Thursday, June 30, 2011

And The Republican Circus Plays On...Debt Edition!

The debt negotiations have stalled. This is no surprise in and of itself, given the intractable nature of bipartisanship at this stage in our history.  The one thing that both parties can agree on is their mutual desire to make each other look as silly as possible, and the one result they are united in achieving is looking silly without any help from the other side.  President Obama did his part by casting the debt negotiations in terms of Republicans favoring hedge funds and oil companies over the middle class and seniors during his recent press conference, a tone that led to Mark Halperin showing his posterior on Morning Joe, as the clip below shows.

We are governed by people who simply cannot get their act together.  This is true of both sides in the debt negotiations, but what is particularly vexing is that Republicans must understand the cognitive dissonance that anyone following these negotiations is experiencing.  For starters, when you read the Staff Commentary Executive Summary of the Joint Economic Committee, you see that the Republican Party based its projections for debt negotiation on a study authored by Andrew Biggs, Kevin Hassett, and Matt Jensen.  That study, A Guide for Deficit Reduction in the United States Based on Historical Consolidations That Worked, found that deficit reductions containing a ratio of 85% cuts to 15% tax increases were successful.

The significance of this is that the Democrats came to the table with a mix of 83% cuts and 17% tax increases, only to be rebuffed by the Republicans, who got up and walked out of the negotiations altogether.  Not only that, the Republicans then proceeded to demand that tax increases be taken off the table altogether.

Let us consider that the Republicans want $2.4 trillion over 10 years in spending reductions, and let us consider how laughable such cuts are when you realize that an average deficit over the next ten years is projected to be over $1.5 trillion annually.  Simply put, the debt negotiations are a political chip and a sham.  At a time when we ought to be entertaining the elimination of entire federal departments, we're talking about mere spending cuts over a decade that will be rendered meaningless within a year's time.

Neither side is serious about debt reduction, but both sides are deadly serious about making political hay, even if it roils world credit markets and results in the United States defaulting on its debt.  Even if we are faced with a default, nothing will change: both sides will dig their heels in even deeper.  The Democrats will crow about the pressing necessity for new tax hikes, and the Republicans will insist on even deeper spending cuts.  Gridlock is our destiny in this country, no matter who prevails in this fight over the debt.  We have a government of churlish, childish nihilists who don't give a damn about anything beyond their short term political prospects.

An 83% to 17% ratio of cuts to tax increases was a fine point that indicated real progress in the debt negotiations, but the  Republican reaction does not bode well for our future prospects.  You don't take a day off on this issue.  You don't go into recess as the House will do, and you don't walk out of a negotiation two points away from your ostensible goal.  $2 trillion in spending cuts over a ten year period with a Democratic majority in the Senate is nothing to walk out on, and the Republicans ought to be flogged at the polls if these talks fail to produce a resolution.  While the overall effect is meaningless given our annual deficits, change is incremental and $2 trillion in cuts this year would have been a start on even more cuts next year and the year afterwards.

Can you imagine an energized Republican base at the polls in 2012 with $2 trillion in spending reductions and the prospect of even more in 2012 and beyond?  Walking out of the negotiations was an incredibly stupid and immature gesture by the Republicans, and those of us who have flogged them towards getting serious about debt reduction should be incensed.  The Republicans were two percentage points away from the target, and they chose to try and move the goalposts in a way that could very well end of up becoming the Pence Amendment of debt negotiations.

The time has come for the Tea Party and libertarian Republicans to begin flogging the GOP back to the table, and every one of us who lit up the phones for health care reform should be doing the same over debt negotiations.  No time off, no vacations, no recesses, get the job done for this year and make progress for the future.  It's time for the Republicans to understand that this is not a political game; rather, it is the future of this country.

With fully half of the country not bearing any federal tax burden whatsoever, the idea that $400 billion in tax increases versus $2 trillion in spending cuts is onerous is laughable.  At most, the Republicans can put themselves in a position to sell $2 trillion in debt reduction progress to the electorate as a means of gaining majorities that would then repeal any and all of the $400 billion in tax increases while cutting government spending even more.  The Republican Circus suffers from an epidemic of myopia, if their performance of late during the debt negotiations is any indicator.


Phillip Greaves II: Pedophile Author CNN Coverage

Wednesday, June 29, 2011 Pedophile Website Shut Down

Jack McClellan, Proud Pedophile...Hanging Out at the Children's Section in the Local Library

Jack McClellan Proud Pedophile Arrested

Fox News on Proud Pedophile Jack McClellan

A Proud Pedophile Gives An Interview on the News: Jack McClellan

This is where we've come in our society: a pedophile by the name of Jack McClellan gave The Morning with Mike and Juliet an interview in which he professed his attraction for girls as young as three years of age. He did so openly, notoriously, and without a hint of shame or regret.

Snuff: Film Now Available on Netflix

British Pedophile Interviewed

Geoffrey Leonard, Australian Pedophile: Sex With Five Year Olds Is Okay

This is Geoffrey Leonard, an Australian pedophile who advocates for the repeal of child sex laws in Australia, being confronted by a news reporter.  The encounter is quite illuminating as to the thinking of pedophiles and the sheer audacity of pedophile advocates.  Watch and learn.

Confronting The Past To Ensure The Future

There is a shift in attitudes taking place among nations who were hit by the Arab Spring uprisings and the banking crisis.  Increasingly, nations like Egypt and Iceland are realizing that engaging the international banking structure is an invitation to enslavement.  Iceland defeated a referendum on April 9 that would have required the taxpayers of Iceland to pay back the deposits of Dutch and British depositors who lost their money when Icesave bank collapsed.  In spite of threats from Britain and the Netherlands to block Iceland's entrance into the European Union, the people of Iceland went ahead and defeated the referendum with 58.9% of the vote.

Think of it: international bankers are using the threat of economic isolation to intimidate and compel taxpayers to subsidize the losses of foreign depositors.  As it stands, Iceland's debt is being downgraded, not because the nation of Iceland has shown an inability to pay, but because its private banks aren't able to foist their losses onto the taxpayers.  It's called capitalism; the notion that private profits and losses should remain private with nominal costs for infrastructure and enforcement being collected through taxation.

In Egypt, the Finance Minister is rejecting an IMF loan offer and a World Bank loan offer for the stunning option of cutting spending.  Imagine!  If you aren't taking in enough money to meet your budgetary outlays, you cut spending! What a novel idea!

The IMF and the World Bank cannot point to a single success story in their history whereby one of their partner states emerged from poverty to become self-sustaining.  Only when nations have rejected the IMF and spurned the World Bank have they broken the cycle of perpetual debt to two institutions whose ostensible purpose is to fight poverty.  Instead, what the IMF and the World Bank do is ensure the perpetuation of poverty and the consolidation of a state's wealth in the hands of foreign investors and interests who then ride roughshod over the natives and the democratic process.

We are seeing new alternatives to both the IMF and the World Bank emerge, such as the Bank of the South, the Africa Development Bank, and the Asian Monetary Fund.  As we see these alternatives take hold, you can expect that Western involvement in coups attempts and so-called democracy movements will escalate.  We're entering an era where people in areas of the world like Africa, Asia, and South America are beginning to take their own destiny in hand, and the financiers of the West aren't likely to look upon such developments with anything other than sheer hatred.

The financial institutions of the West, in partnership with central banks, created the conditions for this crisis and exported their inflation abroad by printing money to cover the losses of private banks.  That money was also used to spur speculation in commodities markets abroad, an act which has led us to widespread inflation in food prices.  It was an effort by western interests to shove the costs and consequences of their short-sighted regulatory approach to foreign markets.

The time has come for the financial hegemony of the west to be broken, and the general populations of western countries should be quite pleased with this development. After all, it was our banking system that created a massive bubble and destroyed tens of trillions of dollars in wealth in the process of bursting that bubble.  The idea that the institutions who make up that banking system possess a peculiar acumen for banking is belied by the fact that we have had 21 economic downturns in the past century.

Competition in markets is good, and the emergence of new alternatives to the World Bank and the IMF holds the promise of spurring competition and therefore enabling nations to gain access to credit on better terms in order to better serve the interests of their people, as opposed to a certain subset of their people.  These developments will not lead to the decline of the western nations; rather, they will lead to the decline of oligarchical power banks currently exercise over our credit markets and our public policy.  No one would lament the passing J.P. Morgan Chase or Goldman Sachs if either or both of those institutions were to fail, and such a reality is the fault of the two institutions. They have behaved themselves with flagrant disregard for the law, and outright disdain for any standard of ethical or decent conduct in business.  They have framed their conduct in Darwinian terms, but when faced with the possible consequences of a Darwinian outcome, they ran to the government for help in order to avoid succumbing to a circumstance of their own making.  So much for the survival of the fittest: the weak were able to re-fortify themselves on your money and emerge stronger than ever.

It is time for such institutions and their investors to fail in order for a new world economy to merge, one where success is determined by actual merit in lending and solvency depends on what one actually does in the business arena rather than one's connection to regulators and politicians.   The vast majority of people within our world would be ecstatic to see such a system emerge, but policies are not determined by voters.  They are determined by those who line the pockets of politicians with contributions and the promises of lucrative future employment and investment opportunities.

Americans would do well to look at the example of their peers in North Africa, Iceland, Spain, and the Middle East.  We are in a war for democracy, but we are not fighting back effectively or with the urgency necessary to defeat the banking industry and prevent another economic implosion.  Our leadership is gridlocked, and their solutions are cosmetic.  Several trillion in cuts over a decade is laughable at a time when one annual deficit will equal or exceed two trillion dollars.

We need change, and we must start with an insistence that the financial crisis be addressed head on with real prosecutions, the break up of the major banks, and the cleaning out of regulatory agencies that failed to do their job where oversight and enforcement were concerned in the lead up to this crisis.  We must begin to confront the disastrous legacy of the Federal Reserve, an institution that has devalued the dollar by over 97% since its founding.  In the legislation that created the Federal Reserve, a solution exists: we must pay the Federal Reserve one billion dollars and reclaim power over our currency for the people rather than the financial oligarchs whose interests the Federal Reserve represents.

We must demand the following in 2012:

  • A commitment from every candidate to vote for the defunding of the IMF and the World Bank. Not one dollar of taxpayer money should go to these corrupt and inefficient institutions. 
  • A commitment from every candidate to vote for legislation which would pay the Federal Reserve $1 billion in order to reclaim power over the American dollar.  
  • A commitment from every candidate to vote for the establishment of a central bank that is accountable to Congress and completely transparent, with annual audits that are made publicly available.  
  • A commitment from every candidate that foreign depositors and investors will not receive one dime of American taxpayer revenue if a private institution in which their money is deposited goes bankrupt.  
  • A constitutional amendment barring the use of public dollars to bail out private businesses.  
Only when we reclaim power over our currency will we be free of the endless boom-bust cycles of the Federal Reserve and the interests it represents.  Our central bank should be responsive to our interests as a people, and it should not be a piggybank to back the losses of private interests through the devaluation of our hard-earned money.  We must begin to forge a new era of cooperation with those alternatives to the existing financial order, one which sees us begin to grow new alliances and gain new commercial relationships with emerging markets that are mutually advantageous to both sides.  Only then will we have the opportunity to extricate ourselves and our budget from the endless foreign interventions that currently define our country.  

When business is good, war is a bad idea.  Only when the destructive policies of short-sighted individuals are allowed to prevail does conflict become inevitable, because in such instances, people find themselves unable to eat or survive.  Their money is worthless, and they cannot earn or access the basic necessities they require to survive through civilized means.  Chaos is the inevitable result.  Each nation is the steward of the interests of its people, and only through cooperation can we begin to understand that those interests are not mutually exclusive.  Instead, they are interdependent.  

There will be those individuals and countries who act irrationally, and we will have to confront them with strength in order to resolve the threat they present. We must recognize that the greatest preventative to the emergence of fascistic and fanatical regimes is prosperity.  When people are desperate, they will turn to any ideology that promises deliverance.  This is how National Socialism managed to gain traction, and it is how Communism managed to gain acceptance and support.  Such ideologies never deliver on their promises, for they are rooted in fanaticism and paranoia rather than reality.  

We have a vested and universal interest in ensuring that people around the world are able to earn a living with their own labor and genius: that interest is peace.  Military excursions merely consume endless resources and energies; they do not give rise to the sorts of creation that can expand horizons and widen opportunities for entire populations.  They are destructive of infrastructure, of money, and of human life. Only as a last resort should such force be utilized, and only when conflict is an imminent certainty should a defensive effort be deployed.  We must always be prepared and ready, but we must never been quick in our judgments and our decisions. 

