Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Search found 660 matches

by Pattern_Juggled
Thu Mar 31, 2016 4:08 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: Linux...entry points/nodes/whatevers
Replies: 3
Views: 6093

Re: Linux...entry points/nodes/whatevers

Loving the voodoo concept, but very slow for me on account of both options being on the wrong side of the pond (I presume). I also presume there'll be some this side of the pond soon, but I just wanted to register my enthusiastic pester. MOAR!!! :D More voodoo paths in process of provisioning alrea...
by Pattern_Juggled
Wed Mar 30, 2016 9:18 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: BeyondVPN: voodoo, multi-layered security - throughout cryptostorm
Replies: 15
Views: 22322

Re: voodoo.network in... not so many words, please :-)

I completely agree, and I hadn't heard of 'GRE tunnels' before reading the 'stream of consciousness' README on voodoo's github. It's fundamentally simple - without the bs every single other VPN provider 'claims' to provide. You (or whoever wrote it) did so transparently - open source - so cryptosto...
by Pattern_Juggled
Tue Mar 29, 2016 2:31 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: github repository for Mac confs
Replies: 26
Views: 16829

Tunnelblick/OSX conf repository

And, thanks to @Chevalier____, there's now a properly-updated, dedicated Tunnelblick/OSX repository full of lovingly-crafted (ok, that's prolly a bit much) config files:

Yes, lovingly crafted Tunnelblick/OSX conf's

Many thanks!
by Pattern_Juggled
Mon Mar 28, 2016 8:35 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: github repository for Mac confs
Replies: 26
Views: 16829

github repository for Mac confs

I've taken the liberty of opening a very minimalist directory in our existing config repository , on github, for mac-specific config files... which, hopefully, will smooth the process of maintaining these without requiring manual fiddling on the part of members. Mac-specific conf's at github If anyo...
by Pattern_Juggled
Sun Mar 27, 2016 12:13 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: BeyondVPN: voodoo, multi-layered security - throughout cryptostorm
Replies: 15
Views: 22322

Re: speaking of "multi-hop"... did someone say "multi-hop"..? :-P

The voodoo network is unique / insane ? I can't explain it verbally, but something below the threshold of my consciousness understands the topology of the network. My sense is that, thus far, we've done a suboptimal job of explaining what voodoo really is. Not for lack of trying, mind you... I susp...
by Pattern_Juggled
Sun Mar 27, 2016 1:32 am
Forum: general chat, suggestions, industry news
Topic: feedback reqest: jitsi, and Ostel.co
Replies: 2
Views: 4434

Re: feedback reqest: jitsi, and Ostel.co

In case you'd not seen already, there's some feedback on your questions coming in via a pointer to this thread from twitter, which someone took the liberty of creating this morning:

Screenshot (68).png


Cheers :-)
by Pattern_Juggled
Sun Mar 20, 2016 7:57 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: #cryptostorm IRC cert needs an update
Replies: 5
Views: 6664

Re: #cryptostorm IRC cert needs an update

I now know twice as much as I used to know about certs and realize that I know nothing about them at all. I've been messing with x.509 certs as something more than merely sideline - as more of an admittedly unhealthy obsession - for a few years now... and your statement ( "I now know twice as ...
by Pattern_Juggled
Sun Mar 20, 2016 7:53 am
Forum: general chat, suggestions, industry news
Topic: Twitter Feed
Replies: 4
Views: 8192

Re: Twitter Feed

SCREEN NAME! wrote:Consider me learned good. :lol:


+1 good sport, & appreciate the chatter... it's been fun! :D

Cheers.
by Pattern_Juggled
Sat Mar 19, 2016 3:23 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: #cryptostorm IRC cert needs an update
Replies: 5
Views: 6664

Re: Keychain All The Certz

Also: I still want to KeyChain-cert this.

Badly.

