Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <Crypto-dmtized> Gpu Xfx radeon 295x2 will make it fly.
- * jhack has quit (Ping timeout: 246 seconds)
- <dimitry7> Crypto-dmtized, really? how long time?
- * anoncicada (anoncicada@gateway/shell/elitebnc/x-zngnebsdinvsyjdc) has joined ##security
- * c0ncealed (~c0ncealed@unaffiliated/c0ncealed) has joined ##security
- <dimitry7> Crypto-dmtized, I have access to EC2 in AWS, I was thinking in running this there on a 32 CPUs virtual machine
- * br0d1n- (br0d1n@gateway/shell/elitebnc/x-wvthcbtrmxdhjpbm) has joined ##security
- <dimitry7> 2.8 GHz
- * FemaleAnon has quit (Quit: Leaving)
- <Crypto-dmtized> This my setup here 2 Xfx radeon 295x2. i7 with 32gb ram. I cannot tell you exactly how long but having power full gpu eats wordlist like nothing.
- * darkode (~honeypie@d207-81-46-67.bchsia.telus.net) has joined ##security
- <dimitry7> wow
- <dimitry7> how much does a card like that one cost?
- <Crypto-dmtized> 1000$ each
- * ByteCrunch (~bitecrunc@bytecrunch.de) has joined ##security
- * speeddragon (~speeddrag@pa3-84-91-122-79.netvisao.pt) has joined ##security
- <dimitry7> uff
- <dimitry7> expensive
- * citizen-stig has quit (Ping timeout: 240 seconds)
- <Crypto-dmtized> Well I use it for mining coins with free electricity lol.. solar panels.
- * greenride (~bigbear@unaffiliated/greenride) has joined ##security
- * chasmo77 (~chas77@158.183-62-69.ftth.swbr.surewest.net) has joined ##security
- <Crypto-dmtized> So it pays it self off slowly.
- <dimitry7> haha nice!!
- <greenride> I'm getting the error message "[xfire.transport.http.HttpChannel] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated". Is this typically caused by Java keystore problems?
- * ryao_ has quit (Changing host)
- * ryao_ (~ryao@gentoo/developer/ryao) has joined ##security
- * ryao_ is now known as ryao
- * speeddragon has quit (Ping timeout: 246 seconds)
- <dimitry7> Crypto-dmtized, what's the longest you've waited to crack a good PSK ?
- * Brnocrist has quit (Ping timeout: 264 seconds)
- <ryonaloli> are you just trying to break WPA?
- <dimitry7> ryonaloli, for now, yep
- <dimitry7> Then I will try to add some Radius etc, but now just breaking
- <ryonaloli> there is a method to break it even if you don't have the PSK
- <ryonaloli> it's vulnerable to a fallback attack which changes it from using CCMP to TKIP (even if you have TKIP disabled)
- * Brnocrist (~spartak@unaffiliated/brnocrist) has joined ##security
- <ryonaloli> and TKIP uses RC4, so you can mount an active attack against it which breaks the RC4 stream within about an hour
- * finalb0ss has quit (Ping timeout: 264 seconds)
- <ryonaloli> regardless of how good the password is (this applies to WPA and WPA2, not sure if it applies to EAP-TLS)
- * finalb0ss (~trouble@197.149.195.121) has joined ##security
- <Crypto-dmtized> Dimitry: I have tested on my own network.. the longer the key and wordlist it will take time but you can crack anything just need good gpu and the power to do so.
- <dimitry7> ryonaloli, really? what's the name of the method? I have tried all from the crunch website but they all end up sending me to wordlists
- * auraka (ross@kahuna.ruselabs.com) has joined ##security
- <ryonaloli> dimitry7: let me find some info on it, one sec
- <dimitry7> Crypto-dmtized, all right, I will borrow one! I will ask a friend who likes video games :D
- <dimitry7> ryonaloli, all right man! :D
- * FishFiend (~FishFiend@vm460.sakuraserver.co) has joined ##security
- <ryonaloli> http://www.rc4nomore.com/vanhoef-usenix2015.pdf
- <ryonaloli> >All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS
- <ryonaloli> combine that with the attack to force WPA/WPA2 to fallback into TKIP mode, and you can berak it
- <ryonaloli> *break
- * qg_ has quit (Remote host closed the connection)
- * qg_ (~qg_@c-73-43-119-1.hsd1.ga.comcast.net) has joined ##security
- <Crypto-dmtized> Dimitry what type of router ur working with?
