/tech/ - Technology

Brought to you by archive.org

Boards | Catalog | Bottom

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


Enemy At the Gateways: A Game Theoretic Approach to Proxy Distribution Anonymous 09/14/2017 (Thu) 21:20:32 [Preview] No. 11085 [Reply] [Last 50 Posts]
A core technique used by popular proxy-based circumvention systems like Tor, Psiphon, and Lantern is to secretly share the IP addresses of circumvention proxies with the censored clients for them to be able to use such systems. For instance, such secretly shared proxies are known as bridges in Tor. However, a key challenge to this mechanism is the insider attack problem: censoring agents can impersonate as benign censored clients in order to obtain (and then block) such secretly shared circumvention proxies.
In this paper, we perform a fundamental study on the problem of insider attack on proxy-based circumvention systems. We model the proxy distribution problem using game theory, based on which we derive the optimal strategies of the parties involved, i.e., the censors and circumvention system operators.
That is, we derive the optimal proxy distribution mechanism of a circumvention system like Tor, against the censorship adversary who also takes his optimal censorship strategies.
This is unlike previous works that design ad hoc mechanisms for proxy distribution, against non-optimal censors.
We perform extensive simulations to evaluate our optimal proxy assignment algorithm under various adversarial and network settings. Comparing with the state-of-the-art prior work, we show that our optimal proxy assignment algorithm has superior performance, i.e., better resistance to censorship even against the strongest censorship adversary who takes her optimal actions. We conclude with lessons and recommendation for the design of proxy-based circumvention systems.



(1.56 MB 156x100 H9IKKoq.gif)
Android phone Anonymous 07/03/2017 (Mon) 20:25:19 [Preview] No. 8831 [Reply] [Last 50 Posts]
What is a good android for under $200?
7 posts and 2 images omitted.


Anonymous 09/12/2017 (Tue) 19:57:33 [Preview] No. 11069 del
(15.73 KB 700x200 replicant.png)
>>8831
I'm using Replicant right now, with a galaxy s3. Works very well, I use it only for phone and mp3 function (mpd + android mpd client).
Laptop for any other useful stuff.

What do you think about replicant? It's not perfect, but it seems to be the best "libre" choice for a smartphone.
I'm disgusted by all these news "privacy" oriented phone costing an arm.


Anonymous 09/12/2017 (Tue) 21:00:37 [Preview] No. 11070 del
>>11069
>I'm disgusted by all these news "privacy" oriented phone costing an arm.
Don't use a phone, then. Yes, it's possible.


Anonymous 09/13/2017 (Wed) 22:01:52 [Preview] No. 11077 del
>>11070
Man, I would, if I could.


Anonymous 09/13/2017 (Wed) 22:41:56 [Preview] No. 11078 del
>>11077
what do you need a phone for that a pager doesn't provide?


Anonymous 09/13/2017 (Wed) 22:43:23 [Preview] No. 11079 del
>>11077
Then, buy a pre-2001 phone. If you need to use other "modern" communication protocols, use a laptop.
That's (basically) the only acceptable privacy-oriented approach to this. You can have a modern smartphone, but that would be a change in paradigm on how you think about privacy, since smartphone can be considered a survailance device.



Bluetooth new vulnerability Anonymous 09/13/2017 (Wed) 12:38:29 [Preview] No. 11074 [Reply] [Last 50 Posts]


Anonymous 09/13/2017 (Wed) 12:46:49 [Preview] No. 11075 del
>>11074
Unfortunately there is little choice nowadays with ever thinner form factors making headphone jacks difficult if not impossible to add and people being stupid enough to think thinner = better. I suppose you could use a silly adapter like the iphone 7 has for usb, but its still silly.


Anonymous 09/13/2017 (Wed) 13:53:06 [Preview] No. 11076 del
>>11075
Yes. But industry in general should change to other wireless standard, such as DASH7, that is open source and, according to wikipedia, it's "small footprint, low power, long range, and low cost [... than] WiFi or Bluetooth".
What I fear is that industry, instead of switching to something better, simply remove bluetooth, rendering projects like Briar or meshnet-like software, useless.



Crash Firefox on Linux via Notification API Anonymous 09/12/2017 (Tue) 13:34:22 [Preview] No. 11064 [Reply] [Last 50 Posts]


Anonymous 09/12/2017 (Tue) 21:11:49 [Preview] No. 11071 del
firefox crashes very well on its own thank you very much


Anonymous 09/13/2017 (Wed) 02:08:57 [Preview] No. 11073 del
>>11071
hahahahaha



(45.36 KB 2000x770 amd.png)
(((Intel))) is RIP Anonymous 07/09/2017 (Sun) 22:01:37 [Preview] No. 9599 [Reply] [Last 50 Posts]
https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_radeon_and_other/

AMD told us in their AMA on reddit yesterday that they'd consider Coreboot/Libreboot support. We should do something to let them know we're interested, because this would be a game changer.
9 posts omitted.


