Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Search found 613 matches

by Pattern_Juggled
Tue Mar 03, 2015 4:46 pm
Forum: member support & tech assistance
Topic: Qestions Qestions Qestions
Replies: 15
Views: 12570

Port Shuffling

I do believe that's the port striping feature. allows you to connnect to most any port to get around isp blocks. I'm unsure if these are open to anything beyond openvpn tcp/udp connections. I've not been able to foward ports on my kinda complex setup- haven't put much effort into figuring it out th...
by Pattern_Juggled
Tue Mar 03, 2015 12:01 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: cleanvpn.org/HideMyAss - raw data - #cleanVPN, or not?
Replies: 9
Views: 44486

data set: malicious javascript served via HMA join page

This email push to recruit friends and family... HMApimping.png Takes one (via redirect) to a page hosting the following html and other script-y complications : MNAjoinpage.png With this one sort of standing out right away... if(location.host == 'www.hidemyass.com' || location.host == 'new.hidemyass...
by Pattern_Juggled
Mon Mar 02, 2015 11:38 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Kebrum - raw data - cleanVPN, or not?
Replies: 5
Views: 21086

Re: Kebrum - raw data - cleanVPN, or not?

I was not suprised to see Akamai pop up. I HATE CONTENT DELIVERY NETWORKS! You only think you hate them now... if you get a bit deeper into this, you'll see the central role they play in the entire process. I've noted elsewhere how counter-intuitive it is to be using CDNs - legitimately or not - to...
by Pattern_Juggled
Mon Mar 02, 2015 11:41 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: .pcap Scrubbing
Replies: 3
Views: 16142

Re migrating data to cleanVPN.org

Quick note: let's move as much of this as we can out to the public cleanVPN subforum or, better yet, github repository. I'm badly, badly behind on all sorts of administrative tasks, and thus a bottleneck in many areas. If you've got a github account, please let me know and I'll read you in w/ commit...
by Pattern_Juggled
Mon Mar 02, 2015 11:38 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: cleanvpn.org/HideMyAss - raw data - #cleanVPN, or not?
Replies: 9
Views: 44486

spies, bunk certs, & VPN malware

I'm actually reading this after watching CitizenFour so my conspiracy theories are INSANE :-D If you were unfortunate enough to end up on the receiving end of my admittedly rant-y twitter thread after another long session hunting fake root certs, you'll already know that there's obvious - inescapab...
by Pattern_Juggled
Mon Mar 02, 2015 11:34 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: cleanvpn.org/HideMyAss - raw data - #cleanVPN, or not?
Replies: 9
Views: 44486

full pcaps: HideMyAss Windows installation & VPN connection

As noted earlier, here are some installation & VPN connection pcaps from the above-analysed HMA binaries. I have not done much beyond surface-level analytics yet... although I believe a deeper look will be quite informative. hma_installer.pcap Those running analyses, please do share results! Cheers,...
by Pattern_Juggled
Mon Mar 02, 2015 9:34 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Kebrum - raw data - cleanVPN, or not?
Replies: 5
Views: 21086

download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt

version 3? Wow, that smells like hmmmm, W7 is v6, so Vista is 5, XP is 4... no way, Windows 98? Yep, it dates back a long, long time. It's obviously not being used for any legitimate Windows purpose any longer... which begs the question: what use is it serving? Because someone's still using it. For...
by Pattern_Juggled
Sun Mar 01, 2015 10:01 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Replies to recent interviews
Replies: 3
Views: 20233

digging deepDNS.dk

Indeed, on-cstorm visitors to "DNS leak" websites see a message directly from cryptostorm, embedded in the results presented... What is this message? I've tested a couple DNS leak test sites while on Cantus, and I've not seen any such message. One needs to dig to get it... deepDNSdig.png Some addit...
by Pattern_Juggled
Sun Mar 01, 2015 7:48 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Kebrum - raw data - cleanVPN, or not?
Replies: 5
Views: 21086

Kebrum - raw data - cleanVPN, or not?

