Post any comments, concerns, or requests for the board in this thread.

Hello and Welcome to /os/, Online Security. This is a board for the discussion of online security, privacy, anonymity, and news from cybersecurity and privacy world.
RULEZ
1.Follow the global rules
2.No Spam
3.No Classified Documents or leaks of Classified Documents or Files (News articles, or commentary about the documents or files is OK)
4.No Child Exploitation Material
5.Images should be safe for work and relevant to the post or thread, commentary can be NSFW
6.No Advertisements of Hacker Services or Solicitations for Hacking Services
Related Boards
tech >>>/tech/ Hacker >>>/h4x0r/ Security Concepts>>>/sec/ EndSoft >>>/endsoft/
Privacy Guides
https://thetinhat.com/index.html
https://archive.is/zq2Ip
http://crypty22ijtotell.onion/handbook/
http://yuxv6qujajqvmypv.onion
http://deepdot35wvmeyd5.onion/security-tutorials/
Software Recommendations
https://prism-break.org/en/
https://www.privacytools.io/
Secure Computing Practices Links
http://bvmo2axfy6aetmsddfe6x2wszjkbcechfoajuguxcrkvhssfm6tr2fad.onion/
Email Provider
riseup.net https://mail.riseup.net
Openmailbox https://www.openmailbox.org/
Protonmail https://protonmail.com/
Tutanota https://www.tutanota.com/
cock.li https://cock.li/
CyberGuerrilla http://lu4qfnnkbnduxurt.onion https://cyberguerrilla.info/
Volatile http://vola7ileiax4ueow.onion/ https://volatile.bz/
EludeMail http://eludemaillhqfkh5.onion/ https://elude.in/
secMail http://secmailw453j7piv.onion http://secmail.pro/
Your own mail server. Postfix + Dovecot http://www.linuxmail.info/ https://roll.urown.net
GPG GNU Privacy Guard
https://emailselfdefense.fsf.org/en/
http://deepdot35wvmeyd5.onion/2015/02/17/basic-guide-pgp-linux/
Tor
https://www.torproject.org
https://dist.torproject.org
https://git.torproject.org
Security Focused Operating Systems
OpenBSD https://www.openbsd.org , https://libreboot.org/docs/bsd/openbsd.html
LibertyBSD http://libertybsd.net/ ,https://libreboot.org/docs/bsd/openbsd.html
Parabola GNU/Linux https://www.parabola.nu/ , https://wiki.parabola.nu/index.php?title=Beginners%27_guide
Arch Linux https://www.archlinux.org/ , https://wiki.archlinux.org/index.php/Beginners%27_guide
Gentoo https://www.gentoo.org/ , https://wiki.gentoo.org/
Source Mage https://sourcemage.org/
Alpine Linux https://www.alpinelinux.org
QubesOS https://www.qubes-os.org/ http://qubesosmamapaxpa.onion/
Whonix https://www.whonix.org/ http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/
Systemd Free
Devuan https://www.devuan.org/ http://devuanzuwu3xoqwp.onion
Parabloa GNU/Linux/OpenRC https://wiki.parabola.nu/OpenRC#Installation_on_a_fresh_system
Hyperbola GNU/Linux-Libre https://www.hyperbola.info/
Systemd Free http://systemd-free.org/
Live CDs
Tails, https://tails.boum.org ;
TENS , https://tens.af.mil/lipose.htm , US Air Force Live CD , Online banking for mom and dad.
Heads https://heads.dyne.org/ http://fz474h2o46o2u7xj.onion ; Devuan non-systemd version of Tails (Disclaimer: Website uses occult language)
Full Disk Encryption
https://libreboot.org/docs/gnulinux/index.html
https://libreboot.org/docs/gnulinux/encrypted_parabola.html
https://libreboot.org/docs/gnulinux/encrypted_trisquel.html
Computer Hardware
Any computer that can run libreboot.
https://libreboot.org/docs/hcl/
http://bvmo2axfy6aetmsddfe6x2wszjkbcechfoajuguxcrkvhssfm6tr2fad.onion/
Router Software
OpenWRT https://openwrt.org/
LibreCMC https://librecmc.org
pfSense https://pfsense.org
P.O.R.T.A.L. https://github.com/grugq/portal
Endware
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/
https://gitgud.io/Endwall/
https://github.com/endwall2/

Antivirus Software and Methods

I generally don't trust antivirus software packages but I think they may be useful in cases where you download files from the internet and open or view them. Place useful tips about virus cleaning and antivirus software tips in this thread.

Endware is a suite of programs geared towards internet privacy, security, and anonymity.

Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables. endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser. It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.

Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh. It depends on the program ipset. It is persistent on reboot if you enable ipset as a service. This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs.

Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server. May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.

Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.

iplookup.py is a geoiplookup script written in python and requires python and pygeoip. It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.

spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.

alogz.sh is a daily log reading script designed to read the output of an apache http server's log output.

mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.

Endtube: endtube.sh is an anonymizing download manager for youtube videos. This program can use https proxies, tor, and youtube-dl to download videos from youtube or other video vendor sites by selecting a random user-agent and a random proxy, and by using random delay timing between downloads to create bursts rather than streams.

Endloads: endloads.sh is a command line interface (cli) download manager forked from endtube.sh that uses random download timing, random user-agents, wget and torsocks.

These programs may be found at the following locations:
Endware Development Team Hidden Service
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/
Github
https://github.com/endwall2/
Gitgud
https://gitgud.io/Endwall

provided for ease of access to new users to linux, and for access to Endware by non tor users, on an incremental basis.

More programs will be added to the Endware program suite as their creation and customization become obvious, evident, and necessary.

All programs in the Endware suite were inspired by EndChan and were named in honor of http://www.endchan.xyz and we thank OdiliTime for his patronage and for his generous hosting of this project.

DISCUSSION THREAD II
Want to say something off topic about anything?

Have a hot tip about something in the computer security world that doesn't fit into any current thread or category?

Want to chat with your fellow invisible 7 proxy friends?

Want to tell Lt. Gen Michael Hayden, Lt. Gen James Clapper,GEN Keith Alexander, ADM Michael Rogers, GEN Paul Nakasone, GOOGLE, AMAZON, FACEBOOK, Microsoft, Apple, etc. how you feel?

It's open mic at >>>/os/ , anything goes!!

Put all of your banter here:

Continuing from >>>/tech/597
https://archive.is/INR3l
This is for non specific, general tips for anonymous web browsing and downloads, tips on browsers and browser configurations for the security concious that you don't want to make a new thread for.

Cool board idea.

What's the safest possible way to browse the internet anonymously and safely? There's a thread on /tech/ with the endwall developer talking about proxychains, and that seems pretty cool. Some of the links to proxy lists seem dead, and I have found some online but why should I trust these random 'free' proxies?

What about proxychains over VPN? I'm currently using Mullvad which is alright, and I'm curious about more security if need be. Does a VPN -> proxychain -> TOR connection work? Sounds horribly slow in theory, but I think we all know that privacy comes at a cost in our current world.

I suppose I could call this a 'VPN/proxy/TOR general thread.'

Google engages in sophisticated datamining of your video viewership. Youtube is also a prism service provider.

List any substitutes for youtube for use with youtube-dl or endtube below:

what do they have?

WINDOWS NT Security Thread

It turns out that MS Windows NT has an 80% market share in the Desktop Operating Systems Market (whatever that is...) So in all likelihood, if you work a job anywhere, you will be forced to sit down and work on one of these machines running this well known gem of an operating system. You probably won't have administrator rights, but that's OK, we'll make do.

In reality there is no Windows security but in this thread we will try to make life a little bit better even if it is just for a placebo effect. Also Windows hackers come and show us how you hack us up real good, and help our poor unprivileged users gain administrator rights without a password, so that they can install Mahjong. Windows Advanced Firewall, Registry Editing, Browsers, etc. Post all the tips and tricks to make Windows NT better than ever.

I was about to claim this board, but seems like Endwall guy claimed it. Please disable captcha for replies. Also, guess this is a meta thread.

I have some observations to make.

## I just tested these systems:
MS DOS 6.22 runs in 384K of memory (1994)
MS Windows 3.11 runs in 2MB of memory with a full mouse driven GUI (1994)
Macintosh OS 7.53 runs in 7.4MB of memory , full GUI + TCP/IP (1996)
Macintosh OS 8.1 runs in 13.2MB of memory, (1997)
Macintosh OS 8.6 runs in 26MB of meomory, (1998)

OpenBSD 6.1 starts in text mode command line in 27MB of memory
OpenBSD 6.1 in Xenocara uses 65-80MB of memory to start up.

## from recollection:
Windows 7 800MB of memory (2009)

Parabola GNU/Linux starts in text mode cli using 150MB of memory
Parabola GNU/Linux in weston uses 300MB of memory

If someone could fill in the blanks (ballpark) for Windowws 95,98, 200, XP,Temple OS, Minix, etc. That would be helpful. The point I'm trying to make is that if you could have a working GUI with TCP/IP networking in 2-15MB of ram why the hell does Linux need 150MB to start up and release a console to me? What the hell is going on in there?

How much does Alpine linux use? Minix? ReactOS? HelenOS? Temple OS? etc.

Less is better.

See a news article or CVE bug report on an emerging computer security issue and want to share it? Post below.

