/os/ - Online Security

News, techniques and methods for computer network security.

Boards | Catalog | Bottom

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.

Welcome to Online Security: Sticky Thread Endwall 07/13/2016 (Wed) 03:11:01 [Preview] No. 181 [Reply] [Last 50 Posts]
Hello and Welcome to /os/, Online Security. This is a board for the discussion of online security, privacy, anonymity, and news from cybersecurity and privacy world.
1.Follow the global rules
2.No Spam
3.No Classified Documents or leaks of Classified Documents or Files (News articles, or commentary about the documents or files is OK)
4.No Child Exploitation Material
5.Images should be safe for work and relevant to the post or thread, commentary can be NSFW
6.No Advertisements of Hacker Services or Solicitations for Hacking Services
Related Boards
tech >>>/tech/ Hacker >>>/h4x0r/ Security Concepts>>>/sec/ EndSoft >>>/endsoft/
Privacy Guides
Software Recomendations

Message too long. Click here to view full text.

Edited last time by Endwall on 09/18/2017 (Mon) 00:18:13.

Sticky Bump Endwall 10/23/2016 (Sun) 18:54:40 [Preview] No. 624 del
TENS , https://spi.dod.mil/lipose.htm , US Air Force Live CD <-- online banking for mom and dad.
LibertyBSD http://libertybsd.net/ , https://libreboot.org/docs/bsd/openbsd.html
Edited last time by Endwall on 01/02/2017 (Mon) 11:03:40.

Sticky Bump Endwall 04/30/2017 (Sun) 03:29:12 [Preview] No. 894 del
Heads https://heads.dyne.org/ http://fz474h2o46o2u7xj.onion ; Devuan non-systemd version of Tails (Disclaimer: Website/Project has masonic references)
Devuan https://www.devuan.org/ http://devuanzuwu3xoqwp.onion
Systemd Free http://systemd-free.org/
Edited last time by Endwall on 05/23/2017 (Tue) 03:42:52.

Endwall 06/01/2017 (Thu) 08:14:41 [Preview] No. 933 del
Mozilla Firefox Hardened Profile

Meta Thread Endwall 07/12/2016 (Tue) 12:03:36 [Preview] No. 171 [Reply] [Last 50 Posts]
Post any comments, concerns, or requests for the board in this thread.
Edited last time by Endwall on 07/12/2016 (Tue) 12:15:00.
14 posts and 5 images omitted.

Anonymous 06/22/2017 (Thu) 19:04:55 [Preview] No. 944 del
It already is a disclaimer of sorts but I am pleased you added it to the post where it was linked. (completely not neccisary) I actually trust this more because they are more forthcoming to the vidion of the project. You look at CISCO's logo it is not only the golden gate bridge it is the markings like you see on a ruler. Why is CISCO using ruler indentations as its logo? You look at GNU its baal. Heads tells you they are insiders in the first sentence. This could prove to make it not compromised as it could be using the reputation of this proffesional mens club to vet itself. Or it could mean there is a backdoor of some kind. An eye in the iso. I would check it out but not immediatly choose this os as something to use in a time of elites ruthlessly vying for power.

Anonymous 06/22/2017 (Thu) 19:12:15 [Preview] No. 945 del

Anonymous 08/26/2017 (Sat) 04:45:27 [Preview] No. 1006 del
(109.23 KB 1024x1024 risperdaltablets.jpg)

There's nothing "Masonic" or suspicious about any of that.

"Fellow traveler" means a sympathizer with a political movement. It usually refers to Communism. The dyne.org people are a bunch of lefties, so that's not surprising. Regardless of their political beliefs, they've been putting out free software and Linux stuff for a long time, and I've never had any reason to be suspicious of them.

Follow the white rabbit is a reference to the first Matrix film.

The logo is a tunnel. Because internet traffic in heads is tunneled through Tor.

It's meds time, boys.

Anonymous 09/04/2017 (Mon) 19:58:42 [Preview] No. 1013 del
fellow traveler is absolutely a masonic phrase. People will say traveler. They will ask "are you a traveler?" or "are you a fellow traveler?" or "are you a traveling man?"
>The logo is a tunnel.
that alone is fine but with the rabbit signaling it looks like a maglev tunnel.

