匿名者课堂讲课记录.2016年4月25日,美国时间2016年4月24日,星期天.

以下内容都是2016年4月25日,美国时间24日.星期天.匿名者在tor上面进行的讲课内容.英文版- -大家自行翻译.如果有大神翻译好了,可以私聊我.我传个大家共享.

相关资料:http://www.freebuf.com/news/102146.html

7:39:42 PM - butts: Welcome to the first of (hopefully) many lessons to come here on the Onion IRC network.
7:39:54 PM - butts: Coming to you live from the onion routing network!
7:40:23 PM - butts: As previously stated, this lesson is an entry-level course on Anonymity and Privacy.
7:40:26 PM - freruneer has left the room (Quit: Read error).
7:40:50 PM - Aot_lbuntesServ has left the room (Quit: Read error).
7:41:03 PM - butts: Some of you may be wondering why we are doing this. Some users have shown concern that this network might "ran by the feds" and other such things.
7:41:14 PM - Paralx has left the room (Quit: Read error).
7:41:24 PM - butts: I assure you, our goal is to educate. And I hope you came to learn.
7:42:04 PM - mona: What you do with the knowledge you obtain here is entirely your business.
7:42:05 PM - Hackero has left the room (Part).
7:42:47 PM - Torm [Instantbir@localhost] entered the room.
7:42:57 PM - butts: I am personally motivated to participate in this project for various reasons, but some of the biggest being that over the last five years I have seen the numbers of those aligning with Anonymous soaring. But at the same time, the average users technial-knowhow has been on the decline.
7:43:54 PM - You are not a channel operator on #class.
7:44:00 PM - butts: The average Anonymous "member" believes that DDoS and Twitter spam equates to activism and hacking. While this course is not covering these specific topics, we think this is a beginning to a better understanding of what "hacktivism" is.
7:44:03 PM - m0n0d3lc0ng0 has left the room (Quit: Ping timeout: 240 seconds).
7:44:06 PM - sanity [sanity@localhost] entered the room.
7:44:39 PM - butts: Okay, enough with the backstory gibberish. I'm sure you are all ready to start learning.
7:44:48 PM - OnionIRC: HYPE!
7:45:27 PM - butts: This course will cover many topics, all relevant to privacy, security, and anonymity.
7:45:44 PM - butts: kr0: Would you like to get us started?
7:45:48 PM - kr0: sure
7:46:05 PM - kr0: at this point I'd like to welcome you again to this
7:46:27 PM - kr0: This will teach you alot REALLY Important things you need to know
7:46:39 PM - kr0: Including the usage of Tor
7:46:46 PM - kr0: VPNs
7:46:54 PM - butts: (we understand that many of you are only just now using Tor for the first time!)
7:46:59 PM - jeff [my.dick@ur.mum] entered the room.
7:47:04 PM - kr0: possible Tunnelings
7:47:06 PM - AKOL [Instantbir@localhost] entered the room.
7:47:07 PM - kr0: Proxies
7:47:19 PM - kr0: and general OpSec
7:47:23 PM - Kharakid [NONYA@localhost] entered the room.
7:47:31 PM - kr0: which stands for Operational Security
7:47:42 PM - kr0: It is really Important
7:47:56 PM - butts: The human element!
7:47:57 PM - kr0: thats why we start with this
7:48:15 PM - TVGames has left the room (Quit: Leaving).
7:48:24 PM - kr0: I'd like to thank everyone who made this possible
7:48:31 PM - butts: The one thing that will always be a factor in hacking. Human error.
7:48:40 PM - kr0: because this is what its all about , Free Information
7:48:49 PM - kr0: Done. lets get it going
7:49:05 PM - kr0: exactly
7:49:22 PM - butts: Bottom line, you ARE data & information is power.
7:49:22 PM - anonymous [The@Torminati.su] entered the room.
7:49:29 PM - mona: ^
7:49:51 PM - kr0: as butts said, its really Important that you don't rely on Tools
7:49:58 PM - m1sf0rtun3 [Instantbir@localhost] entered the room.
7:50:02 PM - mona: We hackers like to think of ourselves as the one's seizing power by obtaining information about others
7:50:10 PM - mona: but you are not free from this maxim
7:50:15 PM - butts: Tools can only augment your own capabilities.
7:50:16 PM - mona: others obtain power over you by the information you give away, intentionally or not
7:50:30 PM - kr0: OpSec and being Anonymous is a 24/7 job
7:51:08 PM - kr0: Doesn't matter if you're in the supermarket , playing games or even just register to an Email account
7:51:22 PM - butts: Do you know one of the things that makes agencies like the NSA such a good adversary? You know, aside from billions of dollars and state sponsorship? They know to keep their mouths shut. All the time.
7:51:23 PM - kr0: Your Data is on the line
7:51:48 PM - butts: There is a joke in the intelligence community. NSA stands for, Never Say Anything.
7:52:00 PM - Sh4dOw1 [Sh4dOw1@localhost] entered the room.
7:52:19 PM - butts: And that is a basic rule of operational security. You may have heard the phrase "Need to know basis."
7:52:29 PM - in10sive [in10sive@localhost] entered the room.
7:52:29 PM - mc2 has left the room (Quit: Ping timeout: 240 seconds).
7:52:40 PM - kr0: You need to be a better Fed then the Fed itself
7:53:01 PM - butts: And that is what we are referring to. If you are involved in something illegal or possibly subverting a government, for example, you should not be saying ANYTHING about your actions to ANYONE. Unless they absolutely have to know.
7:53:07 PM - Hancker [Instantbir@localhost] entered the room.
7:53:30 PM - Rusty has left the room (Quit: Read error).
7:53:37 PM - butts: You may be surprised at the reach of your adversaries.
7:53:54 PM - kr0: Aliases, the way you type and online friends
7:54:01 PM - kr0: everything can be traced back to you
7:54:02 PM - butts: More than a few of us here have had "friends" outted as informants of one type or another.
7:54:19 PM - mona: as well as friends who turned coat to get out of trouble
7:54:27 PM - mona: the prospect of a life sentence does wonders for your morals
7:54:42 PM - butts: Indeed. You may trust someone, with your entire heart. But you cannot know how they will react when they are arrested and put under pressure.
7:55:09 PM - kr0: Its very Important that you understand that
7:55:09 PM - kr0: No Tool
7:55:10 PM - kr0: Not Tor
7:55:29 PM - butts: And, folks, we understand that this only seems relevant to people commiting crimes, but it's very important that you understand this philosophy, as it connects to everything relating to your privacy, security, and anonymity on the internet.
7:55:31 PM - sylux has left the room (Quit: sylux).
7:55:42 PM - gr007e [gr007e@localhost] entered the room.
7:55:49 PM - kr0: VPN*
7:55:51 PM - butts: That is why we started the lesson off with the subject of operational security awareness.
7:55:57 PM - xerxes [xerxes@wellspring.of.knowledge.and.wisdom] entered the room.
7:55:59 PM - leet [leet@localhost] entered the room.
7:56:19 PM - mona: can I jump in on a related note, butts?
7:56:29 PM - butts: All the tools in the world can't help you if you tell public stories that can lead directly back to your identity.
7:56:31 PM - butts: See: Jeremy Hammond
7:56:40 PM - butts: mona: of course please do
7:56:43 PM - mona: ok
7:56:54 PM - kr0: ok lets move on , mona
7:57:00 PM - caitsith [Cait@localhost] entered the room.
7:57:00 PM - mona: so we're talking a lot about opsec, and generally when we talk about it what we're referring to is information you disclose about yourself
7:57:14 PM - flordb [chatzilla@localhost] entered the room.
7:57:16 PM - mona: but even if you have perfect opsec and your identity is a beautiful little pearl hidde away from the world
7:57:25 PM - mona: you can still fail in opsec by not vetting who you associate with
7:57:29 PM - rooks has left the room (Quit: Read error).
7:57:30 PM - mona: this thing we do is often wrapped up with ego
7:57:49 PM - mona: very few people have the desire and drive to hack and don't have some kind of god complex, lol
7:57:52 PM - Zenfone5 has left the room (Quit: Ping timeout: 240 seconds).
7:57:52 PM - mona: but the fact is
7:57:53 PM - Anon1206 [Anon1206@localhost] entered the room.
7:57:57 PM - mona: ego kills hackers and crews
7:58:01 PM - mona: drama kills hackers and crews
7:58:03 PM - mona: let me repeat that
7:58:07 PM - mona: DRAMA KILLS HACKERS
7:58:18 PM - mona: if you're doing this for bragging rights
7:58:24 PM - mona: if you associate with people who are toxic
7:58:30 PM - Tracer [Instantbir@localhost] entered the room.
7:58:30 PM - mona: it's only a matter of time until you're v&
7:58:39 PM - mona: if you associate with people who draw drama and shit
7:58:43 PM - mona: and split crews wherever they go
7:58:46 PM - MaNueL [chatzilla@localhost] entered the room.
7:58:49 PM - mona: who are petty and seek vengeance over ideology
7:58:53 PM - aliyuum [User@localhost] entered the room.
7:58:59 PM - mona: you will soon find that the people who might otherwise welcome you with open arms
7:59:01 PM - butts: Little sidenote: If you are bothered by all the join/part/quit spam, google your irc client + hide joins parts quits
7:59:01 PM - mona: wants nothing to with you
7:59:11 PM - grey [grayblackw@localhost] entered the room.
7:59:16 PM - mona: if you want to work with professionals, be one yourself
7:59:22 PM - mona: drama is for kids
7:59:28 PM - mona: if you actually want to make a difference, keep a level head
7:59:35 PM - mona: because a level-headed hacker with no ego?
7:59:37 PM - mona: is a fucking goldmine
7:59:42 PM - mona: you hold onto them and cultivate htem
7:59:47 PM - mona: they will never let you down
7:59:50 PM - mona: that's all I wanted to say
8:00:36 PM - butts: Okay, so opsec isn't just the way we conduct ourselves. It also relates to the things we utilize in our every day lives.
8:01:01 PM - butts: You may have some friends that you consider "tinfoil conspiracy theorists" because they do not own a cell phone.
But you also may not be aware that, if you own a cellular device & carry it with you, every place you go is recorded & referenced & stored forever.
8:02:19 PM - kr0: Okay , lets get into Detail
8:02:19 PM - mona: to within 2000 feet via 3G and 20 feet via GPS, iirc
8:02:25 PM - butts: Some may think that this is scary, but maybe not such a problem. But you have to understand that agencies like the NSA is storing and cross referencing all of this data. So, for example, they know who you associate with because you all carry your phones on your person when you are together.
8:02:29 PM - butts: They know where you go and when you go there.
8:02:31 PM - rooks [User@localhost] entered the room.
8:02:33 PM - butts: All of your patterns.
8:03:05 PM - butts: And this is a  very good example of where opsec comes in. If you are trying to organize with a group of local activists, for example, do not all bring your phones when you are having meetings.
8:03:20 PM - reverse has left the room (Quit: Read error).
8:03:21 PM - butts: It's a very simple thing you can do to make yourselves just that little bit more secure in your movement.
8:03:39 PM - butts: Okay, sorry about that little rant.
8:03:49 PM - kr0: no problem
8:03:49 PM - whitehorsebrasil [Instantbir@localhost] entered the room.
8:03:57 PM - butts: I think you have a very basic understanding of what operational security is now.
8:03:58 PM - kr0: lets get the good shit going
8:04:10 PM - butts: Be careful what you say & who you say it to. Be careful of what you do & how you do it.
8:04:16 PM - kr0: OpSec is Number 1
8:04:20 PM - butts: Indeed, kr0. Now to the meat!
8:04:26 PM - kr0: SOOO
8:04:44 PM - butts: The riot is only one night. Metadata is forever.
8:04:46 PM - butts: ;)
8:04:50 PM - kr0: All of you heard about the bad stories about Tor
8:04:53 PM - quimera [amnesia@localhost] entered the room.
8:04:56 PM - kr0: :D
8:05:08 PM - kr0: > Tor is run by feds
8:05:10 PM - mixiou [Instantbir@localhost] entered the room.
8:05:14 PM - kr0: > Tor is for criminals
8:05:22 PM - ic4nh4zr007 [ic4nh4zr00@localhost] entered the room.
8:05:24 PM - kr0: > Tor is Vulnerable
8:05:42 PM - kr0: all of that is based of theories of people
8:05:44 PM - kr0: YES
8:05:44 PM - butts: Some of the most common horror stories regarding tor: "Created by the military" "All nodes ran by feds" "MITM attacks" "Identities compromised"
8:05:54 PM - Clown [funny@localhost] entered the room.
8:05:58 PM - kr0: ^
8:05:58 PM - BugsBunny [BugsBunny@localhost] entered the room.
8:05:59 PM - kr0: exactly
8:06:20 PM - kr0: The concept of Tor was created by the Feds
8:06:26 PM - johndutch has left the room (Quit: Ping timeout: 240 seconds).
8:06:32 PM - Hackero [Hackero@localhost] entered the room.
8:06:32 PM - butts: #1 issue leading to the compromise of a Tor user's identity: bad opsec. Not properly configuring their system for transparent proxying, which we will cover.
8:06:56 PM - kr0: Now we got 2016
8:07:15 PM - kr0: The Devs of Tor are the most hard working people I've seen
8:07:40 PM - kr0: There are ALOT of similar people to us running Nodes and Exit Nodes
8:07:45 PM - butts: If you are interested in the origins of Tor, check out this site: http://www.onion-router.net/ It was originally developed by the Naval research laboratory
8:07:54 PM - kr0: ^
8:08:12 PM - vkmov [xyyog@localhost] entered the room.
8:08:26 PM - kr0: Tor is a Proxy network
8:08:38 PM - kr0: each server is called a Node
8:08:47 PM - kr0: there are entry points
8:08:54 PM - kr0: and there are EXIT NODES
maybe you've heard about that
8:09:02 PM - kr0: maybe you've heard about that
8:09:10 PM - Kryath [Instantbir@localhost] entered the room.
8:09:15 PM - slayerdrop [Instantbir@localhost] entered the room.
8:09:18 PM - swat31337 has left the room (Quit: Ping timeout: 240 seconds).
8:09:18 PM - Fenrir [Instantbir@localhost] entered the room.
8:09:22 PM - school [chatzilla@localhost] entered the room.
8:09:26 PM - kr0: within TOR there is a end to end encryption
8:09:44 PM - butts: As long as you stay within the tor network
8:09:51 PM - butts: you are end-to-end encrypted
8:09:56 PM - kr0: The people running those nodes can't see your traffic at all
8:10:01 PM - kr0: exactly
8:10:30 PM - kr0: If you're leaving the Tor network you are Vulnerable , because no encryption
8:10:32 PM - butts: Also, entry nodes do not have knowledge of the destination of your traffic.
8:10:37 PM - kr0: ^
8:10:48 PM - butts: They are only knowledgable 1 or 2 hops down the line, I believE? Someone's correct me if I'm wrong
8:10:57 PM - kr0: There is a thing called HTTPS
8:10:59 PM - kr0: exactly
8:11:00 PM - butts: Which helps to fight against traffic analysis
8:11:00 PM - rackham: okay ELI5 of tor hops
8:11:28 PM - kr0: Https is the HTTP Protocol in a SSL Socket
8:11:36 PM - kr0: for those of you who want to know
8:11:38 PM - rackham: If you're going A to D, A only knows about B, B only knows about A and C, C only knows about D and B, D only knows about C and the destination
8:11:51 PM - butts: (You will typically hear SSL referred to as TLS nowadays, SSL is deprecated term but we old people are stuck on it)
8:12:03 PM - kr0: right :D
8:12:08 PM - butts: thank you rackham
8:12:23 PM - kr0: most either refer to SSL or TLS or SSL/TLS
8:12:45 PM - kr0: which isn't very Important
8:12:51 PM - kr0: back to Tor
8:12:56 PM - butts: So why is TLS (SSL) important for end-users to use?
8:13:08 PM - butts: (or would you prefer to cover that later)
8:13:28 PM - kr0: […] ets get tor done I'll come back later to ssl
8:14:07 PM - kr0: SSL/TLS Support gives you back the end to end encryption
8:14:12 PM - kr0: on that :P
8:14:13 PM - kr0: Okay
8:14:14 PM - azaza [Instantbir@localhost] entered the room.
8:14:22 PM - kr0: Tor
8:14:25 PM - seethersan has left the room (Quit: Ping timeout: 240 seconds).
8:14:40 PM - kr0: There are Servers WITHIN TOR
8:14:47 PM - kr0: called HIDDEN SERVICES
8:14:52 PM - kr0: like this one
8:15:00 PM - kr0: they usually end with a .onion
8:15:18 PM - kr0: those are domains you can't reach on the Normal Web (Clearnet)
8:15:20 PM - rose [Instantbir@localhost] entered the room.
8:15:40 PM - butts: They are ONLY accessible from within the tor network. There are services that will create a bridge from the clearweb to hidden-services, but they are NOT recommended to use at all.
8:15:49 PM - kr0: That why there is this Deepweb and Darknet everyone is talking about
8:15:54 PM - kr0: right
8:16:00 PM - kr0: You don't leave Tor
8:16:11 PM - kr0: you're within the Network
8:16:27 PM - mona: the network loves you, the network will cradle you softly to sleep
8:16:32 PM - butts: For a simple point of reference, Tor Hidden Services basically achieves for websites (or other services, like this IRCd) the same thing that Tor achieves for regular end users.
8:16:51 PM - butts: IE You don't know where the server is.
8:16:52 PM - poopeverywhere [Instantbir@localhost] entered the room.
8:16:55 PM - butts: And that's how we like it!
8:17:10 PM - kr0: even Admins can't find your real Location
8:17:12 PM - butts: Because that means the feds don't know either. (But they have all kinds of ways to try to get around this, more on that later?)
8:17:41 PM - kr0: seems like a good end on Tor
8:17:47 PM - kr0: let me just finish my sentence
8:18:04 PM - butts: Just a reminder, the channel is +m (moderated) right now during class. We will have periods of question & answer where users will be allowed to ask questions in the channel after being voiced.
8:18:17 PM - kr0: ^
8:18:25 PM - kr0: &kr0 | even Admins can't find your real Location
8:18:29 PM - kr0: This is True
8:18:36 PM - kr0: UNLESS
8:18:43 PM * butts mumbles something about users registering with emails
8:18:47 PM - mona: lol
8:18:51 PM - mona: opsec 101
8:18:55 PM - kr0: exactly
8:19:11 PM - AKOL has left the room (Quit: Read error).
8:19:16 PM - kr0: you click any phishy Links
8:19:29 PM - seethersan [seethersan@localhost] entered the room.
8:19:37 PM - davanci has left the room (Quit: Read error).
8:19:49 PM - kr0: That will send you to a Website and get your IP , possibly ur Browser hooked and many other Things
8:19:57 PM - kr0: okay , butts
8:19:57 PM - DawniPakie has left the room (Quit: Ping timeout: 240 seconds).
8:19:59 PM - mona: that's happened at least once in #main
8:20:04 PM - mona: in case you think we're being paranoid
8:20:13 PM * anonymous sees butts mumbling and giggles with glee
8:20:49 PM - butts: No need to cover the feds tactics for uncovering hidden service locations just yet. Maybe even something for another class.
8:20:56 PM - kr0: ok good
8:20:57 PM - butts: much too complex
8:21:07 PM - kr0: alright
8:21:09 PM - mona: word, baby steps
8:21:14 PM - butts: but we can go in to the tor browser
8:21:18 PM - kr0: The Tor Browser
8:21:20 PM - kr0: yea
8:21:23 PM - butts: because that is the best and worst thing for tor
8:21:34 PM - kr0: absolutely
8:21:36 PM - butts: it brings Tor to the average end-user who may not be technically capable of utilizing the tor network otherwise
8:21:48 PM - butts: However, it is also responsible for the majority of all "tor related hacks"
8:21:52 PM - creative has left the room (Quit: Leaving).
8:22:14 PM - kr0: sitenode: The Tor Browser is not TOR , its a browser modified to let you use the Tor network
8:22:15 PM - butts: generally speaking, it's vulnerabilities in Tor Browser that typically get people owned when using tor, not the tor network itself
8:22:51 PM - butts: But the Tor Browser is generally safer for average end-users who do not know how to properly secure their browsers in the first place.
8:23:14 PM - butts: Because Tor Browser comes with certain privacy/security minded addons out of the box
8:23:17 PM - _ReguIarMan_ has left the room (Quit: I got to go...  nice class... u forgot prepare it but it was nice, see u ).
8:23:25 PM - Liutos [Instantbir@localhost] entered the room.
8:23:31 PM - butts: Like HTTPS everywhere. which automatically utilizes the TLS connection to a website where applicable
8:23:47 PM - kr0: a short QnA for Tor ? , butts
8:24:00 PM - butts: sounds good
8:24:03 PM - D1wire has left the room (Quit: Ping timeout: 240 seconds).
8:24:04 PM - _V has left the room (Quit: Ping timeout: 240 seconds).
8:24:14 PM - kr0: okay
8:24:15 PM - A182 [Instantbir@localhost] entered the room.
8:24:15 PM - rooks has left the room (Quit: Read error).
8:24:17 PM - panic [Instantbir@localhost] entered the room.
8:24:18 PM - Daedalus [Icarus@localhost] entered the room.
8:24:30 PM - kr0: If you got any Questions about Tor
8:24:31 PM - butts: we will take a bit to field any questions from users regarding tor or anything that we have covered so far
8:24:36 PM - butts: please PM one of us with your question
8:24:39 PM - kr0: ^
8:24:40 PM - dolina has left the room (Quit: ChatZilla 0.9.92 [Firefox 38.7.1/20 […]
8:24:47 PM - butts: if it makes sense (please make sense) we will try to get to it
8:24:48 PM - mona: phone lines are now open
8:24:51 PM - mona: good morning, what's your bid?
8:24:58 PM - jack20 [Instantbir@localhost] entered the room.
8:25:03 PM - n3lh0 has left the room (Quit: Ping timeout: 240 seconds).
8:25:04 PM - butts: <AshKetch> Is tor browser for android any good?
8:25:15 PM - butts: Great question, we get people asking about using tor on mobile devices all the time.
8:25:43 PM - butts: It's a complicated question, because most of us would say "Oh god please don't try to be secure on a smart phone because smart phones are never secure" But I don't think that's very helpful here and now.
8:26:19 PM - alex8 [chatzilla@localhost] entered the room.
8:26:27 PM - butts: Short answer, there is no Tor browser for mobile as far as I'm aware. But you can utilize tor on android with the app "Orbot" it also has a beta feature that will allow you to enable transparent tor proxying for your entire device. However, your device MUST BE ROOTED for this to work properly.
8:26:37 PM - kr0: DLF | What is better. the browser bundle or the tor from the repos + a random browser ?
8:26:49 PM - kr0: as butts said
8:27:04 PM - kr0: The Tor Browser is costumized for secure usage
8:27:06 PM - butts: So, you can utilize something like Orbot with Andchat to chat on an .onion via an android device.
8:27:11 PM - kr0: alot of helpful addons
8:27:17 PM - butts: kr0: important note there
8:27:38 PM - ultimatum has left the room (Quit: Ping timeout: 240 seconds).
8:27:50 PM - kr0: I'm not sure about that , didn't manage to get that working yet
8:28:00 PM - mona: <Mr_Yuk> how can we better secure the Tor browser
8:28:02 PM - butts: DLF, Tor devs recommend using the tor browser because it has a specific fingerprint, just like all browsers. But if we all use the same browser/setup our traffic is that much more harder to analyze
8:28:20 PM - butts: They even recommend that you do not add more addons to the Tor Browser because it will alter the fingerprint
8:28:20 PM - mona: tor browser is pretty secure to begin with
8:28:26 PM - kr0: ^
8:28:26 PM - mona: that being said there is stuff you can do
8:28:30 PM - mona: as butts said, adding addons
8:28:32 PM - butts: and make you easier to track (not saying it allows them to track you, but makes it EASIER)
8:28:33 PM - mona: is not a great idea
8:28:37 PM - mona: they're not really necessary
8:28:42 PM - mona: it makes you easier to track
8:28:46 PM - mona: they haven't been vetted etc etc
8:28:53 PM - mona: as always, the human element is the most dangerous
8:28:56 PM - mona: don't turn off noscript
8:28:56 PM - butts: that is why it is FINE to use tor with another browser, but is is much easier to correlate your fingerprint with your identity
8:29:01 PM - mona: because you miss the pretty pictures
8:29:16 PM - mona: the first time you launch tor browser, you'll be asked to choose your security settings
8:29:20 PM - kr0: anonunname | +v As you guys said Tor is safer to use why people says downloading over Tor should be avoided as if one node is
8:29:22 PM - kr0:    OnionIRC    │                    | compromised they can send corrupt or malicious data?
8:29:29 PM - butts: there are also some more paranoid things tor devs recommend, such as not maximizing your tor browser window. because websites can tell how large the browser window is which means they can tell what your resolution is
8:29:30 PM - mona: obviously turn these up to high, none of the things they block are things you should care about
8:29:36 PM - butts: and that is just another bit of information they can correlate to find your identity
8:29:47 PM - kr0: anonunname:
8:29:51 PM - Condenser has left the room (Quit: Read error).
8:30:04 PM - kr0: Downloading stuff over tor can be Dangerous
8:30:14 PM - kr0: but that doesn't have to do with Tor
8:30:15 PM - OxED [Instantbir@localhost] entered the room.
8:30:18 PM - kr0: in general
8:30:36 PM - kr0: Downloading files on the Internet can always be a risk
8:30:42 PM - Dakinee [Instantbir@localhost] entered the room.
8:30:51 PM - butts: 20:40 <owleyes> you said the govt tracks our location using our phones, how exactly do they do that using the cell signal? And what about airplane mode?
8:30:56 PM - kr0: Just on Tor there no "verified sources
8:31:09 PM - butts: Your phone is constantly pinging the cell towers around you. That data is all archived.
8:31:10 PM - mona: the cell towers HAVE to know approximately where you are
8:31:14 PM - mona: to communicate with your phone
8:31:16 PM - rackham: cell phone tower triangulation and the distance between wifi access points
8:31:19 PM - mona: and they store that data because lol why not
8:31:21 PM - kr0: But its all good if you check your Downloads, maybe later on that
8:31:29 PM - butts: airplane mode won't save you
8:31:35 PM - rackham: they actually use wifi routers around you and their signal strength to be more accurate
8:31:41 PM - rackham: and its less taxing on the battery
8:31:45 PM - cnrabbit [cnrabbit@localhost] entered the room.
8:31:52 PM - butts: If you want to carry a phone and are worried about privacy. Take your battery out and purchase a small faraday pouch for travel.
8:31:54 PM - kr0: zer0 | is it a good idea to use tor browser for like personal surfing? like twitter or any social site? i know its not but dnu why
8:32:07 PM - kr0: here is the point
8:32:24 PM - kr0: either you use Tor all the Time or you use t only if you need it
8:32:25 PM - butts: good question zer0
8:32:29 PM - p38 [p38@localhost] entered the room.
8:32:30 PM - NaN604 [Idle@localhost] entered the room.
8:32:34 PM - Anakin has left the room (Quit: Ping timeout: 240 seconds).
8:32:35 PM - kr0: There are alot of opinions on that
8:32:52 PM - butts: indeed, kr0. some think it is better to split up your traffic
8:32:56 PM - mona: <reactD> why doesn't tor like to be run as root user?
8:32:59 PM - mona: this is a simple one
8:33:03 PM - kr0: exactly
8:33:05 PM - mona: userland applications should not be run as root
8:33:09 PM - reverse [Instantbir@localhost] entered the room.
8:33:13 PM - butts: but if you are going to split your traffic up, you must also be very very aware of how you conduct yourself across both identities.
8:33:15 PM - mona: there are no advantages to doing so and significant risks
8:33:26 PM - butts: because it can be very simple to tell two identities are the same person. and this all goes back to operational securtity
8:33:32 PM - butts: security/sp
8:33:37 PM - P0cco [User@localhost] entered the room.
8:33:40 PM - mona: if despite the best efforts of the developers, there are vulns in tor browser, running as root gives full system access
8:33:52 PM - mona: linux's access control is useless if you hand root to an attacker on a silver platter
8:34:13 PM - kr0: gr007e | if you run another web browser at the same time as tor, but both are on different web sites, will that compromise your anonymity
8:34:40 PM - kr0: similar to the Tor/not tor question
8:34:55 PM - mona: <crackerjax> if using nmap or something can we configure it to go through tor
8:35:00 PM - rj45 [chatzilla@localhost] entered the room.
8:35:05 PM - mona: simple answer: yes, google proxychains and/or usewithtor
8:35:09 PM - kr0: If you run two webbrowsers
8:35:16 PM - kr0: on two different websites
8:35:23 PM - mona: complex answer: transparent proxying will make certain that none of your traffic is being leaked by proxychains/torify
8:35:29 PM - kr0: there are ways that your ISP will get you trhough that
8:35:30 PM - mona: more on how to set transparent proxying up later
8:35:41 PM - kr0: or anyone sniffing on the traffic
8:35:41 PM - cbk23 [chatzilla@localhost] entered the room.
8:35:53 PM - BUs3r [bus3r@localhost] entered the room.
8:35:57 PM - kr0: There is a low chance , but it can happen
8:36:07 PM - kr0: I get a lot of questions :P
8:36:07 PM - butts: okay we should move on. we can take more questions later
8:36:25 PM - butts: How about Encryption
8:36:33 PM - kr0: okay one last sentence
8:36:37 PM - butts: yes
8:36:59 PM - kr0: most of the "getting caught using Tor" stories
8:37:03 PM - bluemilk [Instantbir@localhost] entered the room.
8:37:06 PM - kr0: are about BAD OPSEC
8:37:30 PM - kr0: This pretty much sums it up :D
8:37:36 PM - mona: tbh
8:37:38 PM - butts: and also with tor browser 0days the government had and used to inject malware into clients via adds on compromised hidden services
8:37:39 PM - sharktale [Instantbir@localhost] entered the room.
8:37:40 PM - Treck-C has left the room (Quit: Read error).
8:37:42 PM - mona: most of the "getting caught" stories
8:37:42 PM - mona: period
8:37:44 PM - mona: are bad opsec
8:37:53 PM - groot has left the room (Quit: Read error).
8:37:57 PM - OnlyHeatshot has left the room (Quit: Read error).
8:37:58 PM - kr0: If you got any further questions save them for later please :D
8:38:25 PM - butts: related: https://theintercept.com/2016/04/21/fbi-mass-child-porn-hack-ruled-illegal-on-a-technicality/
8:38:37 PM - kr0: I'll answer a few questions in PM , while mona and butts will tell you something anout encryption
8:38:43 PM - butts: okay. I'm going to try to run through some stuff right now
8:38:57 PM - butts: Some basic rules of thumb, especially for mobile devices.
8:39:33 PM - butts: Obviously, always keep track of them. Do not let people you don't know take them from you, if possible. Obviously sometimes the cops will just take it from you. (And then you'll wish you didn't have it on you)
If you lose your device, change your passwords. And i mean all of your passwords. You never know when you've overlooked something and they can gain more access than you thought possible.
8:40:13 PM - mona: "oh these accounts are completely separate"
8:40:18 PM - mona: >but they have the same security question
8:40:27 PM - mona: >but they confirm forgotten password with the same phone number
8:40:31 PM - butts: There are applications you can use to further secure your phones or tablets. Ones that, if your device is lost but connected to the internet, you can send commands to for wiping or even location discovery to go and get it back
8:40:51 PM - butts: On top of that, always encrypt your mobile devices when you can.
8:41:08 PM - butts: With your accounts, ALWAYS use 2 factor authentication (again, where possible)
8:41:13 PM - Hot-Chili has left the room (Quit: Ping timeout: 240 seconds).
8:41:23 PM - butts: 2FA provides with great extra account security
8:41:38 PM - butts: it's a detterent against hackers (but not all, if they are persistent enough or paid enough)
8:41:46 PM - butts: And it's a free way to protect your resources
8:43:11 PM - butts: Regarding public internet usage, please be careful whenever using public wifi networks.
8:43:23 PM - sanitysanity [sanity@localhost] entered the room.
8:43:24 PM - butts: There are malicious hotspots literally everywhere.
8:43:38 PM - school has left the room (Quit: Ping timeout: 240 seconds).
8:43:39 PM - butts: They will seem like regular hotspots. But they will own you.
8:43:59 PM - mona: more on how to do that at a later date ;)
8:44:10 PM - Hancker has left the room (Quit: Ping timeout: 240 seconds).
8:44:25 PM - rooks [User@localhost] entered the room.
8:44:31 PM - butts: If you connect to a malicious hotspot, it is possible for the owner of that hotspot to even compromise your SSL connections (see: sslstrip) this is called a man-in-the-middle (MITM) attack
8:44:37 PM - butts: and, yeah, more on that in another class ;)
8:44:59 PM - mona: that was a good class in BHA
8:45:09 PM - antyo [Instantbir@localhost] entered the room.
8:45:11 PM - butts: When it comes down to it, if you don't trust the hotspot, it might be a better choice to use your dataplan if possible
8:45:29 PM - m1sf0rtun3 has left the room (Quit: Ping timeout: 240 seconds).
8:45:49 PM - butts: Okay, some other things that I hope most of the people here already know but I will say anyway
8:45:52 PM - butts: Passwords
8:45:59 PM - butts: Please, make them secure.
8:46:06 PM - butts: Make them long. Make them complex.
8:46:11 PM - butts: Show some creativity, people!
8:46:13 PM - p38 has left the room (Quit: Leaving).
8:46:27 PM - Hancker [Instantbir@localhost] entered the room.
8:46:28 PM - butts: Don't be afraid to use a password generator. Don't allow yourself to use poor security simply because you are afraid to forget a password.
8:46:33 PM * mona hopes we avoid the CorrectHorseBatteryStaple debate
8:46:42 PM - cycycykakaka [Instantbir@localhost] entered the room.
8:46:52 PM - butts: There are ways to mitigate the risk of losing passwords. I recommend utilizing something like KeePass2 for storing your passwords locally and encrypted
8:47:04 PM - butts: all you have to do is remember your password (or also have your key) to get access to your passwords
8:47:16 PM - Negan [Negan@localhost] entered the room.
8:47:18 PM - Fenrir has left the room (Quit: Fenrir).
8:47:19 PM - Yoguikiller has left the room (Quit: Ping timeout: 240 seconds).
8:47:20 PM - butts: the risk there, obviously, is that an adversary might be able to gain access to your passwords (so be smart)
8:47:51 PM - azaza has left the room (Quit: azaza).
8:47:57 PM - t0p has left the room (Quit: Read error).
8:48:06 PM - butts: If you are using linux, and we hope you are or are willing to try it out, DO NOT USE ROOT
8:48:15 PM - butts: disable root login
8:48:21 PM - butts: setup a sudo account
8:48:47 PM - butts: Also, don't be afraid of password-less login. Learn to love key authentication
8:49:20 PM - butts: Your adversary will need to put in a hell of a lot more work if they can only login to your server with a specific account & your privkey.
8:49:44 PM - aa55 has left the room (Quit: Leaving).
8:49:47 PM - p38 [p38@localhost] entered the room.
8:49:48 PM - butts: Anyone want to add anything regarding what I've covered?
8:49:50 PM - Derp has left the room (Quit: Read error).
8:50:01 PM - butts: mona kr0
8:50:11 PM - jiyltz [jiyltz@localhost] entered the room.
8:50:13 PM - kr0: 1 sec
8:50:39 PM - kr0: I've closed my PMs for now
8:50:40 PM - Buddie_423 [chatzilla@localhost] entered the room.
8:50:59 PM - l1vedev1l [amnesia@localhost] entered the room.
8:51:05 PM - chuk_norrys [Instantbir@localhost] entered the room.
8:51:08 PM - kr0: ok guys
8:51:34 PM - kr0: > Long Password and complex ones are really Important
8:51:47 PM - kr0: KeePass X /2
8:51:50 PM - butts: 21:03 <DLF> But doesn′t most Linux have an admin pw for the login and a  root pw anyways ?
8:52:03 PM - butts: You CAN disable password login. And you can also UNSET passwords for users.
8:52:17 PM - aleco9 [chatzilla@localhost] entered the room.
8:52:17 PM - d00dz [Instantbir@localhost] entered the room.
8:52:19 PM - ial has left the room (Quit: Leaving).
8:52:35 PM - kr4toz [Instantbir@localhost] entered the room.
8:52:44 PM - butts: passwd -d username
8:53:29 PM - kr0: a new QnA ?
8:53:36 PM - Edward [User@localhost] entered the room.
8:54:11 PM - Mariel [Mariel@localhost] entered the room.
8:54:16 PM - butts: sure kr0
8:54:21 PM - butts: we'll field some more questions for a bit
8:54:30 PM - butts: i know users have some questions about 2FA and key authentication
8:54:41 PM - butts: anyone willing to cover key auth for me?
8:54:57 PM - badkiller has left the room (Quit: Read error).
8:55:18 PM - Manynu [maynu@localhost] entered the room.
8:55:20 PM - EletricWave has left the room (Quit: Read error).
8:55:30 PM - meldcat has left the room (Quit: Read error).
8:55:43 PM - butts: Hehe okay I guess not
8:56:45 PM - butts: okay, the basic most widely used key based auth system is called "public-key cryptography"
8:57:08 PM - butts: in very basic terms, it is broken into a public and private set of keys
8:57:26 PM - butts: the private key (aptly named) should always be kept private, and hidden
8:57:31 PM - butts: never store it publicly anywhere
8:58:16 PM - kr0: let me rephrase that
8:58:18 PM - butts: the public key goes on your server (if using for key based authentication) or somewhere else public (if, say, you are using it for encrypted communications you want people to be able to access your public key to encrypt their message to you)
8:59:03 PM - BugsBunny has left the room (Quit: Leaving).
8:59:05 PM - kr0: You got 2 Keys
8:59:18 PM - butts: here is a basic simple guide for setting up passwordless login on debian https://www.debian.org/devel/passwordlessssh
8:59:18 PM - kr0: one is for anyone to read
8:59:31 PM - cnrabbit [cnrabbit@localhost] entered the room.
8:59:35 PM - kr0: and the other one is private
8:59:51 PM - kr0: You ENCRYPT it with the Public KEY
9:00:07 PM - kr0: and you DECRYPT it with your Private KEY
9:00:23 PM - kr0: So EVERYONE can encrypt their messages
9:00:32 PM - mrcairus [Instantbir@localhost] entered the room.
9:00:40 PM - kr0: But only you , with the private key, you're able to decrypt it
9:01:05 PM - butts: another helpful guide regarding setting up passwordless login https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
9:01:07 PM - revolutio has left the room (Quit: Read error).
9:01:14 PM - azaza [Instantbir@localhost] entered the room.
9:01:17 PM - kr0: you can send anything ENCRYPTED
9:01:28 PM - kr0: but only you are able to DECRYPT it
9:01:41 PM - Guest64734 has left the room (Quit: Ping timeout: 240 seconds).
9:01:42 PM - red-dragon514 [Instantbir@localhost] entered the room.
9:01:52 PM - d00dle has left the room (Quit: Ping timeout: 240 seconds).
9:01:52 PM - kr0: maybe you've seen those PGP Keys of people
9:02:09 PM - kr0: alot of people are using them
9:02:40 PM - kr0: With this KEY you're able to send stuff to the person giving you the Public Key
9:02:56 PM - kr0: but ONLY he is able to decrypt
9:03:12 PM - kr0: This is the Basic of Encryption
9:03:21 PM - kr0: You got Keys and you got secrets
9:03:46 PM - butts: we love secrets
9:03:46 PM - kr0: there are different types of encryption from RSA over to AES
9:03:50 PM - raziel has left the room (Quit: Leaving).
9:03:58 PM - kr0: different key sizes and all that
9:04:06 PM - kr0: but that is the basic Idea
9:04:11 PM - testing1234 has left the room (Quit: Read error).
9:04:18 PM - kr0: You have your Secret
9:04:28 PM - kr0: ENCRYPT it with a Key
9:04:44 PM - kr0: and the guy you're sending it to got the Key to open it up
9:04:53 PM - kr0: all it is
9:05:19 PM - kr0: well
9:05:30 PM - butts: we should move on, i think.
9:05:36 PM - kr0: Yea
9:05:45 PM - butts: one sec, reloading notes
9:05:54 PM - kr0: VPN/Proxies/Addons
9:06:03 PM - kr0: Encryption software
9:06:35 PM - butts: VPNs. you will hear many opinions on them
9:06:56 PM - butts: They are great! They are Horrible! Only noobs use them! Only elite hackers use them! Use them for everything! Blah blah blah.
9:07:13 PM - kr0: We're not gonna suggest any Provider btw
9:07:18 PM - butts: The truth is, all of this is true and all of this is false.
9:07:41 PM - kr0: VPN
9:07:47 PM - kr0: Different to a Proxy
9:07:48 PM - d00dle [d00dle@localhost] entered the room.
9:07:53 PM - kr0: way different
9:07:54 PM - butts: The main issue with VPN providers is that, well, you are putting trust in them. You can mitigate that trust as long as you can securely and privately purchase your VPN service
9:08:14 PM - kr0: let me explain what a VPN is first :D
9:08:19 PM - butts: if your VPN provider has your name, billing info, IP, etc on file, you aren't exactly more secure when using your VPN as far as being safe if you commit a crime using it.
9:08:22 PM - butts: yes, please
9:08:31 PM - kr0: a VPN is a Server / Network of Servers
9:08:43 PM - kr0: You put ALL your Traffic trhough them
9:08:49 PM - kr0: which means
9:08:55 PM - kr0: > Its Encrypted
9:09:08 PM - sharp has left the room (Quit: Read error).
9:09:10 PM - kr0: > you're anonymized
9:09:31 PM - kr0: and you may cross ISP Blocks by your Gov
9:09:38 PM - DZ-bOY has left the room (Quit: Read error).
9:09:39 PM - noone has left the room (Quit: Read error).
9:09:46 PM - kr0: Now , back to butts
9:09:57 PM - kr0: You need to pay for a VPN
9:10:05 PM - kr0: Free VPNs are shit
9:10:08 PM - butts: There are free VPNs but they are not really recommended
9:10:13 PM - kr0: they sell your data
9:10:19 PM - mona: you are the product
9:10:23 PM - butts: Everything costs something, right?
9:10:23 PM - OxED has left the room (Quit: Ping timeout: 240 seconds).
9:10:28 PM - Kreator [Instantbir@localhost] entered the room.
9:10:28 PM - kr0: Bandwith = Money
9:10:29 PM - mona: and they will crumple like paper vs. law enforcement
9:11:12 PM - pp8 [Instantbir@localhost] entered the room.
9:11:13 PM - kr0: Important
9:11:14 PM - butts: VPNs are especially nice if you are just an average end-user that does a lot of traveling/business trips
9:11:24 PM - butts: you can utilize public wifi with much less worry
9:11:30 PM - butts: because your traffic is tunneling
9:11:51 PM - b101 [chatzilla@localhost] entered the room.
9:12:03 PM - kr0: as butts said, VPNs need to be paid
9:12:11 PM - kr0: and there is Vuln
9:12:14 PM - kr0: RIGHT THERE
9:12:19 PM - butts: The issue there is, how do you pay without giving up identifying information?
9:12:25 PM - kr0: ^
9:12:36 PM - butts: There are VPNs that accept bitcoin payments. But then you also have to securely obtain and send bitcoins.
9:13:03 PM - Hancker [Instantbir@localhost] entered the room.
9:13:03 PM - butts: So, again, it's possible to privately obtain VPN access, but you have to know what you are doing.
9:13:24 PM - butts: That is why, sometimes, people do not recommend new users to rely on VPNs for privacy & security.
9:13:43 PM - rooks has left the room (Quit: Leaving).
9:13:50 PM - p38 has left the room (Quit: Leaving).
9:13:54 PM - kr0: but VPNs can be Important , especially to newbs
9:13:59 PM - kr0: Really easy to use
9:13:59 PM - butts: It is also not inherently true that Tor is better if you use it with a VPN. It CAN be better. But it can also make your tor traffic easier to identify.
9:14:09 PM - anonymous is now known as Pollack_King.
9:14:14 PM - Dangerous96 has left the room (Quit: Excess Flood).
9:14:16 PM - butts: https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
9:14:22 PM - kr0: ^
9:14:32 PM - Zildj [Instantbir@localhost] entered the room.
9:14:37 PM - butts: providing some URLs regarding some of this, as reference points. make sure you check them out
9:14:40 PM - butts: http://www.howtogeek.com/118145/vpn-vs.-ssh-tunnel-which-is-more-secure/
9:15:09 PM - kr0: I would say another quick QnA ?
9:15:14 PM - butts: regarding VPNs, like rackham said we are not recommending any specific service. but here is a guide that torrentfreak maintains https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/
9:15:22 PM - mona: we will have a lesson on securely paying for things anonymously
9:15:28 PM - mona: and there is a log in the mega.nz link
9:15:40 PM - kr0: so we get this not to long
9:15:40 PM - butts: that is information given to them in interviews with the various VPN providers. again, there is a lot of trust here. because you are TRUSTING the VPN providers that they are telling the truth
9:15:41 PM - mona: or if not there, PM me
9:15:42 PM - butts: especially when they say "We do not log"
9:19:44 PM - kr0: and I can't really judge on the sudo su vs root debate :P
9:19:50 PM - butts: Depending on how you send the money via the mail. That's also opsec related.
9:19:51 PM - Izorg has left the room (Quit: Read error).
9:20:08 PM - noone [chatzilla@localhost] entered the room.
9:20:10 PM - Ciph3r has left the room (Quit: Leaving).
9:20:11 PM - kr0: Abhz | Difference between VPN, SSH and key authentication??
9:20:15 PM - kr0: okay
9:20:24 PM - kr0: let me get something straight
9:20:31 PM - kr0: a VPN is a SERVER
9:20:52 PM - kr0: which ENCRYPTS your TRAFFIC until you leave the range of it
9:21:10 PM - kr0: SSH is a way to connect to something
9:21:18 PM - reverse has left the room (Quit: Read error).
9:21:21 PM - butts: (which also encrypts your traffic over it)
9:21:26 PM - kr0: ^
9:21:40 PM - kr0: and Key authentication is a METHOD
9:21:45 PM - kr0: to encrypt stuff
9:22:26 PM - kr0: reactD | Just a side note, not really a question, but I think it is very important that people dont take those VPN interview
9:22:28 PM - kr0: Exactly
9:22:41 PM - kr0: VPNs are though
9:22:45 PM - kr0: If you pay for a Service
9:22:53 PM - kr0: for example a VPN
9:23:02 PM - kr0: you accept their ToS
9:23:17 PM - kr0: If they state " WE WILL NEVER EVER LOG "
9:23:36 PM - kr0: There is a chance , depending on the Country they are based in
9:23:42 PM - owleyes has left the room (Quit: owleyes).
9:23:44 PM - Sh4dOw1 has left the room (Quit: Leaving).
9:23:44 PM - tamarind has left the room (Quit: Ping timeout: 240 seconds).
9:23:47 PM - Ytix has left the room (Quit: Ping timeout: 240 seconds).
9:23:53 PM - kr0: that feds will knock on their Door and want the Traffic
9:24:04 PM - kr0: Depending on the laws
9:24:09 PM - kr0: they might legally get it
9:24:25 PM - kr0: for example , a US based VPN is a bad Idea
9:24:50 PM - kr0: but usally , Its Illegal if they break their ToS
9:24:53 PM - aleco9 has left the room (Quit: ChatZilla 0.9.92 [Firefox 38.7.1/20000101000000]).
9:25:11 PM - antyo has left the room (Quit: Read error).
9:25:11 PM - Guli3lmus has left the room (Quit: ChatZilla 0.9.92 [Firefox 38.7.1/20000101000000]).
9:25:20 PM - kr0: I don't have any questions
9:25:29 PM - kr0: anyone else ?
9:26:28 PM - butts: okay
9:26:29 PM - kr0: jetblackcloud | misconception. they can absolutely break their tos and it doesn't affect the validity of the evidence.
9:26:30 PM - Sulaco [Sulaco@localhost] entered the room.
9:26:40 PM - kr0: like I said depending on the Countrry
9:26:47 PM - kr0: It might be Illegal
9:26:57 PM - butts: Let's rattle off some stuff here to try and zoom through some more topics
9:27:01 PM - kr0: If it still gets used is on another page
9:27:04 PM - butts: Don't want to run too much longer
9:27:07 PM - butts: but have a bit we can cover
9:27:09 PM - kr0: yea
9:27:14 PM - no_binary has left the room (Quit: Ping timeout: 240 seconds).
9:27:26 PM - butts: Firewalls, USE THEM! Configuring firewalls is outside the scope of this lesson, but we can cover it another time.
9:27:38 PM - mona: iptables<3
9:28:02 PM - butts: When using tor, make sure you are transparently proxying! https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
9:28:36 PM - butts: We don't need to cover malware in this lesson. But be aware that it exists and it wants to make your life suck
9:29:18 PM - butts: And be aware that even "legit" companies spread malware sometimes. There is an example back in 2005 through to 2007 Sony had a rootkit installed on CDs that they sold
9:29:19 PM - sw33poutcry [fOj4cFNQ5A@localhost] entered the room.
9:29:36 PM - revolutio [User@localhost] entered the room.
9:29:40 PM - butts: it silently installed, concealed itself, reported users listening habits to sony, and created further exploits that other malware was able to take advantage of
9:29:54 PM - butts: its purpose was initially to "Prevent illegal copying" but we know that's just bullshit.
9:30:16 PM - antyo has left the room (Quit: antyo).
9:30:24 PM - butts: Fuck the cloud. That is all on the cloud.
9:30:41 PM - Dangit has left the room (Quit: ChatZilla 0.9.92 [Firefox 38.7.1/20000101000000]).
9:30:49 PM - qwerty has left the room (Quit: Leaving).
9:31:01 PM - mona: word
9:31:02 PM - mona: WORD
9:31:18 PM - butts: When you are downloading software, make sure you are verifying that what you downloaded is what you were supposed to get! Adversaries can trick you into installing infected versions of software.
9:31:34 PM - butts: Here is a good point of reference for how to verify your Tor software, specifically https://www.torproject.org/docs/verifying-signatures.html.en
9:31:52 PM - butts: take what you learn there, and apply it to everything else you download. You will learn how to use GPG to verify the signature of files you download. Very important stuff.
9:32:32 PM - butts: Make sure you keep your software up to date.
9:32:39 PM - butts: There are gaping holes exposed all the time.
9:32:43 PM - butts: <3
9:32:51 PM - ladyV [xlx@localhost] entered the room.
9:32:51 PM - e150d [e150d@localhost] entered the room.
9:32:53 PM - Anonguy [Anonguy@localhost] entered the room.
9:33:00 PM - Sulaco has left the room (Quit: Read error).
9:33:00 PM - kr0: okay
9:33:53 PM - kr0: lets get this done and over it
9:33:56 PM - Shadow [User@localhost] entered the room.
9:34:02 PM - Hancker has left the room (Quit: Read error).
9:34:05 PM - kr0: I think IRC was never THAT Intense for me
9:34:10 PM - panic has left the room (Quit: Read error).
9:34:11 PM - butts: Here's some disk encryption programs to look into: Truecrypt (ONLY VERSION 7.1a), Veracrypt, FileVault2 (for OSX, but fuck Apple), dm-crypt/LUKS (linux)
9:34:27 PM - rackham: TrueCrypt vs Veracrypt...
9:34:31 PM - butts: you can find many comprehensive guides on how ot use them on the internet
9:34:32 PM - rackham: Truecrypt has been audited but a shady exit
9:34:37 PM - rackham: Veracrypt is a truecrypt fork w/ no audit
9:34:45 PM - Manynu has left the room (Part).
9:34:53 PM - kr0: and we don't want a OS war here :D
9:35:01 PM - kr0: Apple doesn't pay taxes
9:35:02 PM - butts: and as far as we know, truecrypt full disk encryption is still solid. no reports of people getting their boxes decrypted without obvious routes taken
9:35:03 PM - Anonimo69 has left the room (Quit: Ping timeout: 240 seconds).
9:35:05 PM - kr0: so definatly shit
9:35:16 PM - kr0: yes
9:35:27 PM - Vodka has left the room (Quit: Read error).
9:35:27 PM - butts: Okay, so
9:35:33 PM - kr0: any type of encryption cal help getting you caught
9:35:34 PM - butts: TL;DR Anonymous is a mindset.
9:35:54 PM - kr0: lets publish the nodes as well ?
9:36:01 PM - butts: ?
9:36:04 PM - butts: oh the notes
9:36:07 PM - kr0: notes *
9:36:10 PM - kr0: fuck me
9:36:12 PM - butts: yeah good idea
9:36:20 PM - kr0: so people got a sums up
9:36:23 PM - butts: maybe not on the pad though
9:36:28 PM - butts: since it's modifiable
9:36:29 PM - kr0: yea :P
9:36:30 PM - butts: oh wait
9:36:40 PM - butts: http://piratepad.net/ep/pad/view/ro.-zDMnaSnqgi/latest
9:36:55 PM - kr0: our notes
9:36:55 PM - butts: Here are the notes from this class. There is a bit that we did not cover.
9:37:01 PM - mona: we could teach another entire lesson tbh
9:37:02 PM - r4vbr [ravtunado@localhost] entered the room.
9:37:07 PM - mona: but we'll probably do something more fun next time ;)
9:37:07 PM - kr0: exactly
9:37:16 PM - kr0: Those are the basics
9:37:07 PM - kr0: exactly
9:37:16 PM - kr0: Those are the basics
9:37:23 PM - kr0: There HAVE TO BE TOLD
9:37:28 PM - kr0: I know its a bit meh
9:37:33 PM - rackham: fun stuff is coming
9:37:35 PM - butts: I want to give a big thanks to everyone for showing up to this
9:37:36 PM - rackham: but lets get everyone on the same pag
9:37:40 PM - kr0: but there are really Important
9:37:40 PM - rackham: help your fellow hackers out
9:37:47 PM - butts: I'm really glad to see you all interested in securing your online presence
9:37:49 PM - kr0: Yea
9:37:56 PM - kr0: 200 +
9:38:01 PM - butts: And we look forward to diving into some more advanced topics in the future.
9:38:07 PM - kr0: I'd like to thank each and everyone of you
9:38:18 PM - rackham: we have some awesome things lined up
9:38:24 PM - hiddenwookie has left the ro […]
9:38:27 PM - rackham: <3
9:38:31 PM - butts: I want you all to know that you are also ALL welcome to instruct your own course, too! If you are well versed on ANY topic and interested in doing something like this, please let one of us know and we can work on setting something up.
9:38:36 PM - mona: ^
9:38:37 PM - mona: definitely
9:38:47 PM - mona: now's the time, while the level we're teaching is quite basic
9:38:51 PM - kr0: Free information
9:38:57 PM - butts: This community relies heavily on the users. And I know there's a lot of talent out there. It doesn't have to be strictly related to IT, either.
9:38:59 PM - mona: stuff you think is elementary could be useful to the newer users
9:39:06 PM - butts: indeed
9:39:16 PM - mona: shoutout to hatter
9:39:18 PM - mona: gone but not forgotten
9:39:24 PM - kr0: take this info you got here and spread it
9:39:24 PM - mona: i'm out, peace all
9:39:25 PM - butts: Never forget