Tor, DarkWeb, Hacking, Anonymity, Security & other resources

[LovecraftianMonstrosity]

Post resources you use to protect yourself online

How to Anonymize Everything You Do Online | WIRED

Tor Browser

HTTPS Everywhere | Electronic Frontier Foundation

 

[Qlip]

I use a VM to get into the dark webs and nothing else, it's a full Linux system will all kinds of tools on it for diving into scary places:
Whonix - Anonymous Operating System

For general and non critical anonymity, like browsing from a coffee shop, and torrents I use TorGuard, which doesn't really have anything to do with Tor, it's just a VPN:
Anonymous VPN, Proxy & Anonymous Proxy Services | TorGuard

Currently migrating all of my passwords to random strings kept in a password vault:
KeePass Password Safe

I haven't found a satisfactory way of buying/laundering BitCoin. I keep trying different things, it all tends to be awkward and risky or incredibly inconvenient. I haven't looked in a while, alternative crypto currency may help.

 

[Coriolis]

Currently migrating all of my passwords to random strings kept in a password vault:
KeePass Password Safe

Do you use this with linux? What is your impression of it so far, and how does it compare in your experience with other password managers?

 

[Qlip]

Do you use this with linux? What is your impression of it so far, and how does it compare in your experience with other password managers?

My home computer is Linux (Mint), but I also needed a solution that included work (Mac) and mobile (Android). I have never used any other password managers, besides password protected text and my own insufficient password scheme, this has been a long time coming. I can't really say much as I just started using it, but one really great plus is that it is multi-platform. I am keeping the encrypted database on a usb drive on my keychain, it has a micro-usb connector as well as standard so I can plug it into my phone. Also, I put keepass binaries on the drive for Mac and Windows just in case I have to use it on a strange computer without a connection. The program itself seems pretty straightforward, store a username/notes/url, generate a password in an encrypted database, I have yet to explore its other features, which from what I understand includes ways to expedite cutting and pasting passwords into websites. I intend to let Chrome remember website passwords, unless I feel like it's an unnecessary risk.

Are you using anything right now for password management?

 

[Siúil a Rúin]

Excellent thread [MENTION=27425]Listening[/MENTION]. I plan to go over those links carefully.

I have a question for anyone skilled at technology [MENTION=9811]Coriolis[/MENTION] [MENTION=7]Totenkindly[/MENTION] and [MENTION=8936]highlander[/MENTION] come to mind.

To what extent can people hack into mobile phones? I had a friend who was assaulted by someone who was impersonating a friend through text messaging. What I don't know is if he physically had the phone. He works for a security company, so has some tech background, and I was looking online and found you can get set up to text message from a landline on sites like this:
Text-enable Your Business Phone Number with TextBox

I'm wondering if a person could set up other phone lines to text from their computer, and if they can, would they also be able to read texts from remote phones? My friend and I do text message, so I just got a nervous feeling about whether or not those conversations could be hacked into and viewed remotely.

 

[Forever]

Scary things happen in the dark web. I used to have Tor but yeah I stopped using it.

 

[Totenkindly]

Mobile phone tech isn't my thing, sorry....

 

[Qlip]

Excellent thread [MENTION=27425]Listening[/MENTION]. I plan to go over those links carefully.

I have a question for anyone skilled at technology [MENTION=9811]Coriolis[/MENTION] [MENTION=7]Totenkindly[/MENTION] and [MENTION=8936]highlander[/MENTION] come to mind.

To what extent can people hack into mobile phones? I had a friend who was assaulted by someone who was impersonating a friend through text messaging. What I don't know is if he physically had the phone. He works for a security company, so has some tech background, and I was looking online and found you can get set up to text message from a landline on sites like this:
Text-enable Your Business Phone Number with TextBox

I'm wondering if a person could set up other phone lines to text from their computer, and if they can, would they also be able to read texts from remote phones? My friend and I do text message, so I just got a nervous feeling about whether or not those conversations could be hacked into and viewed remotely.

You can send SMS from a computer, but it wouldn't look like it was from your friend unless somebody had cloned his sim card or something, in which case either of you would be screwed. The big problem with SMS is that when it gets transmitted from your phone to the tower that it's effectively in the clear and interceptable using the right equipment. If you want to chat with reasonable security/privacy I'd use an app if I were you, I know WhatsApp is popular for this.