May be coincidential. I think otherwise because there is a disproportionate amount of this kind of symbolism in tech.

Anonymous 09/08/2017 (Fri) 11:50:44 [Preview] No. 1018 del
"fellow traveler" is hippie lingo ca 70s, masons absolutely don't have a claim on that.

(120.89 KB 640x793 Lain.jpg)
System Resources Endwall 07/05/2017 (Wed) 03:13:35 [Preview] No. 965 [Reply] [Last 50 Posts]
I have some observations to make.

## I just tested these systems:
MS DOS 6.22 runs in 384K of memory (1994)
MS Windows 3.11 runs in 2MB of memory with a full mouse driven GUI (1994)
Macintosh OS 7.53 runs in 7.4MB of memory , full GUI + TCP/IP (1996)
Macintosh OS 8.1 runs in 13.2MB of memory, (1997)
Macintosh OS 8.6 runs in 26MB of meomory, (1998)

OpenBSD 6.1 starts in text mode command line in 27MB of memory
OpenBSD 6.1 in Xenocara uses 65-80MB of memory to start up.

## from recollection:
Windows 7 800MB of memory (2009)

Parabola GNU/Linux starts in text mode cli using 150MB of memory
Parabola GNU/Linux in weston uses 300MB of memory

Message too long. Click here to view full text.

Edited last time by Endwall on 07/05/2017 (Wed) 03:17:31.
6 posts and 1 image omitted.

Anonymous 08/25/2017 (Fri) 22:51:28 [Preview] No. 1005 del
(9.22 KB 640x480 gem1.png)
I use XP Pro 32 bit as a daily driver (gaming mostly) and I optimized it somewhat to get 167MB used at boot. On a normal system with less optimization would be ~180MB used. After a few days of use it sits around 250MB, largely due to caching.

My Debian stable (Jessie) 32bit file server only uses around 55MB idle (no x, just ftp). My desktop machine before it died ran Devuan testing 32 bit which used around 80MB at boot without X running. I only used icewm on it though. I could get it lower by compiling my own kernel, but not really worth the hassle.

The main problem with Linux nowadays is when you install large DE's like KDE/Gnome/whatever you end up with a bunch of unnecessary desktop related services installed even with X stopped. 64bit should add some memory usage, but not the large numbers I am seeing.

Unfortunately my FreeDOS rig is down at the moment otherwise I would get you memory figures from it. Memory usage with networking would be troublesome though due to pretty much every packet driver using different amounts of memory depending on how good the NIC vendor is about optimization. I have seen some packet drivers using less than 20K, but others nearly 80K, and thats just the hardware I have laying around. As for running a GUI on such a system, OpenGem would be what I would test with (pic related), but Arachne while ultimately just a web browser lets you do many filesystem functions with it.

I had Win2000 for years but I cannot recall the memory usage from it offhand. I just remember I was able to get it to run on a machine with 32MB of ram without drastic performance issues at one point. I think the numbers were comparable to my stripped down XP install though.

At least for a start, it would probably be helpful to know the minimum requirements of 95/98/ME until someone comes up with hard figures.
95: 386DX with 4MB (8MB recommended) ram
98: 486DX/66Mhz (Pentium recommended), 16MB ram (24 recommended)
ME: Pentium 150Mhz (Pentium II 350Mhz recommended), 32MB ram (64MB recommended)

From personal experience, 95 and 98 benefited greatly from 512MB of ram if you had it. 98 (not sure about 95 but i'd assume so) needs a patch to see more than 1GB. WinME on the other hand really needed 1GB+ before it was happy, otherwise you could expect frequent bsod's.

Anonymous 08/26/2017 (Sat) 05:19:43 [Preview] No. 1007 del

>why the hell does Linux need 150MB to start up and release a console to me?

"Linux" doesn't. Parabola does. Maybe Parabola sucks. I dunno. I just checked my Slackware installation:

Without X: 54 MiB
With X & a lightweight window manager: 83 MiB

It could be lower, too, but I am running a number of daemons like ntpd and sshd, and I recompiled those that don't come compiled with hardening flags by default. Usually, that means they take more memory. The tradeoff is better security.


>Inferno runs on stock Nintendo DS Lite with 4 MB RAM, but it can run on even smaller hardware.