- * qg_ has quit (Remote host closed the connection)
- * cursous (~cursous@31.214.228.215) has joined ##security
- <ryonaloli> and http://lists.randombit.net/pipermail/cryptography/2014-September/006760.html for the fallback attack (the post was created before the RC4 attack was published/perfected, so it assumes you need to know the PSK)
- * cursous has quit (Remote host closed the connection)
- <ryonaloli> >WPA2 does NOT prevent an adversary able to inject packets at you from
- <ryonaloli> downgrading crypto to flawed RC4. due to odd forgotten legacy protocol
- <ryonaloli> bits, every implementation of WPA2 that i have tested is vulnerable to
- <ryonaloli> an active downgrade to TKIP/RC4 while still being "WPA2" and still
- <ryonaloli> showing all signs of using strongest security settings.
- <ryonaloli> fuck
- <ryonaloli> sorry, thought that'd show up on just one line
- <dimitry7> ryonaloli, great, I'm checking it all
- <dimitry7> Crypto-dmtized, let me see
- <dimitry7> Crydamoure, TP-Link router
- <FFAce> ryonaloli: if you specify ccma/aes ... is it still affected?
- <dimitry7> don't know the model
- <ryonaloli> FFAce: read what i said earlier. even if you set it to only use CCMP, it is still possible to downgrade to tKIP
- <ryonaloli> *TKIP
- * finalb0ss has quit (Ping timeout: 255 seconds)
- <FFAce> oh darn
- * curvu (~curvu@37.10.110.165) has joined ##security
- <FFAce> ryonaloli: you got a cve on that nastiness?
- * curvu has quit (Remote host closed the connection)
- <ryonaloli> some mitigations are 1) establish a vpn link between your computer and your router, 2) patch the wifi driver to shut down if it starts using RC4, 3) set up wireshark or any other sniffer and NIDS and cause it to disable your wifi if it detects TKIP
- <FFAce> .1x ftw? :P
- * finalb0ss (~trouble@197.149.195.121) has joined ##security
- <ryonaloli> i don't know if it has a CVE. "it's a feature, not a bug"
- * aborazmeh (~aborazmeh@85.97.105.234) has joined ##security
- * aborazmeh has quit (Changing host)
- * aborazmeh (~aborazmeh@unaffiliated/aborazmeh) has joined ##security
- <FFAce> nah,it's as much a feature as the SSLv3 crypto downgrade bug was
- <FFAce> well I avoid wifi whenever possible ...lol
- <FFAce> "wife eye" ? :P
- <ryonaloli> wifi is sometimes necessary unfortunately
- <FFAce> it is
- <FFAce> at my home, i don't need it
- <ryonaloli> but you can still estbalish a secure link with your router, e.g. with openvpn or ipsec (ew), and ust use open wifi
- <FFAce> I just ran wires all over
- <ryonaloli> yeah i'm doing that now too
- <ryonaloli> router hardware with adsl card -> freescale processor with seL4 -> my computer
- <ryonaloli> which is what i'm working on
- <FFAce> well.....even then, I only expect some form of security betwen my hosts and the first router
- <FFAce> can't trust ISPs around here
- <FFAce> why adsl?
- <ryonaloli> it's just what i have
- * branwe (~branwe@31.214.150.80) has joined ##security
- <FFAce> meh,bro, i wouldn't wess with residential wan if I were you
- * branwe has quit (Remote host closed the connection)
- <ryonaloli> i know it's super vulnerable and hacking an adsl card gives DMA on the router, that's why i have a second hardware in the works to protect from ethernet evilness
- <FFAce> just too messy to deal with
- <FFAce> personally I just do what I need to , security and privacy wise before the ISP router
- * patius (~patius@46.251.230.49) has joined ##security
- <FFAce> simple static route to your ISP router with very specific ACL and static arp to it , that's all i know how to do as far as securing home router <-> isp router
- * patius has quit (Remote host closed the connection)
- <dimitry7> ryonaloli, that can't be done with aircrack can it?
- <FFAce> also, what do you mean "DMA" ?
- <ryonaloli> dimitry7: it cannot, noo (not yet)
- <ryonaloli> *no
- <dimitry7> ryonaloli, what can I use?
