API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 24th, 2015
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.91 KB | None | 0 0
raw download clone embed print report
  1. <Crypto-dmtized> Gpu Xfx radeon 295x2 will make it fly.
  2. * jhack has quit (Ping timeout: 246 seconds)
  3. <dimitry7> Crypto-dmtized, really? how long time?
  4. * anoncicada (anoncicada@gateway/shell/elitebnc/x-zngnebsdinvsyjdc) has joined ##security
  5. * c0ncealed (~c0ncealed@unaffiliated/c0ncealed) has joined ##security
  6. <dimitry7> Crypto-dmtized, I have access to EC2 in AWS, I was thinking in running this there on a 32 CPUs virtual machine
  7. * br0d1n- (br0d1n@gateway/shell/elitebnc/x-wvthcbtrmxdhjpbm) has joined ##security
  8. <dimitry7> 2.8 GHz
  9. * FemaleAnon has quit (Quit: Leaving)
  10. <Crypto-dmtized> This my setup here 2 Xfx radeon 295x2. i7 with 32gb ram. I cannot tell you exactly how long but having power full gpu eats wordlist like nothing.
  11. * darkode (~honeypie@d207-81-46-67.bchsia.telus.net) has joined ##security
  12. <dimitry7> wow
  13. <dimitry7> how much does a card like that one cost?
  14. <Crypto-dmtized> 1000$ each
  15. * ByteCrunch (~bitecrunc@bytecrunch.de) has joined ##security
  16. * speeddragon (~speeddrag@pa3-84-91-122-79.netvisao.pt) has joined ##security
  17. <dimitry7> uff
  18. <dimitry7> expensive
  19. * citizen-stig has quit (Ping timeout: 240 seconds)
  20. <Crypto-dmtized> Well I use it for mining coins with free electricity lol.. solar panels.
  21. * greenride (~bigbear@unaffiliated/greenride) has joined ##security
  22. * chasmo77 (~chas77@158.183-62-69.ftth.swbr.surewest.net) has joined ##security
  23. <Crypto-dmtized> So it pays it self off slowly.
  24. <dimitry7> haha nice!!
  25. <greenride> I'm getting the error message "[xfire.transport.http.HttpChannel] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated". Is this typically caused by Java keystore problems?
  26. * ryao_ has quit (Changing host)
  27. * ryao_ (~ryao@gentoo/developer/ryao) has joined ##security
  28. * ryao_ is now known as ryao
  29. * speeddragon has quit (Ping timeout: 246 seconds)
  30. <dimitry7> Crypto-dmtized, what's the longest you've waited to crack a good PSK ?
  31. * Brnocrist has quit (Ping timeout: 264 seconds)
  32. <ryonaloli> are you just trying to break WPA?
  33. <dimitry7> ryonaloli, for now, yep
  34. <dimitry7> Then I will try to add some Radius etc, but now just breaking
  35. <ryonaloli> there is a method to break it even if you don't have the PSK
  36. <ryonaloli> it's vulnerable to a fallback attack which changes it from using CCMP to TKIP (even if you have TKIP disabled)
  37. * Brnocrist (~spartak@unaffiliated/brnocrist) has joined ##security
  38. <ryonaloli> and TKIP uses RC4, so you can mount an active attack against it which breaks the RC4 stream within about an hour
  39. * finalb0ss has quit (Ping timeout: 264 seconds)
  40. <ryonaloli> regardless of how good the password is (this applies to WPA and WPA2, not sure if it applies to EAP-TLS)
  41. * finalb0ss (~trouble@197.149.195.121) has joined ##security
  42. <Crypto-dmtized> Dimitry: I have tested on my own network.. the longer the key and wordlist it will take time but you can crack anything just need good gpu and the power to do so.
  43. <dimitry7> ryonaloli, really? what's the name of the method? I have tried all from the crunch website but they all end up sending me to wordlists
  44. * auraka (ross@kahuna.ruselabs.com) has joined ##security
  45. <ryonaloli> dimitry7: let me find some info on it, one sec
  46. <dimitry7> Crypto-dmtized, all right, I will borrow one! I will ask a friend who likes video games :D
  47. <dimitry7> ryonaloli, all right man! :D
  48. * FishFiend (~FishFiend@vm460.sakuraserver.co) has joined ##security
  49. <ryonaloli> http://www.rc4nomore.com/vanhoef-usenix2015.pdf
  50. <ryonaloli> >All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS
  51. <ryonaloli> combine that with the attack to force WPA/WPA2 to fallback into TKIP mode, and you can berak it
  52. <ryonaloli> *break
  53. * qg_ has quit (Remote host closed the connection)
  54. * qg_ (~qg_@c-73-43-119-1.hsd1.ga.comcast.net) has joined ##security
  55. <Crypto-dmtized> Dimitry what type of router ur working with?
