ki4jgt
-
Posts
46 -
Joined
-
Last visited
-
Days Won
2
Posts posted by ki4jgt
-
-
17 hours ago, Dave-ee Jones said:
I'm not sure about all the extra details you haven't elaborated on, but could a hacker simply not spoof the hash response? Think of it this way - if you can see the traffic between 2 entities on a network, you can see everything about their security. You might only see a wall of characters, but it's still how they're communicating. If a hacker knew that the AES keys are sent only in the first 2 packets exchanged then he could reply with a similar packet, couldn't he?
There would need to be some time contingent information involved but generating a key which matched the hash exactly would prove complicated as CJDNS uses an actual asymmetric key as their IPv6 address for their users. They don't even use hashes. To generate an exact hash for an onion address in the TOR network takes eons. All onion addresses are simply hashes of the public keys of their hosts. So you can spoof the hash, just can't prove you're the owner of the hash without the private and public keys. The keys would then need to use time-coded data to exchange the AES keys. If the time in the data is out of date, the receiver knows the packet is not valid. The AES keys should be randomly generated by the software, so the hacker doesn't know if they've broken the key or not and should be different for each connection from your machine.
17 hours ago, Dave-ee Jones said:Also, if the AES encryption is only done at the start of a connection, why can't a hacker get in during a connection. There's no way of 1 PC knowing that the other PC has been spoofed by another, the first being disconnected or pushed out.
The AES encryption is done throughout the entire connection. There is no part of the conversation which doesn't have AES encryption besides the AES key exchange which is in RSA. RSA public key matches the IP address because the IP address is a hash of the RSA key. The RSA key is public so it doesn't matter if anyone has it. The only person who can create messages that the public key can read is the private key holder.
-
Going to elaborate a bit:
This is all over an unsecured network (so Alice and Bob both have IP addresses -- let's say in the IPv4 spectrum for local wifi with an open network).
Alice wants to talk to Bob and each of them have the networking software (virtual networking device) installed.
The virtual device works by creating an IPv6 address for its client (so they both have one). The IPv6 is a hash of each client's public key.
Let's say Alice's public key hash was 00:11:22:33:44:55:66
And Bob's was 77:88:99:10:11:12
Alice's virtual interface would broadcast a message over the IPv4 network asking for 77:88:99:10:11:12's public key (since the IP is a hash, the key must match and since Bob is the only one with the private key to match the hash, he's the only one who can communicate.
Once Bob's interface sends Alice's interface his private key -- in response to the broadcast -- the interfaces can exchange AES keys and then communicate. The communications can't be hijacked at any point, just stopped.
-
1
-
-
6 hours ago, Dave-ee Jones said:
Always Ends Sadly.
Stupid cryptos. :(
I was under the impression that SSL handed off to aes after RSA. That's been the standard for years. Once you've exchange your encryption key you exchange an aes key and then have communications from there because AES doesn't take as much processing power as RSA. AES is pretty secure mate. In fact, that's what a lot of encryption systems do, even whole hard drive encryption. It stores the AES key in an asymmetric encryption then uses the key to decrypt AES -- again to spare the processor the heavy burden of using public key cryptography for everything as it is very resource intensive.
-
So, I've been bored and when I get bored, I come up with awkward ideas out of the box. I'm wanting to develop a networking software which encrypts the connections of the devices on any network which has the software installed. The general idea would be to generate an IP from a hash of a public key. This IP would be assigned to a virtual networking device which communicated via whatever networks were available to the user.
Skipping the whole DHCP server bit, a newly joining PC could thus get the IP of a computer by broadcasting a request for that specific IP's public key and IP. The key would verify the IP. and have no need for a DHCP. Then they could exchange AES encryption keys and communicate.
By doing this, any computer on the network that had the software, would have a secure channel of communication over the network, even if it were a wide-open network. This could also come standard in Linux and thus the end-user would have no need to perform special tasks.
I don't have the time to work on this myself and I was wondering where I could put the idea to get people interested.