 

[highlander]

You can send SMS from a computer, but it wouldn't look like it was from your friend unless somebody had cloned his sim card or something, in which case either of you would be screwed. The big problem with SMS is that when it gets transmitted from your phone to the tower that it's effectively in the clear and interceptable using the right equipment. If you want to chat with reasonable security/privacy I'd use an app if I were you, I know WhatsApp is popular for this.

Yes I agree with all that. It's why SMS isn't that great for two factor authenticationot and an app on your phone like Google authenticator is better.
On phones I would say an android is a lot more likely to get hacked than an iPhone but malware attacks on phones have not reached critical mass yet. I predict it will at some point in the next six years.

 

[highlander]

Use password manager and auto-generate different passwords on every system you access. Use multifactor authentication on every system remotely important to you. If you use the same passwords on multiple systems go in and change that now.

 

[Coriolis]

My home computer is Linux (Mint), but I also needed a solution that included work (Mac) and mobile (Android). I have never used any other password managers, besides password protected text and my own insufficient password scheme, this has been a long time coming. I can't really say much as I just started using it, but one really great plus is that it is multi-platform. I am keeping the encrypted database on a usb drive on my keychain, it has a micro-usb connector as well as standard so I can plug it into my phone. Also, I put keepass binaries on the drive for Mac and Windows just in case I have to use it on a strange computer without a connection. The program itself seems pretty straightforward, store a username/notes/url, generate a password in an encrypted database, I have yet to explore its other features, which from what I understand includes ways to expedite cutting and pasting passwords into websites. I intend to let Chrome remember website passwords, unless I feel like it's an unnecessary risk.

Are you using anything right now for password management?

So your passwords are only on your encrypted flash drive, then, and nowhere online?

Right now I use old fashioned methods. Passwords I need only at work are in a password protected file on my computer. Our work systems/network are fairly secure, and someone would have to know what to look for even to find the right file. For the rest of it, I use a paper list. It's not hard to keep memorized the 10 or so passwords I use often; the rest I look up when needed.

I have been hearing alot about password managers and know a few people IRL who use them. It seems to have its own risks, though, namely if someone hacks that one master password, they get everything. Now, if someone hacks one of my passwords, they can access only that one account.

 

[highlander]

So your passwords are only on your encrypted flash drive, then, and nowhere online? Right now I use old fashioned methods. Passwords I need only at work are in a password protected file on my computer. Our work systems/network are fairly secure, and someone would have to know what to look for even to find the right file. For the rest of it, I use a paper list. It's not hard to keep memorized the 10 or so passwords I use often; the rest I look up when needed. I have been hearing alot about password managers and know a few people IRL who use them. It seems to have its own risks, though, namely if someone hacks that one master password, they get everything. Now, if someone hacks one of my passwords, they can access only that one account.

Do you have any reason to believe your computer is more secure than a database at cloud security provider encrypted with a password that only you know? If you reuse passwords they are only as secure as the most poorly secured computer you use that password on.

 

[Julius_Van_Der_Beak]

I bought a booklet and have all my passwords written in the booklet.

 

[Coriolis]

Do you have any reason to believe your computer is more secure than a database at cloud security provider encrypted with a password that only you know? If you reuse passwords they are only as secure as the most poorly secured computer you use that password on.

As I have mentioned several times in various places, I do not reuse passwords, nor do I keep them on my personal computer. The computer at my office where I keep work-related passwords is not connected to the internet in any way. I certainly do trust this over some cloud database over which neither I nor my organization have any physical control.* If someone did manage to get through my workplace physical security to my actual computer, I'm not sure how they would even identify my password file to try breaking the password on it. It's not like the filename is "passwords".

* In general, I don't trust a cloud DB further than I can throw it. Perhaps I place too much emphasis on physical security, but IME if someone has access to the hardware and lots of time, I wonder what they would NOT be able to do.

 

[LovecraftianMonstrosity]

Excellent thread [MENTION=27425]Listening[/MENTION]. I plan to go over those links carefully.

I have a question for anyone skilled at technology [MENTION=9811]Coriolis[/MENTION] [MENTION=7]Totenkindly[/MENTION] and [MENTION=8936]highlander[/MENTION] come to mind.