  56. * qg_ has quit (Remote host closed the connection)
  57. * cursous (~cursous@31.214.228.215) has joined ##security
  58. <ryonaloli> and http://lists.randombit.net/pipermail/cryptography/2014-September/006760.html for the fallback attack (the post was created before the RC4 attack was published/perfected, so it assumes you need to know the PSK)
  59. * cursous has quit (Remote host closed the connection)
  60. <ryonaloli> >WPA2 does NOT prevent an adversary able to inject packets at you from
  61. <ryonaloli> downgrading crypto to flawed RC4. due to odd forgotten legacy protocol
  62. <ryonaloli> bits, every implementation of WPA2 that i have tested is vulnerable to
  63. <ryonaloli> an active downgrade to TKIP/RC4 while still being "WPA2" and still
  64. <ryonaloli> showing all signs of using strongest security settings.
  65. <ryonaloli> fuck
  66. <ryonaloli> sorry, thought that'd show up on just one line
  67. <dimitry7> ryonaloli, great, I'm checking it all
  68. <dimitry7> Crypto-dmtized, let me see
  69. <dimitry7> Crydamoure, TP-Link router
  70. <FFAce> ryonaloli: if you specify ccma/aes ... is it still affected?
  71. <dimitry7> don't know the model
  72. <ryonaloli> FFAce: read what i said earlier. even if you set it to only use CCMP, it is still possible to downgrade to tKIP
  73. <ryonaloli> *TKIP
  74. * finalb0ss has quit (Ping timeout: 255 seconds)
  75. <FFAce> oh darn
  76. * curvu (~curvu@37.10.110.165) has joined ##security
  77. <FFAce> ryonaloli: you got a cve on that nastiness?
  78. * curvu has quit (Remote host closed the connection)
  79. <ryonaloli> some mitigations are 1) establish a vpn link between your computer and your router, 2) patch the wifi driver to shut down if it starts using RC4, 3) set up wireshark or any other sniffer and NIDS and cause it to disable your wifi if it detects TKIP
  80. <FFAce> .1x ftw? :P
  81. * finalb0ss (~trouble@197.149.195.121) has joined ##security
  82. <ryonaloli> i don't know if it has a CVE. "it's a feature, not a bug"
  83. * aborazmeh (~aborazmeh@85.97.105.234) has joined ##security
  84. * aborazmeh has quit (Changing host)
  85. * aborazmeh (~aborazmeh@unaffiliated/aborazmeh) has joined ##security
  86. <FFAce> nah,it's as much a feature as the SSLv3 crypto downgrade bug was
  87. <FFAce> well I avoid wifi whenever possible ...lol
  88. <FFAce> "wife eye" ? :P
  89. <ryonaloli> wifi is sometimes necessary unfortunately
  90. <FFAce> it is
  91. <FFAce> at my home, i don't need it
  92. <ryonaloli> but you can still estbalish a secure link with your router, e.g. with openvpn or ipsec (ew), and ust use open wifi
  93. <FFAce> I just ran wires all over
  94. <ryonaloli> yeah i'm doing that now too
  95. <ryonaloli> router hardware with adsl card -> freescale processor with seL4 -> my computer
  96. <ryonaloli> which is what i'm working on
  97. <FFAce> well.....even then, I only expect some form of security betwen my hosts and the first router
  98. <FFAce> can't trust ISPs around here
  99. <FFAce> why adsl?
  100. <ryonaloli> it's just what i have
  101. * branwe (~branwe@31.214.150.80) has joined ##security
  102. <FFAce> meh,bro, i wouldn't wess with residential wan if I were you
  103. * branwe has quit (Remote host closed the connection)
  104. <ryonaloli> i know it's super vulnerable and hacking an adsl card gives DMA on the router, that's why i have a second hardware in the works to protect from ethernet evilness
  105. <FFAce> just too messy to deal with
  106. <FFAce> personally I just do what I need to , security and privacy wise before the ISP router
  107. * patius (~patius@46.251.230.49) has joined ##security
  108. <FFAce> simple static route to your ISP router with very specific ACL and static arp to it , that's all i know how to do as far as securing home router <-> isp router
  109. * patius has quit (Remote host closed the connection)
  110. <dimitry7> ryonaloli, that can't be done with aircrack can it?
  111. <FFAce> also, what do you mean "DMA" ?
  112. <ryonaloli> dimitry7: it cannot, noo (not yet)
  113. <ryonaloli> *no
  114. <dimitry7> ryonaloli, what can I use?