Our financial institutions have always sold us the necessity for immediate action without deliberation in order to hasten their pillaging of public treasuries.  Their influence on public policy has been destructive at every turn.  Their pressure and influence ensured that people without the ability to repay loans were given credit that would inevitably lapse into a defaulted status.  Despite the narrative that banks are fond of presenting, that regulators and politicians forced their hand, the fact remains that we have ample evidence that when banks do not want to follow the law, they are extremely gifted at evading the spirit and the letter of the law with their actions.  We must not accept myths as the truth.  Banks were as complicit as the politicians they bankrolled in creating this crisis, and even they were faced with pressures to commit untoward acts by those politicians, they failed to deploy their overwhelming resources in opposition to the pressure.  Our financial institutions have an interest in endless conflict and poverty, for they may arbitrage from human misery the one item they truly adore: profit.  

Banks failed to utilize their resources and energies to bring such pressure to the light of day with the American people.  They failed, because the truth was that banks were not opposed to the ideas put forth by individuals like Representative Barney Frank.  They saw the opportunity for short-term profits, and they took those opportunities even though they knew that such practices would be destructive of their long-term interests and the interests of the United States as a country.  Indeed, the entire world now suffers under the consequences of short-term motivations and a failure to insist on meaningful debate and deliberation in public policy.  

The time has come to recognize the sins of our past, to acknowledge our wrongs, and to turn our faces from such errors in order to construct a new system based on common sense and personal responsibility rather than intellectual disingenuousness and a sense of individual entitlement.  Nowhere is this more true than in our country, where we have unparalleled prosperity and an unrivaled standard of living. We have risked this, and the inheritance of future generations of Americans, by suspending our sense of responsibility to others and behaving with total recklessness in our finances.  From the individual with overwhelming credit card debt to the institutions leveraged with staggering debt to asset and debt to equity ratios, America has become a nation of individuals and institutions defined by their refusal to acknowledge common sense or ethical and moral restraint.  

Many of us were raised by parents who instilled in us a sense of right and wrong, and we were taught basic arithmetic that enabled us to understand the difference between the possibilities afforded us by our means and those options available to us if only we would entertain an ethical blurring of the lines.  There is no shame or weakness in living within your means; but there is inevitable disgrace and deep shame in imploding under the weight of foolish decisions, unable to ensure that you and your family or you and your institution's employees can continue to meet your obligations.  

The time has come for America, and the world at large, to recognize that our decisions have been foolish.  We have incentivized bad behavior by allaying its consequences, and we have heaped up for ourselves a greater and infinitely more costly day of reckoning in the future.  It is time to own our actions, to square our debts, and to face the consequences with courage and resolve.  No one ever solves a problem by pretending that it doesn't exist or by understating its severity.  We are the nation who stormed the beaches at Normandy, who avoided nuclear war and managed to defeat Communism through restraint and prudence, and we are the nation that will face this crisis and lead the way for the world going forward to a new era.  

Our problems may be great, but our resolve and our courage must be greater.  We have faced circumstances such as these before, and we survived and led the way forward.  It is time to summon greatness, and to dig deep within ourselves for the courage to accept what must be done.  Every American and every citizen of the world will have to accept difficult choices and solutions, including those individuals and groups who have typically been immunized from consequences by their wealth and the privilege thereof.  No more.  Those individuals made this crisis, and they will share in the consequences.  We will meet this challenge just as we have met so many others, and we will emerge from it stronger and wiser for the difficulties we have faced.  

The root of American strength is not in the stockpiles of weaponry we have at our disposal, or the numbers of fighting men and women we can deploy abroad.  The root of American strength is not in our money, or the economy that gives us unrivaled power and prosperity. The root of American strength is in what makes the economy possible: the will of American workers and executives to work hard, to innovate, and to better their lot in life through their own efforts.  We can and will do this, and we will do it by our own effort.  

The time has come to acknowledge that fundamental change is necessary in our government.  Those who make up its ranks are part of an old and failed order, and for progress to occur, we must do away with that old order so that we may erect a New America that pays homage to the Old by summoning those characteristics and qualities that made us great and will restore our greatness and our reputation going forward: ingenuity, hard work, a commitment to ethical behavior in our dealings with each other, frugality, and common sense.  

Fear and division are not the answers to our problems.  A false sense of unity rooted in glib understatements of our problems is not the answer.  A reasoned, measured recognition that we are facing the worst economic crisis in seven decades, combined with the understanding that we met that economic crisis and survived and a determination to meet this economic crisis head on is the answer.  We will all forego conveniences, and we will all face difficult choices.  There will be higher taxes for some of us, and for others there will be reduced services.  But when we emerge from this, we will have served our country through a difficult time that threatened our position as the leading civilization on this planet.  We will have strengthened our nation going forward, and we will have ensured a better life for those who come after us.  The rewards will be greater going forward than our inconveniences as we go through these difficult times.  Not only our country, but also the countries of this world, will be served as Americans take the lead in dealing with this crisis.  

American leadership is the standard by which all nations are measured.  We will not leave a vacuum of leadership because we were too busy bickering over petty ideological differences to meet our responsibility to future generations of Americans and citizens of other countries around the world.  We are the hope of the entire world, and we will not fail in our efforts to fulfill that hope.  America is unique. We do not entertain or accept the possibility that we might fail, for we must not fail.  The hopes and dreams of an entire world depend upon our efforts and our courage.  

We are greatness, and with greatness comes responsibility.  Though we have stumbled, and though we have quarreled, we have not surrendered.  The time has come for our focus to be restored, and for our sense of community and common responsibility to the legacy of our nation to come back into primacy.  We will succeed together, and we will reap the common benefits of victory together.  

It is time to re-imagine ourselves, our nation, and to go forth as a New Colossus to fashion our own history.  We are not bound by the failures of our past; instead, we must be invigorated by the potential of our future.  America isn't over yet.  

Years ago, the world predicted that we would be surpassed by Japan.  Japan did not rise to that prediction.  Today, the prediction is that China is on the precipice of surpassing America.  Those who underestimate our determination and resolve to compete commit a fatal mistake.  If we are to be surpassed by anyone, it will be nation we build going forward.  Our destiny is our own to make and determine, and it is not subject to the efforts of others.  If we are surpassed, it will not be by the efforts of a China, an India, or a Japan.  It will be because we failed to build a nation that surpassed the one we currently occupy.  That is not going to happen, because we will not allow it to happen.  Ingrained within each American individual is the audacity to imagine the impossible and the hubris to attempt realize the impossible.  

The institutions we create to accomplish the impossible have given us the Internet, the computer, and they have sent men to the Moon.  We have reached the farthest expanses of our galaxy with satellites, and we have seen millions of years into the past with our telescopes.  We have cured polio, and we are envisioning and creating the cures for AIDS and cancer as I write this.  We have put a man of color into our nation's highest office.  One operating system created by one American company runs over 95% of the world's computers.  Our culture permeates every corner of the globe, and our commerce is 40% of the GDP our leading rival.  

Looking back on what was, how can we doubt the future that is possible if only we reach within ourselves to envision what might be and to go about creating it?  America: it will be whatever you make of it or whatever you don't make of it.  So will the world in which America exists, for we define our time and place in history.  We always have, and we always will.  It is up to us to ensure that the world which we define will be one that is decent and prosperous, defined by a commitment to human rights and prosperity for those who wish to work and innovate.  

We will sacrifice today for the promise of a better and stronger tomorrow, just as generations of Americans before us have done.  We will entertain all options towards that end, because our commitment an ideology or partisan ideal cannot take the place of our dedication to America as an ideal and a promise.  This is our time, and this is our opportunity to revolutionize America and make her better than she has ever been.  

Monday, June 27, 2011

How The Police Bypass Passcodes for iPhones: Fort Worth P.D. document

In addition to new devices designed to enable police to pull all of the data on your smartphone without bypassing the keypad, the police have long had a workaround for the iPhone, as the following document from the Fort Worth Police Department makes clear.  You should not assume that you have security or privacy when confronted by the police, and as a result you should not store any kind of compromising information on your iPhone or any other smartphone.  If you are waiting in line at a checkpoint and you do have such information on your phone, type in the wrong passcode on your phone the required number of times to erase the phone. This can be anywhere from 5 to 10 times depending upon the model.

The other alternative is to pull the SIM card from the smartphone yourself and destroy it.  If you live in Georgia, Florida, or California, the courts have already upheld warrantless cell phone searches.  Only in Ohio have courts rejected warrantless cell phone searches, so if you live in any of the 46 other states in our country, you are faced with the prospect of dealing with police who will push the issue until they are stopped by the courts.  You do not want to be a test case.  Erase the phone, destroy the SIM card, do whatever you have to do to protect yourself from an unconstitutional search.

You should realize that your phone contains GPS data of your location, data relating to who you called and when you called them, and whatever calendars or personal information you may have stored on the phone.  Many of us use diary apps on our phones, and we store personal information and intimate knowledge on those apps.  Protect yourself at all times.

iPhoneworkaround.pdf Download this file

How The Police Bypass Passcodes for iPhones: Fort Worth P.D. document

In addition to new devices designed to enable police to pull all of the data on your smartphone without bypassing the keypad, the police have long had a workaround for the iPhone, as the following document from the Fort Worth Police Department makes clear.  You should not assume that you have security or privacy when confronted by the police, and as a result you should not store any kind of compromising information on your iPhone or any other smartphone.  If you are waiting in line at a checkpoint and you do have such information on your phone, type in the wrong passcode on your phone the required number of times to erase the phone. This can be anywhere from 5 to 10 times depending upon the model.  

The other alternative is to pull the SIM card from the smartphone yourself and destroy it.  If you live in Georgia, Florida, or California, the courts have already upheld warrantless cell phone searches.  Only in Ohio have courts rejected warrantless cell phone searches, so if you live in any of the 46 other states in our country, you are faced with the prospect of dealing with police who will push the issue until they are stopped by the courts.  You do not want to be a test case.  Erase the phone, destroy the SIM card, do whatever you have to do to protect yourself from an unconstitutional search.  

You should realize that your phone contains GPS data of your location, data relating to who you called and when you called them, and whatever calendars or personal information you may have stored on the phone.  Many of us use diary apps on our phones, and we store personal information and intimate knowledge on those apps.  Protect yourself at all times.  





iPhoneworkaround.pdf Download this file

Posted via email from Screed of Momus

Sunday, June 26, 2011

Lulz Cryto Talk

#School4Lulz  Crypto Talk - - Find us at
Donations to 18hRWnxoHztBPDYQ9bPA1uUpN8LTrd7xbB -> Bitcoin
Advanced Classes coming soon

