logging? is it mullvad/cryptostorm/ovpn or privacytools.io approved? Also, use proxychains and TOR for more anonymity.

why are you using adblock and ublock (I assume origin?) it's redudant as they serve the same functions. check out refcontrol, canvas blocker, self destructing cookies and decentraleyes. webRTC can be blocked via about:config manipulation.

never heard of this, but sounds cool. I may look into it. If your drives are encrypted though it doesn't matter so much.

I don't know much about torrent clients but I know deluge is FOSS and comparable to Transmission. I use transmission if I ever have to torrent.

how? I don't know what grsec is.

no but I am not using TOR.
TOR is as slow as fuck and most exit nodes are FBI honeypots

of course uBlock origin

links?

BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean a thousand applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source.
bleachbit.org/

transmission is slow and not as user-friendly as Deluge & qBittorent

how important is it to encrypt files?

Deluge and Qbittorrent are libtorrent-rastebar shit with thousands of bugs. Transmission isn't perfect, but better than these by far. rtorrent is better, anyway.
Use a cleaner distribution.

...

bb-but rtorrent is in the terminal?
How do I VPN in Transmission or rtorrent?

name 1 that is as easy m8. it has all the easiness and customizability.


ebin

Why not use Debian?

when I install debian I don’t know how to connect to the internet. it has no network connection icon on the bar and there is no menu.
most times when I try to install it it says that 'could not find release name'

On second thought you should probably use macOS. It is designed for people like you.

>imgur.com/T8q7eB0
Is this true? What's the source of this?

Completely true.

what?

...

u wot?

Source

t. USAF officer

what plane do you fly?

Not everyone in the air force is a pilot.

Damn, I wonder why those idiots don't just get it!

You want me to be paranoid, start by disclosing yourself and the source of the shit you say.

I don't trust the government agencies anymore than I trust your dumb ass that responds with ad homs to the simple request of backing up your shit.

I don't think you know what that word means my friend.

This looks like a pretty standard flowchart for anyone's PR, corporate or government.

That makes it even easier to disclose its source.


I don't think you even know where you're standing, given "ad hom" is two words. Besides
Seemed like a pretty standard ad hom to me and everyone with at least 2 brain cells.

Its cute people still fall for this meme.

Bump

That's a neat piece of info. I wonder what would happen if you just went

I'm not going to say I'm innocent because there are enough laws in America to get anyone for almost anything if a prosecutor cares to dig deep. It's like being without sin. Ya just can't do it. Speaking of god, how does any of this tinfoil help if the US government (basically god) decides to make you a project? Hell, even Puerto Rico could fuck up all my shit. Guys like Snow & Jules are only "free" because they are now worshiping other government-gods for protection. So what is the point here in spinning your wheels over some p2p sharing of Iron Man 3?


Anyone who could properly follow that chart wouldn't need that chart.


That would be neat, but cops are like used car salesmen. They are trained to see you as commision and will say anything to get another notch. They will even pretend to be your friend. (Except, you know, it's arrests instead of commissions.) Basically civies are sheep to most cops though. They probably won't open up about dragons.

...

...

nice little bump for alice

Bump for Bob.

How do I set up thermite with an easy to access panic switch?

I don't have a clue how this would actually all work togother: a vat of theremite stored above the HDD's, with a switch that opens the bottom of it which is connected to a kick pad which you can then hit to quickly dump the thermit. I can draw up a quick example later on if you want?

-==COMMON BULLSHIT==-


chronicle.com/article/Why-Privacy-Matters-Even-if/127461/

By Daniel J. Solove May 15, 2011

When the government gathers or analyzes personal information, many people say they're not worried. "I've got nothing to hide," they declare. "Only if you're doing something wrong should you worry, and then you don't deserve to keep it private."

The...
This content is available exclusively to Chronicle subscribers
Already a subscriber?
Log in now
Email address:
Password:

Forgot your password?
Keep me logged in
Not a subscriber yet?