- * hapislacker has quit (Quit: WeeChat 1.3)
- <ryonaloli> FFAce: direct memory access. an adsl card is an entire computer, it has its own kernel, own operating system, etc. it connects over PCI, which means if it is compromised, it has full direct access to the system memory
- * Matrix (~matrix@unaffiliated/matrix) has joined ##security
- <ryonaloli> and supposedly the adsl protocol is super easy to break
- <FFAce> well adsl doesn't have any security features iirc
- <FFAce> it's just layer 1
- <ryonaloli> dimitry7: you'll have to find that out on your own, i'm not aware of any easy-to-use tools with point-and-click WPA breaking abilities
- <FFAce> and yeah,that makes sense
- * SudoNull- has quit (Ping timeout: 244 seconds)
- <FFAce> learn something new today :)
- <dimitry7> I'm using Kali, I can't see nothing that helps here
- <ryonaloli> i always use tor anyway, so the only thing i have to protect from if my adsl router is hacked is magic packets over ethernet, etc.
- <Crypto-dmtized> Lot of routers have open access or default password.
- <Crypto-dmtized> You can install openwrt
- <ryonaloli> well my router runs openbsd
- <FFAce> ryonaloli: meh...
- <ryonaloli> but it still has an adsl card
- <FFAce> when I use tor, it always feels like I'm jusing the FBI's fancy honey pot :P
- <ryonaloli> so no matter how much systrace i set up (actually i havent' set it up at all... i should), if the adsl card is compromised, openbsd is compromised
- <ryonaloli> well if you send credentials over plaintext sure
- <ryonaloli> but it's very anonymous if you use it right
- <FFAce> right now, my approach to security is redundancy , whatever I'm securing it needs to have redundancy in the event of compromise
- * smaudet has quit (Ping timeout: 250 seconds)
- * finalb0ss has quit (Ping timeout: 252 seconds)
- <ryonaloli> i do that as well. tor + tor browser + RBAC + xephyr (soon to be + seccomp)
- <FFAce> no 1 single exploit should compromise it all
- <FFAce> which RBAC?
- <Crypto-dmtized> Dmitry kali is a great pen testing os.
- <FFAce> selinxu or grsec
- <ryonaloli> grsecurity's RBAC
- <FFAce> yeah that's cool
- <dimitry7> Crypto-dmtized, I know, albeit for downgrade attack I see no tool at all
- * finalb0ss (~trouble@197.149.195.121) has joined ##security
- <ryonaloli> and xephyr just so i can protect tor browser without it needing access to my main X11 cookie
- <ryonaloli> dimitry7: you'll need to develop your own
- <dimitry7> I think that's just theory
- <ryonaloli> no, it's been done before
- <dimitry7> (yet=
- <Crypto-dmtized> Dimitry: you need to understand what each tool does before you use it also learn few coding languages python , c.
- <ryonaloli> perhaps read through the relevent parts of the drivers? ath9k and ral are solid drivers, so they may also be the easiest to read (i'm assuming that the fallback code is present in the drivers, not just the firmware)
- <FFAce> ryonaloli: I just don't trust applications too well I guess, I mean I use normal apps too, but for 'secure' stuff I try to use VMs , xen/vmware are all nice so is kvm
- <Crypto-dmtized> Then you start making your own exploit codes... private exploit codes.
- <ryonaloli> VMs do not have the same level of granularity
- <ryonaloli> (also, i hope you don't use qubes os :P)
- <FFAce> exactly
- <FFAce> meh
- <FFAce> qubes is nice
- <ryonaloli> i prefer MACs to VMs in most cases because you can confine more
- <ryonaloli> qubes runs everything as root
- <FFAce> but it's not simple enough for me
- * cyldingcyn (~cyldingcy@31.214.150.80) has joined ##security
- * StathisA has quit (Ping timeout: 255 seconds)
- <ryonaloli> that is far from nice (it has a silly threat model which assumes xen is perfect, so it relies 100% on that single assumption)
- * cyldingcyn has quit (Remote host closed the connection)
- <FFAce> my vm host machines are very simple ,hence easy to secure
- <ryonaloli> personally, i run tails in qemu-kvm, secured with RBAC and using its own Xorg instance, but that's just for when i need tails
- <FFAce> both config wise and number of apps
- <ryonaloli> i'm working on patching tails to use grsecurity but apparmor and overlayfs don't play well together ;_;
- <FFAce> i use to do exactly what you were doing lol
- <ryonaloli> and grsec is incompatible with aufs, so the only stacking fs i can use is overlayfs
- <ryonaloli> why do you no longer do it?