StalluManu: Everyone here?
[17:38:38] ~Fox: nigga
[17:38:38] %eax: lolwat
[17:38:42] ~Fox: 6:13:37
[17:38:52] lolwat: it's 01:38 GMT
[17:38:56] lolwat: i'm in portugal, so...
[17:38:59] lolwat: time to sleep =(
[17:39:13] %eax: aww
[17:39:13] Dox: pst?
[17:39:24] lolwat: take 8 hours
[17:39:28] %LordKitsuna: 5:39
[17:39:30] lolwat: 01:39 AM i mean
[17:39:44] Dox: then you miss out :(
[17:40:00] lolwat: i read the logs... :)
[17:40:15] Dox: yeah I have had to aswell, was on a trip for a few days
[17:40:19] ~Fox: Well
[17:40:27] Fox sets mode +h StalluManu
[17:40:34] ~Fox: StalluManu is todays guezt speeker
[17:40:41] zone: yay
[17:40:46] ~Fox: Ask this nigga if he is ready to start
[17:40:56] %StalluManu: always read.
[17:40:58] Hellspawn: Scuse me Nigz, you ready?
[17:40:58] %StalluManu: *ready
[17:41:13] %StalluManu: so, we start early then?
[17:41:17] %eax: stallu is a cool cat
[17:41:17] Anorov: what's this lesson on?
[17:41:18] zone: NAO
[17:41:21] zone: +m
[17:41:25] Hellspawn: Cryptography and detection.
[17:41:25] Fox sets mode +m
[17:41:36] ~Fox: dont be askin me for v and shit
[17:41:40] %StalluManu: LISTEN UP FAGS. You've learned shit that can get you v&.
[17:42:17] %StalluManu: Today's goal is to educate you pieces of grabbastic amphibian shit on how to prevent other people from doxing you, and how to prevent going to jail.
[17:42:29] %StalluManu: First of all...
[17:42:37] -CTCP- VERSION from StalluManu
[17:42:45] %StalluManu: Wow....
[17:42:49] %StalluManu: Some of you even use MIRC.
[17:42:52] whiteh8 ([email protected]) joined the channel.
[17:43:03] %StalluManu: You see, to prevent people from doxing you.. you first have to have a secure box yourself.
[17:43:05] Fox sets mode +h whiteh8
[17:43:07] %StalluManu: so STOP RUNNING SHIT SOFTWARE.
[17:43:15] %StalluManu: Mirc is a fine example of it.
[17:43:19] %LordKitsuna: xchat= shit?
[17:43:29] %whiteh8: thx fox
[17:43:38] %StalluManu: xchat=shit.
[17:43:52] %StalluManu: prefer anything with SIMPLE CODE. commandline > GUI.
[17:43:58] %StalluManu: Less code is LESS TO EXPLOIT.
[17:44:10] %whiteh8: #hipsterhackers
[17:44:13] %StalluManu: More urgently: get the fuck rid off of mirc.
[17:44:22] %StalluManu: There's two exploits in the wild that i know of, one that i have.
[17:44:32] %eax: kthnx
[17:44:54] %StalluManu: now that you all know that you're running retarded software, i recommend you install linux.
[17:45:18] %StalluManu: 'cause i will not try to cover patching up a windows box, and windows specific shit.
[17:45:57] %StalluManu: So, let's say you got your retarded ass into trouble, and got hacked. Sorry, but you're fucked. This talk is not going to help you.
[17:46:29] %StalluManu: However if you seek to prevent the feds that will undoubtedly raid your home one day from reading your logs, stay the fuck in here.
[17:46:45] %StalluManu: The basics: get truecrypt.
[17:47:03] %StalluManu: On linux you will need to modify your initrd to encrypt a full partition, check the arch or gentoo wiki on how to do that.
[17:47:23] %StalluManu: if you dont, why the fuck bother?
[17:47:27] %whiteh8: (unmount it every night)
[17:47:44] darkmatter ([email protected]) joined the channel.
[17:47:45] %StalluManu: whiteh8: good point.
[17:47:49] %whiteh8: before bed
[17:47:51] %StalluManu: Feds will probably raid your house at night.
[17:47:59] %whiteh8: 4-6am
[17:48:06] %StalluManu: So if you want to prevent them from recovering shit, shut that shit down.
[17:48:06] lululu ([email protected]) joined the channel.
[17:48:24] %StalluManu: Now, here's the idea for REALLY FUCKING PARANOID PEOPLE.
[17:48:42] %StalluManu: #1: Compile gentoo and make a /boot and / partition on a microsd card.
[17:48:50] %StalluManu: add truecrypt to your initrd.
[17:49:06] daniel ([email protected]) joined the channel.
[17:49:10] %StalluManu: add various checksums of files in your initrd to the truecrypted root partition: so you know when you're compromised.
[17:49:28] %StalluManu: from now on you run your OS from that microsd card.
[17:49:41] %StalluManu: keep ONE backup, burried somewhere.
[17:50:00] %StalluManu: now. wat do if feds raid your house and the comp is still on?
[17:50:06] %StalluManu: you boot from that card remember?
[17:50:08] %StalluManu: pull the card.
[17:50:10] %StalluManu: break it in half.
[17:50:10] %StalluManu: eat it.
[17:50:32] %StalluManu: good luck to the fed trying to recover from a broken encrypted piece of flash memory.
[17:50:50] %whiteh8: that's awesome
[17:50:55] %StalluManu: Note: we're covering hardware shit now.
[17:51:03] DaveH ([email protected]) left IRC. (Ping timeout: 240 seconds)
[17:51:12] %StalluManu: good point faggot.
[17:51:20] %StalluManu: The way they recover the key when your box is on is a cold boot attack.
[17:51:36] %StalluManu: If you use liquid nitrogen to freeze the RAM banks, they retain their data pretty well.
[17:51:42] %StalluManu: That data contains the decryption key of your volume.
[17:51:45] %StalluManu: if they do this, you are fucked.
[17:51:47] %StalluManu: But no worries.
[17:52:03] %StalluManu: You can avoid this using a really goddamn simple technique.
[17:52:21] %StalluManu: #1: Epoxy the bios battery in place WITH A FUCKTON OF GLUE (dont cover the pins that connect it).
[17:52:28] %StalluManu: #2: EPOXY YOUR RAM IN PLACE
[17:52:32] %StalluManu: #3: set a boot password.
[17:52:40] %StalluManu: voilla, they cant boot, they cant take the ram, they cant extract data.
[17:53:01] %StalluManu: so even if they raid you, get the card whole, the computer online, they cant do shit.
[17:53:22] ~Fox: Thermite is for the movies faggots.
[17:54:00] %StalluManu: Now, after you do this you wont be able to reset your bios, so you better not fuck it up/forget the password, or your box is bricked.
[17:54:13] %StalluManu: The key here is that a COLD BOOT ATTACK CAN WORK FOR UP TO 45 MINUTES AFTER SHUTDOWN.
[17:54:15] %StalluManu: REMEMBER THAT FAGS.
[17:54:16] %StalluManu: 45 MINUTES.
[17:54:58] %StalluManu: oh, and dont cover chips, they get hot, kthnx?
[17:55:19] %StalluManu: Now that we've got the physical part of cold booting taken care off, there's more common shit.
[17:55:24] %StalluManu: HARDWARE KEYLOGGERS.
[17:55:46] Inquisition ([email protected]) joined the channel.
[17:56:06] smegma ([email protected] joined the channel.
[17:56:12] %whiteh8: two things; it's not illlegal for feds to break into your place and put bugging devices in place
[17:56:22] %whiteh8: if you're going across the border, MAIL your laptop to your hotel
[17:56:38] ~Fox: *
[17:56:39] %StalluManu: laptop void if seal is broken.
[17:56:42] ~Fox: ProTip:
[17:56:56] noneya1238 ([email protected]) joined the channel.
[17:57:06] ~Fox: Any time I go through the airport, Laptop is FedEx overnighted to the hotel.
[17:57:14] ~Fox: SD Card is kept in my wallet
[17:57:17] xlate ([email protected]) joined the channel.
[17:57:21] ~Fox: Keyfile is kept in checked luggage.
[17:57:24] ShadowDXS ([email protected]) joined the channel.
[17:57:28] %StalluManu: PROTIP: you have dollar coins that can house a microsd card.
[17:57:32] %StalluManu: BUY ONE.
[17:57:35] %StalluManu: put the microsd card in it.
[17:57:39] ~Fox: +1
[17:57:42] %StalluManu: easy walk trough customs even if they check your fucking wallet.
[17:57:45] eax sets mode +v darkspline
[17:57:53] %StalluManu: everyone follow?
[17:58:00] %StalluManu: Because shit will get a lot more technical and hairy later on.
[17:58:02] %whiteh8:
[17:58:48] %StalluManu: Recommended distro: gentoo, a huge fucking install in a squashfs image (See also: how to make a liveusb) takes only 2gb.
[17:58:50] eax sets mode +v Shidash
[17:58:58] %StalluManu: Now here's a few pointers before you go booting off of flass.
[17:59:00] %StalluManu: *flash.
[17:59:06] %StalluManu: FORMAT WITH EXT2. you do NOT want a journal.
[17:59:18] %StalluManu: mount with noatime nodiratime, you do NOT want excess writes.
[17:59:28] %StalluManu: After 10-100 writes per block, flash memory DIES.
[17:59:32] Fox sets mode +h t
[17:59:37] %StalluManu: so a 16gb sd card takes 160gb of writes, then it's DEAD.
[18:00:08] %StalluManu: you WILL run into this the first one or two months you use and tweak your distro.
[18:00:24] %StalluManu: Now that you've got this k-rad setup, you think that the government can't bruteforce your shit.
[18:00:28] %StalluManu: WRONG.
[18:00:38] %StalluManu: There's ps3 truecrypt bruteforcers (dictionary attack) out there.
[18:00:45] %StalluManu: yes for truecrypt volumes
[18:01:02] %StalluManu: the NSA can currently guess about 1.5m truecrypt keys a second, making a 8 characters password within their reach.
[18:01:13] %StalluManu: now, there's a solution to that.
[18:01:26] %StalluManu: But first more about what encryption does.
[18:01:28] %StalluManu: Encryption CAN ALWAYS BE CRACKED.
[18:01:29] %whiteh8: mine's over 30
[18:01:38] %StalluManu: mine's over 60 chars.
[18:01:43] %StalluManu: i got two passes btw.
[18:01:54] +Shidash: Mine is over 60
[18:02:01] %StalluManu: Now: what encryption does is BUY YOU TIME.
[18:02:28] %StalluManu: you are HOPING for the persecution limit (am i saying this right) of your crime to expire before the encryption is cracked.
[18:02:39] ~Fox: prosecution.
[18:02:52] @garrett: what
[18:02:57] @garrett: the statute of limitations?
[18:03:00] @garrett: cmon
[18:03:01] ~Fox: THANK YOU
[18:03:01] %StalluManu: yup.
[18:03:09] %StalluManu: I'
[18:03:09] %whiteh8: that's typically a few years
[18:03:12] @garrett: you're joking right?
[18:03:12] @garrett: like
[18:03:14] @garrett: you're implying
[18:03:15] ~Fox: Decade.
[18:03:16] @garrett: that the government
[18:03:17] %StalluManu: I'm not an Amerifag.
[18:03:18] @garrett: will waste
[18:03:21] @garrett: millions in resources
[18:03:25] @garrett: so they can crack your drive
[18:03:30] @garrett: so they can see you looking at furry porn
[18:03:32] @garrett: and you 600 bots
[18:03:34] %StalluManu: In the european union the statue of limitations is 18 years for computer crime.
[18:03:35] @garrett: be realistic.
[18:03:38] ~Fox: Lol
[18:03:40] ~Fox: Hold up
[18:03:46] ~Fox: let me lay down the law real quick
[18:04:02] ~Fox: Now, your level of 'hot-ness' is dependent upon what they got you for
[18:04:12] +Shidash: garrett: They have a limited budget. Waste enough time and money and they stop.
[18:04:17] ~Fox: They kick in your door for a simple unauthorized access of a DC box,
[18:04:25] ~Fox: You get maybe a few days worth of their time
[18:04:27] ~Fox: You hit a company
[18:04:40] FireStarter ([email protected]) left IRC.
[18:04:44] ~Fox: Hell maybe you get six months of their time, maybe more, maybe less.
[18:04:46] Bruiser_ ([email protected]) left IRC. (Quit: Leaving)
[18:04:47] ~Fox: You hit them,
[18:04:52] ~Fox: maybe you see a year or two
[18:04:54] @garrett: lol
[18:04:54] @garrett: ok
[18:04:55] @garrett: so
[18:05:06] @garrett: in order for any electronic case to be viable in federal court
[18:05:07] %StalluManu: You are me: you get all their time.
[18:05:14] %whiteh8: honestly if you aren't playing around with money, they're not going to waste a lot of time on you
