Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

I can feel the heat

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)

Topic Author
Posts: 14
Joined: Sun May 03, 2015 10:25 am

I can feel the heat

Postby mustardman » Wed May 13, 2015 8:21 am

So I pulled my vpn from my router and put it on my hardened funtoo laptop. Initially, it worked fine.
then, it stopped working. Now, I swapped my configs and it runs again. Probably just a configuration
mismatch somewhere right?

Sadly, I am not electrified enough to go snooping through extensive amounts of data looking for CITM,
so there will be no juicy reveal on information located in this machine. Recent events however, have shown me that
Problem Child does exist, is extensive, growing every day, and that there are few if any platforms truly resistant.
I am not at liberty to discuss how i know this or what I have experienced. Regardless, this socialist has become much
more rabid and libertarian when considering the concepts of self-determination and independent individual sovereignty.
The unabomber's concerns seems more lucid and sane with each passing moment, even as his solutions remain unacceptable.

Surely the NSA's involvement with SHA, AES, SELinux, and more is problematic?
Who if any of us has the time to conduct a comprehensive audit of the source code for current compiles of these libraries?
Heartbeat, Dual EC, and much, much more.. are they accidents? Intentionally shoddy code, written by longstanding part-time contributors to
core packages and programs, perhaps a slipstreamed modification to code enroute or uploaded to a repository, then pushed back
downstream to the system of the original coder, small modifications that would go unnoticed by busy and preoccupied people?

We can take this budgeted expenses story much further. Welcome to a future(let's say by 2020). Secret government
agencies conduct extensive attacks on library, application, and operating system distributors with the sole intent of compromising
their compile chain and inserting modified binaries at the point of release. Windows store apps compile in the cloud, customized for
your platform and even, possibly, to your specific machine? A lovely point of attack. And we paid for it. Paid for access to the source code
and hardware diagrams for every single component of every single appliance, physical or digital, that we could get our hands on.
Paid for training for our coders, to design the malicious libraries, for our engineers, to design the slightly modified PCI networking card
with a flash module that doesn't really reset when you upload new firmware, for our membership in ISO to silently compromise standards.

This is a reality we can look forward to. The internet of tomorrow, rampant with ubiquitous encryption, anonymized communications,
virtual currency, and an unsettling amount of uncontrolled information(the real free speech) shook up the law enforcement world of the 90s.
Now we have agencies on all levels cooperating to target and expose citizens so that they might not be suspected of having things to hide.
The forces responsible for these efforts are NOT novel and cannot be underestimated. From a philosophical perspective, which goes well
beyond reality into the world of nightmares, These forces largely do not represent protection but an immune system of sorts, seeking out everything
that is potentially hazardous to the body and destroying it. Paid for convictions equals paid to sniff and sniff and hunt and peck until they find
someone guilty of anything that can preserve their funding as necessary, and, eventually, conjoined with the forces that decide what is a crime
through the power of money, which is all-pervasive and controls everything.. except cRazy people like cryptostormers.

What I am saying is.. the things I have introduced in my rambling.. they are ONLY a matter of time. The system will and has continuously sought
to remove the privacy and individualism inherent to the human nature, to enforce and expand a conformity of sorts. We see a change and
we live in an era of change.
The system has not changed, it is merely adapting to a new environment.
Temporarily, we can win
battles in this ongoing war by evolving beyond the threat that the system presents. Are we ahead of it right now? Barely.

Topic Author
Posts: 14
Joined: Sun May 03, 2015 10:25 am

Re: I can feel the heat

Postby mustardman » Wed May 13, 2015 9:37 am

As a reply to my rant, I wish to detail some next level mitigation concepts that may evolve the individual further and retreat from the system.
You know that system. It's the one where everyone has a tumblrbooktube, is sharing their personal lives with everyone else, is completely
open and connected, follows the popular trends, and is a functional member of a "Productive" society. You know, the kind that makes money.
The kind that isn't cancerous.. that is to say, doesn't eat its own poop.. the kind that doesn't hide in dark rooms and munch on poptarts while wondering
if there are human beings out there who see beyond the memes... Anyway, long live the dark murknet. Puddleglum is a hero and you are too!

My focus: The Alien versus the Overeasy Egg.

The Alien represents the lurking, evolving, growing malice we all know and love. It has to do with evil maids and chefs, processor microcode,
embedded compiler functionality, citm concepts like mysterious garbage metadata, timing fingerprinting, font fingerprinting, etcerta, all the way
down and all the way up. The alien represents the conceptual maximum potential that sauron is capable of bringing to bear with time and energy.

The Overeasy egg represents how we currently target and protect against the Alien, by scrambling eggs offsets, salting files,
peppering protected runtime levels, access control, etc, bacon padded modulated encryption, cooking up new eggs
evolving our code and writing new programs, and of course, using shared condoms VPN's and other forms of information control.