  115. * hapislacker has quit (Quit: WeeChat 1.3)
  116. <ryonaloli> FFAce: direct memory access. an adsl card is an entire computer, it has its own kernel, own operating system, etc. it connects over PCI, which means if it is compromised, it has full direct access to the system memory
  117. * Matrix (~matrix@unaffiliated/matrix) has joined ##security
  118. <ryonaloli> and supposedly the adsl protocol is super easy to break
  119. <FFAce> well adsl doesn't have any security features iirc
  120. <FFAce> it's just layer 1
  121. <ryonaloli> dimitry7: you'll have to find that out on your own, i'm not aware of any easy-to-use tools with point-and-click WPA breaking abilities
  122. <FFAce> and yeah,that makes sense
  123. * SudoNull- has quit (Ping timeout: 244 seconds)
  124. <FFAce> learn something new today :)
  125. <dimitry7> I'm using Kali, I can't see nothing that helps here
  126. <ryonaloli> i always use tor anyway, so the only thing i have to protect from if my adsl router is hacked is magic packets over ethernet, etc.
  127. <Crypto-dmtized> Lot of routers have open access or default password.
  128. <Crypto-dmtized> You can install openwrt
  129. <ryonaloli> well my router runs openbsd
  130. <FFAce> ryonaloli: meh...
  131. <ryonaloli> but it still has an adsl card
  132. <FFAce> when I use tor, it always feels like I'm jusing the FBI's fancy honey pot :P
  133. <ryonaloli> so no matter how much systrace i set up (actually i havent' set it up at all... i should), if the adsl card is compromised, openbsd is compromised
  134. <ryonaloli> well if you send credentials over plaintext sure
  135. <ryonaloli> but it's very anonymous if you use it right
  136. <FFAce> right now, my approach to security is redundancy , whatever I'm securing it needs to have redundancy in the event of compromise
  137. * smaudet has quit (Ping timeout: 250 seconds)
  138. * finalb0ss has quit (Ping timeout: 252 seconds)
  139. <ryonaloli> i do that as well. tor + tor browser + RBAC + xephyr (soon to be + seccomp)
  140. <FFAce> no 1 single exploit should compromise it all
  141. <FFAce> which RBAC?
  142. <Crypto-dmtized> Dmitry kali is a great pen testing os.
  143. <FFAce> selinxu or grsec
  144. <ryonaloli> grsecurity's RBAC
  145. <FFAce> yeah that's cool
  146. <dimitry7> Crypto-dmtized, I know, albeit for downgrade attack I see no tool at all
  147. * finalb0ss (~trouble@197.149.195.121) has joined ##security
  148. <ryonaloli> and xephyr just so i can protect tor browser without it needing access to my main X11 cookie
  149. <ryonaloli> dimitry7: you'll need to develop your own
  150. <dimitry7> I think that's just theory
  151. <ryonaloli> no, it's been done before
  152. <dimitry7> (yet=
  153. <Crypto-dmtized> Dimitry: you need to understand what each tool does before you use it also learn few coding languages python , c.
  154. <ryonaloli> perhaps read through the relevent parts of the drivers? ath9k and ral are solid drivers, so they may also be the easiest to read (i'm assuming that the fallback code is present in the drivers, not just the firmware)
  155. <FFAce> ryonaloli: I just don't trust applications too well I guess, I mean I use normal apps too, but for 'secure' stuff I try to use VMs , xen/vmware are all nice so is kvm
  156. <Crypto-dmtized> Then you start making your own exploit codes... private exploit codes.
  157. <ryonaloli> VMs do not have the same level of granularity
  158. <ryonaloli> (also, i hope you don't use qubes os :P)
  159. <FFAce> exactly
  160. <FFAce> meh
  161. <FFAce> qubes is nice
  162. <ryonaloli> i prefer MACs to VMs in most cases because you can confine more
  163. <ryonaloli> qubes runs everything as root
  164. <FFAce> but it's not simple enough for me
  165. * cyldingcyn (~cyldingcy@31.214.150.80) has joined ##security
  166. * StathisA has quit (Ping timeout: 255 seconds)
  167. <ryonaloli> that is far from nice (it has a silly threat model which assumes xen is perfect, so it relies 100% on that single assumption)
  168. * cyldingcyn has quit (Remote host closed the connection)
  169. <FFAce> my vm host machines are very simple ,hence easy to secure
  170. <ryonaloli> personally, i run tails in qemu-kvm, secured with RBAC and using its own Xorg instance, but that's just for when i need tails
  171. <FFAce> both config wise and number of apps
  172. <ryonaloli> i'm working on patching tails to use grsecurity but apparmor and overlayfs don't play well together ;_;
  173. <FFAce> i use to do exactly what you were doing lol
  174. <ryonaloli> and grsec is incompatible with aufs, so the only stacking fs i can use is overlayfs
  175. <ryonaloli> why do you no longer do it?