It Shall Be Done. (but prolly not today, alas)

Cheers!
by Pattern_Juggled
Sat Mar 19, 2016 2:24 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: #cryptostorm IRC cert needs an update
Replies: 5
Views: 6664

Re: wildcards, x.509, and the death of cool (or whatever)

AirVPN kindly pointed out that the cert at: https://resellers.cryptostorm.org is expired/broken as well. Without calling into question the profound - one might even go so far as to say, moving - kindness to be found in such an unstintingly selfless gesture, it does kind of leave one - even a kind o...
by Pattern_Juggled
Sat Mar 19, 2016 12:50 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Honeypot/Airvpn/Giganerd/Trolling/Sheivoko
Replies: 13
Views: 13393

Re: a bit of clarification on what "no logging" actually means

We use ram disks... I'm at a loss as to the relevance of "ram {sic} disks" regarding logging policies. RAM "disk" is just another kind of physical storage media; in many respects, it's not dissimilar from SSD "hard disks"... though of course a RAM disk is instantiated ...
by Pattern_Juggled
Sat Mar 19, 2016 7:34 am
Forum: general chat, suggestions, industry news
Topic: Twitter Feed
Replies: 4
Views: 8192

Re: Twitter Feed

....appears to be being ran by... Now, see... that's not really a proper conjugation (in any known tense or mood) within the confines of conventional English grammar. Were I an obnoxious grammar nerd - which, fortunately for you , I'm most assuredly not - I'd unpack that as, err: present participle...
by Pattern_Juggled
Fri Mar 18, 2016 10:16 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

Re: win10 tap-dancing

So.... after a little troubleshooting with fermi on IRC I removed OpenVPN program and Windows TAP driver and installed everything once again (i deleted the app data also and all folders) and now it works, it's once again that problem with the tun/tap driver in windows 10, after some updates it gets...
by Pattern_Juggled
Fri Mar 18, 2016 10:05 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Honeypot/Airvpn/Giganerd/Trolling/Sheivoko
Replies: 13
Views: 13393

Re: Honeypot awareness

There we go. I gave a long-winded post. It's worth a read. Just follow the OP's link. I might suggest you echo a copy into here... just in case it, you know, gets "accidentally deleted." (not saying that's inevitable, or saying Air specifically has a history of that - I'm actually just ma...
by Pattern_Juggled
Fri Mar 18, 2016 9:28 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: #cryptostorm IRC cert needs an update
Replies: 5
Views: 6664

#cryptostorm IRC cert needs an update

Ohai, it has come to our attention that the current ssl certificate for our IRC chatroom has outlived its expiry date. Specifically, here's the PEM-encoded version of the current cert: -----BEGIN CERTIFICATE----- MIIFUzCCBDugAwIBAgIRAMQhOpL810Yv5/Zpo8tWLEkwDQYJKoZIhvcNAQELBQAw gZAxCzAJBgNVBAYTAkdCMR...
by Pattern_Juggled
Fri Mar 18, 2016 8:57 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 161
Views: 128233

Re: widget v3 ("Black Dolphin") - the decision fork

edit by df: THIS IS NOT ALPHA! this is pre-alpha i.e. not finished yet. Alpha is out and ready to be downloaded. I'll find the link. PJ posted it. Here it is: https://b.unni.es/setup.exe Note that this version linked to above is really, really alpha... nothing wrong with alpha - but remember that it...
by Pattern_Juggled
Fri Mar 18, 2016 6:41 am
Forum: general chat, suggestions, industry news
Topic: From the datacentre perspective: cartel spambot extortion
Replies: 8
Views: 8765

Re: Do It Nao!

Lurky lurky, huh? Much like Rambo in First Blood, covered in mud, stuck to a small cliff-face... eyes open, and BANG. pwned!!! hqdefault.jpg No no... nothing like that, not at all! (but they did draw first blood!!!11! :twisted: ) IMG_2639.JPG ...'twas more like this , of course! 630x341px-80d7a86b_...
by Pattern_Juggled
Wed Mar 16, 2016 11:27 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

Re: All Hail Cthulu (the dark god of DNS)

Khariz wrote:I find that especially odd since its on the whitelist already.


All things DNS are black magic, at core... so the oddness is (partly) expected. Speaking metaphorically, of course!

Cheers.
by Pattern_Juggled
Wed Mar 16, 2016 9:40 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm cipher suite selection
Replies: 28
Views: 41984

Re: torstorm cipher suite selection

DesuStrike wrote:Did a quick client check on SSL Labs with my Windows 7 VM and IE11.
I won't do any testing with this VM though. I don't trust this OS even half as far as I can throw Satya Nadella. Sry... :sick:
Selection_118.png


Heh, nice to hear your voice in here, my old friend!

