ki4jgt
-
Posts
46 -
Joined
-
Last visited
-
Days Won
2
Posts posted by ki4jgt
-
-
So, I got to thinking. . . Never a good thing
ALL of the zipit OSs are desktop focused. Every single one of them. I mean no disrespect to the devs (they worked very hard with their projects and deserve utmost respect) but, I have an idea for a better desktop environment. The problem is, I don't know how to actually code it. Here's the basic layout:
http://imageshack.us/photo/my-images/36/zipitr.jpg/
I have a basic understanding of Python and a VERY Windows style BASIC, but not VB. It's justBASIC. On Ubuntuforums.org, I got some python written DEs but they were mostly terminal and curses based. Does anyone have any ideas on where I need to start, to put this project together?
-
Those guys have an amazing set of stones on them. I don't think it will end anytime soon.
Nice sig BTW. I recently got in a very big peeing contest with a friend who told me that he had a computer which could beat mine and I could never get it. The only thing he based his assumption on was how many things it could do at once. He had 16 gigs. I only have 1 :-)
-
They attacked US gov sites. Why not GB?
-
Everything in Tor is end-to-end encrypted also. It's just not on exit nodes. (from what I've read) but 1p2 isn't encrypted on exit nodes either, but I do agree. it is faster. Do they offer a terminal based version? or a way to run it from the terminal?
-
-
You have to keep in mind, it may not even be the original Anonymous who is doing this. In fact, it isn't. Anyone can claim to be Anonymous. That's the problem with Anonymous style justice. It may have good intentions in the first, but after the beginning, it goes bad. My reference, KKK
They started out as a fraturnity. With anonymity, comes lack of responsibility. If Anonymous had a third party which they could use to hold them accountable, they would be a lot better, but then, they wouldn't be anonymous.
-
Love those things. . . :D But they're too light. If someone was paying attention, they would know it was fake. Do you remember in HS, when people would try to give you an empty soda can or an empty gum wrapper? I don't know about you, but I was always able to tell if it was fake. People hold lighter things differently than they do heavier ones. For one, a full coke can will usually be more influenced by gravity than an empty one. It will always be pulled to the ground. Most people mess up and wave it around like it's a stick, or they hold it like it's light as a feather. The fake gum is pretty much the same. Plus, I'd hate to actually give a cashier my adult video collection (don't have one, but if I did) instead of the money.
Don't get me wrong, I LOVE EM. They're just too risky for my tastes. If I used them, I'd place them up on a shelf somewhere in a display case and make people think they were really important, so they wouldn't ask to see them. Something like, hey those were a gift from my girlfriend who passed away in high school, and make up some story about them.
-
A lot of people have been wondering why Anonymous has not been caught yet. Sure, being a decentralized organization with no apparent leader makes it harder to track down and stop but still, that many individuals coordinating attacks and not getting caught is pretty impressive.
I've been wondering how they are managing to stay, well, anonymous. I figured it's probably a little more sophisticated than just hopping on someone's unsecured wifi, and spoofing your ip/mac. I guessing they are probably using a VPN and/or onion routing such as Tor. Anyway, I came across this link and thought it was an interesting setup on how one would stay anonymous on the internet.
What's everyone's take on this?
Do you think this is what Anonymous is doing?
Got a better or different way to stay undetected on the internet?
Sorry if I'm misunderstanding, but please elaborate on this step:
TOR —> VPN (Anon VPN so all traffic is encrypted through TOR; end node can’t even see data VPN sees TOR IP not mine) —> Connect to anonymous VPS setup to run I2P —> Proxy running SSL
I'm assuminging you're just running Tor through the VPN connection?
If so, the Tor node would start at where the VPN stops. It's not an extra layer of protection, as much as it's an extension of the connection.
So, I connect to bob's VPN, Bob then speaks to the Tor network for me. It's essentially, adding another connection in line to the three the tor program already provides you. You data will still be able to be seen by the third (forth in this case) individual who is the Tor exit none. I2P works essentially the same way. Your communication is just bounced around the network. 3 is enough. Tor doesn't keep your information, so it's safe to use. TAILS is even safer, but routing through a VPN jeperdises your security, as it leaves a trace.
-
So the first part of the token has to be unique when compared to all other messages the server is waiting to verify? Personally I would have had each message identified by a message ID that is unique to the verification server. This could be something as simple as a sequence that is easy for the verification server to deal with.