  176. <FFAce> I even used spice so I can access tails from other vm
  177. <FFAce> meh, there were a string of tails vulns...plus paranoia
  178. <ryonaloli> i find spice to be too big and complex, easier to just have it in its own Xorg instance
  179. <FFAce> if I'm going to be secure,best to do it right
  180. <ryonaloli> well i use tails for anonymity/antiforensics
  181. * czkowskiki (~czkowskik@45.59.19.229) has joined ##security
  182. <ryonaloli> and that's why i'm setting it up with grsecurity
  183. * czkowskiki has quit (Remote host closed the connection)
  184. <ryonaloli> (what string of vulns btw? the only ones i know of were generic debian vulns)
  185. <ryonaloli> the problem with using other OSes is that it makes fingerprinting easier
  186. <FFAce> right now I'm using other methods , I would like to soon have a pair of VPS to run tails/I2P on
  187. <FFAce> oh yeah ,that's true
  188. <ryonaloli> wait, like a remote vps?
  189. <FFAce> yup
  190. <ryonaloli> or a local vm?
  191. * theobrandr (~Ted@pool-100-13-32-98.tampfl.fios.verizon.net) has left ##security
  192. <FFAce> remote
  193. <ryonaloli> why remote? that sounds very unsafe
  194. <FFAce> the idea is to VPN to VPS
  195. * tpiXvas has quit (Ping timeout: 246 seconds)
  196. <ryonaloli> but if you run tails *on* the vps, then the host can hijack tails, monitor it, etc
  197. <FFAce> the actual tor/i2p node would be outside the legal jurisdiction of my country atm
  198. <FFAce> that's the idea
  199. <FFAce> no, not run tails but just tor/i2p
  200. <ryonaloli> but woudl it be end to end encrypted?
  201. <ryonaloli> or would the tor process run on the vulnerable vps?
  202. * Satoshi_ABC (~Satoshi_A@p61080-ipngn200701tokaisakaetozai.aichi.ocn.ne.jp) has joined ##security
  203. * finalb0ss has quit (Ping timeout: 260 seconds)
  204. <dimitry7> Crypto-dmtized, yes, wordlists are easier but longer.
  205. <FFAce> the tor would run on the vuln vps but the traffic TOR processes would be encrypted .
  206. <dimitry7> take longer
  207. * tpiXvas (~tpiXvas@207.245.236.156) has joined ##security
  208. <FFAce> not too long
  209. <FFAce> overhead,yeah
  210. <FFAce> but latency won't be too bad
  211. <dimitry7> Needs GPU
  212. <ryonaloli> FFAce: not sure what you mean
  213. <ryonaloli> like if the vps were compromised, would it be able to read your traffic?
  214. <FishFiend> yeah... i agree with ryonaloli. just use the VPS as a VPN and run tor locally, then route it through the vpn
  215. <ryonaloli> or would tor r un on your computer, and the vps is just another hop?
  216. <FishFiend> otherwise TOR could be compromised and then your only safety is your vpn
  217. <FFAce> no
  218. * carousel has quit (Ping timeout: 246 seconds)
  219. <Crypto-dmtized> Be very careful with tor nodes now days.. even with vpn or socks5
  220. * trelnev (~trelnev@31.214.228.215) has joined ##security
  221. <FishFiend> you could always use the VPS as a second VPN. double hop the VPNs and then route Tor through them
  222. * trelnev has quit (Remote host closed the connection)
  223. <Crypto-dmtized> Depending what you use tor for.
  224. <FFAce> like .... A ---> VPN ---> tor ---> B ---> no more VPN
  225. <ryonaloli> Crypto-dmtized: now days? you are always suppose to be careful (i.e. not log into an unencrypted website over tor)
  226. * StathisA (stathisa@gateway/vpn/mullvad/x-xeerofxoogvlkzru) has joined ##security
  227. * StathisA has quit (Changing host)
  228. * StathisA (stathisa@unaffiliated/stathisa) has joined ##security
  229. * StathisA has quit (Changing host)
  230. * StathisA (stathisa@gateway/vpn/mullvad/x-xeerofxoogvlkzru) has joined ##security
  231. * Voovode (~Alex@owbqbf.static.otenet.gr) has joined ##security
  232. <ryonaloli> what is B? B is a vpn? or the exit node's ISP?
  233. <FFAce> B would be the vpn provider
  234. <greenride> I'm getting a 'javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated' error. Anyone know what could cause this?
  235. <FFAce> the exit node would connect to a VPN provider
  236. <flyback> WATCHED "NOW YOU SEE ME" TONIGHT
  237. <flyback> you guys would appreciate thi smovie
  238. * tpiXvas has quit (Read error: Connection reset by peer)
  239. <FishFiend> FFAce, your route makes no sense to me. you are running the Tor process on the remote VPS, right?
  240. * Captain_Awesome has quit (Ping timeout: 245 seconds)
  241. <FFAce> yes , tor is just a middle network
  242. * usni (~usni@167.88.104.123) has joined ##security
  243. <ryonaloli> eh
  244. <FFAce> the only thing that gets in and out of tor is VPN traffic
  245. * usni has quit (Remote host closed the connection)
  246. <ryonaloli> would the vpn connection to that be on your local computer?