Subscribe now for instant access to this article and thousands of others, data tables, and interactive charts — all available exclusively for Chronicle subscribers. Plus your subscription includes weekly print or digital delivery of The Chronicle and The Review and the Chronicle iPad® Edition.

k

-==just cuck my redtext up=

no dumbo, it was copied from the OP who used that format for everything which means it was probably on purpose

I clearly remember an user in a different completely different thread late last year creating a shorterned .pdf version as well as a two .png version. I don't really know if I have a copy of the thread. Also the web archive is likely to have a pre paywall copy of it. I'l up date the pasta. How oftern does anyone think any /g/ had a fucko thread? So far this has been a worth while thread and I am glad that I decided to make another one of these. How ofter should these threads be? Also would a git repo be to much effort?

Not him but

But how would you quickly light the firecracker? With a kick pad, depending on the location of it to your foot, it might be possible to hit it as you stand up at gun point or as soon as the door is breached.

bump

At least I got grsec and a paranoid selinux configuration, but that's pretty much placebo if I don't know whats in that blob.

How stable and useable is that NSA code?

its a bitch and a half to get working correctly but once you have it configured its not too bad. Once you have accounted for the permissions of every application and directory for different users its all right.

Essentially I can run stuff as root, knowing that it will be confined to a specific security context, but things do occasionally break.
Its useful to create policies for running different types of scripts/programs since you can get security through segregation. my web facing stuff is completely separate from my system configuration stuff, and vice versa.
The hard part is configuration and tweaking, but once thats done you should be stable.

bump

The thing is, the NSA wouldn't be stupid enough to backdoor their own pet project; Other people work on it, and it would FUCK their own security since the Chinese and Russians would be all over it for backdoors. Your paranoia blocks your rationality.

==You dumb fuck, do you really think a government wouldn't want to backdoor and know everything their own worker would do?
All the thinkpads you get second hand are probably backdoored even harder than consumer ones precisely because governments mandate it for their own workers==

But SELinux isn't designed for a Jimbo working an office desk, it's designed to keep Linux environments secure. They probably have a network access policy that logs everything you connect to and maybe a remote LogMeIn kind of software anyway, after Snowden. Backdooring SELinux would have no upsides.

Source? Or are you talking out of your ass? Making up conspiracy shit doesn't help people switch to using secure software, asshole, it makes people (understandably) think you're a paranoid maniac.

And none of my thinkpads are backdoored, I use Libreboot + Gentoo.

I am sorry to burst your delusional bubble, baby, but believing in selinux is like saying:
>I believe in a monotheistic, abrahamic tradition God

you're on 8ch, in a fucko thread
how fucking stupid are you?

Have you tried getting 150g of protein from purely food every day? You're a moron.

Demonstrably better R/W speeds, you're a moron.

eCryptFS. You're (still) a moron.

Reading your post, I can tell you're, frankly, off the deep end. There is no recovery from how frazzled your brain has become reading NaturalNews and Infowars. You believe in the grand conspiracy, and use your belief to back up these inane theories you have, which you use to back up your belief in the grand conspiracy. It's all circular bullshit you can never seem to prove.


I just expect to see real discussion about security based on evidence based real-world threat analysis, and the methods and tools which can be used to achieve the best security/usability ratio. Not an insane /killcen/ or TP~* tier retard trying to push their quasi-supernatural threat model onto people who may not understand that they're spewing ludicrous bullshit (so ludicrous it can't be protected against, since the NSA have probably backdoored air according to these guys). Do you just want to jerk off over how you "can never be safe" and how "LITERALLY EVERYTHING IS BOTNET" or do you want to come to a logical conclusion on the process of creating a secure system?

The mods should have shut down the rampant bullshit paranoia early on, it's effectively spam and no different from what would/could be government disinfo.

Holla Forums is garbage

Well looking at this in a rational and logical way...
That crazy guy basically is saying "we are slaves and there's nothing we can do individually"; which is more than true - nothing we can do will even measure up the the threat model of a powerful, centralized government like 'Merika

Might as well try with a rational and logical perspective, which does NOT start with "everything is backdoored" - That's putting the cart before the horse.