- <FFAce> I even used spice so I can access tails from other vm
- <FFAce> meh, there were a string of tails vulns...plus paranoia
- <ryonaloli> i find spice to be too big and complex, easier to just have it in its own Xorg instance
- <FFAce> if I'm going to be secure,best to do it right
- <ryonaloli> well i use tails for anonymity/antiforensics
- * czkowskiki (~czkowskik@45.59.19.229) has joined ##security
- <ryonaloli> and that's why i'm setting it up with grsecurity
- * czkowskiki has quit (Remote host closed the connection)
- <ryonaloli> (what string of vulns btw? the only ones i know of were generic debian vulns)
- <ryonaloli> the problem with using other OSes is that it makes fingerprinting easier
- <FFAce> right now I'm using other methods , I would like to soon have a pair of VPS to run tails/I2P on
- <FFAce> oh yeah ,that's true
- <ryonaloli> wait, like a remote vps?
- <FFAce> yup
- <ryonaloli> or a local vm?
- * theobrandr (~Ted@pool-100-13-32-98.tampfl.fios.verizon.net) has left ##security
- <FFAce> remote
- <ryonaloli> why remote? that sounds very unsafe
- <FFAce> the idea is to VPN to VPS
- * tpiXvas has quit (Ping timeout: 246 seconds)
- <ryonaloli> but if you run tails *on* the vps, then the host can hijack tails, monitor it, etc
- <FFAce> the actual tor/i2p node would be outside the legal jurisdiction of my country atm
- <FFAce> that's the idea
- <FFAce> no, not run tails but just tor/i2p
- <ryonaloli> but woudl it be end to end encrypted?
- <ryonaloli> or would the tor process run on the vulnerable vps?
- * Satoshi_ABC (~Satoshi_A@p61080-ipngn200701tokaisakaetozai.aichi.ocn.ne.jp) has joined ##security
- * finalb0ss has quit (Ping timeout: 260 seconds)
- <dimitry7> Crypto-dmtized, yes, wordlists are easier but longer.
- <FFAce> the tor would run on the vuln vps but the traffic TOR processes would be encrypted .
- <dimitry7> take longer
- * tpiXvas (~tpiXvas@207.245.236.156) has joined ##security
- <FFAce> not too long
- <FFAce> overhead,yeah
- <FFAce> but latency won't be too bad
- <dimitry7> Needs GPU
- <ryonaloli> FFAce: not sure what you mean
- <ryonaloli> like if the vps were compromised, would it be able to read your traffic?
- <FishFiend> yeah... i agree with ryonaloli. just use the VPS as a VPN and run tor locally, then route it through the vpn
- <ryonaloli> or would tor r un on your computer, and the vps is just another hop?
- <FishFiend> otherwise TOR could be compromised and then your only safety is your vpn
- <FFAce> no
- * carousel has quit (Ping timeout: 246 seconds)
- <Crypto-dmtized> Be very careful with tor nodes now days.. even with vpn or socks5
- * trelnev (~trelnev@31.214.228.215) has joined ##security
- <FishFiend> you could always use the VPS as a second VPN. double hop the VPNs and then route Tor through them
- * trelnev has quit (Remote host closed the connection)
- <Crypto-dmtized> Depending what you use tor for.
- <FFAce> like .... A ---> VPN ---> tor ---> B ---> no more VPN
- <ryonaloli> Crypto-dmtized: now days? you are always suppose to be careful (i.e. not log into an unencrypted website over tor)
- * StathisA (stathisa@gateway/vpn/mullvad/x-xeerofxoogvlkzru) has joined ##security
- * StathisA has quit (Changing host)
- * StathisA (stathisa@unaffiliated/stathisa) has joined ##security
- * StathisA has quit (Changing host)
- * StathisA (stathisa@gateway/vpn/mullvad/x-xeerofxoogvlkzru) has joined ##security
- * Voovode (~Alex@owbqbf.static.otenet.gr) has joined ##security
- <ryonaloli> what is B? B is a vpn? or the exit node's ISP?
- <FFAce> B would be the vpn provider
- <greenride> I'm getting a 'javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated' error. Anyone know what could cause this?
- <FFAce> the exit node would connect to a VPN provider
- <flyback> WATCHED "NOW YOU SEE ME" TONIGHT
- <flyback> you guys would appreciate thi smovie
- * tpiXvas has quit (Read error: Connection reset by peer)
- <FishFiend> FFAce, your route makes no sense to me. you are running the Tor process on the remote VPS, right?
- * Captain_Awesome has quit (Ping timeout: 245 seconds)
- <FFAce> yes , tor is just a middle network
- * usni (~usni@167.88.104.123) has joined ##security
- <ryonaloli> eh
- <FFAce> the only thing that gets in and out of tor is VPN traffic
- * usni has quit (Remote host closed the connection)
- <ryonaloli> would the vpn connection to that be on your local computer?