This expands dong. I've always wanted to try Inferno, but never got around to it.

Anonymous 08/27/2017 (Sun) 17:39:20 [Preview] No. 1008 del
>OpenBSD 6.1 starts in text mode command line in 27MB of memory
Uses less than that for me.
This depends on architecture, with amd64 and i386 being some of the most memory using ones.

Endwall 09/19/2017 (Tue) 07:03:03 [Preview] No. 1031 del

I trust FreeDOS more than I trust GNU/Linux. Get your system back up and running. I used to run this on a Pentium III system but it corupted the file system twice in a row after copying some files into the games directory. I Wiped and reinstalled, and tried it again same result. So I stopped using it, and started using MS DOS instead. But that aside I think that FreeDOS and OpenGEM have a real future. I think that FreeDOS should be an important part of the private computing future. They just need to port a heavy duty file encryption program to the base system and I'm sure gpg is already ported. When you get your system back up please post the memory usage results. Thanks!

Endwall 09/19/2017 (Tue) 07:06:02 [Preview] No. 1032 del
The machine I used is a SunBlade 150 UltraSparc IIi 550MHz computer from 2003.

Secure OSes Anonymous 05/09/2016 (Mon) 18:21:17 [Preview] No. 37 [Reply] [Last 50 Posts]
What is the best OS option for a secure setup?
How do OpenBSD and Linux with patches compare in terms of the security they offer?
67 posts and 2 images omitted.

Anonymous 09/18/2017 (Mon) 03:47:04 [Preview] No. 1026 del
tor doesn't work as intended on my Artix linux. OpenRC is going through some shit and I don't get what the people behind Parabola are doing in response to that while some people in Hyperbola (that are also Parabola devs) are seeking to make a stable, nonsystemd OS that might be truly independent from Archlinux entirely. I also have non free software on this machine so I'm forced to not use FSF approved OSes

Anonymous 09/18/2017 (Mon) 03:53:11 [Preview] No. 1027 del
I would say that crux, void linux and alpine linux are still sort of niche enough to be considered. I'm just too lazy to get off of pacman based packages and if I'm going full source compiling, I need a nonshit functional but libre computer which is probably going to be $3k or something else outrageous.

Anonymous 09/18/2017 (Mon) 13:55:34 [Preview] No. 1028 del
Tor sort of works now but there's no official Tor-OpenRC script besides the deprecated AUR version of that script. Also, UseEntryGuardsAsDirGuards is deprecated, Endwall might need to update his endtorrc file.

Endwall 09/19/2017 (Tue) 06:29:25 [Preview] No. 1029 del
Yeah I noticed this a while ago and updated the file in endconf.git but forgot to copy it to the rest of the repo locations. Should be updated now. I guess the whole idea is that there is a best way to do something, (Tor settings for instance), so lets find that best way and spread it.

Endwall 09/19/2017 (Tue) 06:47:16 [Preview] No. 1030 del
I've been off of the ball for a while though. For instance I noticed recently that xtrac-ytpl.sh has stopped working. I'll look at this next weekend, but I've got homework up the wazoo.

I strongly believe that binary package based distributions are not the way to go for security. You're trusting the packager or the packaging team not to insert their own backdoor or malware, and you have no way to check if that has happened. Everything running on a secure computer has to have been compiled from source that is resident on your computer. That way if you suspect that something is wrong, you can at least check. I don't have the time or the expertise to do this but there are enough computer security experts out there that will, and will hopefully raise a red flag in a blog post, or in an article, or publicize it in a bug tracker. Right now, by using parabola (debian, ubuntu,mint,fedora,etc) , I'm trusting the packager that they don't work for an Intelligence agency of some small European country, or for a hacking team operating out of Russia. If they get caught (unlikely) they can just change their fake name and move on to the next distribution of linux (if they're not already doing it to the packages there as well).

I generally fell off of the wagon when I realized that my computer hardware and operating system were a major point of unreliability, and the probable source of my leak and privacy issues.

Binary package based distributions are a good place to start for someone learning to use GNU/Linux, but they're not the place to be for secure / private systems. Those are just my opinions, I'm not an expert in computer security, but by talking about it we'll get to the bottom of this eventually.