Cheers :-)
by Pattern_Juggled
Wed Mar 16, 2016 9:39 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm cipher suite selection
Replies: 28
Views: 41984

Re: torstorm cipher suite selection

Heya PB - we're getting reports of some cipher mismatches on some browsers. I'm not yet opening the task to formally review these cipher primitives... but I suspect it'll need to be done sooner rather than later. Because c25519, maybe? One can always dream, eh? :-) Any help in pinning down such repo...
by Pattern_Juggled
Wed Mar 16, 2016 5:04 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

https://github.com/deepDNS/TrackerSmacker/blob/master/whitelist.txt

In the mean time, I think the best course of action (for stuff like wtvy.com and v0cdn.net) is a github repo of ours that contains a whitelist. People submit something they need whitelisted, and once staff manually verify that the host isn't evil.com, the server-side scripts automagically update /e...
by Pattern_Juggled
Wed Mar 16, 2016 3:57 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

Re: TrackerSmacker: adware/crapware-blocking done right (Copied from support topic)

This issue only started last week, but has caused me all sorts of headaches having no access and now a week of wasted work time. Consequently I'm not a fan of any blocking feature you may have. Blocking webpages is a show stopper for VPN usefulness if this is the cause. Gah - apologies for the dela...
by Pattern_Juggled
Tue Mar 15, 2016 7:48 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

Re: TrackerSmacker: adware/crapware-blocking done right

It might just be pertinent to wait it out and see if it actually affects users in the long run. Maybe the list will be maintained well enough that it won't be an issue. He did say that it was enabled for a whole week without anyone even having any trouble, maybe we are making too big of deal out of...
by Pattern_Juggled
Mon Mar 14, 2016 3:51 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

Re: TrackerSmacker: adware/crapware-blocking done righ

Ps. also http://www.datafilehost.com/ is blocked. Seems a bit much :shock: Do note that we're pulling from an external blacklist - not attempting to create such a thing from thin air. Which would be... eeek. Anyhow, I think the underlying repo is open for pull requests and stuff, so if there's some...
by Pattern_Juggled
Mon Mar 14, 2016 3:46 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

Re: TrackerSmacker: adware/crapware-blocking done right

Hi PJ, first well done. I am loving this. Crypto love! :D I am already using Crypto dnscrypt from start for all my connections, not only vpn. We need to actually announce the public deepDNS resolvers: they're really handy, and it'd be great for more folks to know they exist. It's been on our core t...
by Pattern_Juggled
Mon Mar 14, 2016 1:44 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 62921

TrackerSmacker: adware/crapware-blocking done right

{direct link: cryptostorm.org/TrackerSmacker } {twittery announcement is clicky-here } NEW THING! - there's now a parallel, dedicated forum thread here for the more philosophically-driven critiques of TrackerSmacker... take a look, if that's where you'd like to dip an oar (so to speak). Thanks! Sin...
by Pattern_Juggled
Sat Mar 12, 2016 5:53 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 161
Views: 128233

Re: widget v3 (pre-alpha testing build)

For those feeling irresponsibly adventurous, here's the current - NOT EVEN ALPHA - build.

When it breaks your local Win install, don't blame me. Or df. Blame Plesk. Or Graze... or both!

https://b.unni.es/setup.exe

Cheers :-)
by Pattern_Juggled
Wed Mar 09, 2016 9:49 am
Forum: general chat, suggestions, industry news
Topic: From the datacentre perspective: cartel spambot extortion
Replies: 8
Views: 8765

Re: lurk-y Olympics

Khariz wrote:When did you get back? I think this is your first post since last fall? Welcome back?


I wasn't gone... I just felt really, really lurk-y this winter.

Heh. :ugeek:

Cheers,
by Pattern_Juggled
Wed Mar 09, 2016 9:14 am
Forum: general chat, suggestions, industry news
Topic: From the datacentre perspective: cartel spambot extortion
Replies: 8
Views: 8765

Re: From the datacentre perspective: cartel spambot extortion

Welcome back PJ. My genuine thanks for the kind words. It's been... interesting times. Very much glad to be back. Anyway, hope this "cartel spambot" story will not compromise/prejudice the crypto service for the future. ;) Heh, no worries mate! :-P Honestly, we've been dealing with this s...
by Pattern_Juggled
Tue Mar 08, 2016 9:16 am
Forum: general chat, suggestions, industry news
Topic: From the datacentre perspective: cartel spambot extortion
Replies: 8
Views: 8765