-
So, I've created bulletin software that can be used in any neighborhood. Essentially it just has to be run on an ad hoc network with OLSR protocal prefered. It's a server that can take addons and modifications. It's only going to get better though.
You can find the project here: http://buckysroom.com/page.php?pid=78
-
Developing a pythonian p2p social network. Here are the details:
- P2P of course
- Free and Open Source
- Semi anonymous (Status updates will be stored on the computers of people who are subscribed to your feed so they will more than likely come from them. The chat feature however will be live and come directly from your IP.)
- I plan to encrypt all traffic
- There will be profiles but only a limited amount of fields (phone number, address, city, state, country, place of work)
- Companies and organizations can create their own feeds and people can comment publically on them.
- You can block someone if you don't like them. Other people will still see their statuses (even if they're addressed to you).
- Except for the chat, it's pretty much like twitter.
- Messages are only allowed to be <= 512 characters long.
- Each user has a profile ID hash which is how friends find oneanother.
- The hash corresponds to a GPG key which is what you use to sign all your statuses.
- I'm thinking of incorporating server nodes in later for individuals behind firewalls.
Anyway, I've been hacking at the server protocol for this all night. I plan to start on the GUI next week. I'm currently on Google Code and have realized that I don't have a name. I would love to hear some names tossed out to see if I like any of them. Thanks for your time. -
Yes sometimes windows can get really annoying but i find little things in any OS that bothers me..
Steam is a program similar to something like itunes except for games... Pretty much you can buy and play your games through the program.. Any game you buy will be saved to your account letting you install it on any computer that you can access steam from. They also offer a good variety of free 2 play games and a rumor is going around that they will start offering software also.
As for using blender inside linux I've never had any problems with it. Personally i think installing and setting it up is easier using linux.
I currently run
Windows 7 ultimate 32 bit
backtrack 5 r2
linux mint 13 (mate)
Thanks for that info. It'll make the Ubuntu transition easier. I also don't like the quirks of Ubuntu but they're a little more barable for me than the ones in Windows. Someone else may feel differently though.
What i suggest and you do is keep your windows machine the way it is. You might need it just load vmware or virutalbox and run the ubuntu from there. Trus tme much easier and better.
One other thing to do is download truecrype and encrypt your whole drive. that way if you lose it or something comes up you won't be to scared if someone found something they shouldn't see or if you want to keep your privacy to yourself only.
Just my suggestion.
I was going to download truecrypt. I love the program and usually create an encrypted container (around 5 gigs) on every computer I get for securities sake.
Wow O_O I've never had this happen to me on windows Lol. Guess i must be lucky?
Steam is in not so many words cloud gaming in a sense. You buy games from it download them ??? profit.
My specs are:
i5 overclocked to 3.8 Ghz
16 Gb of Ram
6700 Raedon Ati Video card
1TB HDD
32 gb SSD
Cooling kit
And even with that unity sucks for me. Could be because i need proprietary drivers for my video card? Not too sure.
Wish I knew. I would like to see where Unity is going but it drives me insane to see it lagging. If my system has this many resources and still lags, I don't know why I even got it.
-
I just tried it out so i could see as a POC (Proof of concept). Ubuntu 12.04 LTS running with MATE it works fairly well considering that for what ever reason My pc hates Unity. Hate meaning that i can run say a high end game and get no lag but unity will lag hard. The reason i said that for 3d rendering is more of a gut feeling. Say you wanted to do a ton of video editing i would recommend Mac os x. I would think that Windows would work best for it because of the 100% driver support for any video card where linux can be hit and miss even with proprietary drivers. For as far as it goes with games for linux in a recent news post Gabe newell said that they are looking for Steam to come to Linux (I'm thinking mainly Ubuntu). Reasoning was that Windows 8 is horrible and i can honestly say that it really is crap. I defended Vista for a long time before i was like "Oh they are right..." but no I'm not even giving Windows 8 anything at all. I'm surprised you had so much happen with dual booting Windows and Linux. I currently am multi booting Arch BT5 Windows 7 and Mac os X (hackintosh).