Also I'm sure you're a samefag, you quote me twice in every post

...

Bitlocker has a backdoor is a meme

Post a source or gtfo

Do you have any idea how many people have been v& since bitlocker came into existence?

A fucking shitload

If any of these fucks had their PC accessed by the government or Microsoft without giving away their password "for a more lenient sentence" don't you think we'd of heard about by now?

Fuck off with the Bitlocker isn't secure meme

You're not edgy by saying Bitlocker isn't secure, you're just a faggot

Sorry but I had my HDD corrupted and can't find the source but there was a slide presentation screenshot specifically for LEA purposes which includes a command line similar to the picture's. It's also says that the slide is protected by law and shouldn't be publicized or some shit.

It also says in the slides that you won't get the encryption key or whatever it is called but you can access the contents with this command.

keep using windows and bitlockers then

BSD OR BUST

>chronicle.com/article/Why-Privacy-Matters-Even-if/127461/

Fuck off, you're all faggots

None of you posted sources, you just posted gibberish

Big fucking surprise, you're all fat edgy retards who think they're special, but you're just insignificant trash

Consider suicide you fat retards

If you were ever held captive, I'm sure you'd be too repulsive and smelly to demand your password anyway.

You absolutely win, you pig-disgusting fat autist

...

Don't try and convince some of the hardliners around here. All they hear when you say that is

fine for normie shit, like pretty much everyone in these threads. if you're ordering drugs or whatever online, or using TOR or i2p for normal browsing, make sure you use TOR/i2p through your VPN. When your ISP finds you using TOR, it'll automatically flag it for the NSA, FBI, CIA, etc. Doing it through VPN just makes it that much harder for them.

It was a 100% reasonable post until you said that, source?

There's no question you'll get flagged. Anything out of the ordinary you'll get flagged.

That's just not a reason to avoid Tor. That's a reason to promote Tor so the dilution by millions of users (which it already has) makes it a non-issue.

lrn2google faget
theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/

Also look at this:
dailydot.com/crime/tor-harvard-bomb-suspect/
He used TOR to anonymize, but because TOR is used so rarely, his network usage stood out like a sore thumb and they caught him anyway. If he had used a VPN before accessing TOR, they probably wouldn't have caught him. Better yet, he should have done TOR through VPN on a local cafe's wifi or something similar.


TOR has nowhere near the number of users necessary for that, and it never will. Its infrastructure can't scale anyway.

Contacting a local website in that manner is completely foolish. He didn't think about what he was doing and basically IDed himself.

Tor already has millions of users, and it's why it can be considered more anonymous than I2P on those grounds, provided you don't misuse it horribly in ways that are clearly disclaimed on the Tor site itself.

stop repeating this bullshit. It absolutely does not have millions of concurrent users in a region. In the USA, TOR's biggest userbase, you'll get maybe 40k people logged in at a time according to TOR's own stats. Many of these people are obviously regulars. Even if there were a million regular TOR users in the USA (lol no), that would still be less than 0.3% of the population-- a dangerous minority to be monitored and catalogued.

Yes, but many people get TOR browser bundle and just jump straight in like him. Hence, why TOR noobs need to learn about him as an example.

Xkeyscore is NOT a list contributed to or created by ISPs

oh that solves it then, guess your ISP doesn't participate in any surveillance at all. you're safe!

Only a fool can extrapolate an opinion from a sentence.

Because scaremongering never happens, right?

The only bullshit is your strawman
It factually does get millions of connections

which is meaningless bullshit as far as security is concerned.

We're talking anonymity.

And if you're talking about anonymity, how on earth could you say that? Virtually every anonymity solution (of which there are few real ones) rides on having a significant connection pool.

jesus christ. the point is that you're on a relatively small, easy to narrow down list of suspects when you use TOR, because there are tons of ways they can guess your region. this is leaving out the problem of node analysis.