From the datacentre perspective: cartel spambot extortion

Here's a discussion we've been having with one of our datacentres, which provides a bit of inside-view on how these cartel spambots operate: an extortion scheme, basically. UPDATE : here's the latest reply from the datacentre (which I've also added into the proper message flow, down towards bottom o...
by Pattern_Juggled
Tue Oct 13, 2015 12:36 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Good times w/ DMCA monkeys & katstorm.faith (et al.)
Replies: 8
Views: 263893

more news on the way

While it's not entirely clear who kat.cr's admins are pointing the finger at in this recent blog post , suffice to say that the nastyware issues relating to kat.cr are not limited to "lazy" people running "unofficial" proxies or mirrors (some of which are, without doubt, totally ...
by Pattern_Juggled
Sat Oct 03, 2015 1:50 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: www.download.windowsupdate.com & crl.verisign.com - ongoing research
Replies: 15
Views: 26463

Re: www.download.windowsupdate.com & crl.verisign.com - ongoing research

http://www.download.windowsupdate.com is a dodgy one... more so now than ever before due to the release of Windows 10. The long list of DNS addresses that Windows calls out to also contains the above address. Keeping in mind that this hostname has been formally tied (per above posts) to APT-class m...
by Pattern_Juggled
Fri Oct 02, 2015 9:26 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Good times w/ DMCA monkeys & katstorm.faith (et al.)
Replies: 8
Views: 263893

well, then there's hide.me right?

Perhaps this helps explain the situation more fully:

Hbqnuy5.png


Also this unsettling situation.
by Pattern_Juggled
Wed Sep 16, 2015 9:54 pm
Forum: general chat, suggestions, industry news
Topic: For newbies who desire to help but, can't?
Replies: 14
Views: 15818

Re: For newbies who desire to help but, can't?

Your critique is pretty much accurate, and on behalf of the team we thank you for posting it here. The bottleneck with our email support responsiveness in the last month or so actually isn't related to finances whatsoever. Indeed, our growth trajectory isn't held back due to any such constraints, bu...
by Pattern_Juggled
Fri Jul 31, 2015 12:15 pm
Forum: general chat, suggestions, industry news
Topic: Please three character search terms on the forum
Replies: 4
Views: 6995

forum search now functional w/ 3-letter words

parityboy wrote:Just tested it with a search term of "VPN" and it worked perfectly.


That's a hell of a surprise... I mean, good - glad to hear it works as expected.

;-)
by Pattern_Juggled
Wed Jul 08, 2015 12:19 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Why is there no edit button on my posts?
Replies: 4
Views: 9465

Re: forum permissions bug-rehoming efforts

Also during the shift-over to new infrastructure, some of the permissions masks we've had for years were inexplicably scrambled. We've been de-scrambling as soon as bug reports appear, and it looks like most we've settled by now. But if there's further permissions wtf's, post details as it's likely ...
by Pattern_Juggled
Mon Jul 06, 2015 12:31 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: Big Announce: ABIS to be implemented in GUI Wallet [BCN]
Replies: 5
Views: 68922

Re: Big Announce: ABIS to be implemented in GUI Wallet [BCN]

This is most excellent news, and congratulations on the progress made thus far. We've been supporters (in concept, if not as much in actual lines of useful code) for years and it's with genuine enthusiasm that we're fast-tracking cryptostorm's bytecoin payment integration to ensure we're up and runn...
by Pattern_Juggled
Mon Jul 06, 2015 11:45 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Redundancy in website, email, & IRC infrastructure (etc.)
Replies: 11
Views: 16139

re: Iceland & pure.cryptohaven.net

We have been integrating a new, less technically intense platform over at [nb]pure.cryptohaven.net[/b] , and to be honest we're still learning how to coordinate information posted there with threads here. In this case, we provided an update on Fenrir and associated Icelandic infrastructure at crypto...
by Pattern_Juggled
Sun Jun 28, 2015 3:21 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: DotVPN — better than VPN.
Replies: 3
Views: 8340