[18:05:15] @garrett: you have to cause X number of monetary damage
[18:05:25] figgybit ([email protected]com) left IRC. (Ping timeout: 240 seconds)
[18:05:41] @garrett: you guys should really read up on stuff like this before just babbling paranoid nonsense
[18:05:42] tzaki ([email protected]) left IRC. (Remote host closed the connection)
[18:05:47] %StalluManu: garett: That depends, again, on the country.
[18:05:47] @garrett: and scaring the kids
[18:05:56] %StalluManu: garett: The european union will screw you in the ass, then some more.
[18:06:12] %StalluManu: garett: Don't believe me? Ask Awinee lulz.
[18:06:15] ~Fox: @garrett respect your enemy :/
[18:06:18] %StalluManu: They even go after DDOS Kids.
[18:06:18] +Shidash: If you are playing with their documents then they will still spend time on you.
[18:06:27] ~Fox: Ok we're getting into a debate here
[18:06:29] @garrett: Oh ofc
[18:06:37] ~Fox: So just to kill it
[18:06:38] %StalluManu: ok.
[18:06:40] %StalluManu: here's the deal.
[18:06:51] ~Fox: You fuck up, you best hope you made sure you handled business.
[18:06:52] ~Fox: Period.
[18:06:54] %StalluManu: you piss off someone important, show their incompetence. they will rape you.
[18:07:15] %StalluManu: Now, security is about buying TIME.
[18:07:26] %StalluManu: The amounth of TIME You buy varies depending on the STRENGTH of your encryption.
[18:07:33] %StalluManu: STRENGHT is not measured in bits of key.
[18:07:42] tzaki ([email protected]) joined the channel.
[18:07:43] %StalluManu: aes-256 has a SHITTY key scheme and is weaker than aes-128.
[18:08:05] %StalluManu: You generally want LAYERS Of encryption.
[18:08:08] CallumP ([email protected]) left IRC. (Quit: Colloquy for iPhone -
[18:08:21] %StalluManu: If one cipher is broken, because shit happens or it was backdoored, they'll have to break the next, and so on.
[18:08:31] %StalluManu: The more ciphers, the more TIME it takes.
[18:08:35] %eax: brb
[18:08:48] eax ([email protected]) left IRC. (Remote host closed the connection)
[18:08:51] %StalluManu: Ok, so now you've got a huge ass password, and a huge ass set of strong ciphers( google for them fag).
[18:08:58] %StalluManu: HOW THE FUCK DOES IT WERK?
[18:09:14] %StalluManu: Ok, your password is hashed, using a one-way function.
[18:09:33] %StalluManu: Think of a hash function as counting: 1 for a, 2 for b, and adding it. Just in a way that is cryptographically secure, and unlikely to generate collisions.
[18:09:43] garrett sets mode +v tminus
[18:09:47] %StalluManu: a hash COLLISION (a+a=b) means you can use a DIFFERENT pass to decrypt the data.
[18:09:52] %StalluManu: which is bad.
[18:10:06] %whiteh8: 2 strings evaluates to the same hash
[18:10:12] %StalluManu: collisions are dependent on the hash function, but mostly on the LENGTH Of the hash in bits.
[18:10:30] %StalluManu: weak algorithms: md5,sha1,md4,ntlm,lm
[18:10:43] +darkspline: what do you prefer?
[18:10:43] %StalluManu: strong algorithms:whirlpool,ripemd160,sha512
[18:10:46] +darkspline: k
[18:11:01] %StalluManu: Now, these hashes are important.
[18:11:05] %StalluManu: You see, they ARE not the password.
[18:11:09] %StalluManu: And there's no way to reverse them.
[18:11:14] %StalluManu: then how the fuck do you check if the password was correct?
[18:11:27] +darkspline: whirlpool(pass)
[18:11:37] %StalluManu: well, you run the password that's entered trough the hash function, compare the value, if they are the same, they are the same password.
[18:11:43] %StalluManu: (with a high likelihood)
[18:11:50] %StalluManu: (really fucking high likelihood)
[18:12:09] %StalluManu: hashes are bruteforcable because of the way you check them.
[18:12:14] %StalluManu: You have a hash function, and a hash.
[18:12:15] %whiteh8: StalluManu, on that same note, md5 file checksums will also collide, in case that wasn't clear to anyone
[18:12:31] LJ_Borges ([email protected]) joined the channel.
[18:12:36] %StalluManu: You run random passwords trough the function till you have a match, then you know the password.
[18:12:40] %StalluManu: This is how hash bruteforcing works.
[18:12:54] %StalluManu: (usually not a random password, but incremental, for the dumbasses under us)
[18:13:09] %StalluManu: Bruteforcing is REALLY FUCKING FAST if you design your function shittily.
[18:13:31] %StalluManu: You see, you can just compute hashes beforehand, and run a password against a table of them (actually chains of them, later more on RTS).
[18:13:50] %StalluManu: That makes it really fucking efficient to pwn your password! Fuck! we dont want that!
[18:13:58] %StalluManu: the solution: say whirlpool is your hash function
[18:14:04] %StalluManu: so whirlpool("ANUS")=some hash
[18:14:14] %StalluManu: you just do whirlpool(whirlpool("ANUS"))
[18:14:24] %StalluManu: and continue applying whirlpool till it's really fucking slow.
[18:14:27] %StalluManu: i prefer 20k passes.
[18:14:31] +darkspline: werd
[18:14:45] %StalluManu: now that it's really fucking slow, it takes really fucking long to make one guess.
[18:14:48] %StalluManu: that's what you want.
[18:14:59] +darkspline: time
[18:15:04] +darkspline: this is sick
[18:15:05] atriox ([email protected]) left IRC. (Quit: ajax IRC Client)
[18:15:33] %StalluManu: There's various functions for chaining hash functions, that are secure, i will not go into this, but google pbkdf2, click the wiki link to learn more.
[18:15:48] %StalluManu: Now, you've got a fucking slow hash function.
[18:16:03] %StalluManu: You are still vulnerable to people that will just compute all keys and check your hash against a fucking table.
[18:16:06] %StalluManu: WAT DO?
[18:16:24] %StalluManu: so some fuckwit got a brilliant idea.
[18:16:31] %StalluManu: he added some random data he stored somewhere inside the hashing function
[18:16:34] %StalluManu: appended it to the password.
[18:16:35] %StalluManu: like so:
[18:16:43] %StalluManu: whirlpool("ANUS"+a;ldfkjas;ldkfjas;ldfjasd;lfkj)
[18:16:53] FireStarter ([email protected]) joined the channel.
[18:17:00] %dsr: salts arent random they're precomputed
[18:17:05] %StalluManu: Now to crack that hash, you have to compute a DIFFERENT SET of really fucking long hashes for each random sant.
[18:17:12] %StalluManu: dsr: randomness later.
[18:17:19] %StalluManu: *salt
[18:18:06] lolwat ([email protected]) left IRC. (Quit: Saindo)
[18:18:08] %StalluManu: Now that you have a password, that's really slow to guess, and salted, it'll be hard to reverse right?
[18:18:23] exo ([email protected]) left IRC. (Quit: ajax IRC Client)
[18:18:25] +darkspline: right.
[18:18:40] %StalluManu: Well, conveniently, our encryption algorithm needed a key.
[18:18:44] %StalluManu: We feed it this hash.
[18:18:54] Wearemudkipz ([email protected]) left IRC. (Remote host closed the connection)
[18:19:09] Wearemudkipz ([email protected]) joined the channel.
[18:19:16] %StalluManu: So we get #1: more bits of data than our key was long (hopefully). #2: a key that's slow to bruteforce.
[18:19:32] %StalluManu: This is the basis of cryptography.
[18:19:42] %StalluManu: Making shit difficult and slow to bruteforce.
[18:19:54] %StalluManu: Everyone follow up till now?
[18:19:54] atriox ([email protected]) joined the channel.
[18:19:58] %StalluManu: pm me if you didnt.
[18:20:10] +darkspline: y, i do
[18:20:30] %StalluManu: Now we've got a good encryption algorithm, a good key scheme, but how the fuck do we generate a random salt.
[18:20:38] dontHackMeBro ([email protected]) joined the channel.
[18:20:47] %StalluManu: computers are logical machines.
[18:20:52] %StalluManu: they DO NOT DO randomness.
[18:21:13] %StalluManu: Unless you have a geigercounter, a RF antenna collecting noise or something measuring the splitting of laser beams hooked up to your box that is.
[18:21:25] %StalluManu: Knowing that computers are not random however is important.
[18:21:43] %StalluManu: Randomness is gathered from various sources. Traditionally your cpu's tick counter is one.
[18:21:52] %StalluManu: Running programs and their memory space is another.
[18:22:02] %StalluManu: User input is an important one in linux.
[18:22:08] %StalluManu: As well as USB bus communication.
[18:22:18] %StalluManu: Want weird random numbers? plug a fuckton if I/O devices into your USB ports.
[18:22:49] %StalluManu: Now, a STRONG random number generator has a LOW Likelihood of producing repeating segments.
[18:22:52] %StalluManu: repeating segments are bad.
[18:23:01] %StalluManu: because a salt of aaaaaaaaaaaaaaaaaaaaaa is easy as fuck to guess.
[18:23:03] Onions ([email protected]) joined the channel.
[18:23:41] %StalluManu: My favorite STRONG rng to feed with shit is a mersenne twister (the highest polynomial one) fed with /dev/random.
[18:23:43] Brandon ([email protected]) joined the channel.
[18:23:54] %StalluManu: if you don't know what that means, google it.
[18:24:06] %StalluManu: So, that's how a salt is generated.
[18:24:19] %StalluManu: Now back to the point: there are truecrypt bruteforcers out there.
[18:24:26] Agrajag ([email protected]) joined the channel.
[18:24:48] %StalluManu: Fortunately, truecrypt stores it's key headers in the last and first 128kb of the encrypted partition (first 512 and last 512 bytes block, but it's safer to encrypt more).
[18:25:06] %StalluManu: So what we'll do is encrypt those blocks with another encryption tool, that is way slower.
[18:25:45] %StalluManu: Extract the decrypted blocks to a overlay for an overlay FS in RAM for the encrypted image.
[18:25:56] %StalluManu: voilla, something the FBI doesn't have a program to bruteforce.
[18:26:08] %StalluManu: Now, Fox, do you still have that ling to paranoiacrypt?
[18:26:14] %StalluManu: or do i haz to re-up it.
[18:26:14] ~Fox: Nope
[18:26:18] ~Fox: It's buried away :/
[18:26:35] %StalluManu: Ok, give 'em voice while i upload plz:P
[18:26:58] ~Fox: who wants voice.
[18:27:12] %StalluManu: just enable -m
[18:27:27] -srwx- haha i'll be good
[18:27:28] Fox sets mode -m
[18:27:37] ShadowDXS ([email protected]) left IRC. (Quit: Leaving)
[18:27:40] spartacus: I accidentally the whole gibson
[18:27:42] %StalluManu: So, everyone follow?
[18:27:45] nyann: why so much crypto if the gov. can just beat they keys out of you?
[18:27:45] +Shidash: yes
[18:27:46] Hellspawn: very good so far :)
[18:27:52] %StalluManu: nyann: later.
[18:27:54] srwx: indeed, very good presentation StalluManu
[18:27:55] nyann: you can get put in jail if you don't decrypt
[18:27:55] s4: I do, excellent job
[18:27:57] lululu ([email protected]) left the channel. (TWINKLE TWINKLE LITTLE STAR)
[18:27:58] halcyon: nyann that's what Guantanamo is for
[18:27:59] s4: oh and btw
[18:28:00] s4: >StalluManu< CTCP VERSION mIRC 5.91 (16 bit) for Microsoft © Windows For WorkGroups 3.11®
[18:28:03] +darkspline: StalluManu, i follow
[18:28:04] halcyon: and the prisoner trainers
[18:28:05] s4: that's fake
[18:28:05] halcyon: trains
[18:28:06] s4: ;)
[18:28:10] nyann: StalluManu: btw this is great
[18:28:18] lululu ([email protected]) joined the channel.
[18:28:21] LJ_Borges: I pretty much missed everything, derp
[18:28:25] spartacus: [2011/06/09-02:28:20] [StalluManu VERSION reply]: irssi v0.8.15 - running on Linux x86_64
