A new backdoor has been found recently that allows hackers to possess your system files and send them back to a linux-based server. FFMPEG which a popular codec has some backdoors so beware when opening video files from your media player since it can be backdoored to let them get access to your data. The backdoor can affect most operating systems including linux, mac, and windows. More detailed descriptions can be found here on those 2 links >http://news.softpedia.com/news/zero-day-ffmpeg-vulnerability-lets-anyone-steal-files-from-remote-machines-498880.shtml >https://news.ycombinator.com/item?id=10893301
Why are there still websites that arent using HTTPS when Let's Encrypt is handing out SSL certificates for free? Is there any valid reason for still using HTTP?
You can use OpenSSL of any number of third party Certs for free. The root authorities like Thawte and Godaddy are already trusted. The upkeep to prevent fraudulent use of SSL is why these premium certificates are so expensive. If you dont want to spend the $1-400 on a premium third paty cert, you can ALWAYS set up your own certificate authority and dump the ass loads of time into installing testing and troubleshooting on remote systems. Its not that hard, really, but when you look into the time investment it s generally cheaper to go with the third party cert.
>>3972 >>3973 >these premium certificates are so expensive. >it s generally cheaper to go with the third party cert. so i understand we are not paying for certificates themselves,we pay for a "name" that is trusted by users. the more popular the c.a the more expensive it gets
>>3959 >https://spdycheck.org/ according to this MC is not using spdy is this why MC is so slow with HTTPS?
Certificate authorities offer a false sense of security and don't really stop MITM attacks. The only way to use it effectively is to diligently check the certificate every time, and that can be done using a self-signed certificate. That is bad enough without SSL being found broken constantly. In the name of screen door security you should still use it, but was implemented with the "everything must work because if not the e-commerce is in danger and blah blah blah" directive so in essence it was designed broken. The reason to use it is to ensure you are at least not the low-hanging fruit.
>>3959 >>3967 The https version use the protocol HTTP2, which means that all images can be downloaded in parallel wherese http1.1 download images one after the other (that is why images appears rows by rows in https version and one by one in http version). So it is faster. I think this test is stupid, because they are showing difference between http2 and http1.1, not really the advantage of SSL in matter of speed
https://www.rt.com/op-edge/345470-nsa-leaks-snowden-whistleblower/ >Thanks to Edward Snowden’s revelations, the US government can no longer directly collect everything that we communicate with each other electronically, Tom Devine, legal director at the Government Accountability Project, told RT America’s Manila Chan.
>>4003 it's not bad , it's just against the KISS philosophy in *unix , programs should do only one thing and do it well. a good example of the previous statement is how people often make backups by chaining and piping multiple commands together : tar + bz2/xz + ssh systemd is not following the same guideline, it has replaced the init process (the first process executed after the bootloader fully loads the kernel) and it keeps growing each day replacing and merging many processes into one, this can cause problems bc when it crashes you have a higher chance of getting a kernel panic and having to force restart losing data. for a regular linux user this is nothing to be concerned about ,systemd really works and the OS distribution surely tested it before packaging it.
does systemd do anything new, useful, and easier than already existing FOSS software?
>>4008 yes, it can cause rape
>>4008 systemd was adopted because it wasn't as buggy and didn't have as many problems as the alternatives. These days the problem is that systemd is taking over; function creep galore. The systemd/linux joke is becoming more accurate by the day. Also they aren't as good as they once were, letting major bugs go unfixed for too long (even device-breaking) and responding to critics by saying their critics just hate women.
>In celebration of Data Privacy Day, SpiderOak today announced Semaphor, a new workplace collaboration tool for teams and businesses that care about privacy >Semaphor will be available on all major operating systems as an open source applicatio So, is this the new TOX, but that will actually have day to day development to it and will actually be a secure chat room option? https://spideroak.com/articles/press-release-semaphor-to-give-team-collaboration-privacy As a tool for privacy collaboration, I suppose this will even have a secure webcams system.
>>3638 no idea. But if it's open source, you can make your own that is RMS approved
>>3640 No, that's not how it works. If you tried to relicense that code, especially with the GPL since you have to make the source available, you would be sued into nonexistence.
New semaphor video https://vimeo.com/158374271
Will it be available for linux or just Windows, OSX, Android(inb4 thats linux) and iOS?