vemeo.com

Amazingly similar design elements getween dotvpn and vemeo.com ... Right down to the "testimonials on dotvpn: The fast speed and exceptional quality I need. I strongly recommend it without any reservations. I hope that in future DotVPN will continue to provide exceptional quality. Maria Gomez C...
by Pattern_Juggled
Sun Jun 28, 2015 11:11 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: DotVPN — better than VPN.
Replies: 3
Views: 8340

cryptostorm.org/dotvpn

Added direct mapping to the thread, for ease of reference: cryptostorm.org/dotvpn I'd like to unpack that .rar and get the javascript posted up in the cleanVPN repository . If anyone has a minute to do that, meanwhile, that'd be great :-) edited to add : put up a dotvpn directory so it's there and r...
by Pattern_Juggled
Thu May 14, 2015 9:37 pm
Forum: member support & tech assistance
Topic: cryptostorm weirdness | RESOLVED
Replies: 18
Views: 13918

Re: cryptostorm smoothness

Thanks for posting up the details, and clarifying wrt the extra "8" - everything I see there is legit, so at this point I'll mark this item closed as it seems we've got things smoothed out fully.

Cheers,

~ pj
by Pattern_Juggled
Thu May 14, 2015 8:33 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Fermi's github -This is a git repository containing Cryptostorm related stuff.-
Replies: 7
Views: 12882

Re: Fermi's github - also cross-forked to 'samizdat-inbound'

Excellent work, Fermi!

Also forked across into this new repository: github.com/cryptostorm/samizdat-inbound, as an excellent starting point for many other elements soon to join these iptables chains in this repo.

Cheers,

~ pj
by Pattern_Juggled
Thu May 14, 2015 6:13 am
Forum: member support & tech assistance
Topic: cryptostorm weirdness | RESOLVED
Replies: 18
Views: 13918

Re: cryptostorm no-longer-weirdness :-)

Ok I changed port to random port in the Widget. after that no more problems. Things are working perfectly now after several reboots/Widget restarts. Haven't seen this since. I received mail from some one in support saying they found the problem. I can confirm that we'd added capacity over the weeke...
by Pattern_Juggled
Thu May 14, 2015 2:55 am
Forum: member support & tech assistance
Topic: cryptostorm weirdness | RESOLVED
Replies: 18
Views: 13918

re: port 88888 :-0

UPDATE: This happened to me again today. By changing to a random port , on the widget I got the conn back to green on the test page. To get this working yesterday, I was instructed to change from the default port 'on the widget' to port 88888. This got it working. Somethings going on. :crazy: Hope ...
by Pattern_Juggled
Thu May 14, 2015 2:53 am
Forum: member support & tech assistance
Topic: cryptostorm weirdness | RESOLVED
Replies: 18
Views: 13918

Re: cryptostorm growing-really-fast-ness :-)

I'm having similar funkiness issues. ipleak.net seems to check out, in that all the information seems the same. Only difference is the unfamiliar IP address. That IP address is unfamiliar to https://cryptostorm.is/test as well. I have a suspicion this is a simple oversight on our part. We've been a...
by Pattern_Juggled
Tue May 12, 2015 11:27 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: črypto is finished... and it's about time × (also: 'Balrog' malnet, firsthand view)
Replies: 2
Views: 12839

črypto is finished... and it's about time × (also: 'Balrog' malnet, firsthand view)

{direct link: cryptostorm.org/balrog} This essay forms one section of a broader paper describing a global survellance technology we have dubbed Corruptor-Injector Networks (CINs, or "sins") here at cryptostorm. As we have worked on the drafting and editing of the larger paper, we saw as a...
by Pattern_Juggled
Sun Apr 26, 2015 6:25 pm
Forum: Dumping_Ground
Topic: Companionship
Replies: 3
Views: 8146

Re: Companionship

This is some of the creepier spambot language I've ever seen, tbh - though MM's commentary helps leaven things, and the world is once again in balance

~ pj
by Pattern_Juggled
Sun Apr 26, 2015 6:04 pm
Forum: member support & tech assistance
Topic: France node, websites don't load
Replies: 2
Views: 3454

Re: France node - let's look into this asap

This is what I meant in my previous post about constant disconnections. You have to reload a page constantly - this happens with all nodes. This means that the connection is either slow or unstable and constantly disconnecting Hey there, what you're describing is absolutely not something you should...
by Pattern_Juggled
Wed Apr 15, 2015 1:16 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: [Status] Cantus Non-Operational?
Replies: 6
Views: 9975