Online Security News Endwall 07/07/2016 (Thu) 06:09:23 [Preview] No. 149 [Reply] [Last 50 Posts]
See a news article or CVE bug report on an emerging computer security issue and want to share it? Post below.

I will also post links to Hak5 Threatwire videos.
Edited last time by Endwall on 07/07/2016 (Thu) 16:22:47.
448 posts and 3 images omitted.

Endwall 08/29/2017 (Tue) 05:04:51 [Preview] No. 1010 del

CYBERWAR - New Season Starts October 3 - Duration: 61 seconds.
https://youtube.com/watch?v=q7hynP1K1WA [Embed]

Endwall 09/06/2017 (Wed) 07:36:10 [Preview] No. 1014 del
Hak 5
Linux Terminal 201: Grep and Metacharacters
https://youtube.com/watch?v=xXo1L28Jc6A [Embed]

Sarahah Uploads Your Data, Internet of Things Creds Exposed - Threat Wire'
https://youtube.com/watch?v=WWvoljLJnVY [Embed]

Bash Bunny Primer - Hak5 2225
https://youtube.com/watch?v=8j6hrjSrJaM [Embed]

Linux Terminal 201: Using Brackets with Grep
https://youtube.com/watch?v=sQNvg-zTEvA [Embed]

Half A Million Pacemakers Could Be Hacked - Threat Wire
https://youtube.com/watch?v=rBlgho73agA [Embed]

Endwall 09/06/2017 (Wed) 07:51:15 [Preview] No. 1015 del
Jupiter Broadcasting

HPKP: Hard to Say, Hard to Use | TechSNAP 334
Posted on: August 29, 2017
We discuss, and struggle to pronounce, the difficulties in deploying HTTP public key pinning & some possible alternatives you should consider. Then we get excited for (n+1)sec, a new protocol for distributed multiparty chat encryption & explore the nuances of setting up home VPN gateway!


Extended Usefulness | TechSNAP 335
Posted on: September 5, 2017
We’re extending your filesystems usefulness with extended attributes! We learn what they are & how they might be useful. Plus, we take a look behind the scenes of a major spambot operation & check in with Bruce Schneier on the state of internet privacy.


Message too long. Click here to view full text.

Endwall 09/06/2017 (Wed) 22:11:21 [Preview] No. 1017 del
Tor Project
2017 Princeton-Fung Global Forum - Roger Dingledine
https://youtube.com/watch?v=inSh_pmEQlM [Embed]
Edited last time by Endwall on 09/06/2017 (Wed) 22:16:57.

Endwall 09/16/2017 (Sat) 03:34:28 [Preview] No. 1022 del
Hak 5
Equifax Hacked! Your Social Security Number is probably public
https://youtube.com/watch?v=nrU6BoeixhY [Embed]

Internet Security General Anonymous 04/16/2016 (Sat) 07:56:30 [Preview] No. 4 [Reply] [Last 50 Posts]
Continuing from >>>/tech/597
This is for non specific, general tips for anonymous web browsing and downloads, tips on browsers and browser configurations for the security concious that you don't want to make a new thread for.
61 posts and 3 images omitted.

Anonymous 06/29/2017 (Thu) 21:15:02 [Preview] No. 958 del
Router questions: Should I enable NAT? How about UPnP?

Anonymous 06/30/2017 (Fri) 00:45:42 [Preview] No. 959 del
BTW, I don't play any consoles and only have a few wireless devices.

Anonymous 06/30/2017 (Fri) 03:46:01 [Preview] No. 960 del
yes and yes.

Endwall 06/30/2017 (Fri) 03:55:38 [Preview] No. 961 del
Universal Plug and Play UPnP is a bad idea. If you get malware they can own your network. Open the ports that you want open and only those ports and protocols, block everything else. The first line in your firewall chain on you router should be:
What ever way that is set up according to your router.
Then slowly open things up, starting with DNS, then HTTP, HTTPS, then whatever other ports and protocols you need. This will take more time but it will give you more control.

NAT Network Address Translation. This should be OK to turn on.


Those are my thoughts on it. I'm not an expert. Open only what you need and don't let your software on your OS control your router at will, set it up yourself.