{direct link: cleanvpn.org/kebrum } I've got alot of raw data here, and currently this one for me rates as: unable to verify clean status with current analysis Here's a list of links I've been using: https://www.virustotal.com/en/file/0a24d048e5d98660495cc7d102dfd5a10023fdd6f2c75fb813192c3a0cac12d6...
by Pattern_Juggled
Sat Feb 28, 2015 10:48 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: working together to make things better
Replies: 4
Views: 26936

Re: PINNED: research tools & techniques for cleanVPN forensic analyses

To add: Well-behaved applications... 1. Don't uninstall other applications or services on a customer computer without gaining explicit authorisation to do so from the customer first. 2. Uninstall cleanly themselves, either via onboard uninstallation functionality or via standard OS/distro-level tool...
by Pattern_Juggled
Sat Feb 28, 2015 7:21 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: evil browser extensions
Replies: 0
Views: 17775

evil browser extensions

Well, I am sticking this here for now even though it likely will be evicted at some point. There's alot of evil browser extensions out there. Alot. Stuff like this: onetab_bad.png I've begun capturing snapshots of them in the github.com/cryptostorm/fishycode repository , for now. Is there someone ou...
by Pattern_Juggled
Fri Feb 27, 2015 7:29 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: cleanvpn.org/HideMyAss - raw data - #cleanVPN, or not?
Replies: 9
Views: 44486

validating project pcaps

https://malwr.com/analysis/file/YzRmNWQyODNhZjBmNDMxZDliMjUwMTZkOTA3MGI1ZTg/pcap/99f63a60671f270a3efba88d209f03dee137f77ec10bb04394bc9b6f613e1ac8/ this url gives me 403 Forbidden :? Ah, yes pcaps are provided by malwr only for registered users (it's free to register). Here's the file; anyone who wa...
by Pattern_Juggled
Fri Feb 27, 2015 12:17 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: cleanvpn.org/HideMyAss - raw data - #cleanVPN, or not?
Replies: 9
Views: 44486

cleanvpn.org/HideMyAss - raw data - #cleanVPN, or not?

{direct link: cleanvpn.org/HideMyAss } github repository: #skRATched Those who follow such things may have noticed that a good chunk of the cryptostorm team has been, not to put too fine a point on it, a little bit distracted in recent days. That's not to say that we've not been covering our duties...
by Pattern_Juggled
Tue Feb 24, 2015 10:00 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Mike Espresso aka #test2 aka @mikeSpressoVPN - techno-babble... with style!
Replies: 4
Views: 22117

Mike Espresso aka #test2 aka @mikeSpressoVPN - techno-babble... with style!

We've opened a github repository to collect data involved in this project. I am starting to think this service is ran by a very popular VPN review site. This certificate from what I have been able to determine appears to be the Certificate used to sign certificates with. I will confess I do not actu...
by Pattern_Juggled
Wed Feb 18, 2015 10:16 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm.org/trackers - info & updates on our tracker proxies
Replies: 3
Views: 24535

cryptostorm.org/kickass tracker proxy

Updated with proper new mappings, and we've also remapped the dead proxies to live ones.

We're going to add pingdom entries for these, so we know if they've gone down.

edited to add: pingdom uptime status & performance stats page has been added here: cryptostorm.is/kat_stats

Cheers,

~ pj
by Pattern_Juggled
Tue Feb 17, 2015 2:30 pm
Forum: general chat, suggestions, industry news
Topic: skype resolvers: testing & leakblocking
Replies: 0
Views: 8282

skype resolvers: testing & leakblocking

{direct link: cryptostorm.org/skyperesolvers } Bit of a placeholder thread, for now, but feel free to add to it meanwhile. We'd like to do some pcap'd tests on ICE-based Skype "resolver" tools. A project we've fiddled with in-house for ages, so let's get things rolling. Pointers at common and, even...
by Pattern_Juggled
Sun Feb 15, 2015 9:39 pm
Forum: member support & tech assistance
Topic: Repeated updates with warnings.
Replies: 25
Views: 20822

Re: Repeated updates with warnings.