- <Crypto-dmtized> Depends what ur using tor for. Doesn't matter what your routing method might be information is still visible.
- * finalb0ss (~trouble@197.149.195.121) has joined ##security
- <ryonaloli> if so, you open yourself up to local network exploits
- <ryonaloli> as well as tcp fingerprinting
- <FFAce> yeah it would be
- <ryonaloli> (in addition to the fact that you'd be defeating the purpose of tor, or at least a purpose)
- <ryonaloli> by having one non-rotating exit ip
- <ryonaloli> eh, in that case it's probably quite a bad idea
- <ryonaloli> just running p0f could uniquely fingerprint you across websites
- <FFAce> what do you mean local exploits?
- <ryonaloli> well, a vpn effectively extends your local networking stack
- <ryonaloli> so the packets the end website is getting is assembled by your own kernel
- <ryonaloli> rather than assembled by an exit node
- <FishFiend> FFAce, your VPS provider or VM on their server being compromised, primarily.
- <ryonaloli> and any tcp packets you recieve would be parsed by your own kernel, rather than by the exit node
- <FFAce> well they can track me across websites but they won't correlate it to my IP or address/location right?
- * takataka (~takataka@46.251.230.49) has joined ##security
- <ryonaloli> so if someone finds a vuln in the networkign stack, netfilter, etc (which does happen), then they can break into your local computer
- * takataka has quit (Remote host closed the connection)
- * h4ckurate (~h4ckurate@c-73-231-130-84.hsd1.ca.comcast.net) has joined ##security
- <ryonaloli> they could correlated it to your location within a certain extent
- <FFAce> FishFiend: if that happens the traffic vpn traffic(encrypted)
- <ryonaloli> because it can give away information like your timezone, your local time, your uptime
- <ryonaloli> in addition to the number of hops between you and the destination
- <Crypto-dmtized> You can run ur own vpn server with himachi and privoxy.
- <FFAce> ryonaloli: it can happen regardless though right?
- <ryonaloli> no, that would happen only if a vpn is your last hop
- <ryonaloli> if tor is your last hop(s), then it is the exit node that assembles and parses the tcp
- <ryonaloli> so the destination websites would not be exposed to your own computer's networking stack
- <FFAce> well ideally I'd do it from a router dedicated to that
- * LZmx (~LZmx@223.197.218.224) has joined ##security
- <FFAce> host stack -> router net stack
- <ryonaloli> then it's still fingerprintable
- <FFAce> but I see what you mean
- <ryonaloli> which also will give away your real ip if the router is compromised
- <ryonaloli> which kinda defeats the purpose
- <FFAce> well I have control over the router
- <ryonaloli> (and routers tend to have less up to date networking software)
- <ryonaloli> so? that means that if it is compromised, it links back to you
- * h4ckurate has quit (Remote host closed the connection)
- <ryonaloli> if tor is your last hop, then any attack against yoru tcp/ip stack is stopped at the very first hop
- <ryonaloli> in which case it's *good* taht you do not control it
- <FFAce> so my idea is , when I vist a site or a network, they wont see a tor exit IP, they'll have to get the VPN provider to give them an IP, in which case it'll just give them a tor exit node IP
- <FFAce> and the machiens that get on the VPN, get only on the VPN,nothing else
- <ryonaloli> they'll bypass all of that
- <ryonaloli> it's much safer to have tor be your last hops
- * eadwinero (~eadwinero@64.64.248.162) has joined ##security
- <ryonaloli> http://lcamtuf.coredump.cx/p0f3/
- * eadwinero has quit (Remote host closed the connection)
- <FFAce> yeah but tor exit nodes are public, and I don't really trust tor
- <ryonaloli> try going to that site with a vpn as your last hop, and then with tor as your last hop
- <FFAce> in a way , i'm protecting myself against tor when doing vpn in it
- <ryonaloli> yet you trust a centralized vpn that has 100% power?
- <ryonaloli> compared to tor where all 3 nodes have to be compromised to deanonymize you?
- <FFAce> well the centralized VPN connects to the tor exit node right?
- <ryonaloli> also, vpns are known to very often go against users, and are often insecure. PIA for example is totally broken.
- <FFAce> so even if they were compromised they can't correlate the traffic to my real IP
- <ryonaloli> ideally
- <ryonaloli> but they will bypass that
- <ryonaloli> and go for fingerprinting
- <ryonaloli> which is far easier because of the vpn exposing your tcp/ip stack
- <ryonaloli> as well as exploitation
- <FFAce> yes but how will fingerprinting identify me outside of the VPN
- <Botchla> ryonaloli, why is PIA broken.