Re: cantus under investigation

I'm still a bit out of the operational loop, but I did overhear df discussing this issue yesterday and I know there's been some testing work going on meanwhile. That datacentre does get quite a but of packet shrapnel from DDoS attacks running across the backbone interconnects in Frankfurt, but norma...
by Pattern_Juggled
Wed Apr 15, 2015 11:37 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #SauronsEye: it mostly only comes out at night... mostly
Replies: 9
Views: 23972

#SauronsEye: it mostly only comes out at night... mostly

{direct link: cryptostorm.org/#sauronseye } ( note : this post continues discussion started in a parallel thread , which provides useful backstory ~pj) I've sat down to write up this summary of recent investigative and sanitization work I've undertaken after identifying a form of polymorphic, brows...
by Pattern_Juggled
Wed Apr 15, 2015 9:39 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #svgbola: thoughts on operations security, browser vulns, & endpoint awareness
Replies: 3
Views: 22575

#SauronsEye: protecting technical security in a complex, dangerous world

Ok, well it's been a week since I posted my pre-summary summary note above on what I was then referring to as "svgbola" in recognition of the .svg-based 0day expliots recently patched by Mozilla, and used against visitors to Tor hidden services. At the time, I felt I'd largely gotten to th...
by Pattern_Juggled
Tue Apr 07, 2015 10:44 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #svgbola: thoughts on operations security, browser vulns, & endpoint awareness
Replies: 3
Views: 22575

#svgbola: thoughts on operations security, browser vulns, & endpoint awareness

{direct link: cryptostorm.org/svgbola } As I've been settling back into things after a few days of largely afk time with the family on an out-of-town trip, I've had a tab open waiting for this post to write itself... and the tab's still largely devoid of text. This suggests to me that there's a nee...
by Pattern_Juggled
Tue Apr 07, 2015 8:55 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: Cryptofree for Android [UPDATED 4/6/15]
Replies: 11
Views: 16829

Re: cryptofree subforum - moderator role is waiting to be filled!

If I made a mistake, please say so. You can contact me at ohnoes@openmailbox.org Note: I AM NOT STAFF That may be the case, but if you choose to register an account here, we're happy to stripe it with moderator permissions for the cryptofree subforum so that you can extend your purview into some mu...
by Pattern_Juggled
Tue Apr 07, 2015 8:23 pm
Forum: general chat, suggestions, industry news
Topic: Let's do this: a library of technical security papers
Replies: 2
Views: 7690

Let's do this: a library of technical security papers

{direct link: cryptostorm.org/paperchase } Last week, some of our friends in twitter provided an excellent suggestion: why don't we put together a collection of academic papers on network security & cryptography? Having pondered that over the holiday weekend, I concur 100%. As is true for every...
by Pattern_Juggled
Wed Apr 01, 2015 8:35 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: cleanvpn.org/airvpn - information & team process discussions (a great, positive example!)
Replies: 1
Views: 7044

reply to AirVPN's contribution: suggestions & appreciation

We are available to provide any information you need. We'd missed this post, until a member was kind enough to point us towards it. Our apologies for the delay in reply, no disrespect intended. Under GitHub we release ALL the source code related to our client: https://github.com/AirVPN/airvpn-clien...
by Pattern_Juggled
Wed Mar 25, 2015 12:47 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: KeyChain: cryptostorm's #CAfree, direct-key tls/ssl w/ https .onion PoC
Replies: 4
Views: 15735

KeyChain - community support

So the next obvious question is also a rather pertinent one. How can we network members support this initiative? Bitcoin and Namecoin server instances? Keyserver instances? Hidden versions of the above? Other things? One of the cool things about what is now known as the much more marketing-friendly...
by Pattern_Juggled
Tue Mar 24, 2015 11:08 pm
Forum: member support & tech assistance
Topic: Turing Down?
Replies: 1
Views: 2404

turing.cryptostorm.net status update

Hardware replacement underway - bad hard drive. Details here.