WritersBlock wrote:I start to work on one, only to have the others distract me... So I put it down for now.
That could more or less serve as a well-compressed biography of my professional life thus far, tbh. :-)

Cheers,

~ pj
by Pattern_Juggled
Sun Feb 15, 2015 7:32 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: keybase's leverage of Tor routing mechanisms
Replies: 0
Views: 19351

keybase's leverage of Tor routing mechanisms

This is pretty interesting stuff keybase is doing with Tor... http://fncuwbiisyh6ak3i.onion/docs/command_line/tor I wonder if there's not a much wider applicability to this sort of layered-security model in the context of network events that need to be able to take place surreptitiously in a hostile...
by Pattern_Juggled
Sat Feb 14, 2015 6:55 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

"Establish a connection with ICE / relay servers - in this instance: NONE"

This is some very clever stuff ! var RTCPeerConnection = window.webkitRTCPeerConnection || window.mozRTCPeerConnection; if (RTCPeerConnection) (function () { var addrs = Object.create(null); addrs["0.0.0.0"] = false; // Establish a connection with ICE / relay servers - in this instance: NONE var rtc...
by Pattern_Juggled
Sat Feb 14, 2015 5:34 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

Re: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation

ICEhandshake.png
Well ok then... that's what we needed to clarify some behaviour we've been entirely unable to clarify previously.

Back to work, network-side, making sure this stuff doesn't get too frisky with members' physical IPs, now. :-)

Cheers,

~ pj
by Pattern_Juggled
Sat Feb 14, 2015 4:41 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

5.2 Session Initiation

Session Initiation In order for the initiator in a Jingle exchange to start the negotiation, it sends a Jingle "session-initiate" stanza that includes at least one content type, as described in XEP-0166. If the initiator wishes to negotiate the ice-udp transport method for an application format, it...
by Pattern_Juggled
Sat Feb 14, 2015 4:30 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

"A method for negotiation of out-of-band UDP connections with built-in NAT and firewall traversal"

Security Considerations 10.1 Sharing IP Addresses By definition, the exchange of transport candidates results in exposure of the sender's IP addresses, which comprise a form of personally identifying information . A Jingle client MUST enable a user to control which entities will be allowed to recei...
by Pattern_Juggled
Sat Feb 14, 2015 4:23 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

XEP-0176: Jingle ICE-UDP Transport Method

XEP-0176: Jingle ICE-UDP Transport Method Abstract: This specification defines a Jingle transport method that results in sending media data using raw datagram associations via the User Datagram Protocol (UDP). This transport method is negotiated via the Interactive Connectivity Establishment (ICE) ...
by Pattern_Juggled
Sat Feb 14, 2015 4:11 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

libjingle Developer Guide

libjingle Developer Guide The libjingle SDK consists of C++ source code and documentation that enable you to design applications that connect and exchange data across a network (peer to peer data connections). The SDK contains code and sample applications, a Visual Studio 2005 solution file for com...
by Pattern_Juggled
Sat Feb 14, 2015 4:04 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

webrtchacks.com/vendor-directory

https://webrtchacks.com/vendor-directory/ 94 Results &yet Web development firm and lead contributor to simpleWebRTC 1Click.io Business click to call service and API Abbeynet Offers advanced solutions for communication with the integration of Voice, Video, and presence over IP Acision Forge SDK and c...
by Pattern_Juggled
Sat Feb 14, 2015 4:02 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

webrtchacks.com

https://webrtchacks.com/ About We are WebRTC technologists and enthusiasts. We noticed there are few independent sources for WebRTC developers so we decided to do something about that with this blog. Our goals in this blog are to: Provide more detailed technical explanations on how WebRTC works Iden...
by Pattern_Juggled
Sat Feb 14, 2015 3:51 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

www.webrtc.org

http://www.webrtc.org/ http://webrtc.github.io/samples/ http://github.com/webrtc/samples http://webrtc.github.io/samples/src/content/datachannel/ http://webrtc.github.io/samples/src/content/peerconnection/pr-answer/ http://webrtc.github.io/samples/src/content/peerconnection/munge-sdp/ http://webrtc....
by Pattern_Juggled
Sat Feb 14, 2015 3:35 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014)

Here's some deeper-dive stuff on exploits that make use of webRTC for all manner of skullduggery: Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 1 Thanks to those clever folks over at Google, Mozilla and Opera, we have an HTML5 technology to help us: WebRTC. WebRTC was initially in...
by Pattern_Juggled
Sat Feb 14, 2015 1:28 pm
Forum: guides, HOWTOs & tutorials
Topic: [Discussion thread] HOW TO: connect when using Windows
Replies: 7
Views: 20594

Re: [Discussion thread] HOW TO: connect when using Windows

Btw, if anyone has a version of the 1.4 conf's that's tested-good for Windows connections, I'll put it up in the reference thread - we've had some requests, & it's not one I did in the first batch of 1.4 conf's. That's an oversight I'd like to rectify.