  247. <Crypto-dmtized> Depends what ur using tor for. Doesn't matter what your routing method might be information is still visible.
  248. * finalb0ss (~trouble@197.149.195.121) has joined ##security
  249. <ryonaloli> if so, you open yourself up to local network exploits
  250. <ryonaloli> as well as tcp fingerprinting
  251. <FFAce> yeah it would be
  252. <ryonaloli> (in addition to the fact that you'd be defeating the purpose of tor, or at least a purpose)
  253. <ryonaloli> by having one non-rotating exit ip
  254. <ryonaloli> eh, in that case it's probably quite a bad idea
  255. <ryonaloli> just running p0f could uniquely fingerprint you across websites
  256. <FFAce> what do you mean local exploits?
  257. <ryonaloli> well, a vpn effectively extends your local networking stack
  258. <ryonaloli> so the packets the end website is getting is assembled by your own kernel
  259. <ryonaloli> rather than assembled by an exit node
  260. <FishFiend> FFAce, your VPS provider or VM on their server being compromised, primarily.
  261. <ryonaloli> and any tcp packets you recieve would be parsed by your own kernel, rather than by the exit node
  262. <FFAce> well they can track me across websites but they won't correlate it to my IP or address/location right?
  263. * takataka (~takataka@46.251.230.49) has joined ##security
  264. <ryonaloli> so if someone finds a vuln in the networkign stack, netfilter, etc (which does happen), then they can break into your local computer
  265. * takataka has quit (Remote host closed the connection)
  266. * h4ckurate (~h4ckurate@c-73-231-130-84.hsd1.ca.comcast.net) has joined ##security
  267. <ryonaloli> they could correlated it to your location within a certain extent
  268. <FFAce> FishFiend: if that happens the traffic vpn traffic(encrypted)
  269. <ryonaloli> because it can give away information like your timezone, your local time, your uptime
  270. <ryonaloli> in addition to the number of hops between you and the destination
  271. <Crypto-dmtized> You can run ur own vpn server with himachi and privoxy.
  272. <FFAce> ryonaloli: it can happen regardless though right?
  273. <ryonaloli> no, that would happen only if a vpn is your last hop
  274. <ryonaloli> if tor is your last hop(s), then it is the exit node that assembles and parses the tcp
  275. <ryonaloli> so the destination websites would not be exposed to your own computer's networking stack
  276. <FFAce> well ideally I'd do it from a router dedicated to that
  277. * LZmx (~LZmx@223.197.218.224) has joined ##security
  278. <FFAce> host stack -> router net stack
  279. <ryonaloli> then it's still fingerprintable
  280. <FFAce> but I see what you mean
  281. <ryonaloli> which also will give away your real ip if the router is compromised
  282. <ryonaloli> which kinda defeats the purpose
  283. <FFAce> well I have control over the router
  284. <ryonaloli> (and routers tend to have less up to date networking software)
  285. <ryonaloli> so? that means that if it is compromised, it links back to you
  286. * h4ckurate has quit (Remote host closed the connection)
  287. <ryonaloli> if tor is your last hop, then any attack against yoru tcp/ip stack is stopped at the very first hop
  288. <ryonaloli> in which case it's *good* taht you do not control it
  289. <FFAce> so my idea is , when I vist a site or a network, they wont see a tor exit IP, they'll have to get the VPN provider to give them an IP, in which case it'll just give them a tor exit node IP
  290. <FFAce> and the machiens that get on the VPN, get only on the VPN,nothing else
  291. <ryonaloli> they'll bypass all of that
  292. <ryonaloli> it's much safer to have tor be your last hops
  293. * eadwinero (~eadwinero@64.64.248.162) has joined ##security
  294. <ryonaloli> http://lcamtuf.coredump.cx/p0f3/
  295. * eadwinero has quit (Remote host closed the connection)
  296. <FFAce> yeah but tor exit nodes are public, and I don't really trust tor
  297. <ryonaloli> try going to that site with a vpn as your last hop, and then with tor as your last hop
  298. <FFAce> in a way , i'm protecting myself against tor when doing vpn in it
  299. <ryonaloli> yet you trust a centralized vpn that has 100% power?
  300. <ryonaloli> compared to tor where all 3 nodes have to be compromised to deanonymize you?
  301. <FFAce> well the centralized VPN connects to the tor exit node right?
  302. <ryonaloli> also, vpns are known to very often go against users, and are often insecure. PIA for example is totally broken.
  303. <FFAce> so even if they were compromised they can't correlate the traffic to my real IP
  304. <ryonaloli> ideally
  305. <ryonaloli> but they will bypass that
  306. <ryonaloli> and go for fingerprinting
  307. <ryonaloli> which is far easier because of the vpn exposing your tcp/ip stack
  308. <ryonaloli> as well as exploitation
  309. <FFAce> yes but how will fingerprinting identify me outside of the VPN
  310. <Botchla> ryonaloli, why is PIA broken.
  311. <FFAce> the exploit part you have a good point
  312. <FFAce> but the idea is to throw every method of hardening at the router box
  313. <ryonaloli> Botchla: according to hdm, it has issues with segmentation that allows an attacker to force any user on it to visit a site of their choice (dns/cache poisoning)
  314. <Botchla> I see.
  315. * vellonius (~vellonius@167.88.104.123) has joined ##security
  316. <ryonaloli> as well as get a list of ips (either through lsrr magic or fucking netbios)
  317. * vellonius has quit (Remote host closed the connection)
  318. <ryonaloli> FFAce: no matter how much hardening you add, the tcp is still parsed in kernelspace
  319. <FFAce> in my scenario, both tor and the VPN are not trusted but they work against each other when it comes to compromising my traffic
  320. * peanuter has quit (Changing host)
  321. * peanuter (~peanuter@unaffiliated/peanuter) has joined ##security
  322. <ryonaloli> which means if an exploit works, you get deaonymized
  323. <ryonaloli> it could also accurately track you across web visits
  324. <FFAce> ryonaloli: but seriously dude, how many kernel 0 day are there that result in network stack remote exploit ?
  325. <ryonaloli> FFAce: many
  326. <FFAce> also, even if you use tor, you local stack can be pwned
  327. * Satoshi_ABC has quit (Remote host closed the connection)
  328. <ryonaloli> not by a remote adversary
  329. <FFAce> isn't it more likely to pwn tor itslef?
  330. <ryonaloli> no
  331. * threepstone (~Thunderbi@104.200.154.65) has joined ##security
  332. <ryonaloli> because it would have to pwn all 3 hops, or go for your web browser (which you can protect against quite effectively)
  333. <FFAce> so tor code is more secure than linux kernel tcp/ip stack?
  334. <ryonaloli> since your web browser does not parse css in kernelmode :P
  335. <ryonaloli> oh by far
  336. <ryonaloli> tor itself is not only written well, but it uses an *extremely* good seccomp policy
  337. <ryonaloli> (seccomp being a syscall and syscall argument filter)
  338. <FFAce> but dude,kernel devs are much more strict
  339. <ryonaloli> heh
  340. <FFAce> well you don't get my fear here
  341. <FFAce> I don't trust tor devs
  342. <ryonaloli> yeah, like linus who flat out refuses to add segmentation based security
  343. <FFAce> they get most of their funding from the state department
  344. <ryonaloli> or all those devs who like to make vullns look like mere bugs
  345. <ryonaloli> wut
  346. <ryonaloli> yeah so does linux
  347. <ryonaloli> actually, linux gets more
  348. <ryonaloli> as well as has a much larger list of vulnerabilities, both because it is sloppier, but also because it is much, much larger
  349. <FFAce> I thought intel/red hat funded it the most?
  350. <ryonaloli> furthermore, if they *do* pwn tor, they would still have to pwn the krenl as well
  351. <ryonaloli> *kernel
  352. <ryonaloli> if they want to get the same level of access they would with a tcp/ip exploit
  353. * Satoshi_ABC (~Satoshi_A@p61080-ipngn200701tokaisakaetozai.aichi.ocn.ne.jp) has joined ##security
  354. <ryonaloli> but the mere fact that tor runs in userland should be enough to show it is more secure, not to mention it being far smaller, having more code review, etc.
  355. * diomas (~diomas@64.64.248.162) has joined ##security
  356. <FFAce> if my local kernel has a tcp vuln, a tor node can easily pwn me (the first tor hop) as much as the VPN provider...is that correct?
  357. * diomas has quit (Remote host closed the connection)
  358. * Corey84 has quit (Ping timeout: 255 seconds)
  359. <ryonaloli> i mean, anyone could go on a linux system right now, fuzz a few obsure drivers, load those drivers from ring 3, and exploit them
  360. <ryonaloli> no that's not correct
  361. <ryonaloli> becaus tor acts more like a proxy
  362. <FFAce> see that's the part I don't get then
  363. <ryonaloli> the exit node establishes a tcp connection with the middle node
  364. <FFAce> well socks uses tcp...
  365. <FishFiend> ryonaloli, linus contributes to grsecurity, so i wouldn't say he is completely adverse to security
  366. <ryonaloli> the only node that could pwn you if it had an exploit is your guard
  367. <ryonaloli> FishFiend: oh he's not adversive to it, but hedoes not prioritize it
  368. * harukomoto (~harukomot@93-34-215-220.ip51.fastwebnet.it) has joined ##security
  369. <FFAce> mypc <--socks-->tor compared to mypc <--SSL VPN -->VPN provider
  370. <ryonaloli> the socks has nothing to do with it
  371. <ryonaloli> because that's all local
  372. <ryonaloli> what matters is what you are establishing a tcp conection with (aka the guard node)
  373. <FFAce> yes..the guard
  374. <ryonaloli> if you use a vpn as the last hop, you establish a tcp connection with *every* sit eyou visit
  375. <ryonaloli> so they can target you, e.g. with a wateringhole attack
  376. <ryonaloli> or an MITM
  377. <ryonaloli> whereas the guard reduces the number of adversaries who can pwn your tcp/ip stack to the theoretical minimum: 1
  378. <FFAce> why should I trust the guard?
  379. <ryonaloli> because the guuard does not know what you are doing, so it cannot target you specifically for certain activiites
  380. * in2rd has quit (Ping timeout: 240 seconds)
  381. * realtime (~realtime@unaffiliated/realtime) has joined ##security
  382. <ryonaloli> furthermore, guards have a more complex process of being selected, amking sybil attacks against guard nodes much harder
  383. <Crypto-dmtized> Tor is been compromised so many times.. even now mostly government keeps an eye out on tor. Doesn't matter how many hoopa hops you do or any encryption method. Big brother can drop that hammer if they see anything illegal.
  384. <FFAce> I don't know man, you have a point, but my point is , there is no way I am trusting *just* tor
  385. <ryonaloli> Crypto-dmtized: that's bullshit. they compromise the browser.
  386. <ryonaloli> since it merely uses firefox.
  387. * KidBeta (~textual@130.56.93.253) has joined ##security
  388. * kumagada (~kumagada@45.59.19.229) has joined ##security
  389. <ryonaloli> (and you can protect against a compromimsed browser, e.g. with apparmor in tails)
  390. * kumagada has quit (Remote host closed the connection)
  391. <FFAce> actually I'm also thinking of avoiding tor/i2p all together
  392. <ryonaloli> FFAce: so you would prefer trusting every single wesite you visit?
  393. <ryonaloli> man, you should read up on some anonymity appers :/
  394. <ryonaloli> *papers
  395. <ryonaloli> droping tor is probably the worst possible thing to do
  396. * arescorpio has quit (Quit: Leaving.)
  397. <FFAce> ryonaloli: i'm against that too , which is why i want to use both vpn and tor
  398. <Crypto-dmtized> Ryonaloli what you know about coding? Before calling out bullshit
  399. <ryonaloli> all the time i see people saying "omg it's broken!!!1"
  400. <ryonaloli> Crypto-dmtized: about coding? what do you mean?
  401. <FFAce> in a way that makes them have to fight each other to compromise my traffic
  402. <ryonaloli> i have read the tor source code
  403. <dimitry7> http://techcrunch.com/2013/09/07/the-nsa-can-read-some-encrypted-tor-traffic/
  404. <ryonaloli> FFAce: unfortunately, a vpn at the other side bypasses tor's protections
  405. <ryonaloli> didheh
  406. * finalb0ss has quit (Ping timeout: 250 seconds)
  407. <FFAce> heh
  408. <ryonaloli> oh lol
  409. <ryonaloli> that article is bullshit
  410. <FFAce> your entire premise is that there will be a linux kernel tcp vuln
  411. <Crypto-dmtized> Lol doesn't matter.. anybody can read a book n be like I read it.
  412. <ryonaloli> FFAce: no, it also applies to fingerprinting
  413. <ryonaloli> which we *know* always is there
  414. <FFAce> hat is the only scenario in which my security and anonymity will be compromised
  415. <ryonaloli> FFAce: no, fingerprinting is the biggest concern
  416. * finalb0ss (~trouble@197.149.195.121) has joined ##security
  417. <FFAce> fingerprinting is useless in this case if they can't correlate it to a real person/location
  418. <ryonaloli> becase fingerprinting tied with your vpn having one or a few ips makes it far easier for sites to build up a detailed personality profile
  419. * theshaz (~yaaic@cblmdm72-241-167-244.buckeyecom.net) has joined ##security
  420. <FFAce> that's not the problem I"m trying to solve though
  421. <ryonaloli> also, they can with traffic correlation, which is easier if you have vpns on two sides
  422. * Malsasa (~Malsasa@114.79.28.73) has joined ##security
  423. <FFAce> I don't care if they build up a personality profie so long as it can't be traced to me
  424. <ryonaloli> due to those vpns not using a variety of tor features such as padding
  425. <ryonaloli> it can be traced to you, that's how personality profiles work
  426. <FFAce> and I can easily change that on my end
  427. <ryonaloli> e.g. stylometry
  428. <Crypto-dmtized> Lol
  429. <ryonaloli> which works if you have a large sample, the kind a vpn provider and its isp could provide
  430. <ryonaloli> normally, stylometry is useless because it requires such a big sample size
  431. <ryonaloli> dimitry7: that article is talking about an older version of tor which used an older protocol, and then cited some speculations that the nsa, given enough time, could possibly break a single handshake
  432. * x1rt has quit (Quit: WeeChat 1.0.1)
  433. <FFAce> ryonaloli: in thta case, they'll need the help of the tor guard too right?