[18:28:25] +darkspline: StalluManu, ditto!
[18:28:34] LJ_Borges: Bloody timezones.
[18:28:42] LJ_Borges: Can anyone throw the logs in pastebin?
[18:28:49] auer: yes, v gd, thx
[18:28:51] spartacus: oic
[18:28:51] spartacus: [2011/06/09-02:28:44] [s4 VERSION] mIRC 5.91 (16 bit) for Microsoft © Windows For WorkGroups 3.11®
[18:28:52] spartacus: lol
[18:28:53] s4: it's spoofed
[18:28:54] halcyon: LJ_Borges i will
[18:28:55] s4: haha
[18:29:00] %StalluManu: ok fags, let's continue.
[18:29:05] halcyon: after he's done
[18:29:07] LJ_Borges: halcyon: Thanks
[18:29:16] %StalluManu: Fox: +m please.
[18:29:19] nyann: +v please
[18:29:20] spartacus: s4 change it to 256bit for windows 8
[18:29:29] s4: lol
[18:29:39] Fox sets mode +m
[18:29:47] %StalluManu: ok, here you go.
[18:29:50] %StalluManu: it's SOURCE ONLY.
[18:29:53] %StalluManu: And will ONLY WORK ON LINUX.
[18:30:00] %StalluManu: Because microsoft's compiler is utter and complete fucking shit.
[18:30:10] %StalluManu: READ THE FUCKING CODE.
[18:30:17] %StalluManu: Now, what this does.
[18:30:25] +darkspline: StalluManu, thank you btw
[18:30:39] %StalluManu: It encrypts single files using 3 algorithms, one after another, in XTS chaining mode.
[18:30:50] %StalluManu: XTS chaining is a way to turn a block cipher into a stream cipher (google it faggot).
[18:31:05] MrLinux ([email protected]) left IRC.
[18:31:20] %StalluManu: Now, it uses 3* aes-256, 3* whirlpool and 3* serpent to encrypt data.
[18:31:32] %StalluManu: meaning that if you forget the key, the sun will burn out and the fucking universe will die before you recover it.
[18:31:36] %StalluManu: in XTS mode, that's 18 keys.
[18:31:42] %StalluManu: 18 256-bits keys.
[18:31:54] %StalluManu: Speaking of bitcounts: 256 bits encryption for civies is illegal in the US of anus.
[18:32:09] %StalluManu: So hide the damn binary.
[18:32:24] %StalluManu: Now, this program is really fucking slow.
[18:32:33] %StalluManu: On an opteron, it takes 1.5-2 seconds to generate a hash from a key.
[18:32:41] %StalluManu: WHY?
[18:32:42] Onions ([email protected]) left the channel.
[18:32:53] Onions ([email protected]) joined the channel.
[18:32:56] %StalluManu: it uses whirlpool(ripemd160(sha512())) in pbkdf2 mode.
[18:33:03] %StalluManu: 20k rounds of each.
[18:33:08] figgybit ([email protected]com) joined the channel.
[18:33:09] %StalluManu: it is not fucking LIKELY that anyone will bruteforce this.
[18:33:31] +darkspline: wow
[18:33:39] %StalluManu: You are also free to mess with the code, change the order of algorithms to make your own version.
[18:33:40] +darkspline: i'm following you StalluManu
[18:33:46] %StalluManu: I recommend you do this, so that there's not one standard version.
[18:33:47] +darkspline: this is some fucking shit right here
[18:34:20] +darkspline: go on, i'm sorry
[18:34:23] %StalluManu: So, with there not being one standard version, (changing main.cpp is really easy) the feds will have to write a bruteforcer for each fucking person.
[18:34:39] %StalluManu: But wait.
[18:34:41] %StalluManu: There's an other way.
[18:35:07] %StalluManu: Why waste that much time and money when you can beat someone over the head with a $5 wrench till they give you the password!
[18:35:18] %StalluManu: This is where plausible deniability comes into play.
[18:35:25] grepped ([email protected]) joined the channel.
[18:35:28] +darkspline: i know this!
[18:35:31] %StalluManu: You should have two installations. One really small minimal one with some porn or something.
[18:35:32] +darkspline: w00000r
[18:35:33] drop ([email protected]) joined the channel.
[18:35:38] thaNatozZ ([email protected]) joined the channel.
[18:35:46] %StalluManu: Some embarassing shit, but nothing illegal.
[18:36:05] %StalluManu: The important thing to know is that good encrypted data can't be distinguished from random data.
[18:36:12] halfdead ([email protected]) joined the channel.
[18:36:15] +darkspline: on the FS level
[18:36:21] +darkspline: i've written papers on this
[18:36:31] %StalluManu: So the first thing you do, after you have your microSD card is fill it with random data, like so: dd if=/dev/urandom of=/dev/sdX
[18:36:32] +darkspline: StalluManu, you my nigger
[18:36:45] %StalluManu: it is BEST If you use a mersenne twister to generate this data.
[18:36:50] %StalluManu: As /dev/urandom is not really that random.
[18:36:55] %StalluManu: wait
[18:36:58] %StalluManu: i have source somehwere.
[18:37:02] %StalluManu: unmute and give me 3 mins.
[18:37:41] +darkspline: i'll wait a long fucking time for you right now
[18:37:50] pyr0tic ([email protected]) joined the channel.
[18:38:16] +darkspline: pyr0tic, you missed it.. might as well log off
[18:38:30] %StalluManu: also sum1 log this.
[18:38:42] %StalluManu: here you go, a really fucking fast random number generator.
[18:38:46] blu3beard ([email protected]) joined the channel.
[18:38:50] +darkspline: fox
[18:38:53] %StalluManu: It's a mersenne twister, but optimized a bit, and i minimized it's code.
[18:38:54] ~Fox: What up
[18:38:57] %StalluManu: So it's easier to understand.
[18:39:00] MrBlue ([email protected]) joined the channel.
[18:39:04] +darkspline: log his shit?
[18:39:06] Fox sets mode +o halfdead
[18:39:09] ~Fox: I am logging
[18:39:15] ~Fox: Going up on pastebin
[18:39:20] +darkspline: Fox, just making sure
[18:39:23] %StalluManu: Ok, now that you've compiled this, you have a RNG binary.
[18:39:28] +darkspline: ;0
[18:39:34] @halfdead: lol
[18:39:35] @halfdead: +o
[18:39:36] @halfdead: wow
[18:39:37] @halfdead: thanks
[18:39:39] %StalluManu: you can QUICKLY destroy a disk by doing this: RNG | dd of=/dev/sdX\
[18:39:46] %StalluManu: (omit that fucking slash)
[18:39:59] @halfdead: (which one)
[18:40:02] %StalluManu: This will write as fast as your disk will go, as opposed to the fucking slow /dev/urandom.
[18:40:06] %StalluManu: halfdead: last one.
[18:40:17] @halfdead: k
[18:40:17] %StalluManu: And it's a stronger RNG than /dev/urandom.
[18:40:33] @halfdead: dude
[18:40:40] %StalluManu: ya?
[18:40:57] @halfdead: /dev/urandom is awesome when you do for instance dd if=/dev/urandom of=/dev/sda1
[18:41:05] @halfdead: or whatever the primary partition is
[18:41:18] %StalluManu: halfdead: yeah, i know, but it's slow, and not as random as mtwister.
[18:41:19] ~Fox: NOOB NOTE:
[18:41:21] %StalluManu: at least not on gentoo.
[18:41:28] ~Fox: DD = 1-1 image
[18:42:02] %StalluManu: type man dd in linux to see what it fucking does.
[18:42:13] ~Fox: yerp.
[18:42:15] %StalluManu: in fact, type man every command that i tell you to do just because.
[18:42:25] %StalluManu: or, you know, google.
[18:42:31] %StalluManu: Now, we have a disk of random shit.
[18:42:39] %StalluManu: Now we need a password to give to the feds.
[18:42:56] %StalluManu: We encrypt the first part of the partition with one password, the one that you want to hand out.
[18:43:02] %StalluManu: like the first ~30% or so.
[18:43:15] %StalluManu: (the pass you hand out in case they beat you over the head with a wrench).
[18:43:30] %StalluManu: This part contains a basic linux distribution, that YOU LOG IN TO REGULARLY so they cant distinguish it from real.
[18:44:00] %StalluManu: The second part of the partition (you can grab parts of a partition with dd seek= ) you encrypt with a different key.
[18:44:05] %StalluManu: this key YOU FUCKING KEEP FOR YOURSELF.
[18:44:16] %StalluManu: Remember that encrypted data was indistinguishable from random data?
[18:44:28] %StalluManu: Yeah, so the last part might as well be unpartitioned space.
[18:44:36] %StalluManu: plausible fucking deniability.
[18:44:54] %StalluManu: This is what you want in the US and England, where they can make you tell your key.
[18:45:14] ~Fox: Also learn to take a beating.
[18:45:15] ~Fox: Pussies.
[18:45:17] %StalluManu: But you'll want it anyways, because you're going to hack shit.
[18:45:20] %StalluManu: Fox: true that.
[18:45:20] @halfdead: lol
[18:45:26] i0dineMobile ([email protected]) left IRC. (Quit: Bye)
[18:45:38] @halfdead: StalluManu: why not making two partitions
[18:45:46] @halfdead: one encrypted
[18:45:49] @halfdead: one unencrypted
[18:45:51] %StalluManu: halfdead: because the partition table shows wat you're up to.
[18:45:55] @halfdead: no
[18:45:57] @halfdead: listen
[18:46:03] @hatter: Or actually
[18:46:05] %StalluManu: halfdead: and teh fs is distinguishable from random shit.
[18:46:06] @hatter: The best thing to do
[18:46:09] @hatter: In all honesty
[18:46:09] @halfdead: you can make a partition that doesn't really exist
[18:46:16] @hatter: In places where they can make you tell your key
[18:46:16] ~Fox: ********************
[18:46:20] @halfdead: unless you type a password during the boot
[18:46:22] ~Fox: Going to put hatter on the spot here
[18:46:22] @hatter: just keep it on a usb/sd card
[18:46:27] ~Fox: cause I know this shit from experience.
[18:46:28] ~Fox: lol
[18:46:28] @hatter: break that shit
[18:46:32] @hatter: drop it in a cup of coffee
[18:46:34] @hatter: pewf gone
[18:46:36] @hatter: lol
[18:46:41] %dsr: ^ hatter thas not always easy to do
[18:46:43] %StalluManu: hatter: i adviced they boot from microsd.
[18:46:49] @hatter: I never had a hard time with it drop
[18:46:50] %dsr: if they raid your house while your sleeping, in the shower, out of your house, at work , etc
[18:46:51] %StalluManu: so they can destroy fucking everything.
[18:46:51] @hatter: dsr *
[18:46:55] @hatter: Uhm
[18:46:58] @hatter: dsr: this is why you keep your key
[18:47:01] @hatter: on yoour keychain
[18:47:04] @hatter: WITH THE REST OF YOUR KEYS
[18:47:15] ~Fox: Like, Literal keychain.
[18:47:16] @hatter: lol
[18:47:18] %dsr: good call
[18:47:21] ~Fox: Like carkeys.
[18:47:25] %StalluManu: ok.
[18:47:27] ~Fox: SUPER-PROTIP
[18:47:34] %StalluManu: just DONT make a normal partition, encrypt BOTH.
[18:47:40] ~Fox: SD Card fits great in contact start keys!
[18:47:42] %StalluManu: DONT partition at all.
[18:47:55] Agrajag ([email protected]) left the channel.
[18:48:03] %StalluManu: (except for a /boot and a / partition ofc)
[18:48:17] @hatter: StalluManu: I usually use an encrypted loopback device stored on an encrypted partition for /home
[18:48:24] @hatter: but in any case I wrote a bunch of crazy shit
[18:48:28] @hatter: call it spadecrypt
[18:48:31] @hatter: xochipilli and I wrote it together
[18:48:34] mnmezz ([email protected]) joined the channel.
[18:48:35] @hatter: Its more effective than truecrypt
[18:48:41] vorbotten ([email protected]) joined the channel.
[18:48:42] @hatter: and truecrypt keeps the key in plaintext RAM memory
[18:48:48] @hatter: Which is not safe
[18:48:51] @hatter: spadecrypt does not.
[18:48:54] %StalluManu: hatter: i encrypt my root.
[18:48:57] @hatter: Good job
[18:49:03] @hatter: It still keeps your key in plaintext ram StalluManu
[18:49:10] %StalluManu: i know.
[18:49:14] %StalluManu: but we've covered physical attacks.
[18:49:16] %StalluManu: fucking glue the pc up.
[18:49:19] Cuidado_ ([email protected]) left IRC. (Quit: Leaving)
[18:49:30] %StalluManu: now, where were we.
[18:49:36] @hatter:
[18:49:52] %StalluManu: good paper.
[18:49:53] @hatter: Plausible deniability
[18:49:55] @hatter: And
[18:50:00] @halfdead: hey
[18:50:04] @hatter: unpartitioned space.
[18:50:04] @halfdead: if you want to be safe
[18:50:09] @halfdead: with your hacker life
[18:50:17] @halfdead: just live on the road
[18:50:28] @halfdead: or in a fuckin trailer park
[18:50:28] @halfdead: no one raids a trailer park
[18:50:38] @halfdead: i live in a nice trailer park under this bridge
[18:50:49] @hatter: wow that's rly not actually safe lol
[18:50:49] @halfdead: there had been 0 raids in the past 10 yrs
[18:50:56] @halfdead: how isn't it safe
[18:50:59] @hatter: yea the file on you is also prolly 2 miles long bro
[18:51:00] @hatter: lol
[18:51:04] %dsr: umm
[18:51:13] @halfdead: you think someone has a file on me??
[18:51:19] %StalluManu: stfu.
[18:51:21] @halfdead: wtf.. that is a scary thought
[18:51:24] %dsr: probably with an attitude like that
[18:51:25] %StalluManu: we're not trying to wave e-dicks in here.
[18:51:30] %dsr: ^
[18:51:32] %StalluManu: we're trying to teach some n00bs how2h4x0r
[18:51:32] ~Fox: Moving along.
[18:51:33] @hatter: I agree
[18:51:35] @halfdead: StalluManu: sorry
[18:51:38] @hatter: I don't want them getting in trouble though
[18:51:38] ~Fox: Moving along.
[18:51:39] @hatter: Is all
[18:51:40] @halfdead: but why?
[18:51:45] ~Fox: We can do this at the end.
[18:51:47] eSDee ([email protected]) joined the channel.
[18:51:48] ~Fox: keep it moving.
[18:51:57] halfdead sets mode +v eSDee
[18:52:10] +eSDee: h0h0h0
[18:52:11] %StalluManu: Now, we've got a dandy encrypted disk, you gave them your fake password, they got your fake operating system, and you're free.
[18:52:19] %StalluManu: If you're not, prepare for bubba to rape your anus.
[18:52:21] %StalluManu: and daily beatings.
[18:52:26] @hatter: ^
[18:52:27] @hatter: lol
[18:52:39] ~Fox: Rape is ONLY fun if you're not recieving.
[18:52:42] +tminus: no bubba at club fed
[18:53:02] %StalluManu: If you do not give up your key, the half a year-year you will spend in jail will be WORSE than the two years you'll spend in the can for general hacking.
[18:53:06] %StalluManu: Because the cops hate your guts.
[18:53:29] %StalluManu: So, in that case, you're fucked.
[18:53:46] %dsr: they cant always force you to give up your key
[18:53:46] %StalluManu: After you've had your time in the can, you can become a homosexual, and a whitehat!
[18:53:52] abduck ([email protected]) joined the channel.
[18:53:56] @hatter: dsr: no they can't
[18:54:01] @hatter: :)
[18:54:07] %dsr: in some states countries you can mount a 5th amendment style defense
[18:54:09] %StalluManu: dsr: check your local laws to see which apply.
[18:54:11] %StalluManu: again, google etc.
[18:54:18] %StalluManu: KNOW THE FUCKING LAW.
[18:54:25] @hatter: Actually
[18:54:28] ~Fox: Now Gentlemen
[18:54:28] @hatter: legally
[18:54:29] @hatter: They can't.
[18:54:36] @hatter: I used to work forensics
[18:54:38] ~Fox: You've heard from StalluManu
[18:54:40] @hatter: I know this shit for a fact.
[18:54:43] abduck ([email protected]) left the channel.
[18:54:47] @hatter: They can try to force you
[18:54:51] ~Fox: Hatter has done forensics work for quite a fuck-piss long time
[18:54:53] @hatter: But you have plausible deniability
[18:54:53] eax ([email protected]) joined the channel.
[18:54:57] ~Fox: Here is the other side of the spectrum.
[18:54:57] @hatter: You could've forgotten it
[18:55:07] @hatter: They may not even be able to prove last boot
[18:55:15] @hatter: You can always say you haven't been able to get into it for a year or two
[18:55:21] @hatter: and ask them to give you the password when they figure it out
[18:55:28] @hatter: so you can get your p0rn you were hidin from your girlfriend
[18:55:30] @hatter: it'll hold up.
[18:55:35] @halfdead: hatter: that's true
[18:55:36] @halfdead: :)
[18:55:42] Fox sets mode +h eax
[18:55:43] @halfdead: amazingly true
[18:55:45] @halfdead: a friend of mine did that
[18:55:52] @halfdead: and they returned the laptop after one year
[18:55:57] @hatter: Yep
[18:56:00] @halfdead: he asked what the pass was
[18:56:07] @halfdead: and they didn't even reply
[18:56:11] @halfdead: how rude..
[18:56:22] ~Fox: Super large point
[18:56:25] ~Fox: If this does happen to you
[18:56:29] @hatter: Well ultimately
[18:56:33] @hatter: Depending on the algorithms
[18:56:37] @hatter: one year aint enough time
[18:56:38] ~Fox: Commit to that line until you fucking die.
[18:56:44] @hatter: You have to think of this from a federal perspective
[18:56:47] @hatter: they have to pay the electric
[18:56:57] @hatter: use that supercomputer to crack your shit in stead of someone elses
[18:57:06] @hatter: and if all you did was do some internet spray paint on some website
[18:57:12] @hatter: They're not gonna spend tax dollars on that shit
[18:57:13] @hatter: lol
[18:57:21] @halfdead: that's true
[18:57:26] ~Fox: Gentlemen this is pre-emptory security.
[18:57:28] @halfdead: but i advice anyone not to hack
[18:57:30] @halfdead: because hacking is ilegal
[18:57:37] ~Fox: You don't want to get wrapped up in something larger than yourself
[18:57:47] @hatter: ^
[18:57:48] ~Fox: and say "Aw Fuck. I wish I would have listened in #school4lulz."
[18:57:50] @hatter: I have done that before
[18:57:54] ~Fox: As have I.
[18:57:58] spartacus ([email protected]) left the channel.
[18:58:01] +eSDee: also, the filesystem assange and some other people worked on in the past
[18:58:02] +eSDee: rubberhose
[18:58:02] ~Fox: I was glad I listened to those that taught me.
[18:58:03] %StalluManu: <=READ THIS. on how the justice system works. It's UNRELATED to this area of the law, however the ADVICE is fucking sound.
[18:58:05] +eSDee: is conceptually interesting
[18:58:12] @hatter: eSDee: rubber hose is the shit
[18:58:13] @hatter: lol
[18:58:16] @hatter: I <3 rubber hose
[18:58:23] %dsr: rubber hose is basically how trucrypt works
[18:58:36] @hatter: Not quite
[18:58:41] @hatter: Rubber hose ALWAYS decrypts
[18:58:45] @halfdead: eSDee: is it any good?
[18:58:46] @hatter: it just doesn't always decrypt properly
[18:58:47] +eSDee: dsr: truecrypt doesn't allow me to manage aspects in the same way as truecrypt
[18:58:48] Blaher_ ([email protected]) joined the channel.
[18:58:50] +eSDee: errr
[18:58:52] +eSDee: as rubberhose
[18:59:04] +eSDee: which is kind of what i would like
[18:59:20] %StalluManu: ok. now that we've had ENTERPRISE QUALITY rubber hose crypto.
[18:59:22] %StalluManu: Your crypto ain't shit if someone has access to your files.
[18:59:26] %StalluManu: So don't fucking get rooted.
[18:59:27] @hatter: ^
[18:59:32] @hatter: That's kinda the point in HIPAA
[18:59:36] %StalluManu: hatter: can you give them a quick how2 not get rooted?
[18:59:37] @hatter: Or SpadeCrypt
[18:59:39] @hatter: essentially
[18:59:45] @hatter: CERTAIN
[18:59:48] @hatter: encryption systems
[18:59:53] @hatter: Allow for realtime stream decryption of data
[18:59:56] @hatter: So that even root
[19:00:00] @hatter: even when the device is mounted
[19:00:02] @hatter: cannot read the data
[19:00:08] @hatter: even when root has the permissions to do so
[19:00:11] @hatter: because root does not have the key
[19:00:16] Fox sets mode +v Blaher_
[19:00:27] hatter sets mode +v srwx
[19:00:29] +Blaher_: What did I miss?
[19:00:33] @hatter: StalluManu: I suppose I could try, lol
[19:00:47] ~Fox: You missed shutting the fuck up.
[19:00:50] @hatter: The easiest way to not get rooted
[19:00:51] @hatter: is dont use the internet <3
[19:00:53] @hatter: lol
[19:01:25] %LordKitsuna: yay! another perfect lesson from hatter
[19:01:39] %StalluManu: basically, YOU DONT NEED INCOMING PORTS.
[19:01:43] +Blaher_: Did we mess with MIT?
[19:01:52] pRjck3vC ([email protected]) joined the channel.
[19:01:57] +eSDee: just open random pdfs on your machine though
[19:02:01] Fox kicked Blaher_ from the channel. (Shut your fucking mouth.)
[19:02:01] %StalluManu: so, firewall them off with iptables.
[19:02:01] +eSDee: nothing can go wrong there
[19:02:12] z3rod4ta ([email protected]) joined the channel.
[19:02:15] %StalluManu: eSDee: good point
[19:02:20] %StalluManu: ACT AS IF ANY NETWORK IS OUT TO GET YOU.
[19:02:22] @hatter: Well that but also shit can come down your tubes
[19:02:24] sanguinerose ([email protected]) joined the channel.
[19:02:27] Onelastsin ([email protected]) joined the channel.
[19:02:28] Blaher_ ([email protected]) joined the channel.
[19:02:31] @hatter: Browsers, terminal emulators, etc
[19:02:32] @hatter: all vulnerable
[19:02:33] %StalluManu: Good browsers: links, links2 -g, elinks, lynx
[19:02:40] %StalluManu: Bad browsers: firefox, konqueror.
[19:02:46] @hatter: terminal emulator exploits will still hit those terminal browsers
[19:02:55] @hatter: The best way to use those terminal browsers is to compile them from source
[19:02:57] @hatter: edit the makefile
[19:03:02] @halfdead: lol
[19:03:07] %LordKitsuna: StalluManu, i assume we are talking personal use boxes since you would need ports for a webserver
[19:03:07] @halfdead: i always browse with lynx
[19:03:08] @hatter: and add -fstack-protector-all to the CFLAGS and CXXFLAGS
[19:03:12] @halfdead: because links seems too advanced
[19:03:31] %StalluManu: the DWM team has a good browser too.
[19:03:52] %StalluManu: LordKitsuna: we're talking our "fun" box now.
[19:03:58] %StalluManu: As we DONT FUCKING REUSE PASSWORDS this is walled off.
[19:04:58] @hatter: o wow
[19:04:59] %StalluManu: the point of this is that the code of links is reasonably simple.
[19:05:01] @hatter: once again
[19:05:05] @hatter: in case someone missed that
[19:05:06] %StalluManu: they DONT HAVE JAVASCRIPT.
[19:05:16] @hatter: lol
[19:05:27] %StalluManu: javascript WILL get you in the can.
[19:05:27] ~Fox: once again
[19:05:35] ~Fox: ] @hatter: DONT FUCKING REUSE PASSWORDS
[19:05:35] ~Fox: [19:05:12] @hatter: DONT FUCKING REUSE PASSWORDS
[19:05:35] @halfdead: :(
[19:05:38] @halfdead: i always reuse my passwords
[19:05:45] @halfdead: what's the idea of a password if not reusing it :(
[19:05:53] +eSDee: one time pads y0
[19:05:53] @halfdead: i can't remember * passwords!
[19:05:55] Brandon ([email protected]) left IRC. (Ping timeout: 240 seconds)
[19:06:00] +eSDee: secure id tokens
[19:06:04] %StalluManu: Ok, so you're firewalled off, you think you're safe with your new shitty browser.
[19:06:06] +eSDee: those work very well according to lockheed martin
[19:06:07] %StalluManu: TOUGH SHIT.
[19:06:10] %StalluManu: you are on a HOSTILE NETWORK.
[19:06:27] @hatter: if you use the internet
[19:06:28] @hatter: at all
[19:06:30] %StalluManu: You log in to your facebook, someone has a fake cert( HI THERE FBI), you get raped.
[19:06:36] @hatter: you're exposing shit.
[19:06:42] %StalluManu: Here's my general tactic for minimal exposure.
[19:06:43] @hatter: even with no listening ports
[19:07:05] %StalluManu: You tunnel trough cloudvpn/proxies to your home box from where you are.
[19:07:05] @hatter: Personally, I just don't have a facebook to avoid that sort of thing, StalluManu
[19:07:13] @hatter: lol
[19:07:20] %StalluManu: Your home box connects outwards via proxies.