I will also post links to Hak5 Threatwire videos.

What is the best OS option for a secure setup?
How do OpenBSD and Linux with patches compare in terms of the security they offer?

Discuss best practices for operational security.

Pwn the chink edition
Come explore the internet with other Anons
http://computernewb.com/vncresolver/
>4chan
pozzed
>lainchan
pozzed
Well let's give finalchan a go

In this thread we will discuss cryptography, cryptosystems, crypt-analysis, and tools for cryptography such as gpg and other tools. If you work in this field or hear of some relevant news about this field feel free to contribute. Use hyperlinks and source citations to back up any claims made if necessary.

Discuss hardware and alternative hardware concepts to increase computer and online privacy and security.

I have a VPN and am using Tor with JavaScript turned off. What more can I do to boost security?

Definitions and Threat Models

In this thread we discuss the definitions of Privacy, Security, Anonymity. We also create and describe common threat models that chan users might face.

Who is the enemy? What tools do they potentially have? What could they do to you? How do you mitigate these threats and potential harms?

DISCUSSION THREAD
Want to say something off topic about anything?

Have a hot tip about something in the computer security world that doesn't fit into any current thread or category?

Want to chat with your fellow invisible 7 proxy friends?

Want to tell Lt. Gen Michael Hayden, GEN Keith Alexander, ADM Michael Rogers, GEN Paul Nakasone, GOOGLE, AMAZON, FACEBOOK and Microsoft etc. how you feel?

It's open mic at >>>/os/ , anything goes!!

Put all of your banter here:

############### BEGINNING OF GUIDE ##########################

In this thread I document and revise how to set up a tor hidden service email server, you may substitute the servers that you are most comfortable with.

STEP 0) Collect the relevent files from The Endware Hidden Service
Set up a tor mail server using postfix or OpenSMTPd, with dovecot for imap or pop.

You may contact me anonymously at endwall@zvdcyrpole74oo24gqkx2wh6rmrthrhexzik5dm6xf7ewtiekxmvqwqd.onion
Use endmail.sh to send mail to this account.
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endwall_pgp.asc

Encrypt with pgp and send messages and files by email on a tor hidden mail service on port 25.

Everyone should do this. Then just share your hidden service address and handle.

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endmail.sh

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endfix.cf

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/content/dovecot/ <--- download all of these config files

Try it out!

STEP 1) Install Postfix

$ su
# torsocks pacman -S postfix dovecot
# ...

# cd /etc/postfix/
# cp endfix.cf /etc/postfix/main.cf

STEP 2) Install Dovecot

# cd /etc/dovecot/
# mkdir -p conf.d
# cp dovecot.conf /etc/dovecot/dovecot.conf
# cp *.conf /etc/dovecot/conf.d/
# cp *.ext /etc/dovecot/conf.d/

STEP 3) Make ssl self signed certificates for postfix and dovecot
And place these in the appropriate directory
This might require entropy so you might need to run haveged first

# torsocks pacman -S haveged
# haveged

# mkdir -p /etc/pki/tls/certs
# mkdir -p /etc/pki/tls/keys
# cd /etc/pki/tls/keys
# openssl req -x509 -newkey rsa:4096 -keyout postfix.key -out postfix.crt -days 365 -nodes
# openssl req -x509 -newkey rsa:4096 -keyout dovecot.key -out dovecot.crt -days 365 -nodes
# mv postfix.crt ../certs/
# mv dovecot.crt ../certs/

or use libressl or gnutls and create the same certificates

now go back and edit /etc/postfix/postfix.cf and /etc/dovecot/dovecot.conf to reflect the location of the certificates and keys

STEP 4) Start the services

# systemctl enable postfix
# systemctl start postfix

# systemctl enable dovecot
# systemctl start dovecot

or the openrc equivalent to enable and start the services.

STEP 5) Setup tor for mail hidden service

# mkdir -p /srv/tor/mail

Add this to your torrc file and start tor

nano /usr/local/etc/tor/torrc

HiddenServiceDir /srv/tor/mail/
HiddenServiceVersion 3
HiddenServicePort 25 127.0.0.1:25

your hidden service name will be generated and placed in the directory /srv/tor/mail/hostname

# cat /srv/tor/mail/hostname

This is the hostname for your mail server. Go and edit /etc/postfix/main.cf to reflect this.

Do Not Share the private key from this directory with anyone, and change the permisions to read only with no access to other.