What could be a useful exercise for you to do is to put together a simple graphic showing the flow of a message being sent and verified. (e.g. something like this http://security.crudtastic.com/wp-content/uploads/2010/05/3way.jpg)
Here is an example:
Alice sends bob a fax with this letter-head:
Bob
123 Dead st.
New York, New York
Letter 129-4297-1709
Alice has a system of keeping up with the letters. If someone calls and asks for a particular letter number, Alice knows she sent the letter.
Bob calls Alice:
Bob: Hey Alice, I have this letter you sent me. It's letter 129-4297 something, but I can't remember the rest.
Alice: (looking through her filing system for the first few numbers Bob gave her, finds the letter)(Alice then repeats the number in whole) Ah! Here it is Bob. You mean letter 129-4297-1709.
Bob: (Knows the letter is from Alice, because she is able to complete the number sequence)
-
Hey guys,
This is my hack of the week, I'm going to setup a PTPP server on a Zipit Wireless Z2
Processor Marvell XScale PXA270
Flash Memory 8MB
System Memory 32MB SDRAM
Audio Wilson Micro WM8751 Audio CODEC
Digital volume control
Headphone output
Speaker output
802.11g Wireless Marvell 88W8686 Rev. B2 Wi-Fi “B/G” Solution
Supports receive antenna diversity
Supports Power Management
Battery Internal rechargeable battery based on Li-Ion Polymer with at least 1000 mAH (min)
Connector on battery
LCD Display 320 x 240 TFT LCD
Transmissive Display
Dot pitch: .18h x .18v
256K Colors
Min 2.8” diagonal
LED Backlight
200nit Backlight
Keyboard Full backlit QWERTY design
Zipit Layout
PolyMetal Dome
Tactile Feel
Internal Connectors Keyboard
LCDP
Battery
http://www.zipitwireless.com/default.aspx?skinid=1
The OS I am using, will be the Z2sidX
Because I may not always have access to the network which I will be running this server on, I won't be able to forward ports on the firewall. Instead, (I know it will be slow, but I don't intend to use it for anything fast) I am going to create a Tor hidden service on the Zipit Z2, and run my PTPP through it.
Next, I plan to install Tor on my laptop. After this, I will use a system proxy manager to connect to the tor proxy and the VPN the onion address.
Anyone have any suggestions?
-
Anonymous have several sites actually. Some of which are well known, and even linked to their twitter profiles.
How are they not traced then?
-
It doesn't look like spam to me, as a matter of fact I've also posted a thread on Anonymous on a different matter, so it should be OK.
How can Anonymous have a website, and not be able to be tracked?
EDIT: NM, LOL, I thought you were saying that Anonymous had a public forum :-)
-
I agree. They're mostly a bunch of kids. Half of them don't know what they're doing, but it would be great, if we could show them the benefits of a legal society. Most of them are simply retaliating and wanting to war. I'll join and help in this, but only if we get to make those cool youtube videos, like they do :-) Nothing like a lil truth to show people that their fighting for the wrong team, then they get mad and go attack the other team. I think that should be the point you tell them to just be patient. Anon will all get caught sooner or later (at least the groups of it who are doing illegal stuff.) Good idea trying to convert the "Pawns" to our side though.
They often use the idea that in the civil rights movement, people sat in lunch counters and denied other people service. What they forget to mention, is that the people who did, did it with full facial disclosure. Hmmm. . . Let me see. . . Who was it that covered their faces again :-)
Don't get me wrong, there are times, when anonymous is needed. It's in these times when a person or group are being persecuted, that they put out ideas. They don't do actions anonymously, and anyone who does do an action anonymously is usually up to no good.
It also bothers me, that these kids, think they're making decisions, FOR US ALL, as stated by one of their videos, BUT, THEY FAIL TO CONSULT US ALL.
You may use any of this in your mission statement. I give you full permission.
EDIT: the video you posted was the one I was talking about :-) nice.
-
Does it connect back to the verifictation-server, the server that originally connected to it or the server related to the host part of the senders e3/email address?
If it connects to the verification server then the spammer could just run their own verification server and put that in the email.
If it connects back to the server related to the host part of the senders e3/email address then in theory this would stop the email being spoofed, but it would also present a possible denial of service attack.
If the attacker chose a host that has a firewall rule to just drop packets for the relevant port then they could just send a mass of large emails to the server with e3/email addresses from that host. The receiving server would then try to connect to the host and only throw away the email when the connection attempt has timed out. The larger the mail received and the more of them recieved the more resources being spent holding onto fake messages.
Another alternative would be send large fake emails, with the host of a target e3 server, to a number of other e3 servers, they would each connect back to this e3 server and pass it the large fake email. If you have enough machines doing this you can effective DDOS the server but without any of your machines communicating directly with the target.