Cheers,

~ pj
by Pattern_Juggled
Fri Feb 13, 2015 8:18 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: deepDNS: seamless Tor .onion site access, via cryptostorm
Replies: 24
Views: 133779

Re: deepdns.dk

Just tried this and got nothing. I assume this isn't in production yet? It's deploying node-by-node; hence more of a rolling schedule until the full network is covered, at which point we'll loop back and fill in this placeholder thread with details. Meanwhile... https://www.youtube.com/watch?v=avUo...
by Pattern_Juggled
Fri Feb 13, 2015 4:52 am
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Proxy.sh thoughts?
Replies: 4
Views: 22100

logging, no-logging, & verifying no-logs policies

I'm curious but which file I've to give you to check if while connecting to their node it's giving out my real ip to them? I mean if they say there's no logging isn't this wrong..so? It is impossible, to my knowledge in any case, to connect to a "VPN service" node/server without in doing so exposin...
by Pattern_Juggled
Thu Feb 12, 2015 8:54 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: Proxy.sh thoughts?
Replies: 4
Views: 22100

accuracy of proxy.sh status page?

Can you tell if the network status page is bullshit? What we've done before is write a polling script to pull raw data from such status pages, dump them to text, and then plot the results to see if there's obvious issues with the distribution of point-pairs over time. Usually, there is. That's one ...
by Pattern_Juggled
Thu Feb 12, 2015 8:40 pm
Forum: general chat, suggestions, industry news
Topic: webRTC browser IP leak fix via Windows Firewall
Replies: 27
Views: 97672

Lifehacker article - inaccurate assertions

There's been a great deal going wrt webRTC we've not summarised in posts here in-forum in recent days; things have been evolving at a pace that makes such realtime updates a challenge... but we'll get some conclusive information posted by the end of the week. Much of what's going on is taking place ...
by Pattern_Juggled
Thu Feb 12, 2015 7:23 pm
Forum: member support & tech assistance
Topic: node connecting to wrong nodes
Replies: 18
Views: 15481

HAF bugfix: windows-montreal.cstorm.pw orphaned IP entry

Tried Montreal, got TLS and then it flew to US West, been happening for a while... just can't seem to crack into Canada. If those are widget-based connections, what you're likely seeing is fallover connectivity to another cluster in the event the primary cluster selection ( github master of current...
by Pattern_Juggled
Thu Feb 12, 2015 7:00 pm
Forum: general chat, suggestions, industry news
Topic: Is Onyx Partially Broken?
Replies: 2
Views: 6359

routing instability between onyx (Paris) & iceland

There's definitely been some odd things happening to traffic between onyx and Reykjavík... but after doing some analytic work, I'm not convinced it's anything to do with onyx. First, here's an example of the MTR's we've been seeing this morning - on and off - between onyx and our administrative mach...
by Pattern_Juggled
Wed Feb 11, 2015 9:39 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #MEMEX: .gov spyware for "deep web"
Replies: 3
Views: 20167

Re: #MEMEX: .gov spyware for "deep web"

DARPA-BAA-14-21: Memex Synopsis Added: Feb 04, 2014 2:36 pm The Defense Advanced Research Projects Agency (DARPA) is soliciting proposals for innovative research to maintain technological superiority in the area of content indexing and web search on the Internet. Proposed research should investigat...
by Pattern_Juggled
Wed Feb 11, 2015 12:44 pm
Forum: member support & tech assistance
Topic: Repeated updates with warnings.
Replies: 25
Views: 20822

widget 2.22 maintenance release promoted to production

Still getting prompted to update every login... That's an actual update that it's promoting :-) Maintenance release 2.22 went out shortly after 2.21, to encode some newly-expanded blocking syntax for the webRTC browser IP address leak situation. Long story. If you're ever unsure on a promoted updat...
by Pattern_Juggled
Wed Feb 11, 2015 11:27 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #MEMEX: .gov spyware for "deep web"
Replies: 3
Views: 20167