That's how I feel about w7. My sister has a w7. Let's just say after doing the same cycle of:
(Download File)
You can't run this file because it doesn't belong to you
(change file ownersip)
This appears to be a malicious file. Windows has removed it to protect your safety.
-file dissapears-
for an hour trying to adjust window's security settings, I don't want W7 LOL. That's however the distro my system includes :(
I've also noticed the game lag from Unity as well :( I thought it was because of my system becoming obsolete. I have 1 gig RAM with an i386 and 150 gigs of HDD currently. I've never heard of steam. What is it exactly?
-
Aw. Wine kinda sucks for some applications so unstable sometimes but what do you expect lol?
Personally i like LXDE11 but you said that you don't like XFCE so I don't think you'll like it.
I just don't care for the unity in scheme at all but another fairly good one is Mate. In my opinion it feels like KDE (kinda).
Pentesting is what i do for a living also its just a ton of fun. Especially if you find a 0-day. Oh when that happens my day just got 1000000000x better lol.
I love the whole Linux GPL "thing" but for 3d rendering i would suggest Windows. I know i might get flack for that but honestly it will make it easier for you to dual boot because as you said your echolink program might not have a linux variant.
Compiz when i was using it for xfce got under my skin. Every time i would go to edit it something would happen either i royal messed it up or its not as stable as i thought.
I totally forgot about MATE. That would be perfect. The only question I have is will the Ubuntu programs interact smoothly with it since the default desktop is Unity in Ubuntu? Last night I decided to dual-boot backtrack 5 and Ubuntu. I would give Backtrack around 10 gigs and use it only for hacking/pen testing. I want to also install spoonwep on it :). Is there something particularly wrong with 3D rendering in linux (I plan to primarily use Blender) or is it a gut feeling? I ask because I've already had to redo some of the shortcut keys in Unity because they interfered with Blender. Once I got past though, it started acting smoother also, with all the settings and wistles of Compiz messing it up is fairly easy to do. You forget which shortcuts you set for this or for that, you forget which aspects of it you have activated and which ones you've deactivated, you change shortcuts the way you like them and then learn that they're interfering with something else. If you can develop a system with it though the process goes a LOT smoother. As for the Windows dual-boot, I'm considering it but back in the day I used to deal with a lot of infected files (WAREZ and such). I ended up getting in the hundreds range of infections on my computer each month :(. That's why I switched completely to Linux. I'm still paranoid about Windows. If you care to pay attention it could be avoided I guess. I mean I work on Windows machines daily fixing them and telling their owners how NOT to get infected but I'd just prefer not to have to worry about it. Linux has all I need. (except for quality games but that one is steadily coming).
-
The specs look fairly good to me.
Do you plan on doing any Pen testing or is this just for doing HAM Radio related things?
Also what flavor of Ubuntu are you going to use? The stock Unity (ew, Sorry)?
And again are you doing stright up Ubuntu or are you doing a multi-boot since you have 1TB?
All questions no answers. Sorry :X
Well, I can't figure out how to build the native echolink program (truth be told, I can't even remember what it's called anymore) so I'm stuck using it through WINE. I probably won't install echolink as it never has met my needs under WINE but I plan to rewrite my original field day logger (from BASIC into Python) and use it as a general purpose logger. I dislike the Unity interface but I prefer it over the others I've seen :(. KDE is too configurable and bulky. XFCE is too light and isn't configurable enough. blah blah blah. GNOME 3 just gives me headaches. Gnome 2 was my favorite but I don't want something that has moved has moved on to "bigger and better" things. If I could change anything in unity though it would be a better way to manage windows. Because every window takes the same space they're always interfering with one another when the menu bar is concerned :(
I will install the compiz cofiguration program. I like having the ability to add graphic appeal (mostly making my windows transparent with certain key combos). I mostly plan to use the laptop for 3D rendering with Blender. I want to do short movies and images in HD. I also would like to get into pen testing. I used to be quite good at ******* ******** but that was back in the day when ******** were simply one command after another of mostly instructions on how to function and didn't take into consideration security vulnerabilities. However, I don't plan to use this knowledge for illegal purposes (anymore) as back then they were just member based things that ripped you off by making you pay for something that the authors themselves had released for free. Anyways, I still enjoy fooling around with that stuff and wouldn't mind a good base on how to get started again :) Don't worry about it. The questions help make decisions.