>>4074 spiderOakOne is available for Linux, so semaphor will too most likely
Hello this is /nsa/ admin I wanted to make this thread due to the voiced concern that the sticky is out of date (and it is) People can post in this thread any information that they think would be relevant or useful and I will consider it, then add it to the new sticky image. I will leave this thread up until the new year, anything decent that has been suggested since then I will introduce permanently to the sticky.
>>3765 old things
>>3341 The points in the other sticky should still hold, personal security and privacy are things we should value, we should also keep information accurate.
yo the sticky image is 403'd god knows how long its been
im quite sure /nsa/ admin has abandoned us
>>4054 >>4034 sorry it's been a while I'm working on a new one but it's going to be a while longer
>go on IRC >find interesting guy >ask if he has OTR >says no >explain it to him >"if you have to go to such lengths to hide what you want to say, I think I don't want to hear it" This is 2016, this is what the Internet has become.
>>4011 >interesting guy >does't enjoy privacy I don't think so
Why is someone possibly IRCOP banning users right and left in #masterchan?
>>4075 seems to be the case. Everyone who tries to join #masterchan gets automatically banned
Can someone find a new Tor friendly MC IRC?
old thread on /b/ is dead, so i'm reposting this. How to evade ban on 4chan: This is few methods how to evade ban on 4chan. Let me remind you that no matter what method you're using, you must always clear your cookies before another attempt, because they are trying to stop you from evading by identification cookie. 1. Using Hola unblocker This is not safe. because this shit is using you as an exit node, so you shouldn't use it. But if you want to shitpost on 4chan so much that you don't care about the risk, you can. Also many hola ips are already banned on 4chan, so it takes several tries most of the time. 2. Using 3G connection via phone or 3G modem with prepaid sim card. This is the best way i know of so far. 3.Setting up your own proxy using glype or something similar. Problem with this is that freehosts don't allow this and block attempts to create proxy. You would need a paid one. 4.Setting up VPS and use remote desktop to browse web If you have a VPS, you should be able to connect with some remote desktop software, install webbrowser and surf the web with it. 5.Wi-fi hotspots Easy method. I'm sure many of you already thought about that. You can take your laptop, phone or tablet and go look for some hotspots near you. You can google hotspots in your city. The downside is that you're in public of course. 6.Cross Site Request Forgery You could make some website where after clicking some button user would send POST request to 4chan with message that was a hidden element in your site and fool people into clicking this, so they would actually make those posts for you without them knowing. People who know PHP know what i'm talking about. https://www.youtube.com/watch?v=vRBihr41JTo The problem would be dealing with captcha. This is probably too complicated for average mchan user. 7.So
(text too long)
Thanks FBI See you back at 4cuck!
>>3412 And if someone has a static IP? Can web proxies work?
4chan is gay
>>3412 >6. >too complicated for the average mchan user if someone were to figure out a way to bypass captcha feel free to contact me -__- the whole point of captcha is that it's computationally complex otherwise people wouldn't use it
>>4056 Theres some way that involves paying a person in China or similar to fill them out for a penny a time.
>Connect to Tor >First node is the same node >panic Anyone have the same problem like i am? I always have the same node also sometimes it gives me a long address with X n shit telling me that i'm not using Tor. Note: It is updated
What node are you referring to? Your exit node?
>>4030 I think he means his entry node.
Something can be wrong, maybe NSA crapware infected you. Drill your drives, destroy your routers/network shit, change ISP.
Tor uses the same entry guard for months at a time because it's better for security/anonymity. Instead of panicking like paranoid retards you should probably try reading about tor and learning something: https://blog.torproject.org/category/tags/entry-guards
>>4020 How are you connected to Tor? Browser Bundle?