Anonymous 08/17/2017 (Thu) 06:17:45 [Preview] No. 10781 del
>>9608
0.0001


Anonymous 08/17/2017 (Thu) 07:12:41 [Preview] No. 10782 del
>>9607
Wow, not going to lie, this just got my hopes waaay up.


Anonymous 08/17/2017 (Thu) 07:17:26 [Preview] No. 10783 del
>>10781
You bumped a 5 week old thread for that no-content comment?

kys, faggot


Anonymous 08/17/2017 (Thu) 07:20:58 [Preview] No. 10784 del
>>10783
>kiss yourself
thanks, pretty proud.


Anonymous 09/12/2017 (Tue) 23:27:56 [Preview] No. 11072 del
Cool



(1.52 MB 640x360 nyan gnu.webm)
Anonymous 09/12/2017 (Tue) 15:52:57 [Preview] No. 11065 [Reply] [Last 50 Posts]
Had to move my desk to the other side of the room and now everything feels cramped, awkward and unergonomic as fuck and my autism is flaring up.

How long will it take me to relearn how to comfortably use my computer?


Anonymous 09/12/2017 (Tue) 16:29:01 [Preview] No. 11066 del
It depends on so many variables, probably no more than 3 months. If you really have some degree of autism or asperger, I suggest you reduce the maximum cognitive effort you can, so you can adapt faster. For example, remove other objects from the desk, put the chair against a wall (so you don't feel as someone is watching you).
You don't just adapt to, but also, in this case, nurture the experience around you. So, besides removing things you don't need, try to maintain the same things from before the change and then gradually change (again), until you adapt to it. It works similarly as "cold turkey" vs "gradual removal" on drugs.
You can also use behaviorism: every time something bothers you, and you can't change it, give some punitive measure to yourself. Read more on behaviorism and create your own protocol.
You can also use hormesis and spaced repetition: every time you feel unconfortable, give it a break, go drink some green tea, look at the trees, then you go back.



Privacy of DNA Testing Anonymous 09/10/2017 (Sun) 00:47:26 [Preview] No. 11061 [Reply] [Last 50 Posts]
Would you do it?
https://youtube.com/watch?v=U3EEmVfbKNs

I wouldn't, but seems really interesting for nutrigenomics:
https://en.wikipedia.org/wiki/Nutrigenomics


Anonymous 09/10/2017 (Sun) 03:34:33 [Preview] No. 11062 del
(74.51 KB 800x600 143948591274.jpg)
>>11061
I'm not going to watch the video, but if it's referring to 23-and-me or Ancestry.com and those other DNA testing services, no. Their privacy protections are so flimsy that they're practically nonexistent.

In addition, like the recent Equifax breach reminds us (140 million people's sensitive personal financial info stolen), sensitive data is not safe in the hands of centralized third parties. These big DNA testing providers will be breached, and the DNA information of millions of people will be leaked.

I'm waiting for something like the Bento Lab to become available and reasonably affordable.

https://www.kickstarter.com/projects/339005690/bento-lab-a-dna-laboratory-for-everybody
https://www.bento.bio/

By reasonably affordable, I mean in the $500 range. That's not pocket change to me, but I think I know enough people who would be interested in having their DNA tested but also don't trust the big services that I could get them to help subsidize a kit.

I think home biohacking is going to be producing some weird and wild stuff in the next 20 or 30 years, including some pathogens of interest to bioterrorists.

We're in for a wild ride.



Learning the PE Header, Malware Detection with Minimal Domain Knowledge Anonymous 09/06/2017 (Wed) 09:26:44 [Preview] No. 11029 [Reply] [Last 50 Posts]
Many efforts have been made to use various forms of domain knowledge in malware detection. Currently there exist two common approaches to malware detection without domain knowledge, namely byte n-grams and strings. In this work we explore the feasibility of applying neural networks to malware detection and feature learning. We do this by restricting ourselves to a minimal amount of domain knowledge in order to extract a portion of the Portable Executable (PE) header. By doing this we show that neural networks can learn from raw bytes without explicit feature construction, and perform even better than a domain knowledge approach that parses the PE header into explicit features.

An interesting approach to malware detection. For the next McAfee. Hey, when you're down in Guatemala in your jungle mansion, banging supple Latina teenagers, remember me, ok?
9 posts and 3 images omitted.


Anonymous 09/08/2017 (Fri) 01:27:41 [Preview] No. 11048 del
>>11038
>Breaking apart post by sentence
<neopets.com/forum
Perhaps you don't understand the forums' purpose. If you want to discuss wikipedia articles, there are better places that permit you to pretend to be doing something. HN is one such place that might suit you better.

PDF is interesting and adds more evidence to coming age of ML. Fortunately (or unfortunately if you refuse to learn) ML you'll be left behind as a metasploit monkey and etc., if you work in another field. No doubt some of the more wealthy AVs are already testing basic ML instead of regular hashes to check for warez. It seems like a much more efficient process than sandboxing a suspected snippet and running a sim.


Anonymous 09/08/2017 (Fri) 04:09:24 [Preview] No. 11050 del
>>11048
<Not breaking apart post by sentence
Where exactly I've cited wikipedia? I think you're confused anon.


Anonymous 09/08/2017 (Fri) 06:08:19 [Preview] No. 11051 del
malware detection = enumerating badness


Anonymous 09/08/2017 (Fri) 14:21:11 [Preview] No. 11052 del
>>11029
>In this work we explore the feasibility of applying neural networks to malware detection and feature learning.
buzz buzz buzzword. why do we care about some minor innovations to goy tech? the single one justification for antivirus to exist is that it purges outbreaks on machines owned by the goy who run outdated software and open untrusted executables (these people will have already have had their info stolen by the time the antivirus is updated to have a signature for such malware). it does not offer any security or any useful attribute to anyone who knows what they're doing. in particular, using NN to "detect malware" is just another heuristic full of false positives and will be once again, trivial to bypass.
>>11035
this
>>11037
PDF is worse than HTML in every way
inb4 >muh typography!11
>>11048
>Fortunately (or unfortunately if you refuse to learn) ML you'll be left behind as a metasploit monkey and etc
is this what people conclude when they reason on the level of memes?
>AVs check for warez
what did he mean by this
>It seems like a much more efficient process than sandboxing a suspected snippet and running a sim.
confirmed for not having a clue what you're talking about


Anonymous 09/08/2017 (Fri) 18:56:08 [Preview] No. 11059 del
>>11050
I see you have missed my wordplay. What you're doing is parroting information that brings nothing new to this discussion, but only regurgitations of ideas that can be found directly on the wikipedia articles of these topics.
>>11052
I would like all peoples from lainchan to please go back and learn from the beginning how to properly form sentences. Thank you. If you would like a serious discussion on my lack of understanding or the paper at hand, please initiate, otherwise you are worse than the boy who still visits and exudes neopets etiquette.



Anonymous 08/07/2017 (Mon) 23:22:13 [Preview] No. 10579 [Reply] [Last 50 Posts]
What do you use for temporary anonymous file hosting? I'd like something like pantsu used to be.


Anonymous 08/08/2017 (Tue) 01:37:26 [Preview] No. 10582 del
Just look up pantsu clones and choose one.


Anonymous 08/08/2017 (Tue) 01:38:12 [Preview] No. 10583 del
I use minfil (dot org) and cocaine (dot ninja):
<can use curl to upload


Anonymous 09/08/2017 (Fri) 00:40:44 [Preview] No. 11045 del
>>10579
OnionShare https://onionshare.org/
If you want to share some non-zip files, you can easily edit resources/html/index.html to your taste.



DolphinAtack: Inaudible Voice Commands Anonymous 09/02/2017 (Sat) 08:40:52 [Preview] No. 10987 [Reply] [Last 50 Posts]
Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems(VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though hidden, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.
4 posts and 1 image omitted.


Anonymous 09/03/2017 (Sun) 03:35:54 [Preview] No. 11007 del
>>10987
Another reason why voice-activation is not ready to be used, and is a major security hole. They already save recordings of your voice, and this just adds onto the bullshit.


Anonymous 09/03/2017 (Sun) 05:07:51 [Preview] No. 11008 del
I remember reading an article from some security conference about extracting data from infected computer through inaudible sound signals, perfect for some airgapped machines. This is basically the opposite, you can send commands with data streams, and since it runs proprietary voice recognition software, you may consider it a malware.


Anonymous 09/03/2017 (Sun) 18:19:33 [Preview] No. 11013 del
>>10999
This isn't scary stuff at all. It's exactly what's expected when you try and use algorithms on the real world. Only consumerist robots fall for idiotic technology like "biometrics" and "voice control". The same will happen for self-memeing cars (well it already has happend with both Lidar and Tesla).


Anonymous 09/05/2017 (Tue) 10:28:23 [Preview] No. 11024 del
>>11008
like TEMPEST?


Anonymous 09/06/2017 (Wed) 03:44:20 [Preview] No. 11028 del
(406.15 KB 1100x1335 2017-08-23-addie-weed.jpg)
>>11024

In essence, yes, but I think that technically TEMPEST is just about shielding and preventing the interception of natural side-channel information that results from computing, i.e. a system's normal EM emissions, sound production, etc.

If I remember what anon is referring to correctly, it was a computer that was actually infected with malware that was designed to exfiltrate information from the computer using sound, so it wasn't about purely passive interception. A successful attack of this kind would require getting your malware onto the machine first. It was a neat proof of concept, though.