Anonymous 09/15/2017 (Fri) 14:47:07 [Preview] No. 1020 del
With i2p isn't there an ip you can plug in like with tor (socks5 I think port 4444?? If so then you can add i2p to the mix. I think it called an out-proxy. You can also use this to run i2pd with proxychains i2pd.I have found this proxychains setup useful because running i2pd with torsocks doesn't work.

Hardware Endwall 09/18/2016 (Sun) 18:31:31 [Preview] No. 580 [Reply] [Last 50 Posts]
Discuss hardware and alternative hardware concepts to increase computer and online privacy and security.
Edited last time by Endwall on 09/18/2016 (Sun) 18:50:04.
7 posts and 1 image omitted.

Endwall 08/12/2017 (Sat) 20:06:08 [Preview] No. 1001 del
Zilog Z80

Parallax Propeller

On August 6, 2014, Parallax Inc., released all of the Propeller 1 P8X32A hardware and tools as open-source hardware and software under the GNU General Public License (GPL) 3.0. This included the Verilog code, top-level hardware description language (HDL) files, Spin interpreter, PropellerIDE and SimpleIDE programming tools, and compilers.[3]
Edited last time by Endwall on 08/12/2017 (Sat) 20:10:01.

Anonymous 08/21/2017 (Mon) 22:34:40 [Preview] No. 1002 del
>Minifree isn't recommend or trusted anymore
>a shop owned by Libreboot main developer is not trusted anymore
Okay, shill. Take your overpriced garbage list and go back to reddit. You really added nothing new to value. instead of pointing to actual hardware with libre support like wireless chipsets with ath9k firmware or marvell-chipset based routers with 802.11ac support or mediatek-based NAS that runs fully free software you posted some Libre© TecnoPenguin™ overpriced jew shit.

>Libre Tea Computer Card
>still not FSF approved after 2 years of screeching
>absolutely harmful hardware lifecycle model
>le 3d printed laptop meme, 1366x768 15" screen
>not knowing about Neo900 and Openmoko

Endwall 09/03/2017 (Sun) 23:52:30 [Preview] No. 1011 del

RC2014 is a simple 8 bit Z80 based modular computer originally built to run Microsoft BASIC. It is inspired by the home built computers of the late 70s and computer revolution of the early 80s. It is not a clone of anything specific, but there are suggestions of the ZX81, UK101, S100, Superboard II and Apple I in here. It nominally has 8K ROM, 32K RAM, runs at 7.3728MHz and communicates over serial at 115,200 baud.

RC2014 is available in kit form for you to solder together.  Through-hole components are used throughout, making soldering easy, even for those with limited soldering experience.  Along with a selection of modules to extend functionality, such as serial terminals with HDMI output, digital input modules or, simple keyboard, the RC2014 is a very adaptable computer.

Assembly guides can be found here:

Module information including schematic diagrams and technical descriptions can be found here:

GitHub repository can be found here:

Google Group for RC2014 owners can be found here:

Message too long. Click here to view full text.

Endwall 09/04/2017 (Mon) 00:33:49 [Preview] No. 1012 del
As soon as you turn RC2014 on you can start programming in Microsoft BASIC.  This is very easy to get started with and some very complex programs can be written.  To get right down to the metal, though, you can write your programs in Z80 machine code.

Development of the RC2014 has lead to a more powerful machine with pageable ROM, 64k RAM, compact flash storage and a whole range of expansion peripherals.  With the right modules, it’s now possible to run CP/M, which opens the RC2014 up to a wide range of software.

RC2014 can be bought from Tindie:

Endwall 09/06/2017 (Wed) 21:07:20 [Preview] No. 1016 del

Z80 Retrocomputing 18 - Z180 CPU board for RC2014
https://youtube.com/watch?v=D9u9hhNjcEY [Embed]
Dr. Scott M. Baker
In this video, I build and try out a Z180 CPU board to replace the Z80 CPU in my RC2014 retrocomputer. Aside from simply being faster than the Z80 that I'm currently using, the Z180 offers a lot of on-board peripherals (serial IO, timers, interrupt controller, mmu, dma, etc). I benchmark the 20 Mhz Z180 against my 7.3728 Mhz Z80. I'm saving exploration of the onboard peripherals for a future video. For more retrocomputing projects, see http://www.smbaker.com/

YM2149/ AY-3-8910 Sound Card for the RC2014 computer
https://youtube.com/watch?v=-iLwi9FagFE [Embed]

rc2014-ym2149 Designed by Ed Brindley
Demonstration of my sound card for the RC2014 computer. The board is Open Hardware and was produced entirely with Open Source Software (as was this video) PCB now available on Tindie:
Schematics and Gerbers for the board are available here:
Edited last time by Endwall on 09/06/2017 (Wed) 21:07:58.