- <FFAce> the exploit part you have a good point
- <FFAce> but the idea is to throw every method of hardening at the router box
- <ryonaloli> Botchla: according to hdm, it has issues with segmentation that allows an attacker to force any user on it to visit a site of their choice (dns/cache poisoning)
- <Botchla> I see.
- * vellonius (~vellonius@167.88.104.123) has joined ##security
- <ryonaloli> as well as get a list of ips (either through lsrr magic or fucking netbios)
- * vellonius has quit (Remote host closed the connection)
- <ryonaloli> FFAce: no matter how much hardening you add, the tcp is still parsed in kernelspace
- <FFAce> in my scenario, both tor and the VPN are not trusted but they work against each other when it comes to compromising my traffic
- * peanuter has quit (Changing host)
- * peanuter (~peanuter@unaffiliated/peanuter) has joined ##security
- <ryonaloli> which means if an exploit works, you get deaonymized
- <ryonaloli> it could also accurately track you across web visits
- <FFAce> ryonaloli: but seriously dude, how many kernel 0 day are there that result in network stack remote exploit ?
- <ryonaloli> FFAce: many
- <FFAce> also, even if you use tor, you local stack can be pwned
- * Satoshi_ABC has quit (Remote host closed the connection)
- <ryonaloli> not by a remote adversary
- <FFAce> isn't it more likely to pwn tor itslef?
- <ryonaloli> no
- * threepstone (~Thunderbi@104.200.154.65) has joined ##security
- <ryonaloli> because it would have to pwn all 3 hops, or go for your web browser (which you can protect against quite effectively)
- <FFAce> so tor code is more secure than linux kernel tcp/ip stack?
- <ryonaloli> since your web browser does not parse css in kernelmode :P
- <ryonaloli> oh by far
- <ryonaloli> tor itself is not only written well, but it uses an *extremely* good seccomp policy
- <ryonaloli> (seccomp being a syscall and syscall argument filter)
- <FFAce> but dude,kernel devs are much more strict
- <ryonaloli> heh
- <FFAce> well you don't get my fear here
- <FFAce> I don't trust tor devs
- <ryonaloli> yeah, like linus who flat out refuses to add segmentation based security
- <FFAce> they get most of their funding from the state department
- <ryonaloli> or all those devs who like to make vullns look like mere bugs
- <ryonaloli> wut
- <ryonaloli> yeah so does linux
- <ryonaloli> actually, linux gets more
- <ryonaloli> as well as has a much larger list of vulnerabilities, both because it is sloppier, but also because it is much, much larger
- <FFAce> I thought intel/red hat funded it the most?
- <ryonaloli> furthermore, if they *do* pwn tor, they would still have to pwn the krenl as well
- <ryonaloli> *kernel
- <ryonaloli> if they want to get the same level of access they would with a tcp/ip exploit
- * Satoshi_ABC (~Satoshi_A@p61080-ipngn200701tokaisakaetozai.aichi.ocn.ne.jp) has joined ##security
- <ryonaloli> but the mere fact that tor runs in userland should be enough to show it is more secure, not to mention it being far smaller, having more code review, etc.
- * diomas (~diomas@64.64.248.162) has joined ##security
- <FFAce> if my local kernel has a tcp vuln, a tor node can easily pwn me (the first tor hop) as much as the VPN provider...is that correct?
- * diomas has quit (Remote host closed the connection)
- * Corey84 has quit (Ping timeout: 255 seconds)
- <ryonaloli> i mean, anyone could go on a linux system right now, fuzz a few obsure drivers, load those drivers from ring 3, and exploit them
- <ryonaloli> no that's not correct
- <ryonaloli> becaus tor acts more like a proxy
- <FFAce> see that's the part I don't get then
- <ryonaloli> the exit node establishes a tcp connection with the middle node
- <FFAce> well socks uses tcp...