Cheers,

~ pj

ps: you might want to compile up your openVPN build to the current openssl libraries...
by Pattern_Juggled
Sun Mar 22, 2015 7:15 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: KeyChain: cryptostorm's #CAfree, direct-key tls/ssl w/ https .onion PoC
Replies: 4
Views: 15735

KeyChain: cryptostorm's #CAfree, direct-key tls/ssl w/ https .onion PoC

{direct link: cryptostorm.org/keychain } github repository: github.com/cryptostorm/KeyChain Late last week, I made use of the opportunity to lay out some of the ground-level work we as a team have been doing since last fall, via a post at our crypto.cricket blog . As I was "volunteered" f...
by Pattern_Juggled
Sun Mar 22, 2015 2:13 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: www.download.windowsupdate.com & crl.verisign.com - ongoing research
Replies: 15
Views: 26463

"...certificates are presumed to be generated by the attacker(s)..."

Fraudulent issued certificates

The following list of Common Names in certificates are presumed to be generated by the attacker(s):
...
*.windowsupdate.com (3)
...


DigiNotar.png
by Pattern_Juggled
Sun Mar 22, 2015 12:20 am
Forum: general chat, suggestions, industry news
Topic: Countermail
Replies: 5
Views: 10866

We have not rewritten SSL, that would be pretty stupid..."

What we describe on that link I gave you is a simple protocol using asynchronous key exchange with RSA (PKCS1 padding). We have not rewritten SSL, that would be pretty stupid since is SSL had so many problems throughout its history. We are using the BouncyCastle library for the main crypto function...
by Pattern_Juggled
Sat Mar 21, 2015 6:02 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: HideMyAss & L2TP & MS-CHAP1/2 (sub-post)
Replies: 0
Views: 8477

HideMyAss & L2TP & MS-CHAP1/2 (sub-post)

{direct link cryptostorm.org/HMAl2p } {this segment of a longer thread regarding our DA-auth framework is being released here, prior to the full thread's publication, as there's ongoing pre-publication editing taking place with the full thread that's run longer than expected & we felt this info...
by Pattern_Juggled
Tue Mar 17, 2015 9:01 pm
Forum: general chat, suggestions, industry news
Topic: Countermail
Replies: 5
Views: 10866

"Bascially a simplified SSL-protcol" <-- sounds great, tbh... not easy, but great!

So I asked from CS team opinion about Countermail and they did reply to me so I posted this reply to countermail and they didn't really explain anything they just attack me by saying. Since they seem to refuse to answer any more detailed answers can anyone of the members here explain? Bascially a s...
by Pattern_Juggled
Sat Mar 14, 2015 1:04 pm
Forum: member support & tech assistance
Topic: TLS Error
Replies: 1
Views: 2352

cryptostorm.org/mac

Hey there, I think we just provided more or less the exact same reply in email, but you''l want to take quick read through the Mac howto , here in the forum, if you've not done so already. This not really a scary cryptographic error - it's just some missing step in the login process that's preventin...
by Pattern_Juggled
Sat Mar 14, 2015 12:54 pm
Forum: member support & tech assistance
Topic: HOWTO: Connect to CryptoStorm on TAILS OS??
Replies: 10
Views: 13003

version reporting in openssl / Linux

I don't even need to read the details of the above post to know what's happened, as it's one of those universally frustrating things that we have all been thorough - fortunately, it's much easier to get beyond than it might seem. This is a divergence in the mechanism by which openssl reports its ver...
by Pattern_Juggled
Sat Mar 14, 2015 4:57 am
Forum: member support & tech assistance
Topic: "WARNING: No server certificate verification method has been enabled." in logs
Replies: 6
Views: 5078

1.0 - 1.2 & ECC & brainpool & c25519

I see TLS 1.0 in that pic you posted. is that right? I kinda assumed CS was TLS 1.2 and non-backwards compatable. Isn't TLS 1.0 vulnerable to beast and poodle? Nah, there's nothing intrinsically terrible about 1.0. Most all the core patches for the BEAST-class stuff have backported to 1.0 concurren...
by Pattern_Juggled
Sat Mar 14, 2015 4:52 am
Forum: member support & tech assistance
Topic: "WARNING: No server certificate verification method has been enabled." in logs
Replies: 6
Views: 5078

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

I'd finished most of the research to reply to this a few days back, then managed to get pulled off the project and now I've to gather up the data for posting. I should have that done properly, in short order. Meanwhile, I believe the answer is that there's two closely related OpenSSL cipher suites i...
by Pattern_Juggled
Fri Mar 13, 2015 7:56 pm
Forum: general chat, suggestions, industry news
Topic: [CS] No Mention Of I2P Access On Website
Replies: 9
Views: 9346