Compile Thread Anonymous 11/27/2016 (Sun) 20:44:39 [Preview] No. 692 [Reply] [Last 50 Posts]
Endwall guy should keep irrelevant compile instructions in this thread by editing the OP or edit the Sticky thread before purging said irrelevant posts in various threads. Just remind them to compile from source and redirect them to this thread.
6 posts omitted.

Install torsocks from source Endwall 12/04/2016 (Sun) 06:01:50 [Preview] No. 710 del
Install Torsocks from source

$ su
# pacman -S git
# apt-get install git
$ mkdir -p ~/git
$ cd ~/git
$ git clone https://git.torproject.org/torsocks.git

or if tor is already running with previous version of torsocks
$ torsocks git clone https://git.torproject.org/torsocks.git

$ mkdir -p ~/tor
$ mv torsocks ~/tor
$ cd ~/tor
$ cd torsocks
$ ./autogen.sh

Message too long. Click here to view full text.

youtube-dl from git Endwall 12/04/2016 (Sun) 06:02:28 [Preview] No. 711 del
Install Youtube-dl from source git

$ cd ~/
$ mkdir -p git
$ cd git
$ torsocks git clone https://github.com/rg3/youtube-dl.git
$ cd youtube-dl
$ su
# torsocks pacman -S zip pandoc
# pacman -Rc youtube-dl
# exit
$ make
$ ls
$ cd ~/bin
$ ln -s ~/git/youtube-dl/youtube-dl youtube-dl
$ cd ~
$ export PATH=$HOME/bin:$PATH

Message too long. Click here to view full text.

Tor from git repo Endwall 12/04/2016 (Sun) 06:03:18 [Preview] No. 712 del
Clone tor from git repo


$ mkdir ~/git
$ cd ~/git
$ torsocks -i git clone http://dccbbv6cooddgcrq.onion/tor.git
$ cd tor
$ cd src
$ cd or
$ nano or.h
$ nano routerparse.c
$ nano circuituse.c
$ cd ..
$ sudo su

Message too long. Click here to view full text.

Anonymous 01/15/2017 (Sun) 22:04:32 [Preview] No. 797 del
is there reason to use torsocks over git's builtin socks5 proxy?

wouldn't it be better if you just register as http.proxy and https.proxy variable by git config?

Not sure what revision of git your distro ships with but using torsocks should be considered depreciated hack for applications with builtin socks5 proxy support.

Reop from source Endwall 08/09/2017 (Wed) 22:53:08 [Preview] No. 999 del
Install REOP from Source
$ mkdir -p ~/src
$ cd ~/src
$ endget --no-check-certificate https://www.tedunangst.com/flak/files/reop-3.0-snapshot.tar.gz
$ tar -xvf reop-3.0-snapshot.tar.gz
$ cd reop
$ ./configure
$ make
$ ./reop --help
$ cd ~/bin
$ ln -s ~/src/reop/reop reop
$ export PATH=$HOME/bin:$PATH
$ reop --help

Generate a key pair
$ cd ~

Message too long. Click here to view full text.

Edited last time by Endwall on 08/09/2017 (Wed) 22:57:34.

Tor Hidden Service Mail Server Endwall 08/08/2017 (Tue) 03:16:04 [Preview] No. 992 [Reply] [Last 50 Posts]
############### BEGINNING OF GUIDE ##########################

In this thread I document and revise how to set up a tor hidden service email server, you may substitute the servers that you are most comfortable with.

STEP 0) Collect the relevent files from The Endware Hidden Service
Set up a tor mail server using postfix or OpenSMTPd, with dovecot for imap or pop.

You may contact me anonymously at endwall@tmg3kli67jlbcduh.onion
Use endmail.sh to send mail to this account.