- <FishFiend> ryonaloli, linus contributes to grsecurity, so i wouldn't say he is completely adverse to security
- <ryonaloli> the only node that could pwn you if it had an exploit is your guard
- <ryonaloli> FishFiend: oh he's not adversive to it, but hedoes not prioritize it
- * harukomoto (~harukomot@93-34-215-220.ip51.fastwebnet.it) has joined ##security
- <FFAce> mypc <--socks-->tor compared to mypc <--SSL VPN -->VPN provider
- <ryonaloli> the socks has nothing to do with it
- <ryonaloli> because that's all local
- <ryonaloli> what matters is what you are establishing a tcp conection with (aka the guard node)
- <FFAce> yes..the guard
- <ryonaloli> if you use a vpn as the last hop, you establish a tcp connection with *every* sit eyou visit
- <ryonaloli> so they can target you, e.g. with a wateringhole attack
- <ryonaloli> or an MITM
- <ryonaloli> whereas the guard reduces the number of adversaries who can pwn your tcp/ip stack to the theoretical minimum: 1
- <FFAce> why should I trust the guard?
- <ryonaloli> because the guuard does not know what you are doing, so it cannot target you specifically for certain activiites
- * in2rd has quit (Ping timeout: 240 seconds)
- * realtime (~realtime@unaffiliated/realtime) has joined ##security
- <ryonaloli> furthermore, guards have a more complex process of being selected, amking sybil attacks against guard nodes much harder
- <Crypto-dmtized> Tor is been compromised so many times.. even now mostly government keeps an eye out on tor. Doesn't matter how many hoopa hops you do or any encryption method. Big brother can drop that hammer if they see anything illegal.
- <FFAce> I don't know man, you have a point, but my point is , there is no way I am trusting *just* tor
- <ryonaloli> Crypto-dmtized: that's bullshit. they compromise the browser.
- <ryonaloli> since it merely uses firefox.
- * KidBeta (~textual@130.56.93.253) has joined ##security
- * kumagada (~kumagada@45.59.19.229) has joined ##security
- <ryonaloli> (and you can protect against a compromimsed browser, e.g. with apparmor in tails)
- * kumagada has quit (Remote host closed the connection)
- <FFAce> actually I'm also thinking of avoiding tor/i2p all together
- <ryonaloli> FFAce: so you would prefer trusting every single wesite you visit?
- <ryonaloli> man, you should read up on some anonymity appers :/
- <ryonaloli> *papers
- <ryonaloli> droping tor is probably the worst possible thing to do
- * arescorpio has quit (Quit: Leaving.)
- <FFAce> ryonaloli: i'm against that too , which is why i want to use both vpn and tor
- <Crypto-dmtized> Ryonaloli what you know about coding? Before calling out bullshit
- <ryonaloli> all the time i see people saying "omg it's broken!!!1"
- <ryonaloli> Crypto-dmtized: about coding? what do you mean?
- <FFAce> in a way that makes them have to fight each other to compromise my traffic
- <ryonaloli> i have read the tor source code
- <dimitry7> http://techcrunch.com/2013/09/07/the-nsa-can-read-some-encrypted-tor-traffic/
- <ryonaloli> FFAce: unfortunately, a vpn at the other side bypasses tor's protections
- <ryonaloli> didheh
- * finalb0ss has quit (Ping timeout: 250 seconds)
- <FFAce> heh
- <ryonaloli> oh lol
- <ryonaloli> that article is bullshit
- <FFAce> your entire premise is that there will be a linux kernel tcp vuln
- <Crypto-dmtized> Lol doesn't matter.. anybody can read a book n be like I read it.
- <ryonaloli> FFAce: no, it also applies to fingerprinting
- <ryonaloli> which we *know* always is there
- <FFAce> hat is the only scenario in which my security and anonymity will be compromised
- <ryonaloli> FFAce: no, fingerprinting is the biggest concern
- * finalb0ss (~trouble@197.149.195.121) has joined ##security
- <FFAce> fingerprinting is useless in this case if they can't correlate it to a real person/location
- <ryonaloli> becase fingerprinting tied with your vpn having one or a few ips makes it far easier for sites to build up a detailed personality profile
- * theshaz (~yaaic@cblmdm72-241-167-244.buckeyecom.net) has joined ##security
- <FFAce> that's not the problem I"m trying to solve though
- <ryonaloli> also, they can with traffic correlation, which is easier if you have vpns on two sides
- * Malsasa (~Malsasa@114.79.28.73) has joined ##security
- <FFAce> I don't care if they build up a personality profie so long as it can't be traced to me
- <ryonaloli> due to those vpns not using a variety of tor features such as padding
- <ryonaloli> it can be traced to you, that's how personality profiles work
- <FFAce> and I can easily change that on my end
- <ryonaloli> e.g. stylometry
- <Crypto-dmtized> Lol
- <ryonaloli> which works if you have a large sample, the kind a vpn provider and its isp could provide
- <ryonaloli> normally, stylometry is useless because it requires such a big sample size
- <ryonaloli> dimitry7: that article is talking about an older version of tor which used an older protocol, and then cited some speculations that the nsa, given enough time, could possibly break a single handshake
- * x1rt has quit (Quit: WeeChat 1.0.1)
- <FFAce> ryonaloli: in thta case, they'll need the help of the tor guard too right?