Except generally speaking, you're not. That's only true if you're using it wrong.

Have you seen the recent attacks on Tor leveraging the design around border gateway protocol and autonomous systems? Namely RAPTOR

Of course, it affects every internet-based system imaginable, and has been beyond the abilities of second-tier agencies like the FBI to orchestrate, so why the recourse to the obvious and unrealistic?

what do you fuckos consider the securest non-live distro?

A) do some basic fucking research
B) Hardened Gentoo with SELinux or AppArmor

0800-come-on-now

Would it kill you to look shit up before spreading this garbage further?
technet.microsoft.com/en-us/library/ff829846(v=ws.11).aspx
technet.microsoft.com/en-us/library/jj649838(v=wps.630).aspx

I went over this earlier. There's no valid reason to assume SELinux is unsafe, but if you're a full-para retard, use AppArmour

1. Fill a flowerpot with thermite, close the bottom with some aluminum foil. Add a magnesium strip as the igniter through the middle. Connect the magnesium strip to a switch that connects directly to a power source.
2. Throw switch.
3. ???
4. Stare the FBI agents down while your computer turns into a fireworks show behind you.

Sun glasses are optional I take it?

Only if they are HD vision sun glasses.

...

...

Niggers who have never heard of polarizing lens'

bump

How do I encrypt my torrents so my ISP can't constantly see what I'm downloading? I just want a buddy of mine to be able to send me shit through torrents, but my ISP keeps sending me warnings about piracy. I'm running ubuntu.
I would need a VPN to encrypt incoming connections, but I don't have any money. Are there any good free ones at all?

Have you tried enabling the setting in your client?

Freevpn.me was acceptable when I was pirating vidya gaems. Probably you're the product but it works well enough I honestly didn't care.

I found a setting in Transmission that said 'Require Encryption for downloads' is that what you meant?
I'm sorry if I don't fully comprehend what you're talking about, I'm just a Holla Forums retard.

But how do I make sure my browser and torrenting program only draw data from the VPN? I promise once I've figured this stuff out, I'll start lurking here more, and actually learn how to use the Terminal, but right now I'm basically a child trying to learn how to use tools.

The only way to encrypt communications is to use a VPN, preferably with DNSCrypt.

You can encrypt torrent traffic by using a client which supports encryption methods like deluge's "encryption" options which can encrypt both the handshake and the traffic.

Not accurate.
I can send a GPG'd text message through regular email and it's encrypted "communications".
You're not talking about encryption (Privacy), you must be talking about Anonymity; (Proxification). Get a grip on the terminology this shit is confusing enough for newbs w/o ppl muddying the waters with sloppy statements.

In this case, all communication from your computer is unencrypted. You're words might be encrypted, but a few things that aren't
1. the person you're connecting to the server
2. the email provider you're using
Stop being a faggot.

Again, you're confusing anonymity with privacy...they are two different things, and depending on your threat model, only one (sometimes both) is important.
Also, you're a fucking retard.

How the fuck do you use encryption and not automatically get privacy. They aren't mutually exclusive.

Also how the fuck can you want security only for some things?

Seriously, how dumb are you?

Another thread related to this.

Campus Network Survelillance

This is what a despair post looks like, it's a shitty form of shilling.

...

...

I am not , so I can't be shure if this makes any sense.
I would assume the shutting down part sends a record from the engine to the car`s "black box" saying "engine is powered off, car has traveled X". The "black box" is there to make ABS and most of the other electrical safety features work. By comparing entries over time it probably is possible to work out a SOP (Standard Operating Prosedure) (e.g. to drives from home to work 3 times a week).
The not washing part, probably focuses on the number plate as (most) number plate readers are known to have a hard time with a unclean plate. Also a clean car could by some agencies be considered suspect (possible destruction of evidence) if it is belived that the person in question may have been in the area around the time of a particular aleged crime.

Related thread

My last bump.