Silk Road forums
Discussion => Security => Topic started by: Silk Road Encounter on February 13, 2012, 01:40 am
-
It's basically Silk Road in an impenetrable black box, from what I gather. A flash drive, designed to offer everything silk road, without the risk of being found out.
The issue I have with these flash drives is I don't have any proof that they do what they claim. And suppose they do work as intended. Who's to say that law enforcement isn't selling them with keystroke loggers in them?
-
I wouldnt accept any electronics or programs off the SR (.exe) Just because too easy to put nasty code in a poly...
-
I wouldnt accept any electronics or programs off the SR (.exe) Just because too easy to put nasty code in a poly...
I agree. Not calling any vendor out, but I personally feel better building and securing my own system. More peace of mind.
-
It's simple to make one yourself anyway.....
-
The thing is, it's a potentially valuable service. But it requires the ultimate trust in the vendor. The kind of review that the system should undergo would really only be capable of being performed by someone who wouldn't need one of these systems anyway. And this would be an extensive, time consuming analysis. You can't just get this and take a look around inside and be like, yep, looks good. It would have to be observed in an operational environment for an extended period of time while capturing all data it transmits and looking for some back-channel communication. As a person who could do something like that, there's no way I'd bother without getting paid. It's a lot of work and a pretty big responsibility. I wouldn't put my approval on it unless I was damn well sure of it. And whose gonna pay me? The vendor? Conflict of interest. And the only kind of approval you could ever put on it, anyway, is "It hasn't done anything bad, yet". That's why compromised systems aren't "repaired". They're wiped and re-installed from scratch (or re-imaged). With gigabytes of binary data to review, you can *never* be sure.
I've thought about doing something like this as well. But really, it's the kind of thing that needs to be generally applicable and publicly available, undergoing extensive public review. Like any of the many available LiveCDs out there.
Maybe the guy's got good sincere intentions and maybe he doesn't. Maybe the people who buy and use it will be in good hands, and maybe they won't. There is no guarantee. And only time will tell and there's always that "yet" ghost trailing it. It's a potentially successful endeavor. But unfortunately, a failed security concept.
-
Really, you might as well figure out how to create your own bootable USB drive with the ability to access the Tor network. Software like Liberte Linux and Tails need pretty regular updates, so what's the point of buying software that'll be obsolete in a few months.
-
Those vendors would have to pay me to use their flash drives.
-
It should go without saying that you should never outsource your security to anyone else. Once your security is out of your hands, you might as well be posting your personal information out in the open.
I'm not accusing anyone of anything, but if YOU can't secure YOURSELF, then you can never be sure that you're secure at all. There's no one on SR I would trust enough to put my security exclusively in their hands, including vendors and SR himself.
-
Hey guys agree makes me very nervous given the shear quantity of key logging, gps tracking softwares that are currently available and so easily hidden!
Wouldnt mind a step by step guide to building your own? if anyone has this, It would be awesome to post it up or send me a PM. Willing to throw some coins your way as a thank you!
Hoffa
-
Hey guys agree makes me very nervous given the shear quantity of key logging, gps tracking softwares that are currently available and so easily hidden!
Wouldnt mind a step by step guide to building your own? if anyone has this, It would be awesome to post it up or send me a PM. Willing to throw some coins your way as a thank you!
Hoffa
My guide is here:
http://dkn255hz262ypmii.onion/index.php?topic=9067.0
Liberte or full disk encryption + virtualization are your best bets.