-
Just ordered a new laptop and I want to customize it. Anyone have any suggestions?
Specifications:
- Inspiron 15R
- 8 gigs RAM
- i5 processor (64-bit)
- 1 TB hard drive (which I'll never use LOL)
- Wifi (and I believe bluetooth but not sure)
What I plan to do so far:
- Install Ubuntu
- Had a wierd desire to make it Dvorak instead of QWERTY
- Also wondered what it would be like if the keyboard had no letters, so I purchased black stickers to go over the keys.
- If no bluetooth, I plan to solder a bluetooth adapter into the motherboard.
- Getting a wireless mouse
- Getting a wired headset for comm purposes
- Going to setup a VNC server for remote access
- Thinking of donating some cycles to the folding research projects
- Installing DVD support
- Adding a live radio feed for my local police station to Rhythmbox
- Want to look into setting up a DDNS url for it and possibly SSH
Any other ideas?
-
I support Operation Get A Job, Operation Feed Your Children, and Operation Put A Roof Over My Head. You want to start a revolution, it starts in your home. Educate your children, and I don't mean brain wash them to hate their government, although Syria might be a case where the world has already waited too long to try and help, but aside from that, you fight the system, by using the system against itself. Half of why OpWallStreet and the others are failing, is because they have no true representation. They need lawyers to fight the government's, corporation's and banking industries' lawyers. As for the whole "we take down and expose networks to bring security awareness" is total bullshit. You find a flaw, you report it, or you go public, but not at the expense of handing out credit card data and personal info on these people. Go to the media, news outlets, security vendors and such, but once you start acting as if you are saving the world by destroying it with your anarchy, I lose all respect for you.
I believe in the right to protest, privacy, bear arms, and challenge our government when they have done wrong. I don't however support the way in which it has been done with all these OpInsertBOredTeenagersRantsandAngstHere campaigns, which has only led to violence and hurting the innocents in the process. All these kids, are pawns, playing the game of a few on the upper echelon of what is going on, and if you think otherwise, you are naive. If we want there to be anything left for the next generation to come, and the generation after that, then everything we are doing to will only ensure that there is nothing left. I fear for my children, to have to grow up in a world, where their government has become the enemy, and the nations of the world care more about spying on their own citizens, than they do protecting and caring for them. We're all on this big blue ball of shit together, and the more we destroy it, the quicker we flush our future and out children's down the toilet.
Heres a novel thought. How about OperationChillTheFuckOut or OpPeace.
That would be a great op LOL. OpPeace that is. Since anyone can claim being anonymous, maybe someone should start it up, post a video on youtube and claim it under anonymous. Something along the lines of We (anonymous) have found the error in our ways ROTFL. That's bound to turn some heads. Don't mean to keep bringing this thread up though but how many people are behind anonymous per se? Does anyone know for sure? Have their numbers dropped since the pedo sites were shut down (The last thing I heard about them until I googled them and came up with this stupid plan)?
-
I think they give a bad name to hackers, conduct themselves like teenagers and are a complete waste of valuabe bandwidth. One day they'll learn change doesn't come by whining on the internet and posting people's private info.
Imagine the world we'd live in if George Washington had thought that "revolution" meant handing out copies of the Queen's diary. I'm glad he knew the real meaning of the word though!
