Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Crypto Talk #school4lulz

By: a guest on Jun 8th, 2011  |  syntax: None  |  size: 100.28 KB  |  views: 5,246  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #School4Lulz  Crypto Talk - - Find us at irc.lulzco.org
  2. Donations to 18hRWnxoHztBPDYQ9bPA1uUpN8LTrd7xbB -> Bitcoin
  3. Advanced Classes coming soon
  4.  
  5.  
  6. StalluManu: Everyone here?
  7. [17:38:38] ~Fox: nigga
  8. [17:38:38] %eax: lolwat
  9. [17:38:42] ~Fox: 6:13:37
  10. [17:38:52] lolwat: it's 01:38 GMT
  11. [17:38:56] lolwat: i'm in portugal, so...
  12. [17:38:59] lolwat: time to sleep =(
  13. [17:39:13] %eax: aww
  14. [17:39:13] Dox: pst?
  15. [17:39:24] lolwat: take 8 hours
  16. [17:39:28] %LordKitsuna: 5:39
  17. [17:39:30] lolwat: 01:39 AM i mean
  18. [17:39:44] Dox: then you miss out :(
  19. [17:40:00] lolwat: i read the logs... :)
  20. [17:40:15] Dox: yeah I have had to aswell, was on a trip for a few days
  21. [17:40:19] ~Fox: Well
  22. [17:40:27] Fox sets mode +h StalluManu
  23. [17:40:34] ~Fox: StalluManu is todays guezt speeker
  24. [17:40:41] zone: yay
  25. [17:40:46] ~Fox: Ask this nigga if he is ready to start
  26. [17:40:56] %StalluManu: always read.
  27. [17:40:58] Hellspawn: Scuse me Nigz, you ready?
  28. [17:40:58] %StalluManu: *ready
  29. [17:41:13] %StalluManu: so, we start early then?
  30. [17:41:17] %eax: stallu is a cool cat
  31. [17:41:17] Anorov: what's this lesson on?
  32. [17:41:18] zone: NAO
  33. [17:41:21] zone: +m
  34. [17:41:25] Hellspawn: Cryptography and detection.
  35. [17:41:25] Fox sets mode +m
  36. [17:41:36] ~Fox: dont be askin me for v and shit
  37. [17:41:40] %StalluManu: LISTEN UP FAGS. You've learned shit that can get you v&.
  38. [17:42:17] %StalluManu: Today's goal is to educate you pieces of grabbastic amphibian shit on how to prevent other people from doxing you, and how to prevent going to jail.
  39. [17:42:29] %StalluManu: First of all...
  40. [17:42:37] -CTCP- VERSION from StalluManu
  41. [17:42:45] %StalluManu: Wow....
  42. [17:42:49] %StalluManu: Some of you even use MIRC.
  43. [17:42:52] whiteh8 (~whiteh8@457983EB.FF3F5C6F.ED3D20FE.IP) joined the channel.
  44. [17:43:03] %StalluManu: You see, to prevent people from doxing you.. you first have to have a secure box yourself.
  45. [17:43:05] Fox sets mode +h whiteh8
  46. [17:43:07] %StalluManu: so STOP RUNNING SHIT SOFTWARE.
  47. [17:43:15] %StalluManu: Mirc is a fine example of it.
  48. [17:43:19] %LordKitsuna: xchat= shit?
  49. [17:43:29] %whiteh8: thx fox
  50. [17:43:38] %StalluManu: xchat=shit.
  51. [17:43:52] %StalluManu: prefer anything with SIMPLE CODE. commandline > GUI.
  52. [17:43:58] %StalluManu: Less code is LESS TO EXPLOIT.
  53. [17:44:10] %whiteh8: #hipsterhackers
  54. [17:44:13] %StalluManu: More urgently: get the fuck rid off of mirc.
  55. [17:44:22] %StalluManu: There's two exploits in the wild that i know of, one that i have.
  56. [17:44:32] %eax: kthnx
  57. [17:44:54] %StalluManu: now that you all know that you're running retarded software, i recommend you install linux.
  58. [17:45:18] %StalluManu: 'cause i will not try to cover patching up a windows box, and windows specific shit.
  59. [17:45:57] %StalluManu: So, let's say you got your retarded ass into trouble, and got hacked. Sorry, but you're fucked. This talk is not going to help you.
  60. [17:46:29] %StalluManu: However if you seek to prevent the feds that will undoubtedly raid your home one day from reading your logs, stay the fuck in here.
  61. [17:46:45] %StalluManu: The basics: get truecrypt.
  62. [17:47:03] %StalluManu: On linux you will need to modify your initrd to encrypt a full partition, check the arch or gentoo wiki on how to do that.
  63. [17:47:10] %StalluManu: CHOOSE A STRONG FUCKING PASSWORD.
  64. [17:47:23] %StalluManu: if you dont, why the fuck bother?
  65. [17:47:27] %whiteh8: (unmount it every night)
  66. [17:47:44] darkmatter (~darkmatte@LulzCo-9808FA01.cpe.metrocast.net) joined the channel.
  67. [17:47:45] %StalluManu: whiteh8: good point.
  68. [17:47:49] %whiteh8: before bed
  69. [17:47:51] %StalluManu: Feds will probably raid your house at night.
  70. [17:47:59] %whiteh8: 4-6am
  71. [17:48:06] %StalluManu: So if you want to prevent them from recovering shit, shut that shit down.
  72. [17:48:06] lululu (cackledack@BE33FEAC.7EEC6A54.934538AF.IP) joined the channel.
  73. [17:48:24] %StalluManu: Now, here's the idea for REALLY FUCKING PARANOID PEOPLE.
  74. [17:48:42] %StalluManu: #1: Compile gentoo and make a /boot and / partition on a microsd card.
  75. [17:48:50] %StalluManu: add truecrypt to your initrd.
  76. [17:49:06] daniel (~daniel@is.cool) joined the channel.
  77. [17:49:10] %StalluManu: add various checksums of files in your initrd to the truecrypted root partition: so you know when you're compromised.
  78. [17:49:28] %StalluManu: from now on you run your OS from that microsd card.
  79. [17:49:41] %StalluManu: keep ONE backup, burried somewhere.
  80. [17:50:00] %StalluManu: now. wat do if feds raid your house and the comp is still on?
  81. [17:50:06] %StalluManu: you boot from that card remember?
  82. [17:50:08] %StalluManu: pull the card.
  83. [17:50:10] %StalluManu: break it in half.
  84. [17:50:10] %StalluManu: eat it.
  85. [17:50:32] %StalluManu: good luck to the fed trying to recover from a broken encrypted piece of flash memory.
  86. [17:50:50] %whiteh8: that's awesome
  87. [17:50:55] %StalluManu: Note: we're covering hardware shit now.
  88. [17:51:03] DaveH (~DaveH@LulzCo-7A24A8D1.dsl.eclipse.net.uk) left IRC. (Ping timeout: 240 seconds)
  89. [17:51:09] %StalluManu: BUT IHAZ A LAPTOP/I GO IN PUBLIC/ I WONT DARE TO DO THAT WITH A GUN POINTED TO MY HEAD.
  90. [17:51:12] %StalluManu: good point faggot.
  91. [17:51:20] %StalluManu: The way they recover the key when your box is on is a cold boot attack.
  92. [17:51:36] %StalluManu: If you use liquid nitrogen to freeze the RAM banks, they retain their data pretty well.
  93. [17:51:42] %StalluManu: That data contains the decryption key of your volume.
  94. [17:51:45] %StalluManu: if they do this, you are fucked.
  95. [17:51:47] %StalluManu: But no worries.
  96. [17:52:03] %StalluManu: You can avoid this using a really goddamn simple technique.
  97. [17:52:21] %StalluManu: #1: Epoxy the bios battery in place WITH A FUCKTON OF GLUE (dont cover the pins that connect it).
  98. [17:52:28] %StalluManu: #2: EPOXY YOUR RAM IN PLACE
  99. [17:52:32] %StalluManu: #3: set a boot password.
  100. [17:52:40] %StalluManu: voilla, they cant boot, they cant take the ram, they cant extract data.
  101. [17:53:01] %StalluManu: so even if they raid you, get the card whole, the computer online, they cant do shit.
  102. [17:53:22] ~Fox: Thermite is for the movies faggots.
  103. [17:54:00] %StalluManu: Now, after you do this you wont be able to reset your bios, so you better not fuck it up/forget the password, or your box is bricked.
  104. [17:54:13] %StalluManu: The key here is that a COLD BOOT ATTACK CAN WORK FOR UP TO 45 MINUTES AFTER SHUTDOWN.
  105. [17:54:15] %StalluManu: REMEMBER THAT FAGS.
  106. [17:54:16] %StalluManu: 45 MINUTES.
  107. [17:54:29] %StalluManu: YOU HAVE TO DETER THE FEDS FROM BOOTING INTO YOUR SYSTEM FOR 45 MINUTES.
  108. [17:54:50] %StalluManu: THAT BETTER BE A FUCKTON OF GLUE ATTACHING IMPORTANT PIECES OF YOUR MOBO TO YOUR BATTERY.
  109. [17:54:58] %StalluManu: oh, and dont cover chips, they get hot, kthnx?
  110. [17:55:19] %StalluManu: Now that we've got the physical part of cold booting taken care off, there's more common shit.
  111. [17:55:24] %StalluManu: HARDWARE KEYLOGGERS.
  112. [17:55:30] %StalluManu: CHECK THE BACK OF YOUR PC EVERY TIME YOU BOOT IT.
  113. [17:55:46] Inquisition (~trancecat@LulzCo-A49AC652.bchsia.telus.net) joined the channel.
  114. [17:55:49] %StalluManu: DO NOT USE A LAPTOP AFTER THE CUSTOMS AT THE AIRPORT CHECKED IT, JUST DUMP THE FUCKING THING (YOU NEVER KNOW WHAT THEY PUT ON IT).
  115. [17:56:06] smegma (~smoke@LulzCo-2377F13.torservers.net) joined the channel.
  116. [17:56:12] %whiteh8: two things; it's not illlegal for feds to break into your place and put bugging devices in place
  117. [17:56:22] %whiteh8: if you're going across the border, MAIL your laptop to your hotel
  118. [17:56:38] ~Fox: *
  119. [17:56:39] %StalluManu: laptop void if seal is broken.
  120. [17:56:42] ~Fox: ProTip:
  121. [17:56:56] noneya1238 (~quassel@LulzCo-627E1128.static.privatedns.com) joined the channel.
  122. [17:57:06] ~Fox: Any time I go through the airport, Laptop is FedEx overnighted to the hotel.
  123. [17:57:14] ~Fox: SD Card is kept in my wallet
  124. [17:57:17] xlate (~xtal@LulzCo-B26D449D.getinternet.no) joined the channel.
  125. [17:57:21] ~Fox: Keyfile is kept in checked luggage.
  126. [17:57:24] ShadowDXS (~UMADBRO@LulzCo-FA2FECC2.cfl.res.rr.com) joined the channel.
  127. [17:57:28] %StalluManu: PROTIP: you have dollar coins that can house a microsd card.
  128. [17:57:32] %StalluManu: BUY ONE.
  129. [17:57:35] %StalluManu: put the microsd card in it.
  130. [17:57:39] ~Fox: +1
  131. [17:57:42] %StalluManu: easy walk trough customs even if they check your fucking wallet.
  132. [17:57:45] eax sets mode +v darkspline
  133. [17:57:53] %StalluManu: everyone follow?
  134. [17:58:00] %StalluManu: Because shit will get a lot more technical and hairy later on.
  135. [17:58:02] %whiteh8: http://www.amazon.com/US-Mint-Quarter-Covert-Compartment/dp/B0036VJHXG
  136. [17:58:25] %StalluManu: So: BOOT FROM AN ENCRYPTED MICROSD CARD. HAVE ONE BACKUP.
  137. [17:58:48] %StalluManu: Recommended distro: gentoo, a huge fucking install in a squashfs image (See also: how to make a liveusb) takes only 2gb.
  138. [17:58:50] eax sets mode +v Shidash
  139. [17:58:58] %StalluManu: Now here's a few pointers before you go booting off of flass.
  140. [17:59:00] %StalluManu: *flash.
  141. [17:59:06] %StalluManu: FORMAT WITH EXT2. you do NOT want a journal.
  142. [17:59:18] %StalluManu: mount with noatime nodiratime, you do NOT want excess writes.
  143. [17:59:28] %StalluManu: After 10-100 writes per block, flash memory DIES.
  144. [17:59:32] Fox sets mode +h t
  145. [17:59:37] %StalluManu: so a 16gb sd card takes 160gb of writes, then it's DEAD.
  146. [18:00:08] %StalluManu: you WILL run into this the first one or two months you use and tweak your distro.
  147. [18:00:24] %StalluManu: Now that you've got this k-rad setup, you think that the government can't bruteforce your shit.
  148. [18:00:28] %StalluManu: WRONG.
  149. [18:00:38] %StalluManu: There's ps3 truecrypt bruteforcers (dictionary attack) out there.
  150. [18:00:45] %StalluManu: yes for truecrypt volumes
  151. [18:01:02] %StalluManu: the NSA can currently guess about 1.5m truecrypt keys a second, making a 8 characters password within their reach.
  152. [18:01:13] %StalluManu: now, there's a solution to that.
  153. [18:01:26] %StalluManu: But first more about what encryption does.
  154. [18:01:28] %StalluManu: Encryption CAN ALWAYS BE CRACKED.
  155. [18:01:29] %whiteh8: mine's over 30
  156. [18:01:38] %StalluManu: mine's over 60 chars.
  157. [18:01:43] %StalluManu: i got two passes btw.
  158. [18:01:54] +Shidash: Mine is over 60
  159. [18:02:01] %StalluManu: Now: what encryption does is BUY YOU TIME.
  160. [18:02:28] %StalluManu: you are HOPING for the persecution limit (am i saying this right) of your crime to expire before the encryption is cracked.
  161. [18:02:39] ~Fox: prosecution.
  162. [18:02:52] @garrett: what
  163. [18:02:57] @garrett: the statute of limitations?
  164. [18:03:00] @garrett: cmon
  165. [18:03:01] ~Fox: THANK YOU
  166. [18:03:01] %StalluManu: yup.
  167. [18:03:09] %StalluManu: I'
  168. [18:03:09] %whiteh8: that's typically a few years
  169. [18:03:12] @garrett: you're joking right?
  170. [18:03:12] @garrett: like
  171. [18:03:14] @garrett: you're implying
  172. [18:03:15] ~Fox: Decade.
  173. [18:03:16] @garrett: that the government
  174. [18:03:17] %StalluManu: I'm not an Amerifag.
  175. [18:03:18] @garrett: will waste
  176. [18:03:21] @garrett: millions in resources
  177. [18:03:25] @garrett: so they can crack your drive
  178. [18:03:30] @garrett: so they can see you looking at furry porn
  179. [18:03:32] @garrett: and you 600 bots
  180. [18:03:34] %StalluManu: In the european union the statue of limitations is 18 years for computer crime.
  181. [18:03:35] @garrett: be realistic.
  182. [18:03:38] ~Fox: Lol
  183. [18:03:40] ~Fox: Hold up
  184. [18:03:46] ~Fox: let me lay down the law real quick
  185. [18:04:02] ~Fox: Now, your level of 'hot-ness' is dependent upon what they got you for
  186. [18:04:12] +Shidash: garrett: They have a limited budget. Waste enough time and money and they stop.
  187. [18:04:17] ~Fox: They kick in your door for a simple unauthorized access of a DC box,
  188. [18:04:25] ~Fox: You get maybe a few days worth of their time
  189. [18:04:27] ~Fox: You hit a company
  190. [18:04:40] FireStarter (~FireStart@2310E577.8E384C6C.DD213F82.IP) left IRC.
  191. [18:04:44] ~Fox: Hell maybe you get six months of their time, maybe more, maybe less.
  192. [18:04:46] Bruiser_ (~Bruiser@LulzCo-3E399AAD.ri.ri.cox.net) left IRC. (Quit: Leaving)
  193. [18:04:47] ~Fox: You hit them,
  194. [18:04:52] ~Fox: maybe you see a year or two
  195. [18:04:54] @garrett: lol
  196. [18:04:54] @garrett: ok
  197. [18:04:55] @garrett: so
  198. [18:05:06] @garrett: in order for any electronic case to be viable in federal court
  199. [18:05:07] %StalluManu: You are me: you get all their time.