Haxing and Penetrating thread Learning: http://www.securitytube.net/ http://cybrary.it// http://null-byte.wonderhowto.com/how-to/ http://n0where.net/ http://www.offensive-security.com/metasploit-unleashed http://www.exploit-db.com/ https://siph0n.net/ http://www.cvedetails.com/ http://resources.infosecinstitute.com/ http://www.windowsecurity.com/articles-tutorials/ http://www.securitysift.com/ http://www.sans.org/reading-room/
News/CVE releases: https://threatpost.com/ http://www.deepdotweb.com/ https://packetstormsecurity.com/ http://www.cvedetails.com/ Wargames: http://overthewire.org/wargames/ https://www.pentesterlab.com/ http://www.itsecgames.com/ https://exploit-exercises.com/ http://www.enigmagroup.org/ http://smashthestack.org/ http://3564020356.org/ http://www.hackthissite.org/ http://www.hackertest.net/ http://0x0539.net/
How to send emails? Where to create a email box which won't be controlled by your nearest intelligence agency? What email providers you suggest? If paid, I would need to buy bitcoins and then to wash them. Should I have separate mailbox for each project/aspect? Separate has many pros but it had to be free ones than paid (otherwise would need 20 paid mailboxes). Should I use mailbox through TOR? Even if I send mails using my real name? Or is SSL enough?
No clue I can't help you so sorry I used to use some kind of TOR e-mail a long time ago to send and swap cp back and forth but had to delete it and do away with it since the feds took that site over Now I just use my work e-mail for everything and said "fuck it"
>>4063 >protonmail.ch >darkmail >tormail etc etc
any developers here? how do I go about finding an open source project i can contribute to? I lurk and browse GitHub for projects and i can't find anything to contribute to the projects i found or have an interest in are either too advanced for me to contribute to and require some serious understanding (like a 3ds emulation) or are written in a programming language i don't care about (for example lua or java)
>>3998 I already do that, it's good but lately i find it became like reddit.
>>3999 SO is nothing like reddit. View it strictly for its information and not its community and you'll find it great. Easiest way to program is to write something from scratch. Just write what you want and you'll learn a lot along the way.
What are some good projects in need of bitcoin?
If you're interested how HT got hacked: https://my.mixtape.moe/caifvn.txt
What does one need to learn in order to get into hacking? Its easy to say just google it but it would be nice to know if taking classes at uni is the best route or theres some books you need to read, etc. And how easy is it to just be a script kiddy nowadays? Where does one even find scripts and viruses in 2016?
>>3970 Illegal pornsites are chockful of malware.
>>3970 I question how wise it would be to go the University route if you're intention is to be able to hack the planet, if you learned all of that and then didn't join your corporate overlords wouldn't you be watched closely from then on? Or is that just paranoid? Also whenever someone uses the term "hacking" I question whether they're referring to the old or new definition. The old definition is "clever people who like to tinker" and the new definition is "edgy digital burglar".
>>3987 Either one requires lots of hacking at the keyboard... When I say it I mostly mean the old definition but the newer one can be fun too.
Everything is using this bullshit Akamai Technologies so i looked for it and i find out that it is made by a fucking jew oy vey the spooky part is that he died in 911 on the plane and "stabbed" to death before the plane hit the tower https://en.wikipedia.org/wiki/Akamai_Technologies https://en.wikipedia.org/wiki/Daniel_M._Lewin Coincidence???? I think not
10/10 carrots are boiled
Would any of you fags happen to know how to run nmap through the Whonix Gateway? When you scan an IP, it results in like 100+ open ports and a latency less than 1 second. This obviously makes no sense. The only thing I can think of is that the scan actually hits the whonix gateway instead of the target. My inability to figure this out is seriously eating away at me. Having to route nmap through tor manually, with proxychains, fucking sucks and over time you're almost guaranteed to eventually fuck up a command and have a leak.
>>3899 not even sure what you are talking about, but have a bump
No idea but now considering playing around with Whonix.
>>3899 rtfm or use a recent version of nmap, it now natively supports scanning over proxies
>>4017 I am using the latest version. It's not a general problem related to proxies. I can proxy chain just fine. The problem only occurs when trying to scan through the whonix gateway. I'm currently just dealing with it by sending the scan in a VPN tunnel through tor; Tor -> VPN
reviving /nsa/ in 1..2..3
>>3996 That its a pretty fucking useless IRC if I value my privacy.
>>4001 All this tells me is that you're an idiot, so answer the question.
Sweet someone made one on oftc.
>>4010 Yes, a long time ago.
Any good private trackers that are easy to join?
>>4026 wat are you tracking?
>>4026 I think you are looking for https://opentrackers.org