Re: "the i2p gateway access thing" marketing-suck-y status report

Also we have no name for it , apart from "the i2p gateway access thing"... which does, indeed, suck. "eepstorm"? "TI 2 " (Truly Invisible Internet)? :) There's been moves towards "i2pstorm" but that... well, you can imagine. Got2pstorm, etc. ;-P It'll appear,...
by Pattern_Juggled
Fri Mar 13, 2015 7:54 pm
Forum: member support & tech assistance
Topic: HOWTO: Connect to CryptoStorm on TAILS OS??
Replies: 10
Views: 13003

cstorm on TAILS?

The mods are going to authorise a post I made earlier... sent it via TAILS. Sorry, from what I can gather, connecting to CS on TAILS is not available at the moment. After setting it all up, I saw in their FAQ they don't support VPN over TAILS... over TOR yes, over TAILS no. Heya, apologies for comi...
by Pattern_Juggled
Fri Mar 13, 2015 11:51 am
Forum: general chat, suggestions, industry news
Topic: [CS] No Mention Of I2P Access On Website
Replies: 9
Views: 9346

"the i2p gateway access thing" marketing-suck-y status report

Rollout is complete, but it's sort of been waiting on an official announcement. Which in turn is waiting on some final work on torstorm's public access announcement. Which, in turn, is waiting on... Anyway, marketing stuff - which we suck at. So it takes longer than usual for us to do it... and it's...
by Pattern_Juggled
Tue Mar 10, 2015 11:36 am
Forum: member support & tech assistance
Topic: "WARNING: No server certificate verification method has been enabled." in logs
Replies: 6
Views: 5078

cert management: security theatre v. actually understanding cryptography in practice

Hi, I'm just testing cryptostorm here, what's the deal with "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info." in the logs? I understand you're using a self signed certificate but what about this: http://openvpn.net...
by Pattern_Juggled
Tue Mar 10, 2015 8:17 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: www.download.windowsupdate.com & crl.verisign.com - ongoing research
Replies: 15
Views: 26463

unpacked CTL...

{cross-posted to twitter ~admin} Ran it in a sandbox, right clicked to install "CTL"... rundll32.exe kicked up a fuss, wanted to talk to 23.63.99.202 (Akamai)... According to an anti-executable... command line switch - "C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpen...
by Pattern_Juggled
Sun Mar 08, 2015 5:52 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: www.download.windowsupdate.com & crl.verisign.com - ongoing research
Replies: 15
Views: 26463

TechNet on www.download.windowsupdate.com

Here's a search query on the "social" side of TechNet that turns up a vast pool of questions relating to this hostname; I've only just begun reading, but wanted to post out the full search so others have easy access meanwhile, as well: https://social.technet.microsoft.com/Forums/en-US/home...
by Pattern_Juggled
Sun Mar 08, 2015 5:36 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: www.download.windowsupdate.com & crl.verisign.com - ongoing research
Replies: 15
Views: 26463

TechNet thread re www.download.windowsupdate.com

A colleague pointed out a long thread on Microsoft's TechNet site, discussing the http://www.download.windowsupdate.com host and the files it serves. Here's one sample post , from 2009: THIS SOLVED MY PROBLEM downloaded & installed this file..... http://www.download.windowsupdate.com/msdownload/...
by Pattern_Juggled
Sun Mar 08, 2015 5:28 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Kebrum - raw data - cleanVPN, or not?
Replies: 5
Views: 10541

topic split

I've taken the liberty of splitting off the "funky CRL subdomains" topic into its own dedicated thread , as it had basically taken over this one. I may go back and pull some of the findings still in posts above, relating to the CRLs, and move to the new thread, but that seems a spot of wor...
by Pattern_Juggled
Sat Mar 07, 2015 3:29 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: www.download.windowsupdate.com & crl.verisign.com - ongoing research
Replies: 15
Views: 26463

crl.comodoca.com --> Upatre trojan downloader

Looks like the two ends of the bridge are coming closer together. Here's a confirmation from Malware Must Die that the hostname crl.comodoca.com is used to deliver a payload 'EssentialSSLCA.crl' - which then gets installed into the trust store, which then... it's quite a chain, isn't it? 012.PNG Thi...

Go to advanced search

Nothing to display.

Login