  434. <ryonaloli> unless they get a quantum computer, they cannot physically break 1024 bit public key crypto in real time
  435. * harukomoto has quit (Ping timeout: 260 seconds)
  436. <ryonaloli> FFAce: no, the guard is designed to know as ittle as possible about you and your activities
  437. <FFAce> well..i don't get how "stylometry" can work then
  438. <ryonaloli> you know what stylometry is right?
  439. <ryonaloli> writing style analysis?
  440. <dimitry7> http://bgr.com/2015/07/30/mit-researchers-can-break-tor-anonymity-without-even-touching-encryption/
  441. <Crypto-dmtized> Quantum is 10 yrs old technology... lol by the time u read news it's 10 yrs old... media is 10 yrs behind.
  442. * KidBeta has quit (Changing host)
  443. * KidBeta (~textual@hpavc/kidbeta) has joined ##security
  444. <FFAce> they'll need to get my local ISP to cooperate?
  445. <dimitry7> if MIT can do it, NSA did it years ago
  446. <ryonaloli> dimitry7: that's about hidden services
  447. <ryonaloli> please read the actual research paper before linking news articles
  448. <FFAce> ryonaloli: i haven't heard it before but I assumed that's what it meant
  449. <ryonaloli> furthermore, it requires an impractical sybil attack
  450. * wildlander has quit (Quit: Saliendo)
  451. <ryonaloli> and it would also be unable to target specific individuals, but rather deanonymize a few random hidden services, assuming the sybil works
  452. <ryonaloli> FFAce: right, so that means stylometry affects you so long as your writing is analyzable by whatever you exit from, and it is far worse whne you use a single, static service
  453. <FFAce> that's fine because the VPN provider is in a different socio-politcal geographic location
  454. * pjp (~pjp@122.161.184.24) has joined ##security
  455. <ryonaloli> that's actually often a bad idea
  456. <FFAce> it'd require adversarial governments to cooperate
  457. <ryonaloli> because then your trafffic can loop back through the trans-oceanic cable it goes through
  458. <ryonaloli> it'd require anyone on either side of the cable (so not just one AS, but two)
  459. <ryonaloli> *either
  460. <FFAce> that's fine, it's assumed every "cable" can be compromised
  461. <ryonaloli> that's not a good assumption
  462. <FFAce> umm..why?
  463. <ryonaloli> we *know* the trans-oceanic ones are, and that info is availble to nsa, gchq, fbi, 5eyes, 19eyes etc
  464. <ryonaloli> whereas smaller ISPs, at worst, have compromised cisco courters
  465. <ryonaloli> *cisco, juniper, etc
  466. <ryonaloli> which are not used for dragnet
  467. * Mr_Rhino (~satoshi@179.104.144.253) has joined ##security
  468. <ryonaloli> simply because those ISPs do not have the capability to use fiber optics, so optic splitters are out of the question
  469. <FFAce> i assume everyone is compromised lol
  470. <ryonaloli> it's only a good assumption in specific scenarios
  471. * radsy has quit (Quit: Leaving)
  472. <ryonaloli> if you assume evertyhing is equally likely to be compromised, you will come up with a terminally broken threat model
  473. * BOKALDO (~BOKALDO@81.198.156.86) has joined ##security
  474. <FFAce> how is assuming a cable you have no control over is secure a good thing?
  475. <ryonaloli> because you want the chance to be non-zero
  476. <FFAce> I don't have degrees of "compromisability"
  477. <FFAce> either it's compromisable or not
  478. <ryonaloli> then that's a fault of yours
  479. <FFAce> either I control it or I don't
  480. * finalb0ss has quit (Ping timeout: 245 seconds)
  481. <ryonaloli> because we *kknow* the oceanic cables are monitored, due to their using fiber otpics
  482. <ryonaloli> *otpics
  483. <ryonaloli> *optics
  484. <FFAce> I'm not foolish enough to measure the security of something I have no control over
  485. <ryonaloli> that's not foolish, that's wise
  486. * A1exs (~Alex@107-147-198-12.res.bhn.net) has joined ##security
  487. <jeffrey3234> Anyone remember that super paranoid guy from the UK that was on here all the time, forgot his name
  488. <ryonaloli> FFAce: right now, you are vulnerable to a myriad of adversaries
  489. <FFAce> assumptions are not wise in security from my experience,neither is guessing
  490. <FFAce> ryonaloli: exactly
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!