Re: #MEMEX: .gov spyware for "deep web"

At least Kim Zetter over at Wired seems a bit less willing to parrot word-for-word the "human trafficking" spin as, prima faciae , the reason this spyware has been so heavily funded by the DoD & other related deep-spook entities: The content on Hidden Services is public—in the sense that it’s not pa...
by Pattern_Juggled
Wed Feb 11, 2015 11:03 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #MEMEX: .gov spyware for "deep web"
Replies: 3
Views: 20167

#MEMEX: .gov spyware for "deep web"

Starting a thread here to collate information & resources on this subject. SciAm article : Other deep Web data comes from temporary pages (such as advertisements for illegal sexual and similarly illicit services) that are removed before search engines can crawl them Must get removed really, really f...
by Pattern_Juggled
Tue Feb 10, 2015 10:41 pm
Forum: member support & tech assistance
Topic: Unused token expiration? (Possible)
Replies: 7
Views: 5055

riseup.net silently modifying email sent to customers w/ email accounts there

Using Riseup VPN till I get this sorted... You didn't perhaps have the token delivered to a riseup.net email address, did you? After hair-tearing frustration on all sides involved, we finally figured out that riseup unilaterally modifies the content of email being delivered via their servers. Speci...
by Pattern_Juggled
Sun Feb 08, 2015 6:38 pm
Forum: member support & tech assistance
Topic: Repeated updates with warnings.
Replies: 25
Views: 20822

2.21 hashes, & antivirus false-positives

Yup you got the wrong download file, that's the old one, that's why it always saying you need to upgrade. (@PJ can't we remove that file?) I've just checked the version found at cryptostorm.nu/setup.exe via a manual hash of the binary (exe) and the hashes I get are: MD5 : 086d665539dc2d2641d965eeee...
by Pattern_Juggled
Sun Feb 08, 2015 5:31 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: Cryptostorm's DNS resolvers: DNSchain + DNScurve + Iceland-based
Replies: 9
Views: 35471

Cryptostorm's "mmm" DNS resolvers in production

We've rolled our in-house, dnschain/dnscurve domain name resolvers into production across the network this weekend. I know df has intended to do a more detailled post on the technical foundations of the new framework, but as we've been continuing the deployment as well as some profoundly impressive ...
by Pattern_Juggled
Sun Feb 08, 2015 2:16 pm
Forum: member support & tech assistance
Topic: Deep Packet Inspection
Replies: 3
Views: 3621

Re: Deep Packet Inspection

parityboy wrote:erm...why does this part happen twice?
Because I suck at editing my posts when completed.

Fixed now :-)

~ pj
by Pattern_Juggled
Sat Feb 07, 2015 10:59 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: 3 aleph tokens for sale {two sold & transferred | one remails}
Replies: 16
Views: 35346

aleph token sale facilitation by cstorm

Let's say that I'm interested. But, unfortunately, I don't have any cryptocoins at the moment (as odd as it may sound). Do you accept payments via PayPal? It wouldn't be any trouble for cstorm to accept a payment via paypal from you, use that to acquire btc (usually a couple days' turnaround - some...
by Pattern_Juggled
Sat Feb 07, 2015 10:48 pm
Forum: member support & tech assistance
Topic: Deep Packet Inspection
Replies: 3
Views: 3621

security against snooping ISPs & Deep Packet Obfuscation (DPO)

My ISP using Deep Packet Inspection (DPI) and logs all requests, keep a log of what websites you have visited, get-post data etc... When using CryptoStorm VPN, would my ISP still be able to read my internet traffic? Can my ISP see what websites I visit? The short, and definitive, answer to these tw...
by Pattern_Juggled
Sat Feb 07, 2015 6:24 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: reported IP address leak when using Ares torrent client
Replies: 2
Views: 15286

Ares Galaxy p2p application - IP discovery

Ok, I was not previously familiar with this application so I've had to do some reading on it before responding with anything useful. Ares appears to be some kind of mash-up of old-model centralised/quasi-centralised peer-to-peer networking tools like Gnutella and some DHT/torrent functionality parti...
by Pattern_Juggled
Fri Feb 06, 2015 5:16 pm
Forum: general chat, suggestions, industry news
Topic: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation
Replies: 19
Views: 20714

Re: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation

I split off the development & post-dev debug/upgrade thread of our webRTC leak-fix project to a standalone thread up in the official announcements section, so its's easier for folks to find.

