Silk Road forums

Discussion => Security => Topic started by: Scot Walker on January 10, 2012, 03:58 pm

Title: Thoughts on this for security
Post by: Scot Walker on January 10, 2012, 03:58 pm
So, I've been looking into ways to keep me safe when on SR, and in onionland. This is what I have found that looks like it might be good for what I want.

http://ryantrotz.com/2011/08/how-to-secure-your-files-using-truecrypt-and-virtualbox/


 Can anyone tell me if this is going to be a good way to go? Or, can someone suggest a better way? I'm running Windows 7. I'm not all that savvy when it comes to computers, so I probably wouldn't be able to do something too complicated. I'm thinking about opening a seller account, but want to be sure I'm good and safe before I do.

Thanks in advance for any replies!
Title: Re: Thoughts on this for security
Post by: QTC on January 10, 2012, 04:09 pm
Virtualization alone only marginally protects you unless you do it the right way, since the only layer of isolation it adds is a hypervisor. Not using snapshots opens you up to permanent exploitation rather than only during your session if you do get pwnd. TrueCrypt only protects you against an Evil Maid-style attack. Ubuntu is an insecure operating system IMHO. I recommend using the guide at http://xqz3u5drneuzhaeo.onion/users/secureconfig/tutorial.html but without using polipo. The setup may be difficult but once you get it running, you'll be OK. :-)
Title: Re: Thoughts on this for security
Post by: TravellingWithoutMoving on January 10, 2012, 04:15 pm
- sure, there are people using virtualbox.....not sure which of yours is the win7 -guest or host? ! i don't use windows but you could still do if you are comfortable with it, for example:
http://dkn255hz262ypmii.onion/index.php?topic=7856.0

- virtualbox & vmware {vmdk images} : can convert vmdk's for use in virtualbox, and am sure can actually create a vmdk style guest for use in virtualbox, so you
  have some options here if its definitely virtualbox you want to use. I installed virtualbox briefly and thought it was actually quite good and only reason for blanking
  the setup was I had concluded the hardware wasn't fast enough to run the No of guests i needed.

- perhaps virtualbox running under ubuntu? or a ubuntu linux guest?

- the security threads are here, where you've posted this very thread, can browse thru and see what everyones been saying.
  http://dkn255hz262ypmii.onion/index.php?board=3.0

- other options are vmware / vmware player {no licence req} -there are guests available for you if you wanted a prebuilt system as per thread:
  http://dkn255hz262ypmii.onion/index.php?topic=5599.0

- if you got time you could cast your vote on poll:
  http://dkn255hz262ypmii.onion/index.php?topic=8298.0

- i would recommend Linux but then you are the one who is going to have to build and / or work with, another secure option seems to be openBSD, again these are
  involved if you're a windooz man. {linux is far more secure and windows has not been the ideal choice for a secure setup....ease of use yes....}

- another solution would be non-virtualisation -a host running on native hardware, and i'm not the right person to be able to recommend win7 for this.
  again linux / openBSD would be a better solution but would you be able to build & support this..!?

most of the threads are really us arguing about the technology, some of the explanations aren't of much practical use to you...

aside from building the virtualbox (if that's what you have decided....) there are all the gpg / security apps needed, again the security section has loads of info
on this -if you are still having issues perhaps you should go for the prebuilt vm image by Security Solutions.

ok?!


Title: Re: Thoughts on this for security
Post by: Scot Walker on January 10, 2012, 04:32 pm
Thanks guys! I will check out all the referenced links. I'm not really a windows guy, it's just all I have ever used. Me and a friend have been talking about going the Linux route on a machine, and learning about it. I'm just not that educated when it comes to computers so I'm not overly comfortable with getting too deep into something without having the knowledge to fix something if I fuck it up. ;) I will definitely do some reading through the security section, starting with the recommended places.
Title: Re: Thoughts on this for security
Post by: Tranzshipper on January 11, 2012, 01:56 am
vmware - done that for years, till learned more, never again, thanks
any encryption is as good only as your security policies. my rule number one - no encrypted info on computer hard disks - never!!
for transmitting sensitive info, GPG/PGP as good as it always been, especially if you are using command line to create good keys. few indictments published on internet proved they cant brake it.
Title: Re: Thoughts on this for security
Post by: SecuritySolution on January 13, 2012, 11:28 pm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott,

Please feel free to use our thread as mentioned by Travelling a few posts up as a possible 'shopping guide' if you will if you decide to roll your own VM. It's tools are all free and publicly available the only exception being windows. Several of them are available for linux however with linux truecrypt does not allow whole disk encryption. This being the case you would need to rely on something like LUK's encryption. While LUK's is secure by most standards it only allows the use of a single encryption algorithm whereas truecrypt on the windows platform allows the leveraging of three in a cascading fashion increasing the security of your data from forensic recovery significantly.


Thanks,
SecuritySolution

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQGcBAEBAgAGBQJPEL33AAoJEKhBWjky5wQCyY0L/RqFFDfArW4A4kjyMLTgUp7Q
qqUuokFAHlAFYxNmRhIicpIGYUhr6yFKCNvZZBjbA903plTR7uitpQO9amU5um72
aaWK4ASf49OpFQfKgNwbGX/AYZrCgevl8LK+Mz2PEzigXYRCfZG2eO6cqcnLGitL
F/+fhdUcTY7TIUr63qy+2NSGI+4ufbNiuCQMbOD+Rka8jMBmdQ6/xfTPFdLCelEk
Y8+Fr9moYMsOehOnvkor9H5fLc9RqcKbRcbtKek8WD5nSjg+aUzjo5JKx+Rt/X6D
WDbCP0hdudSvAd0/sUODu1R/VbMSbNYX2fCVlqwh4SqY3pb44dnhewaUg5pOdIpx
t+EQaNi4+rPYtV3p4fiF+/0CgJqT0+rbbyXjuM1AvqBdtG9BLCkr+S7l//8ggvKK
4ZAgPVvLMLoZenAXPh+NBsiiGFCVw1o9ZgvcRRVX0rL2LGcpq99FhdLvebCS0ek6
iJBHUFx/D+99vgp9z69EWxR4kB7TKLNDA5soIInHuA==
=AK5E
-----END PGP SIGNATURE-----