Encrypt with pgp and send messages and files by email on a tor hidden mail service on port 25.

Everyone should do this. Then just share your hidden service address and handle.


Message too long. Click here to view full text.

Edited last time by Endwall on 08/08/2017 (Tue) 08:07:49.
1 post omitted.

Endwall 08/08/2017 (Tue) 03:51:02 [Preview] No. 994 del
STEP 13) Air Gapping It

To add an extra layer of security we will be using A:\ drive floppy disks to shuttle the encrypted.asc messages to and from a dedicated airgapped encryption station preferably running openBSD on a non-intel architechture, SPARC, PowerPC, Alpha, etc. Do not use USB as a substitute for this step (STUXNET).

0. Your decryption station will have full disk encryption and be powered off when not in use
1. Generate your keys on the air gap
2. Export your public key,change the file permisions to read only and save it onto a floppy disk A:\
3. Take the floppy disk and sneaker net it to your transmision computer which has the hidden service and postfix on it.
4. Publish your anonymous user name and public key as well as the hidden service onion name using tor and icecat, links, or endcurl or however on your tor hidden service website or on a message board forum like endchan.xyz.
5. Recieve the hidden service onion name and public key of your correspondent ( by reading a published name,address and public key on a forum or other communication method or by recieving it in your inbox by postfix after publishing yours)
6. Save the public key of your correspondent onto a floppy disk A:\ change permisions to read only write a sha256sum checksum for the file and shuttle it to the decryption/encryption station.
7. check the file againts the checksum, and then gpg import the public key to your key ring
8. Type a message for your recipient in plain text on the air gapped encryption station and encrypt it to encrypted.asc. Delete the plain text file if unnecessary to archive especially if it is incriminating.
9. Write the encrypted message encrypted.asc to the floppy disk and change permisions to read only also write the sha256 sum of the file to the floppy if you have space.
10. Shuttle the message by floppy disk A:\ to the transmission computer and send to your recipient using endmail
11. You can also write the sha256 sum of the file or sha512sum of the file onto the disk before sneaker netting it.
12. You can include this sha256 checksum as another attachment to transmit to the recipient or as a second followup email

Message too long. Click here to view full text.

Edited last time by Endwall on 08/08/2017 (Tue) 04:21:15.

Endwall 08/08/2017 (Tue) 04:29:09 [Preview] No. 995 del
This protocol is now named:

Super Mega Maximum Communication Security Protocol (SMMCSP)

Maximum Security Electronic Mail Communications Protocol (MSEMCP)

Brought to you by the Endware Development Team (c) 2017.

Game On NSA.
Edited last time by Endwall on 08/09/2017 (Wed) 02:11:46.

Endwall 08/09/2017 (Wed) 02:08:23 [Preview] No. 996 del

This name is juvenile

I'm renaming it to:

Maximum Security Electronic Mail Communications Protocol (MSEMCP)

That's more descriptive of what it is. Its a standard now. Email me with endmail.sh if you set up a server after you test it.

The great thing about this system is that it is opensource, distributed, anonymous, transport layer encrypted, and the message is RSA 4096 encrypted by gpg. Currently you do not have to have a working server to submit mail to a server. So if you were part of a 10 man spy ring with a central node the field agents only need to learn how to use gpg to encrypt and to install swaks, tor, torsocks and use a variant of endmail.sh to report back to central command. Of course it can be used for server to server anonymous communications as well. Since it uses gpg several recipients can be addressed to one anon@hiddenserver.onion and then central command can distribute the messages to their intended recipients after the first decryption. So you could encrypt with a general wrapper that contains the meta data (to: field ) that central command uses to distribute the message to the person it is intended for, and then put the from: and subject: in the targeted encryption for that person that central command/dispatch can't read. So you'd have two gpg keys one public key for central command and then a public key for the intended recipient. The field agent would perform 2 encryptions the first for the recipient with the subject: and from: field in the plain text, and then the second encryption with the to: field in the plain text of of the encrypted file.

Anyways I'm now calling it the:

Maximum Security Electronic Mail Communications Protocol (MSEMCP)
Edited last time by Endwall on 08/09/2017 (Wed) 02:17:45.