[19:07:25] %StalluManu: (proxies+TOR).
[19:07:40] %StalluManu: you use SSL to connect to your home box, and you FUCKING CHECK THE CERT BY HAND.
[19:07:43] @hatter: ok
[19:07:47] @hatter: for those of you who keep saying tor
[19:07:49] @hatter: I will say it again
[19:07:50] @hatter: I2p
[19:07:52] @hatter: I2P
[19:08:02] %StalluManu: hatter: i covered why tor was shit b4.
[19:08:08] @hatter: Ah
[19:08:12] ~Fox: I trust TOR like I trust a bitch that blows me before dinner
[19:08:15] ~Fox: I trust TOR like I trust a bitch that blows me before dinner
[19:08:15] %StalluManu: highest bandwidth nodes etc.
[19:08:15] @hatter: I2P is not as shitty as tor.
[19:08:17] ~Fox: NOTE
[19:08:18] @hatter: I2P is not as shitty as tor.
[19:08:20] ~Fox: I trust TOR like I trust a bitch that blows me before dinner
[19:08:31] @hatter: StalluManu: even if you evade those nodes
[19:08:37] @hatter: The dns requests don't exit via the node
[19:08:40] %StalluManu: hatter: i know.
[19:08:42] @hatter: they still go through your border gateway
[19:08:43] @hatter: so like
[19:08:47] @hatter: your ISP will see where you're going
[19:08:53] @hatter: regardless
[19:08:53] %StalluManu: hatter: i forgot that
[19:09:07] @hatter: So use I2P
[19:09:15] %StalluManu: better yet, us a private DNS server.
[19:09:17] @hatter: I2P is a peer-to-peer system similar to tor
[19:09:22] @hatter: Except, it doesn't suck
[19:09:25] %StalluManu: somewhere in a retarded shithole of a country.
[19:09:35] @hatter: Even if you use private dns, your ISP will see the UDP request leave their network
[19:09:38] @hatter: with a DNS request in it
[19:09:42] @hatter: So no, won't matter
[19:09:46] @hatter: Just use I2P
[19:09:49] @hatter: Or a VPN
[19:09:54] %StalluManu: hatter: VPN to private dns.
[19:09:58] %StalluManu: hatter: dats wat i was advertizing.
[19:10:01] Brandon ([email protected]) joined the channel.
[19:10:03] @hatter: o
[19:10:04] @hatter: word
[19:10:04] @hatter: lol
[19:10:14] @hatter: o
[19:10:14] %StalluManu: ok, so you've got your fucking connection encrypted
[19:10:16] %StalluManu: .TOUGH SHIT.
[19:10:16] @hatter: one more thing kids
[19:10:19] %StalluManu: the feds still want your ass.
[19:10:25] @hatter: DONT TRUST GOOGLE.
[19:10:27] @hatter: EVER
[19:10:29] @hatter: lol
[19:10:37] +srwx: google knows your secrets
[19:10:39] %StalluManu: you see, SSL certificate companies are funny beasts.
[19:10:39] @hatter: google voice to hide your number
[19:10:43] @hatter: just gets that call recorded
[19:10:51] @hatter: 02:11
[19:59:33] %StalluManu: in fact, there ain't even many new phrack mags out there.
[19:59:39] +eSDee: lets do eet
[19:59:40] %StalluManu: since the editors got fucking lazy.
[19:59:45] @c0qsm3gma: lol StalluManu
[19:59:49] @c0qsm3gma: why is it shit?
[19:59:53] %LordKitsuna: StalluManu, we have talked about buffer overflows before but i didnt really feel like it was exsplained exactly what that is or how it kills shit maybe you can touch up on that?
[20:00:04] %StalluManu: LordKitsuna: not now.
[20:00:15] %LordKitsuna: k
[20:00:27] %StalluManu: If you lern about exploits, and how stuff works, you'll realize that your box ain't secured for shit.
[20:00:39] %StalluManu: Or hopefully that it's pretty decent as long as you don't do X or Y.
[20:00:47] @c0qsm3gma: StalluManu: why is phrack shit :)
[20:00:52] @c0qsm3gma: i always thought phrack was shit
[20:00:58] %StalluManu: because it's for homosexuals.
[20:01:01] @c0qsm3gma: eversince aleph1 killed the b0f concept
[20:01:03] %StalluManu: and because it releases shit.
[20:01:05] +darkspline: c0qsm3gma, 1990
[20:01:06] +darkspline: s
[20:01:09] @c0qsm3gma: no
[20:01:15] @c0qsm3gma: 1998 or something
[20:01:20] @c0qsm3gma: b0f wasn't really known
[20:01:31] @c0qsm3gma: altho people been exploiting that for a decade
[20:01:44] ~Fox: I have to poop
[20:01:46] nociuduis ([email protected]) left IRC.
[20:01:46] ~Fox: brb.
[20:01:46] +darkspline: that shits now so, StalluManu
[20:01:58] %StalluManu: ok.
[20:02:08] @c0qsm3gma: StalluManu: the thing is, you can't really say why phrack is shit
[20:02:11] %StalluManu: say you know something about exploiting shit.
[20:02:12] @c0qsm3gma: i hate phrack
[20:02:21] %StalluManu: we all hate phrack.
[20:02:24] @c0qsm3gma: because it hurt the hacking so bad u wouldn't imagine
[20:02:39] %StalluManu: also, i wasnt around in 1998, i was around in ~2001.
[20:03:05] %StalluManu: and i was a skiddie back then lulz.
[20:03:10] @c0qsm3gma: Phrack High Council / ~el8 for lyfe
[20:03:12] %StalluManu: everyone starts out a skiddie!
[20:03:16] @c0qsm3gma: are you a coder now?
[20:03:19] @c0qsm3gma: no, i didn't
[20:03:23] @c0qsm3gma: i started as a vx-er
[20:03:40] +eSDee: your compootah is now st0ned yo
[20:03:43] %StalluManu: first thing i found was a lousy xss lulz.
[20:04:03] %StalluManu: ok, say you know how to exploit shit.
[20:04:04] @c0qsm3gma: word eSDee
[20:04:09] %StalluManu: which you dont, cause you are in here
[20:04:10] @c0qsm3gma: lol StalluManu
[20:04:15] ef2s ([email protected]) joined the channel.
[20:04:18] @c0qsm3gma: xss was in 2004-2005
[20:04:20] @c0qsm3gma: def not in 2001
[20:04:22] @c0qsm3gma: :)
[20:04:24] +eSDee: i like how we're all teaching the feds here how we would hide stuff
[20:04:30] +eSDee: just sayin
[20:04:44] %StalluManu: everyone done spamming?
[20:05:06] %LordKitsuna: c0qsm3gma, i don't mean to be rude but the constant commentary is starting to get annoying. can we please try to keep talking to questions or adding to the lesson
[20:05:11] %StalluManu: ok, now you know how to exploit shit, you are going to find password hashes from sites that don't have too shitty security.
[20:05:20] +darkspline: StalluManu, ...
[20:05:20] @c0qsm3gma: LordKitsuna: you are being rude
[20:05:31] %StalluManu: those hashes need to be reverted to a password.
[20:05:32] @c0qsm3gma: eSDee: yeah, that's ridiculous
[20:05:32] +darkspline: StalluManu, i'm in here for my own reasons">
[20:05:47] @c0qsm3gma: this place is monitored
[20:05:57] @c0qsm3gma: yet, you guys discuss how to hide
[20:05:58] @garrett: ur monitored
[20:05:59] @garrett: ur monitored
[20:06:00] @garrett: ur monitored
[20:06:01] %StalluManu: you WILL encounter shit that uses algorithms that have no existing crackers for it.
[20:06:04] @c0qsm3gma: does anyone else smell the irony
[20:06:08] +darkspline: StalluManu, i can't do anythint about it
[20:06:11] @c0qsm3gma: garrett: yeah, since i joined here i am
[20:06:18] @garrett: stop hacking me bro
[20:06:19] @garrett: pls
[20:06:25] %StalluManu: now, since you now have a basic fucking understanding of how to code.
[20:06:31] %StalluManu: you can hopefully write c.
[20:06:38] %StalluManu: good. openCL is like c, but for graphics cards.
[20:06:43] @c0qsm3gma: can you write c?
[20:06:47] %StalluManu: graphics cards are good at doing the same thing with different values over and over.
[20:07:04] %StalluManu: also called single instruction multiple memory source instructions
[20:07:10] %StalluManu: like sse/mmx, but way moar cores.
[20:07:25] %StalluManu: also lern sse assembly, its cool stuff.
[20:07:44] %StalluManu: you search for an already optimized algorithm of the hashing function used.
[20:07:47] ~Fox: .
[20:07:51] %StalluManu: if you dont, you can probably guess the hashing function by the bitcount.
[20:07:57] Dox ([email protected]) left IRC. (Remote host closed the connection)
[20:08:01] %StalluManu: if you cant find one, as a shit coder you are shit out of luck.
[20:08:19] %StalluManu: otherwise: paste/edit it a bit, move the c code for it straight to the gpu, and read some optimisation articles.
[20:08:23] %StalluManu: chances are this will take a week or two.
[20:08:36] %StalluManu: and i mean a week or two of 18 hour days.
[20:08:43] %StalluManu: especially the first time you do it.
[20:09:00] %StalluManu: with a gpu you can compute an fucking insane amounth of hashes a second.
[20:09:27] %StalluManu: use this to bruteforce passwords, see if passwords are reused, use them on their mails/paypals, cash in.
[20:09:42] %StalluManu: bruteforcing resources:
[20:09:47] %StalluManu: also google oclhashcat
[20:10:19] %StalluManu: exporting crypto crackers from the US of assraping is considered high treason, punishable by death.
[20:10:26] @c0qsm3gma: why are we discussing the video card?
[20:10:35] %StalluManu: because you're acting liek a tard.
[20:10:45] %StalluManu: btw, this is gpu/sse2.
[20:10:50] %StalluManu: sse2 is fine too.
[20:10:52] Dox ([email protected]) joined the channel.
[20:11:08] %StalluManu: speaking of which.
[20:11:11] %StalluManu: if you write shit in sse2.
[20:11:16] %StalluManu: you can interlace 2 sse2 paths, and one mmx path.
[20:11:27] %StalluManu: it'll cost you one instruction per 6 operations.
[20:12:02] %StalluManu: i dunno if iamrite, been ages.
[20:12:06] heyguise ([email protected]) left the channel.
[20:12:06] heyguise ([email protected]) joined the channel.
[20:12:20] %StalluManu: anyways, you can interlace 2* sse2 and mmx, use it.
[20:12:41] %StalluManu: now you have a pretty fast br00tforcer, you might want to find sites with similar hashes pwn those and continue on.
[20:12:52] eSDee ([email protected]) left IRC. (Quit: bla)
[20:12:53] %StalluManu: just like 0day.
[20:13:10] %StalluManu: find 0day for one strategic target, hit it, then exploit a few lower key ones as well.
[20:13:33] @c0qsm3gma: StalluManu: let's discuss ethical payloads
[20:13:40] @c0qsm3gma: such as rm -rf /&
[20:13:42] %StalluManu: ethical payloads.. lulz.
[20:13:46] @c0qsm3gma: and much 1337er variants
[20:13:51] @c0qsm3gma: yes!
[20:14:04] %StalluManu: ethics.. you can screw anyone, as long as you use your internet condom.
[20:14:16] %StalluManu: but producing maximum lulz is always important.
[20:14:20] lighthouse ([email protected]) left IRC. (Ping timeout: 240 seconds)
[20:14:31] @c0qsm3gma: this is the reason why we joined the innerwebs, isn't it?
[20:14:51] %StalluManu: pick targets that will whinge and cry about it, pick targets that get their unearned whiteluser reputation ruined (hi there aaronbarr!, mittnick.)
[20:14:58] %StalluManu: mostly pick on whitehats.
[20:15:12] %StalluManu: because you wont piss anyone off but one person.
[20:15:39] @c0qsm3gma: :(
[20:15:52] ~Fox: WHITEHATE.
[20:15:54] ~Fox: 2011.
[20:15:54] @c0qsm3gma: mitnick has been owned moar times than.. i dunno.. the most owned place in the universe?
[20:15:56] @c0qsm3gma: what is that?
[20:16:06] @c0qsm3gma: yeah.. 10 years of whiteh8
[20:16:08] %StalluManu: mitnick=mantrain
[20:16:32] %StalluManu: oh, now that you've actually owned shit
[20:16:38] %StalluManu: you might want to shut the fuck up about it
[20:16:43] %StalluManu: it's cute to drop sql vulnerable urls.
[20:16:46] Fox sets mode +v TR0|\|
[20:17:11] SamiR ([email protected]) left IRC. (Quit: I was never here!)
[20:17:11] %StalluManu: it's not cute to drop exploits or show off your e-peen.
[20:17:31] +darkspline: StalluManu, unless you don't plan on using them...
[20:17:32] %StalluManu: because that makes you an easy target.
[20:17:38] %StalluManu: darkspline: ofc.