To what extent can people hack into mobile phones? I had a friend who was assaulted by someone who was impersonating a friend through text messaging. What I don't know is if he physically had the phone. He works for a security company, so has some tech background, and I was looking online and found you can get set up to text message from a landline on sites like this:
Text-enable Your Business Phone Number with TextBox

I'm wondering if a person could set up other phone lines to text from their computer, and if they can, would they also be able to read texts from remote phones? My friend and I do text message, so I just got a nervous feeling about whether or not those conversations could be hacked into and viewed remotely.

Yes, mobile phones are very vulnerable. It is the number one concern for companies in terms of their security vulnerabilities. If you have the money you can for over like $1500-$3500 for a cryptophone that will protect your system if you are in a vulnerable position (think intelligence agency, working in corporate upper mid tier and above, politics, etc). If not you probably will not be attacked by persons skilled enough to pull off something too crazy so just downloading an app to encrypt your phone should be enough. There is some opensource code out there from some of the cryptocompanies available on the internet for free, but the problem is that it is only for certain phone models.

 

[Coriolis]

Yes, mobile phones are very vulnerable. It is the number one concern for companies in terms of their security vulnerabilities. If you have the money you can for over like $1500-$3500 for a cryptophone that will protect your system if you are in a vulnerable position (think intelligence agency, working in corporate upper mid tier and above, politics, etc). If not you probably will not be attacked by persons skilled enough to pull off something too crazy so just downloading an app to encrypt your phone should be enough. There is some opensource code out there from some of the cryptocompanies available on the internet for free, but the problem is that it is only for certain phone models.

Any recommendations, or personal experiences with these SW?

 

[Qlip]

So your passwords are only on your encrypted flash drive, then, and nowhere online?

Right now I use old fashioned methods. Passwords I need only at work are in a password protected file on my computer. Our work systems/network are fairly secure, and someone would have to know what to look for even to find the right file. For the rest of it, I use a paper list. It's not hard to keep memorized the 10 or so passwords I use often; the rest I look up when needed.

I have been hearing alot about password managers and know a few people IRL who use them. It seems to have its own risks, though, namely if someone hacks that one master password, they get everything. Now, if someone hacks one of my passwords, they can access only that one account.

They're not online, but they will be soon as backup. I'd say the security risk is pretty equal, but my setup is more accessible. My master password is a long obscure passphrase, a whole sentence and not written down anywhere, for somebody to 'hack' it, they'd have to have a keylogger or a camera trained on me, which means physical access. That's about the same risk as finding your book or keylogging your passwords.

 

[Siúil a Rúin]

Yes, mobile phones are very vulnerable. It is the number one concern for companies in terms of their security vulnerabilities. If you have the money you can for over like $1500-$3500 for a cryptophone that will protect your system if you are in a vulnerable position (think intelligence agency, working in corporate upper mid tier and above, politics, etc). If not you probably will not be attacked by persons skilled enough to pull off something too crazy so just downloading an app to encrypt your phone should be enough. There is some opensource code out there from some of the cryptocompanies available on the internet for free, but the problem is that it is only for certain phone models.

This may be a naive question, but is there safety in something simple like having a second tracfone with a number you don't share with many people? Even though it could be easily hacked, at least someone with a specific intention towards a specific person may not find the number? I'm assuming the phone and minutes could be purchased with cash at Walmart or something?

 

[SpankyMcFly]

As a security measure I use DeepFreeze by Faronics. Your only vulnerability is real time. Soon as you reboot though, poof, buh bye. Instant Restore Software for Windows PCs, Mac and Servers | Deep Freeze

Nothing sticks, at all. Malware, viruses, aware etc absolutely nothing.

There was this one time where I got hacked real time and 'he' remotely took over my computer. Launched a ton of hack ware at me and started browsing my c drive right in front of me. Locked my mouse too. Hit the restart button. Buh bye. Ran several sweeps/scans and nothing. I got paranoid though and shredded and did a fresh reinstall, just in case.

"Deep Freeze is a kernel-level driver that protects hard drive integrity by redirecting information being written to the hard drive or partition, leaving the original data intact. This redirected information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level. This allows users to make 'virtual' changes to the system, giving them the appearance that they can modify core files or even delete them, and even make the system unusable to themselves, but upon reboot the originally configured 'frozen' state of the operating system is restored."

Deep Freeze (software) - Wikipedia, the free encyclopedia

 

[ChocolateMoose123]