# chmod o-rwx /srv/tor/mail
# chmod g-rwx /srv/tor/mail
# chmod u-w /srv/tor/mail

#################### INTERMISSION #########################################

I thought that we should have a thread on running a Tor relay from home, as it didn't seem to fit in with the existing Tor thread. There are several benefits, namely that it mixes any traffic you yourself make on Tor with the traffic of others, which could make it harder to perform traffic correlation. It also increases the bandwidth of the Tor network, of course.

torrc Relay Configuration
Nickname <your nickname>
ORPort 9001
ExitRelay 0
SocksPort 0
ControlSocket 0
ContactInfo <your email>

This config sets up the Tor daemon to run as a middle node. I'd recommend using a separate email as the contact info. The nickname can be anything you want.
It's possible to run it as an exit node, by changing ExitRelay to 1. However, this is very likely to bring the attention of your ISP/Law Enforcement, and you'll probably get banned from many clearnet sites.

It's best to check if your ISP cares about running a relay; mine is apparently fine with it, but I imagine that some may get annoyed and send you letters, or rate limit you or something like that. There's a list at https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs, although it is incomplete.

This thread would probably be good for discussing running similar things with other networks (BT seedboxes, GNUnet nodes etc).

The Endware EULA is one of the most insanely idiotic things I have ever read. At no point in your rambling, incoherent license were you even close to anything that could be considered a rational thought. Everyone in the open source movement is now dumber for it having been written. I award you no points, and may God have mercy on your soul.

Also, btw, it's probably not meaningfully enforceable. A halfway competent lawyer would tear it to shreds in a court of law.

You should really consider changing it to one of the standard OSI or FSF approved licenses, most of which have been vetted by lawyers, some of which have actually been tested in court and (almost?) none of which are insane garbage like the Endware EULA.

Endwall guy should keep irrelevant compile instructions in this thread by editing the OP or edit the Sticky thread before purging said irrelevant posts in various threads. Just remind them to compile from source and redirect them to this thread.

A lot of browser addons or extensions claim to improve privacy and security. These include Ghostery, Disconnect and Privacy Badger along with a slew of others.

I think for most entry level computer users that those type of addons might provide something useful. To people who are more experienced with browsers and their extensions they seem like a gimmick or just fancy visual feedback. A lot bells and whistles with very little actual functionality.

What can really make surfing the internet a much safer experience? If we focus on HTTPS, SSL and Digital Certificates then we have a good head start. From there we can protect ourselves from ads that might lead to sketchy websites. We can beef up our passwords and add authenticators to our accounts. At the most zealous level we can disable javascript and flash.

The following extensions are for Chrome.

https://chrome.google.com/webstore/detail/adblocker-ultimate/ohahllgiabjaoigichmmfljhkcfikeof?hl=en

Adblocker Ultimate accomplishes the two jobs that all adblockers must. First it has to have a pretty good idea of what is undesirable content and what it is that users want to see or interact with. Also there are no false positives; Adblocker Ultimate pretty much never identifies images or other website content as ads when they aren't.

The extension is also easy to turn off. You can disable it entirely or just for a webpage. The function that allows you to add new blocked elements works extremely well.

https://chrome.google.com/webstore/detail/authy-chrome-extension/fhgenkpocbhhddlgkjnfghpjanffonno?hl=en

Authy integrates authentication into the browser. I have not personally used this extension. The use of authenticators is extremely powerful security wise. I prefer to use my phone and download apps that have authenticators because I see having two different pieces of hardware as more secure than an application running beside another on the same device.

Anyone here run FreeBSD on hardware?

http://bitmixegkuerln7q.onion/ - Darknet bitmixer.io
http://cleancondgqja34b.onion/ - CleanCoin
http://foggeddq65qveh2g.onion/ - BitcoinFog
http://blenderi54mbtyhz.onion/ - BitcoinBlender
http://grams7eo7mkagczs.onion/ - Helix Light
http://braveb6iyacflzc2.onion/ - BraveBunny
http://btcmixxihego4qyg.onion/ - BTCmix
http://laundryzlzgnni4n.onion/ - BitLaundry
http://btcwassndakf7wyc.onion/ - Bitcoin Wash

https://web.archive.org/web/20170603033845/http://endchan.xyz/tech/

All of the hundreds of threads just deleted from end/tech/ are available there.

How can I anonymously ssh into something? Going through Tor and using a freshly generated key for identification is obvious, but how can I make sure that there is no data leakage above all that? I haven't been able to find any guides on that, even though it seems like something a lot of people might be interested in doing.

I have a website but I'm afraid that it won't stay up within the first year that Trump gets in. I would eventually pay for my own static IP but before then, I need to really decide on what website domains I should use that isn't too expensive. Some territorial domains have specifications as to what can and can't be done while other domains are controlled by FVEY. .is BTW, is super expensive, I was told that the price is around $500.

http://www.aaai.org/ocs/index.php/WS/AAAIW16/paper/view/12566/12356

SELF-AWARE WEAPONISED MEMES ARE THE FUTURE