Cheers,

~ pj
by Pattern_Juggled
Fri Feb 06, 2015 3:52 pm
Forum: general chat, suggestions, industry news
Topic: webRTC browser IP leak fix via Windows Firewall
Replies: 27
Views: 97672

enabling Windows Firewall to for cstorm webRTC patch

Just a heads-up, WebRTC still leaks for me on CStorm, disabled PeerConnection in Firefox for now. Not a big deal. This is one of those blindingly-obvious things in hindsight, but our block won't work unless Windows Firewall is enabled on the machine. I know of many folks who disable WF, so I think ...
by Pattern_Juggled
Wed Feb 04, 2015 8:17 pm
Forum: general chat, suggestions, industry news
Topic: webRTC browser IP leak fix via Windows Firewall
Replies: 27
Views: 97672

Re: webRTC, STUN, & browser-based physical IP disclosures: resources & investigation

I fear that doesn't really fix the problem. 1) The attacking web page can point to their own stun server in their version of that page eg: {iceServers: [{urls: "stun:stun.me_evil.com"}]} This is an interesting observation, and I don't think we can respond with any confidence until we look a bit clo...
by Pattern_Juggled
Wed Feb 04, 2015 9:49 am
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: IP leak big-time
Replies: 4
Views: 17269

topological views of "IP leaks" & how to avoid them

Hello, Using the latest Windows client, unfortunately, I have IP leaks going on, with original IP continually showing up at ipleak.net as well as the Cryptostorm Iceland address. Is there no DNS leak protection in your client? I suspect this was actually a result caused by the webRTC browser IP lea...
by Pattern_Juggled
Wed Feb 04, 2015 9:39 am
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: Cryptostorm's DNS resolvers: DNSchain + DNScurve + Iceland-based
Replies: 9
Views: 35471

packets don't lie

Can the above two DNS addresses be entered into OpenVPN for Android? More specifically, IP AND DNS --> Overwrite DNS settings by Server? ...or will 2 existing pushed DNS addresses be removed to make away for the above two... Mostly for things like this, my own advice is: test it sand see what happe...
by Pattern_Juggled
Tue Feb 03, 2015 6:15 am
Forum: general chat, suggestions, industry news
Topic: webRTC browser IP leak fix via Windows Firewall
Replies: 27
Views: 97672

webRTC browser IP leak fix via Windows Firewall

{direct link: cryptostorm.org/stunner } UPDATED : moved to a port-based approach 9 Feb 2015; crossposted to github, & onsite echo . We've implemented a client-side solution to this Windows leak, which has just recently been posted . NOTE that one must have Windows Firewall enabled on the local mach...
by Pattern_Juggled
Mon Feb 02, 2015 7:02 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Icelandic power outage: 15 Dec 2014
Replies: 4
Views: 17259

.is packet loss

On and off we've been seeing this pattern of packet loss several hops upstream from our Icelandic network infrastructure: fenrirMTR.png sadIceland.png Not sure what's causing it, but we're asking around to see what's up. It looks like it's not even in our datacentre (the super-colo DataCell ), so th...
by Pattern_Juggled
Sun Feb 01, 2015 5:57 pm
Forum: general chat, suggestions, industry news
Topic: browser fingerprinting: research, defences, future avenues of development
Replies: 39
Views: 87077

anti-fingerprinting (browser) tools & limitations

Here's the bits that most directly relate to an ongoing discussion of anti-fingerprinting tools on twitter: As part of our research on browser fingerprinting, we examined various tools that people are using to combat it. One popular approach is installing browser extensions that let you change the v...
by Pattern_Juggled
Sun Feb 01, 2015 5:09 pm
Forum: general chat, suggestions, industry news
Topic: Stop your Browser Security leak
Replies: 1
Views: 6492

Re: Stop your Browser Security leak

Cross-linking over to our other browser info-leak thread - I've considered merging the two, but that might bury the OP's excellent contribution, above, and thus keeping this standalone seems to make more sense.