[20:17:41] +TR0|\|: StalluManu - any comment on grabbing someones EC2 credentials and using them to run hashes on a cluster of GPU instances at randoms expense :P?
[20:17:44] +darkspline: ;-)
[20:18:11] %StalluManu: TR0: you will find that bitweasil's cracker is excellent for that;)
[20:18:21] %StalluManu: amazon cloud is shit for bruteforcing tough.
[20:18:25] ~Fox: StalluManu
[20:18:27] %StalluManu: way too expensive if you dont steal someones acc.
[20:18:30] %StalluManu: yeah?
[20:18:36] ~Fox: A lovely pro-tip
[20:18:40] +TR0|\|: lol i never said shit about paying :P
[20:18:56] ~Fox: Remember what hatter said about alarms?
[20:19:05] ~Fox: If you cant go in silent, trip as many as possible?
[20:19:06] %StalluManu: yup.
[20:19:19] @c0qsm3gma: lol
[20:19:21] +darkspline: i like
[20:19:21] @c0qsm3gma: that's true
[20:19:26] ~Fox: ProTip: If you are comping a box and want to hide your tracks, post the URL
[20:19:33] +darkspline: now i'm thinking about all the alarms i tripped...
[20:19:33] ~Fox: Do your dirt with a thousand other people trying to get in
[20:19:41] ~Fox: Security via obscurity.
[20:19:45] %StalluManu: Fox: i have a better idea.
[20:19:53] %StalluManu: Everyone hopefully knows how to wget with a tor proxy.
[20:20:01] +darkspline: Fox, offensive obscurification (sp)
[20:20:03] %StalluManu: tor with thousands of requests looks like a botnet.
[20:20:08] ~Fox: There are a million better ideas, just a tip :3
[20:20:26] %StalluManu: use a bash script, wget over a proxy with shellcode, sql, anything you can throw at the server.
[20:20:28] +darkspline: Fox, always a better way..
[20:20:34] tzaki ([email protected]) left IRC. (Quit: Leaving)
[20:20:37] %StalluManu: name it "tripfuckingeverything" or something.
[20:20:42] %StalluManu: sysadmin will think it's a botnet attacking.
[20:20:51] %StalluManu: you do your dirt while he fights the 'botnet'
[20:20:57] %StalluManu: worked b4.
[20:21:05] ~Fox: Truth.
[20:21:21] +TR0|\|: StalluManu should we point out the benefits of a paid vpn over tor or a free vpn/proxy?
[20:21:28] %LordKitsuna: StalluManu, wouldnt a plan like that present the off chance that that admin just takes everything offline while its delt with?
[20:21:34] drop ([email protected]) left IRC. (Quit: No Carrier)
[20:21:44] ~Fox: TR0|\|. shhh.
[20:21:48] ~Fox: Been covered before.
[20:22:09] ~Fox: Fuck Tor has been covered so many goddamn times I can't even define to you.
[20:22:17] ~Fox: StalluManu go go go.
[20:22:19] %StalluManu: TR0: as long as you pay with someone else's account it's all fine.
[20:22:29] %StalluManu: oh. another point
[20:22:34] %StalluManu: if you go carding, or buying accounts.
[20:22:44] %StalluManu: convert to bitcoin, to another stolen paypal, merry go round.
[20:22:50] %StalluManu: da russian way.
[20:22:57] %StalluManu: wonder why bitcoins are worth so much? right
[20:23:14] +darkspline: StalluManu, resources needed to create one
[20:23:18] +darkspline: like... mining for jems
[20:23:32] +darkspline: only so many cpu's available
[20:24:04] %StalluManu: also, good suggestion, you can use a paypal debit card dropped off @ a dead drop for getting money.
[20:25:05] ~Fox: +7 for fraud talk
[20:25:05] %StalluManu: now, there's a legal disclaimer, i am obviously not asking you to do any kind of criminal activity, etcetera.
[20:25:25] %StalluManu: but it's hella lulzy to ddos someone from the cloud paid for with their own cash.
[20:26:41] %StalluManu: The offensive side of this is of course that more money transferred to bitcoin or shit not connected to your person can buy you cool stuff.
[20:26:51] %StalluManu: SIM cards and cellphones.
[20:27:01] %StalluManu: prepaid ccs.
[20:27:05] %StalluManu: cloud hosting
[20:27:08] Inquisition ([email protected]) left IRC. (Remote host closed the connection)
[20:27:08] %StalluManu: drugs
[20:27:18] @c0qsm3gma: i want a russian
[20:27:24] @c0qsm3gma: is there any russians here?
[20:27:34] -CTCP- FINGER from kratos
[20:27:47] Dox ([email protected]) left the channel.
[20:27:53] ef2s ([email protected]) left IRC.
[20:27:53] %StalluManu: lulz.
[20:28:00] dox_sleep ([email protected]) joined the channel.
[20:28:18] %StalluManu: the less of your information is out there, the less the thousands of people you are going to piss off have to go on you.
[20:28:28] %StalluManu: always pay in cash at stores. never use ccs at physical stores.
[20:28:35] %StalluManu: same shit goes irl.
[20:28:42] %StalluManu: let them collect minimal data on you.
[20:28:46] %StalluManu: try to seem somewhat normal tough.
[20:28:50] c0qsm3gma ([email protected]) left the channel.
[20:28:54] %StalluManu: groceries shopping with a cc is ok.
[20:29:07] %StalluManu: shopping for crack cocaine with money you just pulled from the bank isnt.
[20:29:46] %StalluManu: there's various algorithms that you can find on google that the banks use to check if transactions seem legit.
[20:29:49] %StalluManu: use this to your best advantage.
[20:30:01] %StalluManu: if you dont, i herd the NCR has pretty shit security.
[20:30:27] %StalluManu: you see, you dont want your carding of people to stand out.
[20:30:42] %StalluManu: dont move all the money directly to bitcoin.
[20:31:26] %StalluManu: dont you fucking dare use this info for CP sales.
[20:31:32] %StalluManu: actually, i have a funny story on that.
[20:31:40] %StalluManu: there was a pretty big american bank, ~80k members.
[20:31:45] %StalluManu: That got pwned.
[20:31:45] Wearemudkipz ([email protected]) left IRC. (Read error: Connection reset by peer)
[20:31:50] %StalluManu: The russians used the account info for CP sales.
[20:31:59] Wearemudkipz ([email protected]) joined the channel.
[20:32:03] %StalluManu: The people that were clients at that bank got v&'d. Some of them are still in jail.
[20:32:10] %StalluManu: Jail as a kiddie fucker isn't fun.
[20:32:18] %StalluManu: The wrong jail and you're dead.
[20:32:30] darkspline ([email protected]) left IRC. (Ping timeout: 240 seconds)
[20:32:35] %God:
[20:32:37] %StalluManu: So please, be somewhat carefull with releasing bank info.
[20:33:03] Fox sets mode +v imposter22
[20:33:09] ~Fox: Imposter has something on retail.
[20:33:18] +imposter22: i work for a retail computer company
[20:33:27] +imposter22: i know then in's and outs of the networking
[20:33:34] %StalluManu: do continue:P
[20:33:41] sublimepua ([email protected]) joined the channel.
[20:34:00] +imposter22: most stores store their creditcard info on all the registers and servers
[20:34:18] +imposter22: as anyone who knows anything about skimming
[20:34:45] +imposter22: there are 2/3 lines of code that arnt even encrypted on credit cards
[20:35:00] +imposter22: bank number. routing number/ name/ exp date
[20:35:14] +imposter22: all this info is saved temp in logs on all their hdd's
[20:35:38] +imposter22: which is why most stores are very secure with the old (even bad replaced hdd's)
[20:35:58] +imposter22: they log customer spending like crazy
[20:36:06] +imposter22: its a whole tracking system
[20:36:20] %StalluManu: imposter: i got some info on that too.
[20:36:30] %StalluManu: i've been in the netherlands for a while, and seen the NCR.
[20:36:43] %StalluManu: they are NOT that much into scrunity for their machines hdds.
[20:36:53] %StalluManu: THEIR atms do log cc numbers.
[20:37:04] %StalluManu: if you are lucky you can fish an atm from the trash and literally get a root image.
[20:37:09] %StalluManu: most of the shit on it is still xp + visual basic.
[20:37:21] +imposter22: yes... but thats not really NCR that does that
[20:37:24] +imposter22: that is the actual bank
[20:37:28] %StalluManu: true.
[20:37:35] %StalluManu: but they return 'em to the ncr for repairs.
[20:37:36] +imposter22: NCR supplies the equipment.. software is run through the banking company
[20:37:38] %StalluManu: ncr tosses them.
[20:37:44] %StalluManu: bingo, hdd.
[20:37:48] +imposter22: well... no
[20:38:10] +imposter22: companies have contracts with NCR and IBM and others to send the hdd's in for distruction
[20:38:21] +imposter22: this is a MUST for ATMS and backoffice servers
[20:38:27] +imposter22: they dont just toss those ones
[20:38:42] %StalluManu: uhh.. then where did someone who is not me get those root images with cc dumps from?
[20:38:45] %StalluManu: thin air?
[20:38:45] +Shidash: Does anyone know of places to get good proxies? Paid proxies are okay, just looking for the best ones possible.
[20:38:53] +imposter22: they log s/n's of the hdds and those logs contain where the hdd was and how long it was in commision
[20:39:03] %StalluManu: ^true^
[20:39:07] ~Fox: Shidash shhh
[20:39:12] ~Fox: ask later
[20:39:20] ~Fox: or tweeter
[20:39:32] +Shidash: oh, oops, did not realize the talk was still going
[20:40:03] +imposter22: what these companies dont know is how easy it is for a tech (not me :]) to just steal shit like crazy
[20:40:27] +imposter22: its amazing the securty they take from the general public... but leave the tech with a big securty gap
[20:41:09] %StalluManu: also ATM botnets r cool.
[20:41:13] +imposter22: a tech could skim 1000's of creditcards... get the ip address of the corp hq for the reimaging servers for the retail client
[20:41:41] njordx ([email protected]) joined the channel.
[20:41:44] +imposter22: ATM botnets? those exhist?
[20:41:54] %StalluManu: no comment.
[20:41:58] +imposter22: lol
[20:42:19] +imposter22: you know those lonely looking atms that look fake as hell but are real
[20:42:26] +imposter22: the ones in shitty stripclubs
[20:42:46] %StalluManu: ofc.
[20:42:58] %StalluManu: those that run win90?
[20:43:03] +imposter22: on the generic ones you can type a 5 digit code and change all kinds of settings
[20:43:05] %StalluManu: *win98
[20:43:25] +imposter22: cheaper :P
[20:43:47] +imposter22: they run a basic "XP ebedded
[20:44:14] ~Fox: Ok kids
[20:44:18] %StalluManu: btw, know something lulzy with PoS boxes:
[20:44:26] ~Fox: we've pretty much gone off the beaten path with our crypto talk
[20:44:27] %StalluManu: iexplorer exploits.
[20:44:31] %StalluManu: old iexplorer exploits
[20:44:31] %StalluManu: true.
[20:44:32] ~Fox: we're going to call this just general shit
[20:44:39] ~Fox: So before we close and I start wrapping up
[20:44:46] ~Fox: I've made the announcement on twitter
[20:44:48] dsr ([email protected]) left IRC. (Remote host closed the connection)
[20:44:50] ~Fox: I'll make it here as well
[20:45:01] ~Fox: We've had an overwhelming demand here for more advanced classes
[20:45:15] ~Fox: We still want to reach out to those of you that are at a basic level
[20:45:54] ~Fox: over the next few days and weeks we will be creating a site to house all of these talks, along with getting a more organized schedule for classes, teachers, and for input from you guys on what you want to learn more about.
[20:46:27] ~Fox: We appreciate the hell out of the kind word, encouragement and donations for those of you that have ( 18hRWnxoHztBPDYQ9bPA1uUpN8LTrd7xbB )
[20:46:35] %LordKitsuna: "we will be creating a site to house all of these talks" feel free to use my vps if you want
[20:46:44] ~Fox: We're getting together a lot of new things, so if you all keep coming, we'll keep rolling.