  200. [18:05:14] %whiteh8: honestly if you aren't playing around with money, they're not going to waste a lot of time on you
  201. [18:05:15] @garrett: you have to cause X number of monetary damage
  202. [18:05:25] figgybit (~whatsthis@LulzCo-D6241CCF.c3-0.avec-ubr2.nyr-avec.ny.cable.rcn.com) left IRC. (Ping timeout: 240 seconds)
  203. [18:05:41] @garrett: you guys should really read up on stuff like this before just babbling paranoid nonsense
  204. [18:05:42] tzaki (~shinji@LulzCo-912C65A8.know.cable.virginmedia.com) left IRC. (Remote host closed the connection)
  205. [18:05:47] %StalluManu: garett: That depends, again, on the country.
  206. [18:05:47] @garrett: and scaring the kids
  207. [18:05:56] %StalluManu: garett: The european union will screw you in the ass, then some more.
  208. [18:06:12] %StalluManu: garett: Don't believe me? Ask Awinee lulz.
  209. [18:06:15] ~Fox: @garrett respect your enemy :/
  210. [18:06:18] %StalluManu: They even go after DDOS Kids.
  211. [18:06:18] +Shidash: If you are playing with their documents then they will still spend time on you.
  212. [18:06:27] ~Fox: Ok we're getting into a debate here
  213. [18:06:29] @garrett: Oh ofc
  214. [18:06:37] ~Fox: So just to kill it
  215. [18:06:38] %StalluManu: ok.
  216. [18:06:40] %StalluManu: here's the deal.
  217. [18:06:51] ~Fox: You fuck up, you best hope you made sure you handled business.
  218. [18:06:52] ~Fox: Period.
  219. [18:06:54] %StalluManu: you piss off someone important, show their incompetence. they will rape you.
  220. [18:07:15] %StalluManu: Now, security is about buying TIME.
  221. [18:07:26] %StalluManu: The amounth of TIME You buy varies depending on the STRENGTH of your encryption.
  222. [18:07:33] %StalluManu: STRENGHT is not measured in bits of key.
  223. [18:07:42] tzaki (~shinji@LulzCo-912C65A8.know.cable.virginmedia.com) joined the channel.
  224. [18:07:43] %StalluManu: aes-256 has a SHITTY key scheme and is weaker than aes-128.
  225. [18:08:05] %StalluManu: You generally want LAYERS Of encryption.
  226. [18:08:08] CallumP (~CallumP@AB4D6821.54D467FB.C718F53C.IP) left IRC. (Quit: Colloquy for iPhone - http://colloquy.mobi)
  227. [18:08:21] %StalluManu: If one cipher is broken, because shit happens or it was backdoored, they'll have to break the next, and so on.
  228. [18:08:31] %StalluManu: The more ciphers, the more TIME it takes.
  229. [18:08:35] %eax: brb
  230. [18:08:48] eax (root@LulzCo-39E54686.sister.is.pregnant.and.itsbecauseof.me) left IRC. (Remote host closed the connection)
  231. [18:08:51] %StalluManu: Ok, so now you've got a huge ass password, and a huge ass set of strong ciphers( google for them fag).
  232. [18:08:58] %StalluManu: HOW THE FUCK DOES IT WERK?
  233. [18:09:14] %StalluManu: Ok, your password is hashed, using a one-way function.
  234. [18:09:33] %StalluManu: Think of a hash function as counting: 1 for a, 2 for b, and adding it. Just in a way that is cryptographically secure, and unlikely to generate collisions.
  235. [18:09:43] garrett sets mode +v tminus
  236. [18:09:47] %StalluManu: a hash COLLISION (a+a=b) means you can use a DIFFERENT pass to decrypt the data.
  237. [18:09:52] %StalluManu: which is bad.
  238. [18:10:06] %whiteh8: 2 strings evaluates to the same hash
  239. [18:10:12] %StalluManu: collisions are dependent on the hash function, but mostly on the LENGTH Of the hash in bits.
  240. [18:10:30] %StalluManu: weak algorithms: md5,sha1,md4,ntlm,lm
  241. [18:10:43] +darkspline: what do you prefer?
  242. [18:10:43] %StalluManu: strong algorithms:whirlpool,ripemd160,sha512
  243. [18:10:46] +darkspline: k
  244. [18:11:01] %StalluManu: Now, these hashes are important.
  245. [18:11:05] %StalluManu: You see, they ARE not the password.
  246. [18:11:09] %StalluManu: And there's no way to reverse them.
  247. [18:11:14] %StalluManu: then how the fuck do you check if the password was correct?
  248. [18:11:27] +darkspline: whirlpool(pass)
  249. [18:11:37] %StalluManu: well, you run the password that's entered trough the hash function, compare the value, if they are the same, they are the same password.
  250. [18:11:43] %StalluManu: (with a high likelihood)
  251. [18:11:50] %StalluManu: (really fucking high likelihood)
  252. [18:12:09] %StalluManu: hashes are bruteforcable because of the way you check them.
  253. [18:12:14] %StalluManu: You have a hash function, and a hash.
  254. [18:12:15] %whiteh8: StalluManu, on that same note, md5 file checksums will also collide, in case that wasn't clear to anyone
  255. [18:12:31] LJ_Borges (~LJBorges@69E13FB2.8509785D.B3432783.IP) joined the channel.
  256. [18:12:36] %StalluManu: You run random passwords trough the function till you have a match, then you know the password.
  257. [18:12:40] %StalluManu: This is how hash bruteforcing works.
  258. [18:12:54] %StalluManu: (usually not a random password, but incremental, for the dumbasses under us)
  259. [18:13:09] %StalluManu: Bruteforcing is REALLY FUCKING FAST if you design your function shittily.
  260. [18:13:31] %StalluManu: You see, you can just compute hashes beforehand, and run a password against a table of them (actually chains of them, later more on RTS).
  261. [18:13:50] %StalluManu: That makes it really fucking efficient to pwn your password! Fuck! we dont want that!
  262. [18:13:58] %StalluManu: the solution: say whirlpool is your hash function
  263. [18:14:04] %StalluManu: so whirlpool("ANUS")=some hash
  264. [18:14:14] %StalluManu: you just do whirlpool(whirlpool("ANUS"))
  265. [18:14:24] %StalluManu: and continue applying whirlpool till it's really fucking slow.
  266. [18:14:27] %StalluManu: i prefer 20k passes.
  267. [18:14:31] +darkspline: werd
  268. [18:14:45] %StalluManu: now that it's really fucking slow, it takes really fucking long to make one guess.
  269. [18:14:48] %StalluManu: that's what you want.
  270. [18:14:59] +darkspline: time
  271. [18:15:04] +darkspline: this is sick
  272. [18:15:05] atriox (~not@LulzCo-99D4CD75.tcso.qwest.net) left IRC. (Quit: http://www.mibbit.com ajax IRC Client)
  273. [18:15:33] %StalluManu: There's various functions for chaining hash functions, that are secure, i will not go into this, but google pbkdf2, click the wiki link to learn more.
  274. [18:15:48] %StalluManu: Now, you've got a fucking slow hash function.
  275. [18:16:03] %StalluManu: You are still vulnerable to people that will just compute all keys and check your hash against a fucking table.
  276. [18:16:06] %StalluManu: WAT DO?
  277. [18:16:24] %StalluManu: so some fuckwit got a brilliant idea.
  278. [18:16:31] %StalluManu: he added some random data he stored somewhere inside the hashing function
  279. [18:16:34] %StalluManu: appended it to the password.
  280. [18:16:35] %StalluManu: like so:
  281. [18:16:43] %StalluManu: whirlpool("ANUS"+a;ldfkjas;ldkfjas;ldfjasd;lfkj)
  282. [18:16:53] FireStarter (~FireStart@LulzCo-C098333B.formlessnetworking.net) joined the channel.
  283. [18:17:00] %dsr: salts arent random they're precomputed
  284. [18:17:05] %StalluManu: Now to crack that hash, you have to compute a DIFFERENT SET of really fucking long hashes for each random sant.
  285. [18:17:12] %StalluManu: dsr: randomness later.
  286. [18:17:19] %StalluManu: *salt
  287. [18:18:06] lolwat (~lolwutder@LulzCo-E1DDE26A.rev.vodafone.pt) left IRC. (Quit: Saindo)
  288. [18:18:08] %StalluManu: Now that you have a password, that's really slow to guess, and salted, it'll be hard to reverse right?
  289. [18:18:23] exo (47e61e8a@LulzCo-5910E532.mibbit.com) left IRC. (Quit: http://www.mibbit.com ajax IRC Client)
  290. [18:18:25] +darkspline: right.
  291. [18:18:40] %StalluManu: Well, conveniently, our encryption algorithm needed a key.
  292. [18:18:44] %StalluManu: We feed it this hash.
  293. [18:18:54] Wearemudkipz (~Fire-Wolf@LulzCo-843DA4E1.cable.virginmedia.com) left IRC. (Remote host closed the connection)
  294. [18:19:09] Wearemudkipz (~Fire-Wolf@LulzCo-843DA4E1.cable.virginmedia.com) joined the channel.
  295. [18:19:16] %StalluManu: So we get #1: more bits of data than our key was long (hopefully). #2: a key that's slow to bruteforce.
  296. [18:19:32] %StalluManu: This is the basis of cryptography.
  297. [18:19:42] %StalluManu: Making shit difficult and slow to bruteforce.
  298. [18:19:54] %StalluManu: Everyone follow up till now?
  299. [18:19:54] atriox (~not@LulzCo-99D4CD75.tcso.qwest.net) joined the channel.
  300. [18:19:58] %StalluManu: pm me if you didnt.
  301. [18:20:10] +darkspline: y, i do
  302. [18:20:30] %StalluManu: Now we've got a good encryption algorithm, a good key scheme, but how the fuck do we generate a random salt.
  303. [18:20:38] dontHackMeBro (~sabu@E8F45C19.38111A3C.7546FE14.IP) joined the channel.
  304. [18:20:47] %StalluManu: computers are logical machines.
  305. [18:20:52] %StalluManu: they DO NOT DO randomness.
  306. [18:21:13] %StalluManu: Unless you have a geigercounter, a RF antenna collecting noise or something measuring the splitting of laser beams hooked up to your box that is.
  307. [18:21:25] %StalluManu: Knowing that computers are not random however is important.
  308. [18:21:43] %StalluManu: Randomness is gathered from various sources. Traditionally your cpu's tick counter is one.
  309. [18:21:52] %StalluManu: Running programs and their memory space is another.
  310. [18:22:02] %StalluManu: User input is an important one in linux.
  311. [18:22:08] %StalluManu: As well as USB bus communication.
  312. [18:22:18] %StalluManu: Want weird random numbers? plug a fuckton if I/O devices into your USB ports.
  313. [18:22:49] %StalluManu: Now, a STRONG random number generator has a LOW Likelihood of producing repeating segments.
  314. [18:22:52] %StalluManu: repeating segments are bad.
  315. [18:23:01] %StalluManu: because a salt of aaaaaaaaaaaaaaaaaaaaaa is easy as fuck to guess.
  316. [18:23:03] Onions (~routes@B6E41A8C.B430B949.89A5C299.IP) joined the channel.
  317. [18:23:41] %StalluManu: My favorite STRONG rng to feed with shit is a mersenne twister (the highest polynomial one) fed with /dev/random.
  318. [18:23:43] Brandon (~brandon@LulzCo-496F86DC.columbus.res.rr.com) joined the channel.
  319. [18:23:54] %StalluManu: if you don't know what that means, google it.
  320. [18:24:06] %StalluManu: So, that's how a salt is generated.
  321. [18:24:19] %StalluManu: Now back to the point: there are truecrypt bruteforcers out there.
  322. [18:24:26] Agrajag (~harhar@LulzCo-6C4BAAB9.bu.edu) joined the channel.
  323. [18:24:48] %StalluManu: Fortunately, truecrypt stores it's key headers in the last and first 128kb of the encrypted partition (first 512 and last 512 bytes block, but it's safer to encrypt more).
  324. [18:25:06] %StalluManu: So what we'll do is encrypt those blocks with another encryption tool, that is way slower.
  325. [18:25:45] %StalluManu: Extract the decrypted blocks to a overlay for an overlay FS in RAM for the encrypted image.
  326. [18:25:56] %StalluManu: voilla, something the FBI doesn't have a program to bruteforce.
  327. [18:26:08] %StalluManu: Now, Fox, do you still have that ling to paranoiacrypt?
  328. [18:26:14] %StalluManu: or do i haz to re-up it.
  329. [18:26:14] ~Fox: Nope
  330. [18:26:18] ~Fox: It's buried away :/
  331. [18:26:35] %StalluManu: Ok, give 'em voice while i upload plz:P
  332. [18:26:58] ~Fox: who wants voice.
  333. [18:27:12] %StalluManu: just enable -m
  334. [18:27:27] -srwx- haha i'll be good
  335. [18:27:28] Fox sets mode -m
  336. [18:27:37] ShadowDXS (~UMADBRO@LulzCo-FA2FECC2.cfl.res.rr.com) left IRC. (Quit: Leaving)
  337. [18:27:40] spartacus: I accidentally the whole gibson
  338. [18:27:42] %StalluManu: So, everyone follow?
  339. [18:27:45] nyann: why so much crypto if the gov. can just beat they keys out of you?
  340. [18:27:45] +Shidash: yes
  341. [18:27:46] Hellspawn: very good so far :)
  342. [18:27:52] %StalluManu: nyann: later.
  343. [18:27:54] srwx: indeed, very good presentation StalluManu
  344. [18:27:55] nyann: you can get put in jail if you don't decrypt
  345. [18:27:55] s4: I do, excellent job
  346. [18:27:57] lululu (cackledack@BE33FEAC.7EEC6A54.934538AF.IP) left the channel. (TWINKLE TWINKLE LITTLE STAR)
  347. [18:27:58] halcyon: nyann that's what Guantanamo is for
  348. [18:27:59] s4: oh and btw
  349. [18:28:00] s4: >StalluManu< CTCP VERSION mIRC 5.91 (16 bit) for Microsoft © Windows For WorkGroups 3.11®
  350. [18:28:03] +darkspline: StalluManu, i follow
  351. [18:28:04] halcyon: and the prisoner trainers
  352. [18:28:05] s4: that's fake
  353. [18:28:05] halcyon: trains
  354. [18:28:06] s4: ;)
  355. [18:28:10] nyann: StalluManu: btw this is great
  356. [18:28:18] lululu (cackledack@BE33FEAC.7EEC6A54.934538AF.IP) joined the channel.
  357. [18:28:21] LJ_Borges: I pretty much missed everything, derp
  358. [18:28:25] spartacus: [2011/06/09-02:28:20] [StalluManu VERSION reply]: irssi v0.8.15 - running on Linux x86_64
  359. [18:28:25] +darkspline: StalluManu, ditto!
  360. [18:28:34] LJ_Borges: Bloody timezones.
  361. [18:28:42] LJ_Borges: Can anyone throw the logs in pastebin?
  362. [18:28:49] auer: yes, v gd, thx
  363. [18:28:51] spartacus: oic
  364. [18:28:51] spartacus: [2011/06/09-02:28:44] [s4 VERSION] mIRC 5.91 (16 bit) for Microsoft © Windows For WorkGroups 3.11®
  365. [18:28:52] spartacus: lol
  366. [18:28:53] s4: it's spoofed
  367. [18:28:54] halcyon: LJ_Borges i will
  368. [18:28:55] s4: haha
  369. [18:29:00] %StalluManu: ok fags, let's continue.
  370. [18:29:05] halcyon: after he's done
  371. [18:29:07] LJ_Borges: halcyon: Thanks
  372. [18:29:16] %StalluManu: Fox: +m please.
  373. [18:29:19] nyann: +v please
  374. [18:29:20] spartacus: s4 change it to 256bit for windows 8
  375. [18:29:29] s4: lol
  376. [18:29:39] Fox sets mode +m
  377. [18:29:47] %StalluManu: http://www.qooy.com/files/0BRUOEDNOD/paranoiacrypt_1.zip ok, here you go.
  378. [18:29:50] %StalluManu: it's SOURCE ONLY.
  379. [18:29:53] %StalluManu: And will ONLY WORK ON LINUX.
  380. [18:30:00] %StalluManu: Because microsoft's compiler is utter and complete fucking shit.
  381. [18:30:10] %StalluManu: READ THE FUCKING CODE.
  382. [18:30:17] %StalluManu: Now, what this does.
  383. [18:30:25] +darkspline: StalluManu, thank you btw
  384. [18:30:39] %StalluManu: It encrypts single files using 3 algorithms, one after another, in XTS chaining mode.
  385. [18:30:50] %StalluManu: XTS chaining is a way to turn a block cipher into a stream cipher (google it faggot).
  386. [18:31:05] MrLinux (~mail@LulzCo-4D35FFA3.goeaston.net) left IRC.
  387. [18:31:20] %StalluManu: Now, it uses 3* aes-256, 3* whirlpool and 3* serpent to encrypt data.
  388. [18:31:32] %StalluManu: meaning that if you forget the key, the sun will burn out and the fucking universe will die before you recover it.
  389. [18:31:36] %StalluManu: in XTS mode, that's 18 keys.
  390. [18:31:42] %StalluManu: 18 256-bits keys.
  391. [18:31:54] %StalluManu: Speaking of bitcounts: 256 bits encryption for civies is illegal in the US of anus.
  392. [18:32:09] %StalluManu: So hide the damn binary.
  393. [18:32:24] %StalluManu: Now, this program is really fucking slow.
  394. [18:32:33] %StalluManu: On an opteron, it takes 1.5-2 seconds to generate a hash from a key.
  395. [18:32:41] %StalluManu: WHY?
  396. [18:32:42] Onions (~routes@B6E41A8C.B430B949.89A5C299.IP) left the channel.
  397. [18:32:53] Onions (~routes@B6E41A8C.B430B949.89A5C299.IP) joined the channel.
  398. [18:32:56] %StalluManu: it uses whirlpool(ripemd160(sha512())) in pbkdf2 mode.
  399. [18:33:03] %StalluManu: 20k rounds of each.
  400. [18:33:08] figgybit (~whatsthis@LulzCo-D6241CCF.c3-0.avec-ubr2.nyr-avec.ny.cable.rcn.com) joined the channel.
  401. [18:33:09] %StalluManu: it is not fucking LIKELY that anyone will bruteforce this.
  402. [18:33:31] +darkspline: wow
  403. [18:33:39] %StalluManu: You are also free to mess with the code, change the order of algorithms to make your own version.
  404. [18:33:40] +darkspline: i'm following you StalluManu
  405. [18:33:46] %StalluManu: I recommend you do this, so that there's not one standard version.
  406. [18:33:47] +darkspline: this is some fucking shit right here
  407. [18:34:20] +darkspline: go on, i'm sorry
  408. [18:34:23] %StalluManu: So, with there not being one standard version, (changing main.cpp is really easy) the feds will have to write a bruteforcer for each fucking person.
  409. [18:34:31] %StalluManu: NOT FUCKING WORTH THE TIME AND MONEY.
  410. [18:34:39] %StalluManu: But wait.
  411. [18:34:41] %StalluManu: There's an other way.
  412. [18:35:07] %StalluManu: Why waste that much time and money when you can beat someone over the head with a $5 wrench till they give you the password!
  413. [18:35:18] %StalluManu: This is where plausible deniability comes into play.
  414. [18:35:25] grepped (~phracktio@LulzCo-6EB22B54.pools.spcsdns.net) joined the channel.
  415. [18:35:28] +darkspline: i know this!
  416. [18:35:31] %StalluManu: You should have two installations. One really small minimal one with some porn or something.
  417. [18:35:32] +darkspline: w00000r
  418. [18:35:33] drop (~drop@LulzCo-2DC94304.members.linode.com) joined the channel.
  419. [18:35:38] thaNatozZ (~eack@7D2942A.5DA872CF.5DA7B89E.IP) joined the channel.
  420. [18:35:46] %StalluManu: Some embarassing shit, but nothing illegal.
  421. [18:36:05] %StalluManu: The important thing to know is that good encrypted data can't be distinguished from random data.
  422. [18:36:12] halfdead (~halfdead@49E335EB.5D85DF6F.6D6C1268.IP) joined the channel.
  423. [18:36:15] +darkspline: on the FS level
  424. [18:36:21] +darkspline: i've written papers on this
  425. [18:36:31] %StalluManu: So the first thing you do, after you have your microSD card is fill it with random data, like so: dd if=/dev/urandom of=/dev/sdX
  426. [18:36:32] +darkspline: StalluManu, you my nigger
  427. [18:36:45] %StalluManu: it is BEST If you use a mersenne twister to generate this data.
  428. [18:36:50] %StalluManu: As /dev/urandom is not really that random.
  429. [18:36:55] %StalluManu: wait
  430. [18:36:58] %StalluManu: i have source somehwere.
  431. [18:37:02] %StalluManu: unmute and give me 3 mins.
  432. [18:37:41] +darkspline: i'll wait a long fucking time for you right now
  433. [18:37:50] pyr0tic (~roflatu@1A82D6F7.B2B6FB9E.E94341D5.IP) joined the channel.
  434. [18:38:16] +darkspline: pyr0tic, you missed it.. might as well log off
  435. [18:38:30] %StalluManu: also sum1 log this.
  436. [18:38:42] %StalluManu: http://www.qooy.com/files/0QF4B8GPTX/RNG.zip here you go, a really fucking fast random number generator.
  437. [18:38:46] blu3beard (~none@LulzCo-CB9E1773.formlessnetworking.net) joined the channel.
  438. [18:38:50] +darkspline: fox
  439. [18:38:53] %StalluManu: It's a mersenne twister, but optimized a bit, and i minimized it's code.
  440. [18:38:54] ~Fox: What up
  441. [18:38:57] %StalluManu: So it's easier to understand.
  442. [18:39:00] MrBlue (~MrBlue@LulzCo-B984F8F6.digineo.de) joined the channel.
  443. [18:39:02] %StalluManu: READ THE FUCKING CODE, AND COMPILE IT YOURSELF.
  444. [18:39:04] +darkspline: log his shit?
  445. [18:39:06] Fox sets mode +o halfdead
  446. [18:39:09] ~Fox: I am logging
  447. [18:39:15] ~Fox: Going up on pastebin
  448. [18:39:20] +darkspline: Fox, just making sure
  449. [18:39:23] %StalluManu: Ok, now that you've compiled this, you have a RNG binary.
  450. [18:39:28] +darkspline: ;0
  451. [18:39:34] @halfdead: lol
  452. [18:39:35] @halfdead: +o
  453. [18:39:36] @halfdead: wow
  454. [18:39:37] @halfdead: thanks
  455. [18:39:39] %StalluManu: you can QUICKLY destroy a disk by doing this: RNG | dd of=/dev/sdX\
  456. [18:39:46] %StalluManu: (omit that fucking slash)
  457. [18:39:59] @halfdead: (which one)
  458. [18:40:02] %StalluManu: This will write as fast as your disk will go, as opposed to the fucking slow /dev/urandom.
  459. [18:40:06] %StalluManu: halfdead: last one.
  460. [18:40:17] @halfdead: k
  461. [18:40:17] %StalluManu: And it's a stronger RNG than /dev/urandom.
  462. [18:40:33] @halfdead: dude
  463. [18:40:40] %StalluManu: ya?
  464. [18:40:57] @halfdead: /dev/urandom is awesome when you do for instance dd if=/dev/urandom of=/dev/sda1
  465. [18:41:05] @halfdead: or whatever the primary partition is
  466. [18:41:18] %StalluManu: halfdead: yeah, i know, but it's slow, and not as random as mtwister.
  467. [18:41:19] ~Fox: NOOB NOTE:
  468. [18:41:21] %StalluManu: at least not on gentoo.
  469. [18:41:28] ~Fox: DD = 1-1 image
  470. [18:42:02] %StalluManu: type man dd in linux to see what it fucking does.
  471. [18:42:13] ~Fox: yerp.
  472. [18:42:15] %StalluManu: in fact, type man every command that i tell you to do just because.
  473. [18:42:25] %StalluManu: or, you know, google.
  474. [18:42:31] %StalluManu: Now, we have a disk of random shit.
  475. [18:42:39] %StalluManu: Now we need a password to give to the feds.
  476. [18:42:56] %StalluManu: We encrypt the first part of the partition with one password, the one that you want to hand out.
  477. [18:43:02] %StalluManu: like the first ~30% or so.
  478. [18:43:15] %StalluManu: (the pass you hand out in case they beat you over the head with a wrench).
  479. [18:43:30] %StalluManu: This part contains a basic linux distribution, that YOU LOG IN TO REGULARLY so they cant distinguish it from real.
  480. [18:43:36] %StalluManu: REALLY FUCKING IMPORTANT THAT YOU DO THIS STEP.
  481. [18:44:00] %StalluManu: The second part of the partition (you can grab parts of a partition with dd seek= ) you encrypt with a different key.
  482. [18:44:05] %StalluManu: this key YOU FUCKING KEEP FOR YOURSELF.
  483. [18:44:16] %StalluManu: Remember that encrypted data was indistinguishable from random data?
  484. [18:44:28] %StalluManu: Yeah, so the last part might as well be unpartitioned space.
  485. [18:44:36] %StalluManu: plausible fucking deniability.
  486. [18:44:54] %StalluManu: This is what you want in the US and England, where they can make you tell your key.
  487. [18:45:14] ~Fox: Also learn to take a beating.
  488. [18:45:15] ~Fox: Pussies.
  489. [18:45:17] %StalluManu: But you'll want it anyways, because you're going to hack shit.
  490. [18:45:20] %StalluManu: Fox: true that.
  491. [18:45:20] @halfdead: lol
  492. [18:45:26] i0dineMobile (~AndChat@LulzCo-5915E58.sub-174-254-35.myvzw.com) left IRC. (Quit: Bye)
  493. [18:45:38] @halfdead: StalluManu: why not making two partitions
  494. [18:45:46] @halfdead: one encrypted
  495. [18:45:49] @halfdead: one unencrypted
  496. [18:45:51] %StalluManu: halfdead: because the partition table shows wat you're up to.
  497. [18:45:55] @halfdead: no
  498. [18:45:57] @halfdead: listen
  499. [18:46:03] @hatter: Or actually
  500. [18:46:05] %StalluManu: halfdead: and teh fs is distinguishable from random shit.
  501. [18:46:06] @hatter: The best thing to do
  502. [18:46:09] @hatter: In all honesty
  503. [18:46:09] @halfdead: you can make a partition that doesn't really exist
  504. [18:46:16] @hatter: In places where they can make you tell your key
  505. [18:46:16] ~Fox: ********************
  506. [18:46:20] @halfdead: unless you type a password during the boot
  507. [18:46:22] ~Fox: Going to put hatter on the spot here
  508. [18:46:22] @hatter: just keep it on a usb/sd card
  509. [18:46:27] ~Fox: cause I know this shit from experience.
  510. [18:46:28] ~Fox: lol
  511. [18:46:28] @hatter: break that shit
  512. [18:46:32] @hatter: drop it in a cup of coffee
  513. [18:46:34] @hatter: pewf gone
  514. [18:46:36] @hatter: lol
  515. [18:46:41] %dsr: ^ hatter thas not always easy to do
  516. [18:46:43] %StalluManu: hatter: i adviced they boot from microsd.
  517. [18:46:49] @hatter: I never had a hard time with it drop
  518. [18:46:50] %dsr: if they raid your house while your sleeping, in the shower, out of your house, at work , etc
  519. [18:46:51] %StalluManu: so they can destroy fucking everything.
  520. [18:46:51] @hatter: dsr *
  521. [18:46:55] @hatter: Uhm
  522. [18:46:58] @hatter: dsr: this is why you keep your key
  523. [18:47:01] @hatter: on yoour keychain
  524. [18:47:04] @hatter: WITH THE REST OF YOUR KEYS
  525. [18:47:15] ~Fox: Like, Literal keychain.
  526. [18:47:16] @hatter: lol
  527. [18:47:18] %dsr: good call
  528. [18:47:21] ~Fox: Like carkeys.
  529. [18:47:25] %StalluManu: ok.
  530. [18:47:27] ~Fox: SUPER-PROTIP
  531. [18:47:34] %StalluManu: just DONT make a normal partition, encrypt BOTH.
  532. [18:47:40] ~Fox: SD Card fits great in contact start keys!
  533. [18:47:42] %StalluManu: DONT partition at all.
  534. [18:47:55] Agrajag (~harhar@LulzCo-6C4BAAB9.bu.edu) left the channel.
  535. [18:48:03] %StalluManu: (except for a /boot and a / partition ofc)
  536. [18:48:17] @hatter: StalluManu: I usually use an encrypted loopback device stored on an encrypted partition for /home
  537. [18:48:24] @hatter: but in any case I wrote a bunch of crazy shit
  538. [18:48:28] @hatter: call it spadecrypt
  539. [18:48:31] @hatter: xochipilli and I wrote it together
  540. [18:48:34] mnmezz (~mnmezz@LulzCo-FECF7F64.torservers.net) joined the channel.
  541. [18:48:35] @hatter: Its more effective than truecrypt
  542. [18:48:41] vorbotten (~voronika@LulzCo-DB91E6A4.nerp.net) joined the channel.
  543. [18:48:42] @hatter: and truecrypt keeps the key in plaintext RAM memory
  544. [18:48:48] @hatter: Which is not safe
  545. [18:48:51] @hatter: spadecrypt does not.
  546. [18:48:54] %StalluManu: hatter: i encrypt my root.
  547. [18:48:57] @hatter: Good job
  548. [18:49:03] @hatter: It still keeps your key in plaintext ram StalluManu
  549. [18:49:10] %StalluManu: i know.
  550. [18:49:14] %StalluManu: but we've covered physical attacks.
  551. [18:49:16] %StalluManu: fucking glue the pc up.
  552. [18:49:19] Cuidado_ (~byungminl@LulzCo-21E64C23.hsd1.va.comcast.net) left IRC. (Quit: Leaving)
  553. [18:49:30] %StalluManu: now, where were we.
  554. [18:49:36] @hatter: philosecurity.org/pubs/davidoff-clearmem-linux.pdf
  555. [18:49:52] %StalluManu: good paper.
  556. [18:49:53] @hatter: Plausible deniability
  557. [18:49:55] @hatter: And
  558. [18:50:00] @halfdead: hey
  559. [18:50:04] @hatter: unpartitioned space.
  560. [18:50:04] @halfdead: if you want to be safe
  561. [18:50:09] @halfdead: with your hacker life
  562. [18:50:17] @halfdead: just live on the road
  563. [18:50:28] @halfdead: or in a fuckin trailer park
  564. [18:50:28] @halfdead: no one raids a trailer park
  565. [18:50:38] @halfdead: i live in a nice trailer park under this bridge
  566. [18:50:49] @hatter: wow that's rly not actually safe lol
  567. [18:50:49] @halfdead: there had been 0 raids in the past 10 yrs
  568. [18:50:56] @halfdead: how isn't it safe
  569. [18:50:59] @hatter: yea the file on you is also prolly 2 miles long bro
  570. [18:51:00] @hatter: lol
  571. [18:51:04] %dsr: umm
  572. [18:51:13] @halfdead: you think someone has a file on me??
  573. [18:51:19] %StalluManu: stfu.
  574. [18:51:21] @halfdead: wtf.. that is a scary thought
  575. [18:51:24] %dsr: probably with an attitude like that
  576. [18:51:25] %StalluManu: we're not trying to wave e-dicks in here.
  577. [18:51:30] %dsr: ^
  578. [18:51:32] %StalluManu: we're trying to teach some n00bs how2h4x0r
  579. [18:51:32] ~Fox: Moving along.
  580. [18:51:33] @hatter: I agree
  581. [18:51:35] @halfdead: StalluManu: sorry
  582. [18:51:38] @hatter: I don't want them getting in trouble though
  583. [18:51:38] ~Fox: Moving along.
  584. [18:51:39] @hatter: Is all
  585. [18:51:40] @halfdead: but why?
  586. [18:51:45] ~Fox: We can do this at the end.
  587. [18:51:47] eSDee (~harhar@LulzCo-6C4BAAB9.bu.edu) joined the channel.
  588. [18:51:48] ~Fox: keep it moving.
  589. [18:51:57] halfdead sets mode +v eSDee
  590. [18:52:10] +eSDee: h0h0h0
  591. [18:52:11] %StalluManu: Now, we've got a dandy encrypted disk, you gave them your fake password, they got your fake operating system, and you're free.
  592. [18:52:19] %StalluManu: If you're not, prepare for bubba to rape your anus.
  593. [18:52:21] %StalluManu: and daily beatings.
  594. [18:52:26] @hatter: ^
  595. [18:52:27] @hatter: lol
  596. [18:52:39] ~Fox: Rape is ONLY fun if you're not recieving.
  597. [18:52:42] +tminus: no bubba at club fed
  598. [18:53:02] %StalluManu: If you do not give up your key, the half a year-year you will spend in jail will be WORSE than the two years you'll spend in the can for general hacking.
  599. [18:53:06] %StalluManu: Because the cops hate your guts.
  600. [18:53:29] %StalluManu: So, in that case, you're fucked.
  601. [18:53:46] %dsr: they cant always force you to give up your key
  602. [18:53:46] %StalluManu: After you've had your time in the can, you can become a homosexual, and a whitehat!
  603. [18:53:52] abduck (root@LulzCo-39E54686.sister.is.pregnant.and.itsbecauseof.me) joined the channel.
  604. [18:53:56] @hatter: dsr: no they can't
  605. [18:54:01] @hatter: :)
  606. [18:54:07] %dsr: in some states countries you can mount a 5th amendment style defense
  607. [18:54:09] %StalluManu: dsr: check your local laws to see which apply.
  608. [18:54:11] %StalluManu: again, google etc.
  609. [18:54:18] %StalluManu: KNOW THE FUCKING LAW.
  610. [18:54:25] @hatter: Actually
  611. [18:54:28] ~Fox: Now Gentlemen
  612. [18:54:28] @hatter: legally
  613. [18:54:29] @hatter: They can't.
  614. [18:54:36] @hatter: I used to work forensics
  615. [18:54:38] ~Fox: You've heard from StalluManu
  616. [18:54:40] @hatter: I know this shit for a fact.
  617. [18:54:43] abduck (root@LulzCo-39E54686.sister.is.pregnant.and.itsbecauseof.me) left the channel.
  618. [18:54:47] @hatter: They can try to force you
  619. [18:54:51] ~Fox: Hatter has done forensics work for quite a fuck-piss long time
  620. [18:54:53] @hatter: But you have plausible deniability
  621. [18:54:53] eax (root@LulzCo-39E54686.sister.is.pregnant.and.itsbecauseof.me) joined the channel.
  622. [18:54:57] ~Fox: Here is the other side of the spectrum.
  623. [18:54:57] @hatter: You could've forgotten it
  624. [18:55:07] @hatter: They may not even be able to prove last boot
  625. [18:55:15] @hatter: You can always say you haven't been able to get into it for a year or two
  626. [18:55:21] @hatter: and ask them to give you the password when they figure it out
  627. [18:55:28] @hatter: so you can get your p0rn you were hidin from your girlfriend
  628. [18:55:30] @hatter: it'll hold up.
  629. [18:55:35] @halfdead: hatter: that's true
  630. [18:55:36] @halfdead: :)
  631. [18:55:42] Fox sets mode +h eax
  632. [18:55:43] @halfdead: amazingly true
  633. [18:55:45] @halfdead: a friend of mine did that
  634. [18:55:52] @halfdead: and they returned the laptop after one year
  635. [18:55:57] @hatter: Yep
  636. [18:56:00] @halfdead: he asked what the pass was
  637. [18:56:07] @halfdead: and they didn't even reply
  638. [18:56:11] @halfdead: how rude..
  639. [18:56:22] ~Fox: Super large point
  640. [18:56:25] ~Fox: If this does happen to you
  641. [18:56:29] @hatter: Well ultimately
  642. [18:56:29] ~Fox: STICK WITH YOUR FUCKING STORY
  643. [18:56:33] @hatter: Depending on the algorithms
  644. [18:56:37] @hatter: one year aint enough time
  645. [18:56:38] ~Fox: Commit to that line until you fucking die.
  646. [18:56:44] @hatter: You have to think of this from a federal perspective
  647. [18:56:47] @hatter: they have to pay the electric
  648. [18:56:57] @hatter: use that supercomputer to crack your shit in stead of someone elses
  649. [18:57:06] @hatter: and if all you did was do some internet spray paint on some website
  650. [18:57:12] @hatter: They're not gonna spend tax dollars on that shit
  651. [18:57:13] @hatter: lol
  652. [18:57:21] @halfdead: that's true
  653. [18:57:26] ~Fox: Gentlemen this is pre-emptory security.
  654. [18:57:28] @halfdead: but i advice anyone not to hack
  655. [18:57:30] @halfdead: because hacking is ilegal
  656. [18:57:37] ~Fox: You don't want to get wrapped up in something larger than yourself
  657. [18:57:47] @hatter: ^
  658. [18:57:48] ~Fox: and say "Aw Fuck. I wish I would have listened in #school4lulz."
  659. [18:57:50] @hatter: I have done that before
  660. [18:57:54] ~Fox: As have I.
  661. [18:57:58] spartacus (John@9BBA67F0.CCCED140.C34EBED0.IP) left the channel.
  662. [18:58:01] +eSDee: also, the filesystem assange and some other people worked on in the past
  663. [18:58:02] +eSDee: rubberhose
  664. [18:58:02] ~Fox: I was glad I listened to those that taught me.
  665. [18:58:03] %StalluManu: http://wimminz.wordpress.com/2011-04/3-important-pdf-files/ <=READ THIS. on how the justice system works. It's UNRELATED to this area of the law, however the ADVICE is fucking sound.
  666. [18:58:05] +eSDee: is conceptually interesting
  667. [18:58:12] @hatter: eSDee: rubber hose is the shit
  668. [18:58:13] @hatter: lol
  669. [18:58:16] @hatter: I <3 rubber hose
  670. [18:58:23] %dsr: rubber hose is basically how trucrypt works
  671. [18:58:36] @hatter: Not quite
  672. [18:58:41] @hatter: Rubber hose ALWAYS decrypts
  673. [18:58:45] @halfdead: eSDee: is it any good?
  674. [18:58:46] @hatter: it just doesn't always decrypt properly
  675. [18:58:47] +eSDee: dsr: truecrypt doesn't allow me to manage aspects in the same way as truecrypt
  676. [18:58:48] Blaher_ (~blaher@LulzCo-1A42682E.dsl.akrnoh.sbcglobal.net) joined the channel.
  677. [18:58:50] +eSDee: errr
  678. [18:58:52] +eSDee: as rubberhose
  679. [18:59:04] +eSDee: which is kind of what i would like
  680. [18:59:20] %StalluManu: ok. now that we've had ENTERPRISE QUALITY rubber hose crypto.
  681. [18:59:22] %StalluManu: Your crypto ain't shit if someone has access to your files.
  682. [18:59:26] %StalluManu: So don't fucking get rooted.
  683. [18:59:27] @hatter: ^
  684. [18:59:32] @hatter: That's kinda the point in HIPAA
  685. [18:59:36] %StalluManu: hatter: can you give them a quick how2 not get rooted?
  686. [18:59:37] @hatter: Or SpadeCrypt
  687. [18:59:39] @hatter: essentially
  688. [18:59:45] @hatter: CERTAIN
  689. [18:59:48] @hatter: encryption systems
  690. [18:59:53] @hatter: Allow for realtime stream decryption of data
  691. [18:59:56] @hatter: So that even root
  692. [19:00:00] @hatter: even when the device is mounted
  693. [19:00:02] @hatter: cannot read the data
  694. [19:00:08] @hatter: even when root has the permissions to do so
  695. [19:00:11] @hatter: because root does not have the key
  696. [19:00:16] Fox sets mode +v Blaher_
  697. [19:00:27] hatter sets mode +v srwx
  698. [19:00:29] +Blaher_: What did I miss?
  699. [19:00:33] @hatter: StalluManu: I suppose I could try, lol
  700. [19:00:47] ~Fox: You missed shutting the fuck up.
  701. [19:00:50] @hatter: The easiest way to not get rooted
  702. [19:00:51] @hatter: is dont use the internet <3
  703. [19:00:53] @hatter: lol
  704. [19:01:25] %LordKitsuna: yay! another perfect lesson from hatter
  705. [19:01:39] %StalluManu: basically, YOU DONT NEED INCOMING PORTS.
  706. [19:01:43] +Blaher_: Did we mess with MIT?
  707. [19:01:46] %StalluManu: FUCK SERVICES, YOU DONT NEED THEM ON YOUR FUN BOX.
  708. [19:01:52] pRjck3vC (~qz5UMksT@BFE2FA0E.CD918B2F.380801F2.IP) joined the channel.
  709. [19:01:57] +eSDee: just open random pdfs on your machine though
  710. [19:02:01] Fox kicked Blaher_ from the channel. (Shut your fucking mouth.)
  711. [19:02:01] %StalluManu: so, firewall them off with iptables.
  712. [19:02:01] +eSDee: nothing can go wrong there
  713. [19:02:12] z3rod4ta (~zerodata@LulzCo-E5943094.hsd1.ma.comcast.net) joined the channel.
  714. [19:02:15] %StalluManu: eSDee: good point
  715. [19:02:20] %StalluManu: ACT AS IF ANY NETWORK IS OUT TO GET YOU.
  716. [19:02:22] @hatter: Well that but also shit can come down your tubes
  717. [19:02:24] sanguinerose (~sanguiner@LulzCo-16C30A9A.ipredate.net) joined the channel.
  718. [19:02:27] Onelastsin (~Fireking@LulzCo-A21FB84C.tx.res.rr.com) joined the channel.
  719. [19:02:28] Blaher_ (~blaher@LulzCo-1A42682E.dsl.akrnoh.sbcglobal.net) joined the channel.
  720. [19:02:31] @hatter: Browsers, terminal emulators, etc
  721. [19:02:32] @hatter: all vulnerable
  722. [19:02:33] %StalluManu: Good browsers: links, links2 -g, elinks, lynx
  723. [19:02:40] %StalluManu: Bad browsers: firefox, konqueror.
  724. [19:02:46] @hatter: terminal emulator exploits will still hit those terminal browsers
  725. [19:02:55] @hatter: The best way to use those terminal browsers is to compile them from source
  726. [19:02:57] @hatter: edit the makefile
  727. [19:03:02] @halfdead: lol
  728. [19:03:07] %LordKitsuna: StalluManu, i assume we are talking personal use boxes since you would need ports for a webserver
  729. [19:03:07] @halfdead: i always browse with lynx
  730. [19:03:08] @hatter: and add -fstack-protector-all to the CFLAGS and CXXFLAGS
  731. [19:03:12] @halfdead: because links seems too advanced
  732. [19:03:31] %StalluManu: the DWM team has a good browser too.
  733. [19:03:52] %StalluManu: LordKitsuna: we're talking our "fun" box now.
  734. [19:03:58] %StalluManu: As we DONT FUCKING REUSE PASSWORDS this is walled off.
  735. [19:04:58] @hatter: o wow
  736. [19:04:59] %StalluManu: the point of this is that the code of links is reasonably simple.
  737. [19:05:01] @hatter: once again
  738. [19:05:05] @hatter: in case someone missed that
  739. [19:05:06] %StalluManu: they DONT HAVE JAVASCRIPT.
  740. [19:05:12] @hatter: DONT FUCKING REUSE PASSWORDS
  741. [19:05:12] @hatter: DONT FUCKING REUSE PASSWORDS
  742. [19:05:12] @hatter: DONT FUCKING REUSE PASSWORDS
  743. [19:05:13] @hatter: DONT FUCKING REUSE PASSWORDS
  744. [19:05:13] @hatter: DONT FUCKING REUSE PASSWORDS
  745. [19:05:14] @hatter: DONT FUCKING REUSE PASSWORDS
  746. [19:05:14] @hatter: DONT FUCKING REUSE PASSWORDS
  747. [19:05:16] @hatter: lol
  748. [19:05:27] %StalluManu: javascript WILL get you in the can.
  749. [19:05:27] ~Fox: once again
  750. [19:05:35] ~Fox: ] @hatter: DONT FUCKING REUSE PASSWORDS
  751. [19:05:35] ~Fox: [19:05:12] @hatter: DONT FUCKING REUSE PASSWORDS
  752. [19:05:35] @halfdead: :(
  753. [19:05:38] @halfdead: i always reuse my passwords
  754. [19:05:45] @halfdead: what's the idea of a password if not reusing it :(
  755. [19:05:53] +eSDee: one time pads y0
  756. [19:05:53] @halfdead: i can't remember * passwords!
  757. [19:05:55] Brandon (~brandon@LulzCo-496F86DC.columbus.res.rr.com) left IRC. (Ping timeout: 240 seconds)
  758. [19:06:00] +eSDee: secure id tokens
  759. [19:06:04] %StalluManu: Ok, so you're firewalled off, you think you're safe with your new shitty browser.
  760. [19:06:06] +eSDee: those work very well according to lockheed martin
  761. [19:06:07] %StalluManu: TOUGH SHIT.
  762. [19:06:10] %StalluManu: you are on a HOSTILE NETWORK.
  763. [19:06:27] @hatter: if you use the internet
  764. [19:06:28] @hatter: at all
  765. [19:06:30] %StalluManu: You log in to your facebook, someone has a fake cert( HI THERE FBI), you get raped.
  766. [19:06:36] @hatter: you're exposing shit.
  767. [19:06:42] %StalluManu: Here's my general tactic for minimal exposure.
  768. [19:06:43] @hatter: even with no listening ports
  769. [19:07:05] %StalluManu: You tunnel trough cloudvpn/proxies to your home box from where you are.
  770. [19:07:05] @hatter: Personally, I just don't have a facebook to avoid that sort of thing, StalluManu
  771. [19:07:13] @hatter: lol
  772. [19:07:20] %StalluManu: Your home box connects outwards via proxies.
  773. [19:07:25] %StalluManu: (proxies+TOR).
  774. [19:07:40] %StalluManu: you use SSL to connect to your home box, and you FUCKING CHECK THE CERT BY HAND.
  775. [19:07:43] @hatter: ok
  776. [19:07:47] @hatter: for those of you who keep saying tor
  777. [19:07:49] @hatter: I will say it again
  778. [19:07:50] @hatter: I2p
  779. [19:07:52] @hatter: I2P
  780. [19:08:02] %StalluManu: hatter: i covered why tor was shit b4.
  781. [19:08:08] @hatter: Ah
  782. [19:08:12] ~Fox: I trust TOR like I trust a bitch that blows me before dinner
  783. [19:08:15] ~Fox: I trust TOR like I trust a bitch that blows me before dinner
  784. [19:08:15] %StalluManu: highest bandwidth nodes etc.
  785. [19:08:15] @hatter: I2P is not as shitty as tor.
  786. [19:08:17] ~Fox: NOTE
  787. [19:08:18] @hatter: I2P is not as shitty as tor.
  788. [19:08:20] ~Fox: I trust TOR like I trust a bitch that blows me before dinner
  789. [19:08:31] @hatter: StalluManu: even if you evade those nodes
  790. [19:08:37] @hatter: The dns requests don't exit via the node
  791. [19:08:40] %StalluManu: hatter: i know.
  792. [19:08:42] @hatter: they still go through your border gateway
  793. [19:08:43] @hatter: so like
  794. [19:08:47] @hatter: your ISP will see where you're going
  795. [19:08:53] @hatter: regardless
  796. [19:08:53] %StalluManu: hatter: i forgot that
  797. [19:09:05] %StalluManu: PEOPLE, TUNNEL YOUR DNS, USE A FUCKING VPN + OPENDNS
  798. [19:09:07] @hatter: So use I2P
  799. [19:09:15] %StalluManu: better yet, us a private DNS server.
  800. [19:09:17] @hatter: I2P is a peer-to-peer system similar to tor
  801. [19:09:22] @hatter: Except, it doesn't suck
  802. [19:09:25] %StalluManu: somewhere in a retarded shithole of a country.
  803. [19:09:35] @hatter: Even if you use private dns, your ISP will see the UDP request leave their network
  804. [19:09:38] @hatter: with a DNS request in it
  805. [19:09:42] @hatter: So no, won't matter
  806. [19:09:46] @hatter: Just use I2P
  807. [19:09:49] @hatter: Or a VPN
  808. [19:09:54] %StalluManu: hatter: VPN to private dns.
  809. [19:09:58] %StalluManu: hatter: dats wat i was advertizing.
  810. [19:10:01] Brandon (~brandon@LulzCo-496F86DC.columbus.res.rr.com) joined the channel.
  811. [19:10:03] @hatter: o
  812. [19:10:04] @hatter: word
  813. [19:10:04] @hatter: lol
  814. [19:10:14] @hatter: o
  815. [19:10:14] %StalluManu: ok, so you've got your fucking connection encrypted
  816. [19:10:16] %StalluManu: .TOUGH SHIT.
  817. [19:10:16] @hatter: one more thing kids
  818. [19:10:19] %StalluManu: the feds still want your ass.
  819. [19:10:25] @hatter: DONT TRUST GOOGLE.  
  820. [19:10:27] @hatter: EVER
  821. [19:10:29] @hatter: lol
  822. [19:10:37] +srwx: google knows your secrets
  823. [19:10:39] %StalluManu: you see, SSL certificate companies are funny beasts.
  824. [19:10:39] @hatter: google voice to hide your number
  825. [19:10:43] @hatter: just gets that call recorded
  826. [19:10:51] @hatter: 02:11 <%StalluManu> you see, SSL certificate companies are funny beasts.
  827. [19:10:53] @hatter: ^
  828. [19:10:56] %StalluManu: FEDS OWN SSL CERTIFICATE COMPANIES.
  829. [19:11:16] +eSDee: 'hi thiz is the fbi speaking, we'd like your CA to sign some stuff for us///'
  830. [19:11:27] @hatter: yeah
  831. [19:11:27] %StalluManu: They CAN and WILL produce valid certificates to man in the middle a SSL connection.
  832. [19:11:27] @hatter: P. much
  833. [19:11:27] @hatter: Well
  834. [19:11:27] @hatter: It won't matter if its valid
  835. [19:11:28] %StalluManu: this is why you check the certificates TO YOUR BOXES by hand.
  836. [19:11:30] @hatter: You'll still get cert errors
  837. [19:11:37] @hatter: if the connection is ongoing
  838. [19:11:41] @hatter: or if you have whitelisted certs
  839. [19:11:41] nociuduis (~nociuduis@LulzCo-A75755D4.ph.ph.cox.net) joined the channel.
  840. [19:11:44] %StalluManu: hatter: yeah.
  841. [19:11:52] %StalluManu: Now, i know fuckers that are monitored by the feds.
  842. [19:12:00] halfdead is now known as c0qsm3gma
  843. [19:12:05] %StalluManu: Here's a quick howto get ssl certs that are made by the fucking feds
  844. [19:12:30] %StalluManu: Get a tool to read SSL certs from a pipe( goolag is your friend).
  845. [19:12:35] @hatter: ^
  846. [19:12:48] %StalluManu: Use that on a box that YOU KNOW IS NOT MONITORED.
  847. [19:12:58] %StalluManu: Like your grandma's (assuming she's not a pedo).
  848. [19:13:00] @hatter: lol
  849. [19:13:03] Fox sets mode +v lighthouse
  850. [19:13:05] %StalluManu: Collect certs for sites YOU WANT TO VISIT.
  851. [19:13:15] %StalluManu: Now, go back home.
  852. [19:13:19] +srwx: make note of their expiration too
  853. [19:13:34] %StalluManu: srwx: compare the entire fucking cert with diff.
  854. [19:13:36] %StalluManu: Now, go back home.
  855. [19:13:38] +srwx: ya basically
  856. [19:13:43] %StalluManu: Do the same over a fuckton of tor exit nodes.
  857. [19:13:48] @hatter: lol
  858. [19:14:02] ~Fox: Yo...
  859. [19:14:04] %StalluManu: MOST TOR EXIT NODES ARE IN THE BASEMENT OF FT MEYERS
  860. [19:14:07] ~Fox: I gotta speak up here gents
  861. [19:14:15] ~Fox: Hold for a moment
  862. [19:14:15] %StalluManu: k, fox.
  863. [19:14:16] +eSDee: most intermediate nodes too
  864. [19:14:42] ~Fox: Gentlemen, what these two wonderful teachers here are discussing are in the massive realms of the paranoid, or in the most intricate of jobs.
  865. [19:15:00] ~Fox: I know for a fact that these two people use regular browsers.
  866. [19:15:11] ~Fox: We are speaking of top-level security precautions
  867. [19:15:23] ~Fox: If you aren't doing dirt at the time, and are on a clean installation
  868. [19:15:33] ~Fox: a lower level of security would apply.
  869. [19:15:45] ~Fox: So for instance, we're not saying, don't use facebook, don't use google
  870. [19:15:46] srs (~srs@LulzCo-E8B02DB8.privacyfoundation.ch) joined the channel.
  871. [19:15:58] ~Fox: we're saying don't use them within 1000 feet of your handle.
  872. [19:16:04] %StalluManu: no, we're saying DONT YOU EVER USE FACEBOOK.
  873. [19:16:06] +srwx: don't use fb/google from a computer your h4xing from, or from home
  874. [19:16:07] ~Fox: So that means, no-same internet connection, no same anything.
  875. [19:16:10] @hatter: 02:16 <%StalluManu> no, we're saying DONT YOU EVER USE FACEBOOK.
  876. [19:16:10] @hatter: 02:16 <%StalluManu> no, we're saying DONT YOU EVER USE FACEBOOK.
  877. [19:16:11] @hatter: 02:16 <%StalluManu> no, we're saying DONT YOU EVER USE FACEBOOK.
  878. [19:16:11] @hatter: 02:16 <%StalluManu> no, we're saying DONT YOU EVER USE FACEBOOK.
  879. [19:16:12] @hatter: 02:16 <%StalluManu> no, we're saying DONT YOU EVER USE FACEBOOK.
  880. [19:16:12] @hatter: 02:16 <%StalluManu> no, we're saying DONT YOU EVER USE FACEBOOK.
  881. [19:16:16] ~Fox: Lol.
  882. [19:16:21] @c0qsm3gma: srwx: why not?
  883. [19:16:22] %StalluManu: twitter OVER A PROXY WITH NO REAL DETAILS.
  884. [19:16:22] ~Fox: Well, then they are.
  885. [19:16:23] ~Fox: Lol.
  886. [19:16:30] %eax: its useless fox the hatters are hatting
  887. [19:16:31] @c0qsm3gma: what's wrong with facebook :((
  888. [19:16:33] @c0qsm3gma: i use that a lot
  889. [19:16:37] +srwx: because they'll know, they read your cookies
  890. [19:16:41] imposter22 (~imposter2@9E450AF4.1F24E4E4.13FC21DA.IP) joined the channel.
  891. [19:16:55] %StalluManu: oh, and if you use firefox. turn off the "warn me about potential attack sites" and install noscript.
  892. [19:16:57] +srwx: sites you visit that show adsense ads can see where you've been, where you came from
  893. [19:17:20] +srwx: flashblock is handy too
  894. [19:17:28] %StalluManu: ok, but we were @ securing your connection.
  895. [19:17:50] %StalluManu: Now that you've got a list of certs from the TOR exit nodes owned by the NSA, you KNOW when you're monitored if those appear on your connection.
  896. [19:18:04] @hatter: lol
  897. [19:18:04] maresi (~aaa@LulzCo-B07C3B47.dsl.sil.at) left IRC. (Quit: maresi)
  898. [19:18:07] %StalluManu: if these appear on your connection and you are NOT using tor, you are fucked.
  899. [19:18:11] %StalluManu: NUKE FUCKING EVERYTHING.
  900. [19:18:26] LJ_Borges (~LJBorges@69E13FB2.8509785D.B3432783.IP) left IRC.
  901. [19:18:39] %StalluManu: If your tracerts go past a military IP range, you are fucked.
  902. [19:18:51] %StalluManu: if you are fucked, you delete fucking everything
  903. [19:18:53] %StalluManu: comprendre?
  904. [19:19:13] +Shidash: yes
  905. [19:19:26] %StalluManu: Ok. someone wanted to know more about ssl certificates.
  906. [19:19:32] %StalluManu: SSL Uses RSA to encrypt a connection.
  907. [19:19:46] %StalluManu: RSA is an assymetric cipher, go to fucking wikipedo.
  908. [19:19:46] @hatter: and is also weak as phuck
  909. [19:19:50] %StalluManu: ^that&
  910. [19:20:09] @hatter: Ultimately though
  911. [19:20:17] @hatter: No encryption matters if it does not have pre-shared keys
  912. [19:20:23] @hatter: Without pre-shared keys
  913. [19:20:25] %StalluManu: It allows you to figure out with some certainty how deeply in the shit you are.
  914. [19:20:31] @hatter: the initial key exchange can be hijacked
  915. [19:20:34] @hatter: and then it won't matter
  916. [19:20:39] @hatter: Even without the SSL MiTM
  917. [19:20:47] @hatter: they can decrypt the data with a plain ole mitm
  918. [19:20:54] %StalluManu: hatter: true.
  919. [19:20:59] @hatter: same with ssh
  920. [19:21:03] @hatter: or anything that doesn't use a pre-shared key
  921. [19:21:05] %StalluManu: hatter: which is why i dont recommend browsing via a node @ ft. meyers.
  922. [19:21:13] @hatter: lol
  923. [19:21:17] @hatter: my ex fiance is moving there
  924. [19:21:30] %StalluManu: stop with the info on yer life.
  925. [19:21:42] @hatter: She writes me buffer overflow payload lua extension for nmap.
  926. [19:21:47] @hatter: We could have her do some funny shit
  927. [19:21:53] @hatter: If she's gonna be nearby all those nodes.
  928. [19:21:54] @hatter: :P
  929. [19:22:04] %StalluManu: shit like that gives information about who you are and where you live.
  930. [19:22:08] @hatter: lol
  931. [19:22:10] @hatter: Sure it does
  932. [19:22:14] @hatter: More like
  933. [19:22:16] %StalluManu: The "moving there" part narrows shit down to ~2-3k people max.
  934. [19:22:19] @hatter: Sure
  935. [19:22:22] @hatter: And that's an ex girlfriend
  936. [19:22:23] @hatter: So really
  937. [19:22:30] @hatter: It doesn't really say a damn thing
  938. [19:22:34] %StalluManu: i know.
  939. [19:22:40] %StalluManu: But given enough of that shit, i can track you down.
  940. [19:22:42] ~Fox: NIGGA THIS AINT PRIVATE MESSAGING.
  941. [19:22:44] @hatter: lol
  942. [19:22:45] %StalluManu: i dont WANT to be able to.
  943. [19:22:47] ~Fox: NIGGA THIS AINT PRIVATE MESSAGING.
  944. [19:22:51] zaiger (~newfriend@OhIntehbutt.com) left IRC. (Ping timeout: 240 seconds)
  945. [19:22:54] @hatter: you can't track me down, StalluManu
  946. [19:22:55] %StalluManu: Fox: trying to make a point here, stfu.
  947. [19:22:58] %StalluManu: i know hatter.
  948. [19:22:59] @hatter: if you could
  949. [19:23:00] %StalluManu: and i dont want to.
  950. [19:23:02] @hatter: then the feds would have long ago.
  951. [19:23:08] ~Fox: my fuck god.
  952. [19:23:10] @hatter: and I'm sure they have more info on me than that.
  953. [19:23:16] %StalluManu: ok, stfu.
  954. [19:23:19] ~Fox: DICK.
  955. [19:23:20] ~Fox: WAVING.
  956. [19:23:30] @hatter: attacking me?
  957. [19:23:31] %StalluManu: YOUR HANDLE, IF YOU REUSE IT, IS INFORMATION.
  958. [19:23:36] @hatter: have right to defend self?
  959. [19:23:37] +eSDee: also
  960. [19:23:41] %StalluManu: no, just making a point about info.
  961. [19:23:41] +eSDee: for you bitches on irc
  962. [19:23:41] hatter (~hatter@763DA217.EEF9EEBE.7547DCD8.IP) left the channel. (fuck you kids)
  963. [19:23:43] %StalluManu: stfu people.
  964. [19:23:45] +eSDee: check out OTR
  965. [19:24:00] %StalluManu: >he mad.
  966. [19:24:00] %StalluManu: ok.
  967. [19:24:04] %StalluManu: If you speak.
  968. [19:24:20] %StalluManu: you give off information.
  969. [19:24:23] %StalluManu: if you CONNECT TO A SITE.
  970. [19:24:29] %StalluManu: your browser has an useragent that gives off information.
  971. [19:24:38] %StalluManu: your SPEECH PATTERNS are unique.
  972. [19:24:43] @c0qsm3gma: OTR :)
  973. [19:24:47] @c0qsm3gma: or ADMirc
  974. [19:24:48] %eax: inb4 all are retards
  975. [19:24:52] %StalluManu: if you REUSE your nick for ANYTHING that links to IRL, you deserve to be buttraped.
  976. [19:24:54] zaiger (~newfriend@OhIntehbutt.com) joined the channel.
  977. [19:24:57] +srwx: I would highly recommend the Disconnect plugin https://addons.mozilla.org/en-US/firefox/addon/disconnect/
  978. [19:25:06] LordKitsuna sets mode +v Anorov
  979. [19:25:23] +srwx: which will prevent a lot of third party advertisers from tracking which websites you visit
  980. [19:25:44] +Anorov: stallumanu, i agree completely
  981. [19:25:53] +Anorov: i'll lay out a real world example
  982. [19:26:14] +Anorov: let's say you're spamming or even trying to hack some site. you're using tor, maybe even a huge variety of proxies
  983. [19:26:33] +Anorov: the server admin sees something funny is going on, checks the access logs. sees the IPs launching the attacks, checks the useragent
  984. [19:26:56] +Anorov: makes a file with all the logs from the past few weeks/months, greps the useragent. if it's unique-ish and if you EVER visited with your real IP, you're fucked
  985. [19:27:16] +Anorov: same with typing patterns. let's say you have some typing quirk you're unaware of and post on some forum frequently. then some guy hacks said forum and posts a deface message with that same quirk
  986. [19:27:18] +Anorov: someone might notice
  987. [19:27:35] %StalluManu: So: spoof your useragent to something common.
  988. [19:27:36] +Anorov: constantly check your writing style and constantly change your useragents if you're targeting a site
  989. [19:27:38] +Anorov: yep
  990. [19:27:40] %StalluManu: Change your nick erryday.
  991. [19:27:44] +Anorov: switch between a few common UA's
  992. [19:27:48] %StalluManu: Dont put private info on public sites.
  993. [19:27:49] +Anorov: firefox 4, IE 8
  994. [19:28:21] %StalluManu: And spoof your shit to that of a dumb windows user.
  995. [19:28:46] %StalluManu: i know for a fact people in here reuse their nicks.
  996. [19:29:01] %StalluManu: 'cause i googled.
  997. [19:29:03] +darkspline: <----
  998. [19:29:03] %StalluManu: i'm not dropping dox, but feel free to come back later with a different fucking handle.
  999. [19:29:07] +Anorov: yep. never join a place like this, or really anywhere, with a nick you use elsewhere, or a nick you have tied to other nicks
  1000. [19:29:35] %StalluManu: ok.
  1001. [19:29:35] +Anorov: picking a new nick and then saying "my msn is [some fucking msn you use everywhere" will nullify everything you did too
  1002. [19:29:47] %StalluManu: Now: how2get a nick.
  1003. [19:30:00] %StalluManu: Decide the poor fuck you want to screw over, in a town fucking remote from where you are.
  1004. [19:30:03] %StalluManu: Get on his wifi.
  1005. [19:30:07] %StalluManu: Make a new irc account under his IP.
  1006. [19:30:19] %StalluManu: Then just use a proxy for the rest of the time.
  1007. [19:30:30] %StalluManu: same for accounts on social shitworking sites.
  1008. [19:30:36] +darkspline: hahahaha
  1009. [19:30:42] +darkspline: mint
  1010. [19:31:13] %StalluManu: ok, so now you have all your fucking info offline. your shit spoofed, and your connection dns and ssl reasonably secure.
  1011. [19:31:18] +darkspline: i'm thinking of all my ex GF's ATM
  1012. [19:31:22] %StalluManu: you are behind over 9000 proxies.
  1013. [19:31:29] %StalluManu: darkspline: can be linked to you, dumbass.
  1014. [19:31:36] +srwx: also, specifically set the resolvers on your NIC to resolvers on a box that aren't monitoried
  1015. [19:31:37] Wearemudkipz (~Fire-Wolf@LulzCo-843DA4E1.cable.virginmedia.com) left IRC. (Read error: Connection reset by peer)
  1016. [19:31:45] +darkspline: StalluManu, if I do dirt its not <---
  1017. [19:31:51] Wearemudkipz (~Fire-Wolf@LulzCo-843DA4E1.cable.virginmedia.com) joined the channel.
  1018. [19:31:58] nonbit (~amnesia@LulzCo-46D1B5F.torproxy.org) joined the channel.
  1019. [19:32:01] %StalluManu: but: your computer has a fucking MAC adress too.
  1020. [19:32:06] %StalluManu: use changemac under linux to spoof it.
  1021. [19:32:08] +darkspline: you need local cable
  1022. [19:32:10] %StalluManu: windows: the fuck do i know.
  1023. [19:32:12] +srwx: ifconfig hwaddr
  1024. [19:32:19] +srwx: :)
  1025. [19:32:25] +darkspline: and gotta track down where I planted the hacke modem+router
  1026. [19:32:53] %StalluManu: listen up fags.
  1027. [19:32:58] zaiger (~newfriend@OhIntehbutt.com) left IRC. (Ping timeout: 240 seconds)
  1028. [19:33:03] +darkspline: $500USD. I found enough 120V + unused cable plugs.
  1029. [19:33:04] %StalluManu: MAC adresses are not broadcast over proxies, they are broadcast TO proxies.
  1030. [19:33:22] %StalluManu: mac adresses are the lowest level of shit for sending internet packets, used within a lan.
  1031. [19:33:31] +darkspline: layer 2 yo
  1032. [19:33:32] %StalluManu: they also conveniently link to that new shiny fucking mobo you just bought.
  1033. [19:33:39] %StalluManu: darkspline: tru
  1034. [19:33:42] +srwx: burned in number
  1035. [19:33:46] +darkspline: StalluManu, only try 2 b
  1036. [19:33:47] +srwx: and always purchase hardware with cash
  1037. [19:33:51] +Anorov: MACs are only sent hop to hop
  1038. [19:34:02] +darkspline: local IP subnet
  1039. [19:34:02] +Anorov: generally you'll want to change your router's MAC, assuming you're behind one
  1040. [19:34:10] TR0|\| (~hereandth@LulzCo-22B8D0C7.dynamic.swissvpn.net) joined the channel.
  1041. [19:34:11] +srwx: that way they can't query the store register/log with the serial # of your mobo
  1042. [19:34:20] +Anorov: if you're fucking with a wireless network, yes change your MAC constantly
  1043. [19:34:21] +srwx: and link it to a credit card
  1044. [19:34:23] +darkspline: some protos use like some vpn's, they leak mac
  1045. [19:34:39] %StalluManu: ok, now that you've all changed your fucking mac adress.
  1046. [19:34:43] %StalluManu: you are now leaking less info!
  1047. [19:34:48] +darkspline: you can be in fucking china and track some shit across DHCP
  1048. [19:34:50] %StalluManu: now that you've nuked fucking all your profiles.
  1049. [19:34:56] +darkspline: StalluManu, sorry bro
  1050. [19:35:00] +darkspline: :-(
  1051. [19:35:06] @c0qsm3gma: (5:34:18 AM) Anorov: if you're fucking with a wireless network, yes change your MAC constantly
  1052. [19:35:10] %StalluManu: darkspline: vpns do leak.
  1053. [19:35:13] @c0qsm3gma: Anorov: my MAC changes from hop to hop
  1054. [19:35:15] +darkspline: StalluManu, i know!
  1055. [19:35:16] @c0qsm3gma: is that good enough?
  1056. [19:35:18] +eSDee: dhclient leaks version strings
  1057. [19:35:20] +eSDee: enjoy.
  1058. [19:35:21] %StalluManu: darkspline: but as a general rule, just change your MAC.
  1059. [19:35:25] +Anorov: er, what do you mean by hop to hop?
  1060. [19:35:26] drroop (~drroop@LulzCo-5E4C3B4D.seattle-06rh15rt.wa.dial-access.att.net) joined the channel.
  1061. [19:35:33] +darkspline: StalluManu, general rule is listen to your ass right now
  1062. [19:35:39] +darkspline: :-D
  1063. [19:35:41] %StalluManu: you->penis->penis->penis->server
  1064. [19:35:48] +darkspline: StalluManu, ROFL
  1065. [19:35:49] %StalluManu: your MAC Is leaked to the first penis.
  1066. [19:35:52] +Anorov: yep
  1067. [19:35:56] +Anorov: it is
  1068. [19:36:04] +darkspline: and thats how you get dicked hard
  1069. [19:36:05] %StalluManu: if its you->penis->server like on a VPN, you are fucked.
  1070. [19:36:09] +Anorov: and if you're behind a router
  1071. [19:36:11] +darkspline: StalluManu, i'm shutting up now
  1072. [19:36:21] +Anorov: your computer->wireless router->ISP router
  1073. [19:36:23] +srwx: hopping through dicks
  1074. [19:36:24] %StalluManu: so just as a general rule, change your fucking mac.
  1075. [19:36:37] %StalluManu: that should give you an idea of what to look out for.
  1076. [19:36:43] %StalluManu: there's much more info that you could leak.
  1077. [19:36:50] %StalluManu: but just dont talk about your IRL shit anywhere.
  1078. [19:36:54] +eSDee: don't be retarded and pick something obviously spoofed
  1079. [19:36:54] %StalluManu: you dont EXIST IRL.
  1080. [19:36:58] %StalluManu: you ONLY EXIST ON THE INTERNET.
  1081. [19:36:59] +eSDee: like multicast mac addresses
  1082. [19:37:02] +Anorov: yep
  1083. [19:37:03] +eSDee: check the OUI table
  1084. [19:37:09] +srwx: ^
  1085. [19:37:20] @c0qsm3gma: Anorov: you don't seem the smart type
  1086. [19:37:26] Fox sets mode +v imposter22
  1087. [19:37:27] @c0qsm3gma: how did you got this far?
  1088. [19:37:34] @c0qsm3gma: s/got/get
  1089. [19:37:36] +Anorov: c0q in what way, because i'm asking what you mean by hop?
  1090. [19:37:40] +Anorov: if by hop you mean network hop
  1091. [19:37:44] +Anorov: of course it changes hop to hop
  1092. [19:37:50] +srwx: http://standards.ieee.org/develop/regauth/oui/oui.txt
  1093. [19:37:52] +Anorov: i don't know if you're talking about like wireless hopping or whatever
  1094. [19:37:57] @c0qsm3gma: no
  1095. [19:38:00] @c0qsm3gma: i mean network hop
  1096. [19:38:02] +Anorov: well duh
  1097. [19:38:07] +Anorov: i just said that above, lol
  1098. [19:38:09] @c0qsm3gma: my MAC address changes every hop
  1099. [19:38:12] +Anorov: correct
  1100. [19:38:14] +Anorov: it's layer 2
  1101. [19:38:15] ~Fox: Is class over?
  1102. [19:38:18] %StalluManu: no.
  1103. [19:38:22] ~Fox: cause you niggas are just bouncing topics
  1104. [19:38:23] @c0qsm3gma: so should i still change it ?
  1105. [19:38:25] +darkspline: Fox, please not sir
  1106. [19:38:31] +Anorov: <+Anorov> MACs are only sent hop to hop
  1107. [19:38:35] %StalluManu: stfu people.
  1108. [19:38:38] ~Fox: StalluManu get it under control.
  1109. [19:38:40] @c0qsm3gma: (5:34:18 AM) Anorov: if you're fucking with a wireless network, yes change your MAC constantly
  1110. [19:38:41] ~Fox: Plzkthx
  1111. [19:38:42] %StalluManu: JUST CHANGE YOUR FUQQIN MAC TO SOMETHING SENSIBLE AND BE DONE WITH IT
  1112. [19:38:44] +darkspline: layer 2 <-> layer 3
  1113. [19:38:47] %StalluManu: STFU
  1114. [19:38:47] @c0qsm3gma: yeah StalluManu
  1115. [19:38:53] +Anorov: yes because people on the local network could be tracking your laptop you're using to wardrive, c0q
  1116. [19:38:56] %StalluManu: STFU
  1117. [19:38:56] @c0qsm3gma: put this bitch in place
  1118. [19:38:56] %StalluManu: STFU
  1119. [19:38:57] %StalluManu: STFU
  1120. [19:38:58] %StalluManu: STFU
  1121. [19:38:58] %StalluManu: STFU
  1122. [19:38:59] LordKitsuna sets mode -v Anorov
  1123. [19:38:59] %StalluManu: STFU
  1124. [19:39:00] %StalluManu: STFU
  1125. [19:39:05] %StalluManu: thank you.
  1126. [19:39:08] @c0qsm3gma: tracking my laptop?
  1127. [19:39:08] @c0qsm3gma: wtf
  1128. [19:39:16] @c0qsm3gma: how would they find me
  1129. [19:39:22] @c0qsm3gma: knowing the MAC
  1130. [19:39:27] Fox kicked Anorov from the channel. (Shut the fuck up)
  1131. [19:39:27] Anorov (~an@no.peeps.4.creeps) joined the channel.
  1132. [19:39:30] ~Fox: move along.
  1133. [19:39:32] %LordKitsuna: if i could take voice from c0qsm3gma i would but hes op
  1134. [19:39:40] Fox kicked LordKitsuna from the channel. (stfu)
  1135. [19:39:46] ~Fox: move... along.
  1136. [19:39:54] %StalluManu: Ok, now that you are hopefully leaking less fucking info, have protected yourself from IRL shit against your crypto and virtual shit. you should be reasonably untracable.
  1137. [19:39:54] LordKitsuna (~LordKitsu@LulzCo-6D93A8BD.hsd1.wa.comcast.net) joined the channel.
  1138. [19:39:54] ChanServ sets mode +h LordKitsuna
  1139. [19:40:05] +srwx: http://samy.pl/mapxss/ like this
  1140. [19:40:12] Fox kicked srwx from the channel. (stfu)
  1141. [19:40:29] %StalluManu: I'd like to refer to the training page to train with lfi, try to inject a PHP proxy into the site
  1142. [19:40:31] ea5ystar (~whiteh8@LulzCo-C098333B.formlessnetworking.net) joined the channel.
  1143. [19:40:37] +eSDee: find a dialup isp in korea, buy a 33k6 modem and call forward to your local pizza parlor as the 1st hop
  1144. [19:40:39] %StalluManu: that's how you generally accuire http proxies.
  1145. [19:40:41] +eSDee: lol
  1146. [19:40:50] +eSDee: s/to/from/
  1147. [19:41:14] Fox kicked eSDee from the channel. (I'm going to keep kicking till voices shut the fuck up and let people talk.)
  1148. [19:41:17] %StalluManu: this has the added benefit of you not getting pakkit because you pissed me off.
  1149. [19:41:46] %StalluManu: now, you think you're secure eh?
  1150. [19:41:49] %StalluManu: but how the fuck would you know?
  1151. [19:42:02] %StalluManu: maybe that uber 31337 blackhat just pwned u in ur sleep.
  1152. [19:42:07] %StalluManu: tough shit.
  1153. [19:42:13] %StalluManu: this is why you use a intrusion detection system.
  1154. [19:42:17] %StalluManu: yeah kids, it's a fucking pain.
  1155. [19:42:26] %StalluManu: i personally prefer tripwire, with the hashes on another sd card.
  1156. [19:42:38] %StalluManu: this lets you check if important shit was changed.
  1157. [19:42:44] SamiR (~samiri@3535BAFB.92687D0B.6BCC1855.IP) joined the channel.
  1158. [19:42:48] %LordKitsuna: StalluManu, there are both hardware and software IDS's right?
  1159. [19:42:52] %StalluManu: true.
  1160. [19:42:55] eSDee (~harhar@LulzCo-6C4BAAB9.bu.edu) joined the channel.
  1161. [19:42:56] %StalluManu: can't trust teh hardware.
  1162. [19:43:11] Fox sets mode +v eSDee
  1163. [19:43:19] %StalluManu: ok, as a rule of thumb, if you are on wifi, you want to log all the packets.
  1164. [19:43:27] %StalluManu: but your sd card does not haz the space.
  1165. [19:43:33] whiteh8 (~whiteh8@457983EB.FF3F5C6F.ED3D20FE.IP) left IRC. (Ping timeout: 240 seconds)
  1166. [19:43:50] %StalluManu: mount a tmpfs somewhere, tcmpdump log to there, and set up a bash script that megauplods and forwards to a mail via a (fast) proxy.
  1167. [19:44:05] %StalluManu: voilla, packet logging for niggers.
  1168. [19:44:24] %StalluManu: since you hopefully encrypted your shit like i told you too, you wont be publishing shit you dont want to.
  1169. [19:44:29] %StalluManu: *to
  1170. [19:44:38] %StalluManu: if you didn't, well, tough fucking luck.
  1171. [19:44:44] @c0qsm3gma: StalluManu: are you like, the teacher of hacker science?
  1172. [19:44:59] %StalluManu: no, i'm a leet skript kiddie.
  1173. [19:45:12] %StalluManu: so, you have a packet log, and a ids in place.
  1174. [19:45:16] %StalluManu: preferably more than one.
  1175. [19:45:22] %StalluManu: when shit hits the fan, you pull the plug.
  1176. [19:45:25] %StalluManu: no exceptions.
  1177. [19:45:39] %StalluManu: you get your computer off the network asap, by shutting it down or pulling the cord.
  1178. [19:45:57] %StalluManu: chances are you are backdoored now, use tripwire.
  1179. [19:46:19] @c0qsm3gma: lol @ tripwire
  1180. [19:46:23] %StalluManu: as an extra measure: have hashes of system files on your encrypted partition in your initrd, and hashes of your initrd in your encrypted partition.
  1181. [19:46:34] %StalluManu: use a script to check 'em dubs.
  1182. [19:46:55] %StalluManu: that way when someone dicks with your initrd but not your encrypted partition (feds having your disk) you know.
  1183. [19:47:04] %StalluManu: and when someone dicks with your root but not your /boot you know
  1184. [19:47:12] %StalluManu: but omg, cant you change /boot?
  1185. [19:47:15] Meghan (~barney@5B1910D6.C3EAD205.7547DCD8.IP) left IRC. (Ping timeout: 240 seconds)
  1186. [19:47:15] %StalluManu: yeah, you can.
  1187. [19:47:21] %StalluManu: here's a simple technique to prevent that shit from happening.
  1188. [19:47:25] %StalluManu: make /boot ext2.
  1189. [19:47:29] %StalluManu: remove ext2 from the kernel.
  1190. [19:47:34] mnmezz (~mnmezz@LulzCo-FECF7F64.torservers.net) left IRC. (Ping timeout: 240 seconds)
  1191. [19:47:35] %StalluManu: disable dynamic module loading.
  1192. [19:47:42] %StalluManu: (monolithic kernel)
  1193. [19:47:49] imposter22 (~imposter2@9E450AF4.1F24E4E4.13FC21DA.IP) left IRC. (Remote host closed the connection)
  1194. [19:47:59] %StalluManu: disallow access to the /boot device.
  1195. [19:48:02] %LordKitsuna: wait... wouldnt making boot a format you remove support for make your oc shit bricks?
  1196. [19:48:09] %LordKitsuna: *pc
  1197. [19:48:11] %StalluManu: no.
  1198. [19:48:12] debbieGIBSON (~user@6162320B.38FB56C.E7114913.IP) left IRC. (Quit: debbieGIBSON)
  1199. [19:48:16] imposter22 (~imposter2@2310E577.8E384C6C.DD213F82.IP) joined the channel.
  1200. [19:48:17] %StalluManu: your boot loader loads your initrd and kernel.
  1201. [19:48:20] %StalluManu: those are on /boot.
  1202. [19:48:32] %StalluManu: so even root cannot fucking change the boot dir.
  1203. [19:48:42] %StalluManu: this is a pain because you'd have to use a livecd to change kernels.
  1204. [19:48:44] %StalluManu: but it's worth it.
  1205. [19:49:13] %StalluManu: ok, so you've detected a trojan. it hasn't dicked with every ids you have in place.
  1206. [19:49:20] %StalluManu: re-emerge the infected package.
  1207. [19:49:31] %StalluManu: or: copy over from a backup.
  1208. [19:49:37] %StalluManu: (preferably the 1st option)
  1209. [19:49:47] %StalluManu: do a offline package install, your distro has a wiki that tells you how 2.
  1210. [19:49:56] @c0qsm3gma: StalluManu: i have no initrd on my linux
  1211. [19:50:00] @c0qsm3gma: is that bad?
  1212. [19:50:06] FireStarter_ (~FireStart@FFD843C6.43EC8202.233EC0FF.IP) joined the channel.
  1213. [19:50:09] %StalluManu: you cant truecrypt a whole partition without a initrd.
  1214. [19:50:19] %StalluManu: initrd=initial ram disk for the lusers here.
  1215. [19:50:27] %StalluManu: google initrd arch wiki or gentoo wiki for more info.
  1216. [19:50:30] FireStarter (~FireStart@LulzCo-C098333B.formlessnetworking.net) left IRC. (Ping timeout: 240 seconds)
  1217. [19:50:46] lululu (cackledack@BE33FEAC.7EEC6A54.934538AF.IP) left the channel.
  1218. [19:50:51] %StalluManu: ok, so now you can hopefully recover after a compromise, or at least notice it when it happens.
  1219. [19:50:54] %StalluManu: you got pwned by a 0day? wat do
  1220. [19:50:58] %StalluManu: well you got a cool packet log.
  1221. [19:51:12] %StalluManu: chances are, the hacker has hidden his shit well, like you should've done.
  1222. [19:51:25] %StalluManu: but no worries, you can dissect the packet log, figure out the 0day and use it to pwn more servers!
  1223. [19:51:39] %StalluManu: just don't be an ass and make it public.
  1224. [19:51:49] %StalluManu: 'cause you don't know who you are messing with at this point.
  1225. [19:52:08] @c0qsm3gma: StalluManu: i have initrd on my linux
  1226. [19:52:10] %StalluManu: in fact, dont be an ass and make exploits public at all.
  1227. [19:52:10] @c0qsm3gma: is that bad?
  1228. [19:52:11] %StalluManu: fuck whitehats.
  1229. [19:52:41] @c0qsm3gma: word
  1230. [19:52:41] %StalluManu: more disclosure only promotes more skiddies.
  1231. [19:52:43] @c0qsm3gma: i concur to that
  1232. [19:52:50] %StalluManu: google antisec for more info.
  1233. [19:52:52] @c0qsm3gma: this is the part of your lecture that i love most
  1234. [19:52:57] @c0qsm3gma: no
  1235. [19:52:57] @c0qsm3gma: fuck antisec
  1236. [19:52:59] +tminus: Which antisec
  1237. [19:53:03] ~Fox: Perdon.
  1238. [19:53:07] @c0qsm3gma: antisec took a name of what was started ages ago
  1239. [19:53:09] ~Fox: Class.
  1240. [19:53:17] ~Fox: We have a mantra here for you new students.
  1241. [19:53:21] %StalluManu: i know. but you need a fucking intro
  1242. [19:53:24] @c0qsm3gma: pr0j3kt m4yh3m/~el8/PHC
  1243. [19:53:27] ~Fox: I'm going to -m for a second just to show you guys.
  1244. [19:53:28] @c0qsm3gma: that's the intro u got
  1245. [19:53:33] %StalluManu: ya.
  1246. [19:53:33] Fox sets mode -m
  1247. [19:53:37] ~Fox: What do we say about whitehats?
  1248. [19:53:42] SamiR: thnx for -m
  1249. [19:53:42] halcyon: It's a beautiful day in the neighborhood
  1250. [19:53:42] @c0qsm3gma: i don't think anyone is caching anti.security.is anymore
  1251. [19:53:44] %StalluManu: ok, google pr0j3kt m4yh3m.
  1252. [19:53:44] Onions: TrueCrypt should not be used on Linux. Cryptsetup/LUKS is better.
  1253. [19:53:45] s4: fuck them?
  1254. [19:53:45] @c0qsm3gma: fuck the whitehats!@$
  1255. [19:53:48] Onions: MUCH BETTER LOOK INTO IT
  1256. [19:53:54] ~Fox: What do we say about whitehats?
  1257. [19:53:55] Onions: THE ENCRYPTION SCHEME IS MORE SECURE
  1258. [19:53:55] nyann: FUCK WHITEHATS
  1259. [19:53:56] %StalluManu: c0qs3gma they are.
  1260. [19:53:56] nyann: FUCK WHITEHATS
  1261. [19:53:58] drop: ain't no party like a whitehat party?
  1262. [19:53:59] nyann: FUCK WHITEHATS
  1263. [19:53:59] ~Fox: FUCK WHITEHATS.
  1264. [19:54:05] Fox kicked drop from the channel. (FUCK WHITEHATS.)
  1265. [19:54:05] SamiR: yea
  1266. [19:54:07] ~Fox: WHITE HATE.
  1267. [19:54:10] noneya1238: fuck you whity
  1268. [19:54:14] ~Fox: WHITE. HATE.
  1269. [19:54:15] ElwoodBlues: FUCK WHIEHATS?
  1270. [19:54:16] SamiR: white fuck hates
  1271. [19:54:18] ElwoodBlues: ?!
  1272. [19:54:20] Fox sets mode +m
  1273. [19:54:22] drop (~drop@LulzCo-2DC94304.members.linode.com) joined the channel.
  1274. [19:54:24] %StalluManu: fuck whitehats up the arse, dry without lube.
  1275. [19:54:24] ~Fox: Exactly kids.
  1276. [19:54:28] ~Fox: Whitehats aren't your friend.
  1277. [19:54:32] ~Fox: Whitehats are the enemy.
  1278. [19:54:37] @c0qsm3gma: whitehats are food
  1279. [19:54:38] ~Fox: Destroy all whitehats.
  1280. [19:54:42] %StalluManu: Whitehats hack for money.
  1281. [19:54:43] @c0qsm3gma: invite them into your oven
  1282. [19:54:47] @c0qsm3gma: and if they don't want
  1283. [19:54:48] %StalluManu: Money will make them narc on you.
  1284. [19:54:51] @c0qsm3gma: coherce them
  1285. [19:54:59] %StalluManu: whitehats are not to be trusted.
  1286. [19:55:30] %StalluManu: And narcs deserve pizzas, erryday allday.
  1287. [19:55:38] %StalluManu: support manning.
  1288. [19:55:51] %StalluManu: anyways, back to security.
  1289. [19:56:02] %StalluManu: ok, so you're now hidden, your shit is encrypted, and hopefully the fbi is not at your doorstep.
  1290. [19:56:19] %StalluManu: you've read up about the legal system and kept your fucking mouth shut at various encounters till your lawyer told you to speak.
  1291. [19:56:28] %StalluManu: you've got your own proxies & botnet.
  1292. [19:56:41] %StalluManu: congrats, you've graduated from luser to skiddie.
  1293. [19:56:43] chkkit (~chkkit@LulzCo-986927A0.blutmagie.de) joined the channel.
  1294. [19:57:06] %StalluManu: to learn how to actually do cool stuff, you have to learn how to write your exploits.
  1295. [19:57:15] %StalluManu: to learn how to write your own exploits, you have to learn how to code, really fucking well.
  1296. [19:57:22] %StalluManu: you either make a great coder, or you dont.
  1297. [19:57:31] %StalluManu: unless you started coding when you were 9, chances are you dont.
  1298. [19:57:36] %StalluManu: in that case, you'll stay a skiddie.
  1299. [19:57:44] @c0qsm3gma: damn
  1300. [19:57:49] @c0qsm3gma: i started coding at 12
  1301. [19:57:53] @c0qsm3gma: is that bad?
  1302. [19:57:55] %StalluManu: 12 is fine too.
  1303. [19:57:59] +eSDee: don't worry, in practice i'd say most exploit coders make very shitty devs
  1304. [19:58:00] @c0qsm3gma: does that mean i will never be a hacker?
  1305. [19:58:10] @c0qsm3gma: shitty devs, yeah, that's me
  1306. [19:58:11] %StalluManu: eSDee: true.
  1307. [19:58:15] @c0qsm3gma: but i also write shitty exploits
  1308. [19:58:23] @c0qsm3gma: i heard a lot about exploits
  1309. [19:58:29] %StalluManu: omg so leet.
  1310. [19:58:42] +eSDee: lets do a strcpy()-fu class
  1311. [19:58:46] %StalluManu: ok, you can google artices for bufferoverflows/etc read old phrack.
  1312. [19:58:51] %StalluManu: good idea.
  1313. [19:58:58] %StalluManu: formatstring.
  1314. [19:59:06] @c0qsm3gma: old phrack?
  1315. [19:59:09] @c0qsm3gma: why not new phrack?
  1316. [19:59:15] %StalluManu: new phrack is shit phrack
  1317. [19:59:32] +eSDee: i proposed this earlier: main(int lol, char **lolol) <% printf(0[lolol]); %>
  1318. [19:59:33] %StalluManu: in fact, there ain't even many new phrack mags out there.
  1319. [19:59:39] +eSDee: lets do eet
  1320. [19:59:40] %StalluManu: since the editors got fucking lazy.
  1321. [19:59:45] @c0qsm3gma: lol StalluManu
  1322. [19:59:49] @c0qsm3gma: why is it shit?
  1323. [19:59:53] %LordKitsuna: StalluManu, we have talked about buffer overflows before but i didnt really feel like it was exsplained exactly what that is or how it kills shit maybe you can touch up on that?
  1324. [20:00:04] %StalluManu: LordKitsuna: not now.
  1325. [20:00:15] %LordKitsuna: k
  1326. [20:00:27] %StalluManu: If you lern about exploits, and how stuff works, you'll realize that your box ain't secured for shit.
  1327. [20:00:39] %StalluManu: Or hopefully that it's pretty decent as long as you don't do X or Y.
  1328. [20:00:47] @c0qsm3gma: StalluManu: why is phrack shit :)
  1329. [20:00:52] @c0qsm3gma: i always thought phrack was shit
  1330. [20:00:58] %StalluManu: because it's for homosexuals.
  1331. [20:01:01] @c0qsm3gma: eversince aleph1 killed the b0f concept
  1332. [20:01:03] %StalluManu: and because it releases shit.
  1333. [20:01:05] +darkspline: c0qsm3gma, 1990
  1334. [20:01:06] +darkspline: s
  1335. [20:01:09] @c0qsm3gma: no
  1336. [20:01:15] @c0qsm3gma: 1998 or something
  1337. [20:01:20] @c0qsm3gma: b0f wasn't really known
  1338. [20:01:31] @c0qsm3gma: altho people been exploiting that for a decade
  1339. [20:01:44] ~Fox: I have to poop
  1340. [20:01:46] nociuduis (~nociuduis@LulzCo-A75755D4.ph.ph.cox.net) left IRC.
  1341. [20:01:46] ~Fox: brb.
  1342. [20:01:46] +darkspline: that shits now so, StalluManu
  1343. [20:01:58] %StalluManu: ok.
  1344. [20:02:08] @c0qsm3gma: StalluManu: the thing is, you can't really say why phrack is shit
  1345. [20:02:11] %StalluManu: say you know something about exploiting shit.
  1346. [20:02:12] @c0qsm3gma: i hate phrack
  1347. [20:02:21] %StalluManu: we all hate phrack.
  1348. [20:02:24] @c0qsm3gma: because it hurt the hacking so bad u wouldn't imagine
  1349. [20:02:39] %StalluManu: also, i wasnt around in 1998, i was around in ~2001.
  1350. [20:03:05] %StalluManu: and i was a skiddie back then lulz.
  1351. [20:03:10] @c0qsm3gma: Phrack High Council / ~el8 for lyfe
  1352. [20:03:12] %StalluManu: everyone starts out a skiddie!
  1353. [20:03:16] @c0qsm3gma: are you a coder now?
  1354. [20:03:19] @c0qsm3gma: no, i didn't
  1355. [20:03:23] @c0qsm3gma: i started as a vx-er
  1356. [20:03:40] +eSDee: your compootah is now st0ned yo
  1357. [20:03:43] %StalluManu: first thing i found was a lousy xss lulz.
  1358. [20:04:03] %StalluManu: ok, say you know how to exploit shit.
  1359. [20:04:04] @c0qsm3gma: word eSDee
  1360. [20:04:09] %StalluManu: which you dont, cause you are in here
  1361. [20:04:10] @c0qsm3gma: lol StalluManu
  1362. [20:04:15] ef2s (~ef2s@LulzCo-879302C5.torservers.net) joined the channel.
  1363. [20:04:18] @c0qsm3gma: xss was in 2004-2005
  1364. [20:04:20] @c0qsm3gma: def not in 2001
  1365. [20:04:22] @c0qsm3gma: :)
  1366. [20:04:24] +eSDee: i like how we're all teaching the feds here how we would hide stuff
  1367. [20:04:30] +eSDee: just sayin
  1368. [20:04:44] %StalluManu: everyone done spamming?
  1369. [20:05:06] %LordKitsuna: c0qsm3gma, i don't mean to be rude but the constant commentary is starting to get annoying. can we please try to keep talking to questions or adding to the lesson
  1370. [20:05:11] %StalluManu: ok, now you know how to exploit shit, you are going to find password hashes from sites that don't have too shitty security.
  1371. [20:05:20] +darkspline: StalluManu, ...
  1372. [20:05:20] @c0qsm3gma: LordKitsuna: you are being rude
  1373. [20:05:31] %StalluManu: those hashes need to be reverted to a password.
  1374. [20:05:32] @c0qsm3gma: eSDee: yeah, that's ridiculous
  1375. [20:05:32] +darkspline: StalluManu, i'm in here for my own reasons"></script>
  1376. [20:05:47] @c0qsm3gma: this place is monitored
  1377. [20:05:57] @c0qsm3gma: yet, you guys discuss how to hide
  1378. [20:05:58] @garrett: ur monitored
  1379. [20:05:59] @garrett: ur monitored
  1380. [20:06:00] @garrett: ur monitored
  1381. [20:06:01] %StalluManu: you WILL encounter shit that uses algorithms that have no existing crackers for it.
  1382. [20:06:04] @c0qsm3gma: does anyone else smell the irony
  1383. [20:06:08] +darkspline: StalluManu, i can't do anythint about it
  1384. [20:06:11] @c0qsm3gma: garrett: yeah, since i joined here i am
  1385. [20:06:18] @garrett: stop hacking me bro
  1386. [20:06:19] @garrett: pls
  1387. [20:06:25] %StalluManu: now, since you now have a basic fucking understanding of how to code.
  1388. [20:06:31] %StalluManu: you can hopefully write c.
  1389. [20:06:38] %StalluManu: good. openCL is like c, but for graphics cards.
  1390. [20:06:43] @c0qsm3gma: can you write c?
  1391. [20:06:47] %StalluManu: graphics cards are good at doing the same thing with different values over and over.
  1392. [20:07:04] %StalluManu: also called single instruction multiple memory source instructions
  1393. [20:07:10] %StalluManu: like sse/mmx, but way moar cores.
  1394. [20:07:25] %StalluManu: also lern sse assembly, its cool stuff.
  1395. [20:07:44] %StalluManu: you search for an already optimized algorithm of the hashing function used.
  1396. [20:07:47] ~Fox: .
  1397. [20:07:51] %StalluManu: if you dont, you can probably guess the hashing function by the bitcount.
  1398. [20:07:57] Dox (~Dox@5F79AFBD.97573542.B0212E7C.IP) left IRC. (Remote host closed the connection)
  1399. [20:08:01] %StalluManu: if you cant find one, as a shit coder you are shit out of luck.
  1400. [20:08:19] %StalluManu: otherwise: paste/edit it a bit, move the c code for it straight to the gpu, and read some optimisation articles.
  1401. [20:08:23] %StalluManu: chances are this will take a week or two.
  1402. [20:08:36] %StalluManu: and i mean a week or two of 18 hour days.
  1403. [20:08:43] %StalluManu: especially the first time you do it.
  1404. [20:09:00] %StalluManu: with a gpu you can compute an fucking insane amounth of hashes a second.
  1405. [20:09:27] %StalluManu: use this to bruteforce passwords, see if passwords are reused, use them on their mails/paypals, cash in.
  1406. [20:09:42] %StalluManu: bruteforcing resources: blog.distracted.nl www.cryptohaze.com
  1407. [20:09:47] %StalluManu: also google oclhashcat
  1408. [20:10:19] %StalluManu: exporting crypto crackers from the US of assraping is considered high treason, punishable by death.
  1409. [20:10:26] @c0qsm3gma: why are we discussing the video card?
  1410. [20:10:35] %StalluManu: because you're acting liek a tard.
  1411. [20:10:45] %StalluManu: btw, this is gpu/sse2.
  1412. [20:10:50] %StalluManu: sse2 is fine too.
  1413. [20:10:52] Dox (~Dox@5F79AFBD.97573542.B0212E7C.IP) joined the channel.
  1414. [20:11:08] %StalluManu: speaking of which.
  1415. [20:11:11] %StalluManu: if you write shit in sse2.
  1416. [20:11:16] %StalluManu: you can interlace 2 sse2 paths, and one mmx path.
  1417. [20:11:27] %StalluManu: it'll cost you one instruction per 6 operations.
  1418. [20:12:02] %StalluManu: i dunno if iamrite, been ages.
  1419. [20:12:06] heyguise (canti@B6ECF76C.D4425F23.2D22B11F.IP) left the channel.
  1420. [20:12:06] heyguise (canti@B6ECF76C.D4425F23.2D22B11F.IP) joined the channel.
  1421. [20:12:20] %StalluManu: anyways, you can interlace 2* sse2 and mmx, use it.
  1422. [20:12:41] %StalluManu: now you have a pretty fast br00tforcer, you might want to find sites with similar hashes pwn those and continue on.
  1423. [20:12:52] eSDee (~harhar@LulzCo-6C4BAAB9.bu.edu) left IRC. (Quit: bla)
  1424. [20:12:53] %StalluManu: just like 0day.
  1425. [20:13:10] %StalluManu: find 0day for one strategic target, hit it, then exploit a few lower key ones as well.
  1426. [20:13:33] @c0qsm3gma: StalluManu: let's discuss ethical payloads
  1427. [20:13:40] @c0qsm3gma: such as rm -rf /&
  1428. [20:13:42] %StalluManu: ethical payloads.. lulz.
  1429. [20:13:46] @c0qsm3gma: and much 1337er variants
  1430. [20:13:51] @c0qsm3gma: yes!