Cheers,

~ pj
by Pattern_Juggled
Sun Feb 01, 2015 2:28 pm
Forum: general chat, suggestions, industry news
Topic: browser fingerprinting: research, defences, future avenues of development
Replies: 39
Views: 87077

webRTC 'vuln'

I've promoted this thread to 'global' status, & reached out via twitter to request resources for those using Chrome-based browsers (including Chromium, and other forks). edited to add : here's an excellent user-agent fuzzer for Chrome-based browsers, courtesy the smart & generous folks of our twitte...
by Pattern_Juggled
Sun Feb 01, 2015 2:07 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Windows widget - version 2.0 'Narwhal' {DEPRECATED}
Replies: 13
Views: 32630

"quickest node" selection feature

A few days ago the "find the quickest node" button showed different servers while testing a few times in row. But now it seems to show always the same server, which is for me the server that is geographically the closest to my place. The CS staffers are aware of it... when they implemented HAF v1.1...
by Pattern_Juggled
Sat Jan 31, 2015 12:35 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: "Enabling Blockchain Innovations with Pegged Sidechains" (pdf, 2014)
Replies: 0
Views: 17658

"Enabling Blockchain Innovations with Pegged Sidechains" (pdf, 2014)

Enabling Blockchain Innovations with Pegged Sidechains Adam Back, Matt Corallo, Luke Dashjr Mark Friedenbach, Gregory Maxwell Andrew Miller, Andrew Poelstra Jorge Timón, and Pieter Wuille 2014-10-22 (commit 5620e43) sidechains.pdf Abstract Since the introduction of Bitcoin[Nak09] in 2009, and the m...
by Pattern_Juggled
Fri Jan 30, 2015 11:00 am
Forum: general chat, suggestions, industry news
Topic: "Computing a Glimpse of Randomness" (2001)
Replies: 0
Views: 9900

"Computing a Glimpse of Randomness" (2001)

Computing a Glimpse of Randomness
Cristian S. Calude, Michael J. Dinneen, and Chi-Kou Shu
Calude361_370.pdf
(305.2 KiB) Downloaded 504 times
by Pattern_Juggled
Thu Jan 29, 2015 12:35 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 50177

new, post-beta resolvers thread opened

I've gone ahead and opened a new thread to continue discussion of in-house DNS resolvers, given that this beta-phase thread has pretty well served its purpose and it's a bit unwieldy to have it continue to sprawl out as we move towards full production status with the resolvers. I'm not closing this ...
by Pattern_Juggled
Thu Jan 29, 2015 12:20 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: post-beta in-house DNS resolvers thread
Replies: 0
Views: 15955

post-beta in-house DNS resolvers thread

I've taken the liberty of instantiating a new thread to follow up on the existing beta DNS resolvers thread, as we've somewhat moved from a proper beta testing phase on the resolvers into a more-or-less production context and thus it seems more appropriate to have a new thread versus requiring folks...
by Pattern_Juggled
Sun Jan 25, 2015 6:15 pm
Forum: general chat, suggestions, industry news
Topic: immunity.zone virtual browser
Replies: 6
Views: 9208

Re: immunity.zone virtual browser

Looks like the services has opened up to a broader beta testing phase, now...
ImmunityZone.png
~ pj
by Pattern_Juggled
Sat Jan 24, 2015 5:28 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Lisbon (Portugal) exitnode cluster | anchor node = tagus.cryptostorm.net
Replies: 4
Views: 16616

Lisbon (Portugal) exitnode cluster | anchor node = tagus.cryptostorm.net

After more than a little scuttling about & frustration on everyone's part, we've now in place a solid anchor node for our exitnode cluster in Lisbon, Portugal. We've retained the name 'tagus' for this node despite it being against our general network administration policy to do so because, well... c...
by Pattern_Juggled
Sat Jan 24, 2015 5:19 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Portuguese cluster - teething pains [RESOLVED]
Replies: 49
Views: 76390