- <ryonaloli> unless they get a quantum computer, they cannot physically break 1024 bit public key crypto in real time
- * harukomoto has quit (Ping timeout: 260 seconds)
- <ryonaloli> FFAce: no, the guard is designed to know as ittle as possible about you and your activities
- <FFAce> well..i don't get how "stylometry" can work then
- <ryonaloli> you know what stylometry is right?
- <ryonaloli> writing style analysis?
- <dimitry7> http://bgr.com/2015/07/30/mit-researchers-can-break-tor-anonymity-without-even-touching-encryption/
- <Crypto-dmtized> Quantum is 10 yrs old technology... lol by the time u read news it's 10 yrs old... media is 10 yrs behind.
- * KidBeta has quit (Changing host)
- * KidBeta (~textual@hpavc/kidbeta) has joined ##security
- <FFAce> they'll need to get my local ISP to cooperate?
- <dimitry7> if MIT can do it, NSA did it years ago
- <ryonaloli> dimitry7: that's about hidden services
- <ryonaloli> please read the actual research paper before linking news articles
- <FFAce> ryonaloli: i haven't heard it before but I assumed that's what it meant
- <ryonaloli> furthermore, it requires an impractical sybil attack
- * wildlander has quit (Quit: Saliendo)
- <ryonaloli> and it would also be unable to target specific individuals, but rather deanonymize a few random hidden services, assuming the sybil works
- <ryonaloli> FFAce: right, so that means stylometry affects you so long as your writing is analyzable by whatever you exit from, and it is far worse whne you use a single, static service
- <FFAce> that's fine because the VPN provider is in a different socio-politcal geographic location
- * pjp (~pjp@122.161.184.24) has joined ##security
- <ryonaloli> that's actually often a bad idea
- <FFAce> it'd require adversarial governments to cooperate
- <ryonaloli> because then your trafffic can loop back through the trans-oceanic cable it goes through
- <ryonaloli> it'd require anyone on either side of the cable (so not just one AS, but two)
- <ryonaloli> *either
- <FFAce> that's fine, it's assumed every "cable" can be compromised
- <ryonaloli> that's not a good assumption
- <FFAce> umm..why?
- <ryonaloli> we *know* the trans-oceanic ones are, and that info is availble to nsa, gchq, fbi, 5eyes, 19eyes etc
- <ryonaloli> whereas smaller ISPs, at worst, have compromised cisco courters
- <ryonaloli> *cisco, juniper, etc
- <ryonaloli> which are not used for dragnet
- * Mr_Rhino (~satoshi@179.104.144.253) has joined ##security
- <ryonaloli> simply because those ISPs do not have the capability to use fiber optics, so optic splitters are out of the question
- <FFAce> i assume everyone is compromised lol
- <ryonaloli> it's only a good assumption in specific scenarios
- * radsy has quit (Quit: Leaving)
- <ryonaloli> if you assume evertyhing is equally likely to be compromised, you will come up with a terminally broken threat model
- * BOKALDO (~BOKALDO@81.198.156.86) has joined ##security
- <FFAce> how is assuming a cable you have no control over is secure a good thing?
- <ryonaloli> because you want the chance to be non-zero
- <FFAce> I don't have degrees of "compromisability"
- <FFAce> either it's compromisable or not
- <ryonaloli> then that's a fault of yours
- <FFAce> either I control it or I don't
- * finalb0ss has quit (Ping timeout: 245 seconds)
- <ryonaloli> because we *kknow* the oceanic cables are monitored, due to their using fiber otpics
- <ryonaloli> *otpics
- <ryonaloli> *optics
- <FFAce> I'm not foolish enough to measure the security of something I have no control over
- <ryonaloli> that's not foolish, that's wise
- * A1exs (~Alex@107-147-198-12.res.bhn.net) has joined ##security
- <jeffrey3234> Anyone remember that super paranoid guy from the UK that was on here all the time, forgot his name
- <ryonaloli> FFAce: right now, you are vulnerable to a myriad of adversaries
- <FFAce> assumptions are not wise in security from my experience,neither is guessing
- <FFAce> ryonaloli: exactly
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement