What happened to the geocities website? is it deprecated? I haven't lurked in /cyb/ for some time.
Mason Hernandez
try running cryptsetup benchmark to get an overview of the perfromance impact. IIRC it'll be hardly noticable since AES is part of the instruction set and dmcrypt uses it
darpa.mil/news-events/2016-03-04 >As an initial focus, NGS2 will challenge researchers to develop and use these new tools and methods to identify causal mechanisms of “collective identity” formation—how a group of individuals becomes a unified whole, and how under certain circumstances that community breaks down into a chaotic mix of disconnected individuals.
Thanks, I found there some very cool stuff to read, not exactly what I had in mind but still very nice.
Landon Peterson
Most of those are already worked into the FAQ.
Kayden Taylor
No you fucking homo, you lay the back of your head on it when going to sleep to charge.
Alexander Cook
It is from the Matrix movie, the plug goes into the back of their heads in order to interface them.
What charge?
Nolan Thompson
Old OP here, just checking in to see if it is still going strong and it is. Good job, guys, keep up the hard posting.
Matthew Jenkins
>How does it differ from other BBSes out there? My goal is not to build just a bbs, but a service that will live thru different protocols and is resilient to takedown and censorship, chaining techlogies that already exist. The core message delivery system is Bitmessage, because it's decentralized, encrypted, and uncensorable. Then there is the web interface (the one I posted screenshot) for the convenience. Then the bbs interface if you want to rock the terminal. Then there will be ipfs or zeronet to distribute all the files and messages, so if the service ever goes down, everyone will have a mirror and can start over anytime. Ideally, the user can read and write messages using any of the means above, which will share a single database (or a autosynced one). There is no major bbs improvement planned, but if you have suggestions let me know, I'll see if I can work them out. It will be mostly text-only. There is a plan to share files too, but that comes later.
Owen Fisher
Hi OP. I don't know who you are or what you do, but I've been enjoying the info posted in these generals. The first thread you made was a test and I'm happy to see that the reaction was more than positive. Keep up with the good work, see you on the other side.
Hunter Mitchell
Thank you user. Lately the time the threads hit the bump limit seem to coincidence with me being around, so I kinda feel it's my job now.
Joshua Harris
Good to see you around. I think there were 3 OPs, are you the one planning on compiling all the info from past threads?
Zachary Ross
Yes and I'm still working on it, whilst trying to keep up with my current schedule, which was the reason I had to stop posting the OP.
Leo Diaz
Then maybe we could coordinate some work. I was the one suggesting hosting the resources on gitlab for example so smaller changes can be done without much fuss. Some stuff of the OP could very well moved there so the OP has more space for news and the likes. Plus it's currently at character limit
Jackson Martin
>A collaborative archive That's an excellent idea, user.
Carson Perry
glad you like it. If the other OPs agree on the usefulness, I'll drop a link later.
Daniel Clark
Much appreciated.
Ayden Cook
>Yes and I'm still working on it, Excellent news. A few things might already have been added to the FAQ but there might still be a lot worth adding. The FAQ is 100+ KB of HTML but there are placeholders for more things to be added.
Jace Sanders
We must be one of Sup Forums's most efficient and successful generals.
Hudson Watson
page 9 again. bump it up !
Jackson Edwards
>10 people to put some sources on one place >effective
ZERO COOL
Liam King
It is, for what it is.
Christian Cook
I was only playing around with it so far so don't expect content gitgud.io/cyb/er/
I was thinking about having two landing pages - one for cyb and one for sec, linking to the respective resources
Sebastian Flores
not bad..
Jose Bailey
how secure are apps from fdroid? something doesn't feel right about downloading a bitcoin wallet to trust it with my shekels
Jackson Martinez
PPTP VPN
I just setup PPTP VPN to my home network, I know there are big security flaws in the protocol. However, I just want to use it for remote administration. I don't mind the traffic not being secured. My biggest concern is the authentication security. I don't want people logging into my network. Assuming my password is good, which it is. And i only login from trusted networks. Is the authentication wall considered secure?
Nicholas Brooks
anyone here have any experience using Sleuthkit or Autopsy?
asking for a friend of course
Oliver Rodriguez
volatility with a few plugins usually detects things better than hard drive forensics. a good pcap file where you dig through the http/s and dns requests is also much more likely to show you something.
malware and viruses tend to hide in temp folders where it's hard to find known bad things just by looking. if you're on windows you can try dumping the registry and looking for common issues like autoruns and dll load locations.
Jack Butler
where do all the images for these threads come from?
Jeremiah Mitchell
Suppose you have packets that look like this: [IPsec + TLS + Your own custom encryption of Application layer data] and someone captures your packets on their way to the destination. The packets use your own custom encryption that is not documented publicly. They can decrypt IPsec and TLS theoretically, but how would one decrypt the additional layer of your own custom encryption? He/She doesn't know the encryption/decryption method nor the keys used for it? Any links for discussions on this topic?
Brayden Brown
Set your firewall to only accept whitelisted MAC addresses.
Blake Miller
Ah, forgot the VPN part so MAC won't work
Leo Hughes
Usually the threads themselves
Nolan Green
Cyberpunk has nothing to do with cybersecurity.
Nathaniel Sullivan
Well, if the code isn't audited you need to look it up yourself to be secure about it's integrity, it's a matter of faith, wouldn't recommend having any kind of cryptowallet in your phone if you have a stock rom on it or use shaddy apps'.
Maybe im just being paranoid.
Evan Flores
OP states both of them clearly, and in my personal opininion cybersecurity would be a given in a classic cyberpunk setting for the ones who are not willing to give up their personal lifes to the government for one reason or another.
Jaxson Morris
Oh snap he took the bait
Jackson James
Well played user, i'll be wary next time :^)
Camden Carter
Probably, yes.
Thanks for bump!
I think it takes a lot more than 10 people to achieve what has been done - at least 3 OPs to start these threads - one of which is compiling resources - one FTP archive getting filled up with a lot of contents - one FAQ being built up, just compare version 4 with the latest release of version 5 - a lot of original pastas - several people contributing to news - several rounds of statistics - a lot of original stuff - we have even gotten ourselves a cliche-poster All making this one of, if not the best, general.
A few can be found on the FTP site, others are on Deviantart, the rest I do not know.
Noah Brooks
>All making this one of, if not the best, general.
I'm inclined to agree.
/dpt/ has become a never ending "C vs. Rust" shitfest /flg/ is an Arch circlejerk and full of "install gentoo"-tards /wdg/ has some quality posts but way too many questions of newbies who don't even bother to read the OP
I like that /cyb/+/sec/ people are humble and earnest fellows and dreamers.
I salute you, good sir.
Nicholas Cooper
That's a bright idea. Let me lay my skull right onto a sharp spike... I wonder what will happen? >High tech >Low IQ
Anthony Stewart
What are you, straight?
Luis Robinson
I agree with Keep it up.
Grayson Davis
With two months to prepare for an intensive codebreaking/crypto/reverse engineering challenge what resources would you turn to first?
I know Python, dabble in C, and I've done a few easy wargames on sites like overthewire. My networking knowledge is quite poor.
Sorry if this is a shit question and I should start poring over resources from the sticky, just not sure where to start, there's so much info there. I've also got a small collection of books, pic related.
Parker Brown
>linking to **dchan
Matthew Hall
botnets
Nathaniel Morgan
I am working to create an implementation of an Acoustic Keyboard Emission attack (basically just trying to figure out what you are typing from the sounds of the keys), and was wondering if anyone here had done anything similar. There seems to be some published work, a couple of githubs, but not much else.
Do you think attacks like this are live in the wild? Should I be worried about these things?
Luke Evans
>trying to figure out what you are typing from the sounds of the keys How is this possible? Do different keys sound different?
John Scott
Yes. Also the impact sets the keyboard vibrating subtly differently. You can show this easily using Fourier analysis of a string plucked at different positions and then extend that from a 1D string to a 2D plate.
Lucas Sanchez
There is always some new snake oil ... erm, I means new languages, that promise to solve our security issues. Rust is a new contender but Haskell is not taking this lying down either.
=== /sec/ News: >Reflecting on Haskell in 2017 stephendiehl.com/posts/haskell_2018.html >Haskell has had a great year and 2017 was defined by vast quantities of new code, including 14,000 new Haskell projects on Github . The amount of writing this year was voluminous and my list of interesting work is eight times as large as last year. At least seven new companies came into existence and many existing firms unexpectedly dropped large open source Haskell projects into the public sphere. Driven by a lot of software catastrophes, the intersection of security, software correctness and formal methods have been become quite an active area of investment and research across both industry and academia.
I like the enthusiasm but it is hard to see how a language can fix bad design such as the planet sized security hole in Debian a few years ago, a result of what was supposed to be a minor fix.
James Hughes
Yeah there are a bunch of papers. I'm basing my work off of this paper
Although at this point it's mostly just aping it an not doing too many improvements, because my math and AI knowledge leaves a lot to be desired (I want to go to grad school in it, but I have an EE degree and no job so I don't know if they will let me in, applying next year though)
Michael Kelly
I'm not sure about this one.
I'd think that Van Eck phreaking has more applications and a higher range. But then again if you only need a directional microphone and some software it's a much easier setup. Everybody and his dog can install a hidden microphone somwhere.
Keep up and post results.
Alexander Allen
>I'd think that Van Eck phreaking has more applications and a higher range. The acoustic route can be used by apps to listen in on the keyboard that otherwise be unavailable and then exfiltrate the data at really great distances.
Also you can imagine the microphone on your cell phone listening in on the keyboard of your laptop. With loudspeaker control you can even set up your own local net.
Zachary Martinez
A plucked string isn't anything at all like a keyboard. Your comparison is at best an attempt to confuse and redirect, whilst showing nothing useful.
Jason Richardson
Do you know anything about oscillations and Fourier transform
Ryder Young
Gentlemen gentlemen please, this is the time for math, not namecalling.
James Gonzalez
Indeed.
Pressing a key, especially a mechanical key, will cause a small but measurable impact on the board the key is mounted on. That impact is the "plucking". So even if all keys are identical, the sound will have to differ. A quick Google search will show a lot of graphs that show how the pluck position changes the harmonics.
If you still doubt me, you can try tapping on a table top at various positions. The harmonics will differ.
Camden Harris
Now place said table on a carpet, or cover it in a tablecloth. Or put it on a different surface. This seems like the sort of idea that could work in ideal, controlled laboratory conditions but not in the real world. Too many factors influence the acoustics of smacking something.
Thomas Young
You can use your skills to practice yourself on real situations like reverse engineering malwares. Read a lot of books is useless if you don't practice what you learn.
Might add, if there is enough space left, that this is where the FAQ is kept.
Levi Cox
I'll see what I can do and put it to the gitgud aswell.
Brayden Robinson
...
Justin Martinez
Excellent stuff.
The FAQ itself is being updated, a few new sections are expected.
Julian Reyes
I type on keyboards with swift movements, making my fingers softly hit random keys between the key I just pressed and the key I'm going to press, also pressing every key in a different angle than before. I've seen some pianists do it, their hands look like they're dancing. I also type in different keyboards.
I like to believe I'm immune to this.
Ryan Parker
What should an "entry-level" security analyst know?
Nicholas Gutierrez
you should at least know what assembly looks like and know how to program. the latter isn't about programming itself, it's more about having an idea what has to happen in sequence. Also, advanced knowledge about operating systems and networking. ... did I miss something?
Benjamin Brooks
...
Evan Jackson
are most of you guys commies?
Luis Howard
I think when it comes to computers we're all the same, and politics should be kept off the business. Otherwise I'm pretty right wing.
Parker Hall
Nah. Capitalism is good as a premise but the free market can't just solve everything like libertarian tards think. Corps put profit above everything else, they need to be regulated. I also believe that we need social programs to help the poorfags, everyone deserves a baseline standard of living.
Rightists are usually dumb on economic issues and ludicrously ass backwards on social issues. Leftists are sometimes good on social issues and sometimes good on economic issues.
Matthew Jackson
*sigh* guys, I am emulating router web GUI, and when I visit the ip address it asks me to put in a password for admin account, and I do, but it wont load proceed when I hit the "enter" button, but nothing happens, I am still working on understanding html/js whatever the fuck this shit is, so I can remove this annoying login, and I can view the rest of the webpages.
Connor Nelson
Totally agree with you, they classify me as a right winged because i'm politically incorrect, as it seems you need to be libertarian, neoliberal an politically correct to be part of the left wing, we are reducing our ideologies to a name and only that, to the point that it looses all of it's meaning. Im tired of this bullshit.
Jason Gray
Comfy as fuck
Carson Rivera
I know this feel. The conservatives say I'm a leftist commie cuck, the liberals say I'm an alt right racist/sexist/ableist/etc. Identity politics everywhere.
Liam Thomas
Lets discuss why aren't we focusing on electrical/electronics engineering. Understanding the basics is required to understand how software operate. So...
they can only mitm a tls connection with something like sslstrip or if there is a reverse ssl proxy on the network where they already have the private key. i don't think there are easy ways to decrypt an ipsec connection unless it uses single des. custom encryption wouldn't be needed, but standard cryptanalysis would apply.
Jacob Brown
most physical hacking is just usb sticks and hardware implants, not actually measuring power differentials to determine a private key or algorithm solely from hardware usage. most hardware hacking can be understood from a hobbyist level book like complete digital design which covers analog and digital circuitry as well as computer hardware.
Jacob Brooks
Does anyone have any idea what the best language for audio processing is? I'm keyboard user.
Jaxon Nguyen
Slow evening? Page 7.
Bumping with pic. Remember: "short, black hair".
Hunter Kelly
>Lets discuss why aren't we focusing on electrical/electronics engineering. We have, at least in the past. This comes up in EMP bombs, radio communications, GPS navigation and electronic warfare.
I have a lot to learn but im on it , thanks for the link, i try to contribute with cool papes and some of my thoughts for bump.
I would love to talk about hydroponics but it doesn't like seem the right place
Christian Nelson
>best language for audio processing Typically that is assembly programming for a dedicated DSP running a hard real time kernel or a trivial scheduler. DSPs are very suited for hard real time at low power consumption.
I have programmed DSP56300 and it is very comfy in assembly language. If you want to be more fancy you can use the Hexagon DSP in Snapdragon, though it is a bit of pain to obtain the documentation - you need to register and sign an agreement first.
Cooper Thomas
this is nothing new the touchscreen on phones works on almost exact principle except that yours is pretty shitty one i imagine how is that keyboard supposed to look like whilst not being a touchpad itself surrounded by fuckin sensors
Aaron Morgan
>i2g3vsckj67dnjvb.onion Any reason why this is timing out while loading for me? Obviously using tor.
Ethan Garcia
maderas was changing something again and wanted to move it.
Jacob Evans
:0 damn, i was looking for something. I'll just wait
Dylan Ward
The decryption methods for all popular encryption algorithms are known, one side needs to decrypt the traffic, duh.
With enough processing power and time these can be broken, even if there is forward secrecy. What im asking is, how can one reverse engineer cyphertext that you don't know the encryption method of (a custom encryption) even if it is mathematically much weaker than popular encryption methods?
Dylan Walker
How did you first get involved in cybersecurity (or anything related)? It would be nice if you could tell me your stories, because I need ideas on which approach to take. Thanks.
Austin Morris
Perhaps what you are looking for is on the FTP site.
Nathan Martinez
I know nothing about IRC/ IRC security, when I join a channel it ends up showing my username on the PC on rizon. Is there any way to configure this stuff?
Jack Williams
>Is there any way to configure this stuff? Sure, but every program has its own config. What are you using ? mIRC, xchat, hexchat ...
Dominic Brooks
>I like that /cyb/+/sec/ people are humble and earnest fellows and dreamers.
Couldn't express it better.
Ayden Morris
Hexchat at the moment. Is there some kind of noob's guide to IRC? Last time I used it I was like 11 and didn't care about privacy and such things.
Jayden Price
You're kind of right. IMO EE/CE is a natural way to expand the cyberpunk mindset.Learning about everything
Thanks for the pasta!
I'm waiting for the papers. Yeah, hydroponics doesn't quite fit in here, but the subject itself is very interesting. Maybe you can create a thread about it on /sci/
Luis Cruz
no, they're not known. it's nearly impossible to decrypt secure tls, but there are attacks like beast, crime and heartbleed which help against older versions. the amount of processing power and time required to break strong encryption would exceed the death of the sun.
like i said, cryptanalysis will still apply regardless of what encryption is being used.
Joseph Jackson
>noob's guide to IRC? I think the guys at Sup Forumsternet have something basic > mesh.gentoo.today/wiki/Tutorials then here's this > EDIT: can't post link because spam, just look for "irc guide opnewblood" (I remember I had a good guide downloaded by some *guerrilla* url, but the only I found now is the one above, and it's not that. It was more exhaustive and also covered tor setup) I'll make sure to post it when I find it.
Last time I used hexchat was aeons ago. I only have mIRC now and that's in the connection > local info > local host. Should be something similar in hc.
Andrew Sanchez
In the real world Communism has come a lot closer to creating a dystopian hellhole than the right wing ever has.