I'll give you your first strategy. However, your second is a little off. The protocol strips the email down to ONLY sending address, receiving address, and a small amount of the token (in case multiple emails have been sent). The verification server is it's own variable. It doesn't connect automatically to the server at the end of the sending address. The thing behind this is that it will give away the IP of the hacker.
-
I may have missed it, but I can't see the tokens explained in your document. How are they generated? Is it an common cryptographic standard token, or something else? Without knowing how the tokens are generated, used and verified we can't say how effective they would be at stopping spoofing.
It's always good to get second, third, fourth, etc opinions on a new protocol's security, you just need to make sure to point out what you see as the benefits and deficiencies of the protocol. (e.g. it stops spoofing or it requires the use of GPG)
I can't really comment on this till I understand the whole method that your protocol uses to validate a message. It seems very vague in your document (It is a first draft though, so you can beef this section up in the next revision).
Sure. . . :-)
The token is a 10 character alphanumeric string randomly generated by the sending server and attached to the message, the receiving server then strips the token from the message and sends the two emails involved with the message. If the sending server sends the same token back, the message is verified and NO SPOOFING.
The protocol is setup with a variable for a verification server, so the server could be anywhere on the web you wish.
EDIT: I believe the document refers to it as a key. I changed it over to a token the night before last.
-
Having skimmed your protocol I can't see what benefits it has over the standard email protocols, which are also open, and well documented in the RFCs like most other networking protocols in use today?
If you really want to make a new email protocol figure out one that will work on both IPv4 and IPv6 which stops spam. Not an easy task and it is spam that stops most people from moving their mail servers over to IPv6 (blacklists which are one of the most effective ways to stop spam aren't scalable and IPv6 scales the problem of maintaining blacklists up massively).
As of current, the protocol eliminates email spoofing, using tokens.
This is why I introduced this protocol here and a few other places. It successfully eliminates spoofing. I have made it open sourced with modular variables for email messages. But seriously, I'm just doing it for the intellectual exercise of it all.
The protocol does work on IPv4 and IPv6. As for the SPAM thing, It gets email spoofing right out, with a little creativity, I'm sure something can be done.
-
Just wrote my own email protocol: It's incompatible with any other protocol. Have any suggestions? I know this is reinventing the wheel, but I'm wanting an open protocol, which is why I created this one.
http://sourceforge.net/projects/smashindex/files/E3%20Protocol/E3%20Protocol.txt/download
It's a txt file.
-
So, I came up with this a while back. If someone installed Debian on the Zipit Z2, and then Tor, and then ran a VPN as a hidden Tor service, placed this in range of an open wifi system or in range of a (Hacked) password protected setup, what would the router's defenses be? Could the person have untracable access to the network with just a cheap distant computer which was connected to the Hidden Tor VPN? That being said, if hidden, the Zipit would be almost impossible to find, due to it's small size and the fact that it's available online for $15 kind of makes it a nice little spy toy, that is, if it works. :-) Back to the original question, will it work?
-
Hey guys, has anyone got rootnexus running on the Zipit Z2 recently? I've been recently attempting it. But each time, I failed. I've been looking online for a tutorial for installing it but all I can find is Aliosa's, so without further delay, here's what I did.
- Used the flash script with the zimage renamed to kernal.bin from aliosa's site (OpenZipit shows when the device is booted)
- Now I've used dd to install rootnexus' image to the card (2 gb card).
When I finished dding the card, it instantly becomes unreadable by my machine with another partition. When I insert this into the Zipit, it get stuck on the openzipit screen and doesn't boot. Does anyone have a decent tutorial for this?
All help is appreciated. Thanks
-
Hey guys,
I was wondering if Userland was installed to the Micro Card or if it was flashed to the Z2. Thanks.
I'm Gonna Cry :-)
in Everything Else
Posted
So, my lil sis is sitting in my bros room, trying to use the computer. Unfortunately, everyone in my house doesn't like reading. So, they see something on the screen that says "Press "x" to do . . . ", they automatically assume they need to press X. Anyway, I just installed ReactOS onto my bros 64MB dinosaur computer. As it boots up, the computer reads the OSs CD. The CD has a bypass thing on it which reads "Press any key to boot from CD" my sister presses ENTER and goes through installing the entire OS (about 5 times). Each time, the computer shuts down and restarts, only again to read "Press any key to boot from CD". I walk by the room and ask her what she's doing. She tells me "The computer wont work" :-)