Lisbon cluster back in production [see new thread in 'status']

Apparently we neglected to do an official post once Lisbon was back on production, but yes it's back in the pool since last night. Apologies for that. I'm going to close and lock this thread, as it's become somewhat long and unwieldy, and open a new thread in the status subforum on Lisbon so we don'...
by Pattern_Juggled
Fri Jan 23, 2015 7:34 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: i2p sessions whilst on-cstorm: working thread
Replies: 1
Views: 17607

i2p sessions whilst on-cstorm: working thread

This is an issue being concurrently discussed over at the i2p tracker , but I wanted to echo it here as I expect some of our members might have useful feedback and otherwise might not notice the discussion taking place. Greetings, making an appearance on behalf of the cryptostorm folks. We're making...
by Pattern_Juggled
Fri Jan 23, 2015 12:28 am
Forum: general chat, suggestions, industry news
Topic: browser fingerprinting: research, defences, future avenues of development
Replies: 39
Views: 87077

How Unique Is Your Web Browser?

How Unique Is Your Web Browser? Peter Eckersley Electronic Frontier Foundation, pde@eff.org browser-uniqueness.pdf Abstract We investigate the degree to which modern web browsers are subject to “device fingerprinting” via the version and configuration information that they will transmit to websites...
by Pattern_Juggled
Thu Jan 22, 2015 8:36 pm
Forum: member support & tech assistance
Topic: Qestions Qestions Qestions
Replies: 15
Views: 12570

Re: Qestions Qestions Qestions

I've been tasked with replying to this post, and I apologise for being terribly slow in doing so.

This is next up in my task queue, so it should be done shortly. Thanks, parityboy, for the interim reply!

Cheers,

~ pj
by Pattern_Juggled
Thu Jan 22, 2015 12:26 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: current 'config' files for cryptostorm network connections (rev. 1.4)
Replies: 2
Views: 53301

list of HAF-compliant --remote parameters

There's been a request (via twitter ) to have a tl;dr list of the current, HAF-compliant (1.4) --remote connection parameters, for those who prefer to simply do edits to their client-side conf's rather than downloading new ones (or using the widget). As such, I'll post this here and ensure it stays ...
by Pattern_Juggled
Wed Jan 21, 2015 6:23 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: US-central exitnode cluster | anchor node = mishigami.cryptostorm.net | updates & "crazy shit"
Replies: 4
Views: 18323

devnull.txt

log devnull.txt umm- won't that just create a text file named devnull.txt and log to it? would the 'verb 0' stop the loging- man says the command will 'supercede'? did you mean, log /dev/null? seams it wouldn't be nessasary with the verb 0 setting?. Yah, it's kind of an inside joke: devnull.txt... ...
by Pattern_Juggled
Tue Jan 20, 2015 6:00 pm
Forum: general chat, suggestions, industry news
Topic: MLK, Jr. - "Letter from a Birmingham Jail"
Replies: 0
Views: 7790

MLK, Jr. - "Letter from a Birmingham Jail"

Letter from a Birmingham Jail Rev. Martin Luther King, Jr. 16 April 1963 My Dear Fellow Clergymen: While confined here in the Birmingham city jail, I came across your recent statement calling my present activities "unwise and untimely." Seldom do I pause to answer criticism of my work and ideas. If...
by Pattern_Juggled
Tue Jan 20, 2015 5:56 pm
Forum: #cleanVPN ∴ encouraging transparency & clean code in network privacy service
Topic: ACADAMIC
Replies: 2
Views: 15171

Arcadia conditions

Arcadia.pdf
(73.13 KiB) Downloaded 2600 times
by Pattern_Juggled
Tue Jan 20, 2015 1:36 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Windows widget - version 2.0 'Narwhal' {DEPRECATED}
Replies: 13
Views: 32630

split off "zombie Tap" thread

We've split off the responses in this thread regarding the Windows bug we refer to as the "zombie Tap issue" to its own thread , in the howto section , so it's easier for folks to find. Thanks to those who have contributed that information - it's helped many, many members resolve this annoying Windo...