LOL, well the pedo sites they brought down inside of Tor was a good thing but they've allowed all the power to go to their heads (whether it's the same group or not who does operation Mayhem.) I've never agreed with anything they've done whole-heartedly. I have noticed the positives afterwards though. However, they have gone from picking on government agencies and companies who may have serious security concerns to sectors which are a tad more private. Though it's funny and could be conceived as the robin hood personality with entities which do not make known their intentions (not that I condone hacking illegally because I don't). There are always two sides to every coin. Companies which aren't supposed to make known their intentions because they are protecting something like say, one of the workers in one of those companies has AIDS and it's on their medical record, with as much of a data dump as this is proposing there's no way of keeping that type of information private. I would honestly be afraid of what they found on me. I don't even work for those companies but I am involved with a couple. I know I wouldn't want that information getting out. What's worse, we don't even know who "they" are, so for as far as we know, they could use this information to black-mail any of us. I pity the person low enough to help them in their data dump this time.
-
Who all supports opperation mayhem-2012 and why do you support it? For the record, I do not b/c I believe with that much of a data dump there is bound to be personal information included and some innocent bystanders will be hurt.
-
Is there a reason you aren't just bridging the two routers directly, or is it so you can filter/monitor traffic from the one PC as a firewall or such?
It's a public access hotspot which my Iphone will not connect to (too far away). So I can't exactly bridge it. Plus the situation is temporary so I have no need to purchase a professional bridge. I can't adhoc as Iphone won't connect to an adhoc network :(.
-
I need a temporary setup to turn my computer into a network bridge. I have one router with Internet access and one router without. I need my laptop to act as an intermediary and relay the information from one wireless router to the other. I have 2 wireless USB sticks with Ubuntu Linux. I can connect to each of them at the same time but I need to relay the Internet from one to the other.
-
If you ddos their site, you're going to make a new enemy, and why would you want to do that if you didn't have to? Let Craigslist deal with it, they have teams for this stuff, forward the email to their security department and forget about it.
Besides, I think the best approach to this type of stuff is being resilient to the attacker. We need to learn to expect phishing and cope with it, not ddos every malicious site out there.
Bit curios though, how would I have a new enemy?
-
good answers guys. :-)
-
-
The easy way would be to just make an app that looks as you've designed and run it over top of the operating system... Similar to how ubuntu netbook remix runs.... of course the better way of doing it would of course be to build the gui from the ground up, good luck finding someone to do it though.
How would I go about doing it?
-
Keeping in mind that this is just for discussion ONLY. This is a site about white hat hacking by the way. is it morally just to DDoS impersonation sites? Example: I recently received this email
Dear Craigslist member,You are required to update and verify your
Craigslist Account because of the high number of scamers.
In order to update and verify your account click here or login to
https://accounts.craigslist.org and complete the form.
Craigslist Team
All rights reserved.
Copyright ? 2011 Craigslist.
Would it still be white hat to DDoS it? The reason I asked is because a friend and I got into a discussion about it a few days back. We both saw pros and cons to the situation. I've already made several posts online about it, so I couldn't really do it without getting in legal trouble LOL (Not planning anything :-))
One of the responses I got was: If you killed a prisoner on death row, you would still have committed a crime.
In my opinion: If I stop a murderer/phishing site from killing/phishing then I would be in no legal trouble. Why is this any different?
***NOTE: This thread is to discuss the moral implications of DDoSing a forgery site. It does not in any way promote illegal activity, just the free flow of ideas.
/discuss please
-
My USB has GIMP, Firefox, Tor, few scripts I wrote to bypass public cafe security settings (with permission of owner/technically, not bypassing, just getting around), skype, google chrome, Audacity.
-
Well either way, I feel sorry for the computer, its said but oh well shit happens.
I don't even think it's possible to upgrade :-( Just reusing old equiptment. Reducing, Reusing, Recycling.
-
Ohh that is so hilarious. But I feel sorry for your computer brooo....
Why? It's not mine :-) It's my bro's
Going to leave this here -- encrypting all networks
in Applications & Coding
Posted
Well, CJDNS actually uses the public key but I figured that with the onset of non-binary computers, the processing power needed to break such a small key would significantly decrease. So, I went for a longer key 4096-8192, with a reference hash to the key in question.