  1431. [20:14:04] %StalluManu: ethics.. you can screw anyone, as long as you use your internet condom.
  1432. [20:14:16] %StalluManu: but producing maximum lulz is always important.
  1433. [20:14:20] lighthouse (~shadow@LulzCo-10001504.tampabay.res.rr.com) left IRC. (Ping timeout: 240 seconds)
  1434. [20:14:31] @c0qsm3gma: this is the reason why we joined the innerwebs, isn't it?
  1435. [20:14:51] %StalluManu: pick targets that will whinge and cry about it, pick targets that get their unearned whiteluser reputation ruined (hi there aaronbarr!, mittnick.)
  1436. [20:14:58] %StalluManu: mostly pick on whitehats.
  1437. [20:15:12] %StalluManu: because you wont piss anyone off but one person.
  1438. [20:15:39] @c0qsm3gma: :(
  1439. [20:15:52] ~Fox: WHITEHATE.
  1440. [20:15:54] ~Fox: 2011.
  1441. [20:15:54] @c0qsm3gma: mitnick has been owned moar times than.. i dunno.. the most owned place in the universe?
  1442. [20:15:56] @c0qsm3gma: what is that?
  1443. [20:16:06] @c0qsm3gma: yeah.. 10 years of whiteh8
  1444. [20:16:08] %StalluManu: mitnick=mantrain
  1445. [20:16:32] %StalluManu: oh, now that you've actually owned shit
  1446. [20:16:38] %StalluManu: you might want to shut the fuck up about it
  1447. [20:16:43] %StalluManu: it's cute to drop sql vulnerable urls.
  1448. [20:16:46] Fox sets mode +v TR0|\|
  1449. [20:17:11] SamiR (~samiri@3535BAFB.92687D0B.6BCC1855.IP) left IRC. (Quit: I was never here!)
  1450. [20:17:11] %StalluManu: it's not cute to drop exploits or show off your e-peen.
  1451. [20:17:31] +darkspline: StalluManu, unless you don't plan on using them...
  1452. [20:17:32] %StalluManu: because that makes you an easy target.
  1453. [20:17:38] %StalluManu: darkspline: ofc.
  1454. [20:17:41] +TR0|\|: StalluManu - any comment on grabbing someones EC2 credentials and using them to run hashes on a cluster of GPU instances at randoms expense :P?
  1455. [20:17:44] +darkspline: ;-)
  1456. [20:18:11] %StalluManu: TR0: you will find that bitweasil's cracker is excellent for that;)
  1457. [20:18:21] %StalluManu: amazon cloud is shit for bruteforcing tough.
  1458. [20:18:25] ~Fox: StalluManu
  1459. [20:18:27] %StalluManu: way too expensive if you dont steal someones acc.
  1460. [20:18:30] %StalluManu: yeah?
  1461. [20:18:36] ~Fox: A lovely pro-tip
  1462. [20:18:40] +TR0|\|: lol i never said shit about paying :P
  1463. [20:18:56] ~Fox: Remember what hatter said about alarms?
  1464. [20:19:05] ~Fox: If you cant go in silent, trip as many as possible?
  1465. [20:19:06] %StalluManu: yup.
  1466. [20:19:19] @c0qsm3gma: lol
  1467. [20:19:21] +darkspline: i like
  1468. [20:19:21] @c0qsm3gma: that's true
  1469. [20:19:26] ~Fox: ProTip: If you are comping a box and want to hide your tracks, post the URL
  1470. [20:19:33] +darkspline: now i'm thinking about all the alarms i tripped...
  1471. [20:19:33] ~Fox: Do your dirt with a thousand other people trying to get in
  1472. [20:19:41] ~Fox: Security via obscurity.
  1473. [20:19:45] %StalluManu: Fox: i have a better idea.
  1474. [20:19:53] %StalluManu: Everyone hopefully knows how to wget with a tor proxy.
  1475. [20:20:01] +darkspline: Fox, offensive obscurification (sp)
  1476. [20:20:03] %StalluManu: tor with thousands of requests looks like a botnet.
  1477. [20:20:08] ~Fox: There are a million better ideas, just a tip :3
  1478. [20:20:26] %StalluManu: use a bash script, wget over a proxy with shellcode, sql, anything you can throw at the server.
  1479. [20:20:28] +darkspline: Fox, always a better way..
  1480. [20:20:34] tzaki (~shinji@LulzCo-912C65A8.know.cable.virginmedia.com) left IRC. (Quit: Leaving)
  1481. [20:20:37] %StalluManu: name it "tripfuckingeverything" or something.
  1482. [20:20:42] %StalluManu: sysadmin will think it's a botnet attacking.
  1483. [20:20:51] %StalluManu: you do your dirt while he fights the 'botnet'
  1484. [20:20:57] %StalluManu: worked b4.
  1485. [20:21:05] ~Fox: Truth.
  1486. [20:21:21] +TR0|\|: StalluManu should we point out the benefits of a paid vpn over tor or a free vpn/proxy?
  1487. [20:21:28] %LordKitsuna: StalluManu, wouldnt a plan like that present the off chance that that admin just takes everything offline while its delt with?
  1488. [20:21:34] drop (~drop@LulzCo-2DC94304.members.linode.com) left IRC. (Quit: No Carrier)
  1489. [20:21:44] ~Fox: TR0|\|. shhh.
  1490. [20:21:48] ~Fox: Been covered before.
  1491. [20:22:09] ~Fox: Fuck Tor has been covered so many goddamn times I can't even define to you.
  1492. [20:22:17] ~Fox: StalluManu go go go.
  1493. [20:22:19] %StalluManu: TR0: as long as you pay with someone else's account it's all fine.
  1494. [20:22:29] %StalluManu: oh. another point
  1495. [20:22:34] %StalluManu: if you go carding, or buying accounts.
  1496. [20:22:44] %StalluManu: convert to bitcoin, to another stolen paypal, merry go round.
  1497. [20:22:50] %StalluManu: da russian way.
  1498. [20:22:57] %StalluManu: wonder why bitcoins are worth so much? right
  1499. [20:23:14] +darkspline: StalluManu, resources needed to create one
  1500. [20:23:18] +darkspline: like... mining for jems
  1501. [20:23:32] +darkspline: only so many cpu's available
  1502. [20:24:04] %StalluManu: also, good suggestion, you can use a paypal debit card dropped off @ a dead drop for getting money.
  1503. [20:25:05] ~Fox: +7 for fraud talk
  1504. [20:25:05] %StalluManu: now, there's a legal disclaimer, i am obviously not asking you to do any kind of criminal activity, etcetera.
  1505. [20:25:25] %StalluManu: but it's hella lulzy to ddos someone from the cloud paid for with their own cash.
  1506. [20:26:41] %StalluManu: The offensive side of this is of course that more money transferred to bitcoin or shit not connected to your person can buy you cool stuff.
  1507. [20:26:51] %StalluManu: SIM cards and cellphones.
  1508. [20:27:01] %StalluManu: prepaid ccs.
  1509. [20:27:05] %StalluManu: cloud hosting
  1510. [20:27:08] Inquisition (~trancecat@LulzCo-A49AC652.bchsia.telus.net) left IRC. (Remote host closed the connection)
  1511. [20:27:08] %StalluManu: drugs
  1512. [20:27:18] @c0qsm3gma: i want a russian
  1513. [20:27:24] @c0qsm3gma: is there any russians here?
  1514. [20:27:34] -CTCP- FINGER from kratos
  1515. [20:27:47] Dox (~Dox@5F79AFBD.97573542.B0212E7C.IP) left the channel.
  1516. [20:27:53] ef2s (~ef2s@LulzCo-879302C5.torservers.net) left IRC.
  1517. [20:27:53] %StalluManu: lulz.
  1518. [20:28:00] dox_sleep (~Dox@5F79AFBD.97573542.B0212E7C.IP) joined the channel.
  1519. [20:28:18] %StalluManu: the less of your information is out there, the less the thousands of people you are going to piss off have to go on you.
  1520. [20:28:28] %StalluManu: always pay in cash at stores. never use ccs at physical stores.
  1521. [20:28:35] %StalluManu: same shit goes irl.
  1522. [20:28:42] %StalluManu: let them collect minimal data on you.
  1523. [20:28:46] %StalluManu: try to seem somewhat normal tough.
  1524. [20:28:50] c0qsm3gma (~halfdead@49E335EB.5D85DF6F.6D6C1268.IP) left the channel.
  1525. [20:28:54] %StalluManu: groceries shopping with a cc is ok.
  1526. [20:29:07] %StalluManu: shopping for crack cocaine with money you just pulled from the bank isnt.
  1527. [20:29:46] %StalluManu: there's various algorithms that you can find on google that the banks use to check if transactions seem legit.
  1528. [20:29:49] %StalluManu: use this to your best advantage.
  1529. [20:30:01] %StalluManu: if you dont, i herd the NCR has pretty shit security.
  1530. [20:30:27] %StalluManu: you see, you dont want your carding of people to stand out.
  1531. [20:30:42] %StalluManu: dont move all the money directly to bitcoin.
  1532. [20:31:26] %StalluManu: dont you fucking dare use this info for CP sales.
  1533. [20:31:32] %StalluManu: actually, i have a funny story on that.
  1534. [20:31:40] %StalluManu: there was a pretty big american bank, ~80k members.
  1535. [20:31:45] %StalluManu: That got pwned.
  1536. [20:31:45] Wearemudkipz (~Fire-Wolf@LulzCo-843DA4E1.cable.virginmedia.com) left IRC. (Read error: Connection reset by peer)
  1537. [20:31:50] %StalluManu: The russians used the account info for CP sales.
  1538. [20:31:59] Wearemudkipz (~Fire-Wolf@LulzCo-843DA4E1.cable.virginmedia.com) joined the channel.
  1539. [20:32:03] %StalluManu: The people that were clients at that bank got v&'d. Some of them are still in jail.
  1540. [20:32:10] %StalluManu: Jail as a kiddie fucker isn't fun.
  1541. [20:32:18] %StalluManu: The wrong jail and you're dead.
  1542. [20:32:30] darkspline (~darksplin@LulzCo-E5B1D91D.dyn.optonline.net) left IRC. (Ping timeout: 240 seconds)
  1543. [20:32:35] %God: http://www.megavideomovies.net/2010/02/watch-hackers-1995-megavideo-movie.html
  1544. [20:32:37] %StalluManu: So please, be somewhat carefull with releasing bank info.
  1545. [20:33:03] Fox sets mode +v imposter22
  1546. [20:33:09] ~Fox: Imposter has something on retail.
  1547. [20:33:18] +imposter22: i work for a retail computer company
  1548. [20:33:27] +imposter22: i know then in's and outs of the networking
  1549. [20:33:34] %StalluManu: do continue:P
  1550. [20:33:41] sublimepua (~sublimepu@LulzCo-693EDEBE.maine.res.rr.com) joined the channel.
  1551. [20:34:00] +imposter22: most stores store their creditcard info on all the registers and servers
  1552. [20:34:18] +imposter22: as anyone who knows anything about skimming
  1553. [20:34:45] +imposter22: there are 2/3 lines of code that arnt even encrypted on credit cards
  1554. [20:35:00] +imposter22: bank number. routing number/ name/ exp date
  1555. [20:35:14] +imposter22: all this info is saved temp in logs on all their hdd's
  1556. [20:35:38] +imposter22: which is why most stores are very secure with the old (even bad replaced hdd's)
  1557. [20:35:58] +imposter22: they log customer spending like crazy
  1558. [20:36:06] +imposter22: its a whole tracking system
  1559. [20:36:20] %StalluManu: imposter: i got some info on that too.
  1560. [20:36:30] %StalluManu: i've been in the netherlands for a while, and seen the NCR.
  1561. [20:36:43] %StalluManu: they are NOT that much into scrunity for their machines hdds.
  1562. [20:36:53] %StalluManu: THEIR atms do log cc numbers.
  1563. [20:37:04] %StalluManu: if you are lucky you can fish an atm from the trash and literally get a root image.
  1564. [20:37:09] %StalluManu: most of the shit on it is still xp + visual basic.
  1565. [20:37:21] +imposter22: yes... but thats not really NCR that does that
  1566. [20:37:24] +imposter22: that is the actual bank
  1567. [20:37:28] %StalluManu: true.
  1568. [20:37:35] %StalluManu: but they return 'em to the ncr for repairs.
  1569. [20:37:36] +imposter22: NCR supplies the equipment.. software is run through the banking company
  1570. [20:37:38] %StalluManu: ncr tosses them.
  1571. [20:37:44] %StalluManu: bingo, hdd.
  1572. [20:37:48] +imposter22: well... no
  1573. [20:38:10] +imposter22: companies have contracts with NCR and IBM and others to send the hdd's in for distruction
  1574. [20:38:21] +imposter22: this is a MUST for ATMS and backoffice servers
  1575. [20:38:27] +imposter22: they dont just toss those ones
  1576. [20:38:42] %StalluManu: uhh.. then where did someone who is not me get those root images with cc dumps from?
  1577. [20:38:45] %StalluManu: thin air?
  1578. [20:38:45] +Shidash: Does anyone know of places to get good proxies? Paid proxies are okay, just looking for the best ones possible.
  1579. [20:38:53] +imposter22: they log s/n's of the hdds and those logs contain where the hdd was and how long it was in commision
  1580. [20:39:03] %StalluManu: ^true^
  1581. [20:39:07] ~Fox: Shidash shhh
  1582. [20:39:12] ~Fox: ask later
  1583. [20:39:20] ~Fox: or tweeter
  1584. [20:39:32] +Shidash: oh, oops, did not realize the talk was still going
  1585. [20:40:03] +imposter22: what these companies dont know is how easy it is for a tech (not me :]) to just steal shit like crazy
  1586. [20:40:27] +imposter22: its amazing the securty they take from the general public... but leave the tech with a big securty gap
  1587. [20:41:09] %StalluManu: also ATM botnets r cool.
  1588. [20:41:13] +imposter22: a tech could skim 1000's of creditcards... get the ip address of the corp hq for the reimaging servers for the retail client
  1589. [20:41:41] njordx (kvirc@LulzCo-6FF4DBAB.c3-0.rdl-ubr1.trpr-rdl.pa.cable.rcn.com) joined the channel.
  1590. [20:41:44] +imposter22: ATM botnets? those exhist?
  1591. [20:41:54] %StalluManu: no comment.
  1592. [20:41:58] +imposter22: lol
  1593. [20:42:19] +imposter22: you know those lonely looking atms that look fake as hell but are real
  1594. [20:42:26] +imposter22: the ones in shitty stripclubs
  1595. [20:42:46] %StalluManu: ofc.
  1596. [20:42:58] %StalluManu: those that run win90?
  1597. [20:43:03] +imposter22: on the generic ones you can type a 5 digit code and change all kinds of settings
  1598. [20:43:05] %StalluManu: *win98
  1599. [20:43:25] +imposter22: cheaper :P
  1600. [20:43:47] +imposter22: they run a basic "XP ebedded
  1601. [20:44:14] ~Fox: Ok kids
  1602. [20:44:18] %StalluManu: btw, know something lulzy with PoS boxes:
  1603. [20:44:26] ~Fox: we've pretty much gone off the beaten path with our crypto talk
  1604. [20:44:27] %StalluManu: iexplorer exploits.
  1605. [20:44:31] %StalluManu: old iexplorer exploits
  1606. [20:44:31] %StalluManu: true.
  1607. [20:44:32] ~Fox: we're going to call this just general shit
  1608. [20:44:39] ~Fox: So before we close and I start wrapping up
  1609. [20:44:46] ~Fox: I've made the announcement on twitter
  1610. [20:44:48] dsr (~User@8432FAD9.BC6C1C87.ACA4AA1C.IP) left IRC. (Remote host closed the connection)
  1611. [20:44:50] ~Fox: I'll make it here as well
  1612. [20:45:01] ~Fox: We've had an overwhelming demand here for more advanced classes
  1613. [20:45:15] ~Fox: We still want to reach out to those of you that are at a basic level
  1614. [20:45:54] ~Fox: over the next few days and weeks we will be creating a site to house all of these talks, along with getting a more organized schedule for classes, teachers, and for input from you guys on what you want to learn more about.
  1615. [20:46:27] ~Fox: We appreciate the hell out of the kind word, encouragement and donations for those of you that have ( 18hRWnxoHztBPDYQ9bPA1uUpN8LTrd7xbB )
  1616. [20:46:35] %LordKitsuna: "we will be creating a site to house all of these talks" feel free to use my vps if you want
  1617. [20:46:44] ~Fox: We're getting together a lot of new things, so if you all keep coming, we'll keep rolling.