Endwall 08/09/2017 (Wed) 22:02:09 [Preview] No. 997 del
Maximum Security Electronic Mail Communications Protocol (MSEMCP)


Maximum Security Encrypted Message Communication Protocol(MSEMCP)
Edited last time by Endwall on 08/09/2017 (Wed) 22:20:51.

Endwall 08/09/2017 (Wed) 22:17:11 [Preview] No. 998 del
Maximum Security Encrypted Message Communication Protocol (MSEMCP)

Author: Endwall from the Endware Development Team
Creation Date: August 8, 2017
Copyright: The Endware Development Team (c) 2017
License: You are Free to Study, Reproduce, Copy, Modify, Implement, Test, and Use this protocol as described below, in the spirit of the Endware End User License Version 1.15.


This protocol MSEMCP provides:
1. Message security through physical isolation of the encryption station by a read only Floppy Disk Message Sneaker Net (FDMSN)
2. Strong Public Key Cryptography using RSA 4096 bit.
3. Transmission and reception anonymity through Tor with 12 hops.
4. Trust and Verification through TLS 1.2 with RSA 4096 bit, and Self Signed Server Certificates to compare repeated server connections.

All of which can be implimented with 4 tools:
1) A Base install of a *nix BSD or GNU operating system in text mode.

Message too long. Click here to view full text.

Edited last time by Endwall on 08/09/2017 (Wed) 22:39:39.

Endware Endwall 05/03/2016 (Tue) 08:54:28 [Preview] No. 32 [Reply] [Last 50 Posts]
Endware is a suite of programs geared towards internet privacy, security, and anonymity.

Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.

Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.

Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.

Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.

iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.

spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.

alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.

mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.

Message too long. Click here to view full text.

177 posts and 3 images omitted.

renum Endwall 07/05/2017 (Wed) 03:09:17 [Preview] No. 964 del
>>962 >>963

Yes this should go past 100,000 but there wont be any leading zeros.

Yes this can be parallel processor enabled using && and splitting the lists up into segments.

Random character string renaming should also be simple to do. I'll use my random string engine and apply it to renum with a switch/flag.

I'm on Hiatus until October. School starts in September, I'm running out of days, and I have IRL stuf to do. My room looks like Lain Iwakura's room. Wires, Computers, Computer Programming books in stacks everywhere. I have two fans running and its like a sauna in here. All my computers except for my servers must be turned off. Winter is for being with computers.

I'm on it. Eventually. Thanks for the ideas.
Edited last time by Endwall on 07/05/2017 (Wed) 03:19:12.

Anonymous 07/05/2017 (Wed) 11:46:30 [Preview] No. 968 del
Oh also, try to have renum.sh work in spite of whatever punctuations characters people download in but don't know or want to know which specific file name out of thousands is causing the filenaming to fail https://en.wikipedia.org/wiki/Punctuation

Endwall 07/05/2017 (Wed) 11:51:22 [Preview] No. 969 del
I have added the functionality that was requested. The random string function seems to have some issues and might be eating files, but I think I've fixed this by adding index numbers onto either end of the string. Save the backup.tar.gz file and test it out.

$ renum --help

$ renum --rand --ranstr # use a random string padded by the index number
$ renum --rand --md5str # use the md5 of the file as filename
$ renum --rand
$ renum

my implimentation sometimes prints out 1 and 2 character strings, but the index number padding should prevent overwriting. I have also made some optimizations in how many hashes are preformed. This should run slightly faster. I'll work on a parallel processing implementation later maybe in november or if I get interested enough to try it.

Anonymous 07/05/2017 (Wed) 12:03:42 [Preview] No. 970 del
Thanks m8, not even pyRenamer can do what your program does.

Endwall 07/06/2017 (Thu) 01:03:11 [Preview] No. 972 del
Thanks. Good to know that I made something useful.

I made a bug fix to the --ranstr function of renum to remove spaces using tr -s " ". This should work well now. If you want to take the index number off go into the code and remove it.

I have it printng as filename="$index$filename$index" you can comment this line out if you want it to just have random text and numbers without the index number appended. I just did this to prevent clobber problems if the string came out short or empty.
I don't think that this is required now with the latest fix but I'm leaving it on for now.

Thanks for the suggestions. If you have any suggestions for products, features, comments or bug reports place these in the comments below.