Regardless how we cook it, the alien will always, given enough time and energy, get some ebolas samonella cesium into our eggs.
Therefore when modifying the egg increases the energy and time required to detect the alien, it results in enhancing the alien attack capability-
not just our defensive capability! Simply modifying configs is NOT ENOUGH. It's time to take it to the next level. Our goal is to make
the egg easy to prepare, quick to cook, among many other things. So much more.

The immediate solutions I can see begin to fall under raising our own chickens and cooking our eggs differently.
First, a disclaimer. I agree it is way too much fucking effort to refactor some projects when you want to remove functionality! That sucks big.

grandparents don't have citizenship yet

Triforce go! Imagine creating a language that is designed for safe, universal code, , with no platform variations,
and then implement it in C. Make three implementations in C that each have minor variations that will result in a compiler
that behaves differently, but is designed to produce the same output. Compile each of these projects using(ideally) a
different C compiler on a different architecture, resulting in non-bootstrapped compilers A, B, and C.
Finally, write a compiler for the language, in the language, and compile it with A, B, and C.
If the products D,E, and F are all binary identical, then your compiler chain is secure. Otherwise, it is not.

the parents immigrated at an early age and still have their immigration papers
In our futuristic world, we are going to move our own copies of popular projects inside of our own repository systems, and
practice sound and safe code management principles. every patch and every file must be community reviewed. Every line of code
that functions in a way invisible to the novice has to be recoded to function transparently. Every variable is clearly named.
And finally.. everything is written or automatically modified in such a way as to EXPECT the possibility of malicious attacks.
Defensive programming techniques are utilized to protect and sanitize every function against bad passed data.

The children carry cellphones and tell mommy if there is a problem as SOON as possible and hide nothing from her
every file and the stack is hashed protectively with a public key AGAINST the possibility of modification enroute
and in memory, and the hashing is checked at random using low overhead mechanisms inside of a virtualized thin wrapper.
Every sector in use, every socket in use, and every stack in use MUST belong to a wrapped program, must be erased when
released and erased before taking ownership. Every program must trust its wrapper and terminate safely on command.
Every wrapper must know where all resources are that belong to the program within it and be able to clear any of them on
command and restart the program, all based on simple rules, and must be able to modify and remove content as well.

Little brother pretended to clean the egg pan
If, for example, the browser crashes or is requested to undergo a security restart due to a modified sector.
When this happens, we keep only first-party cookies from HTTPS servers, the history only contains a list of visited URL's
with a userspace overlay that displays color to the USER that a url has been opened, but not to JS on the page, etc.
the browser cache contains only text files, and when pages are reloaded plugins are not reloaded on said pages,
but unloaded and only are allowed to open new sessions with NO cache. All plugins, no cache!

big sister found it in the sink
Wrappers signal to the kernel, kernel takes a list of network resources authenticated as in use, and hashes/signs a list
of all IP's currently being connected to by the wrapped software, signs it, and sends it up the chain to the router.
The router, in turn, only allows incoming data based on the resource/socket list from that machine, and keeps a timed/
expiring log of the IP's. When the kernel randomly sends up the hash and the timestamp, the router checks the recent
memory and hashes the equivalent list. If they don't match up, the router blocks any IP's that are listed as having
been connected to at X time that the user system didn't agree was being connected to, and reports this list to the user.

Old chickens have the weakest immune systems.. and the toughest meat
Old code is not acceptable! New hardware is also not acceptable! Anything you can't flash that has a firmware rom is WRONG.
It's enough to have new hardware, flash it with a good rom that you've disassembled and at least examined cursorily, and
break off the pins to format or somehow damage the circuity required to update the flash module. But.. it's better to have
hardware that is older but better documented/more standards compliant, even if a little bit slower and supporting a little bit less.

Our own breed of chickens
With parental ownership, we proceed from there to deploying simplified programs that have unused functionality stripped. Everything simplified..
and in the open. No mysterious functionality, no vulnerable code, nothing. Nothing to configure. This will entail a second kind of wrapper,
one that is a kind of library.. instead of wincestual cooperation between different frameworks and programs which is hard to monitor or control,
when programs want to work with a specific framework they load a library that contains glue- programs will have genericised API's that in turn
communicate with platform/framework specific libraries that transform and pass along or return the data. You want QT support with that? ok, here.
You want to support my new gpu? use this file here. And that's only a digital breed of chicken. One can slowly begin to step this into the
physical realm by using customized hardware that announces to the network the exact version and functionality involved in
of every specification it is compatible with and prohibited from/punished violating that specification or doing unstandard behavior.
The way networks and systems are designed right now is to JUST WORK, IGNORE PROBLEMS, HIDE ERRORS IF NOT CRITICAL.
uh, No. Let's not. Let's not allow errors of any kind, to begin with, and go from there.

More if I think of it.. I hope this is a start for some minds..

Topic Author
Posts: 14
Joined: Sun May 03, 2015 10:25 am

Re: I can feel the heat

Postby mustardman » Wed May 13, 2015 10:11 am

Something I wrote a long time ago.. I feel it is more relevant here.

"In the future, the human race will end in a war between two extremes:

Predominantly humans will become metrosexual vloggers participating in the ubiquitous
obliteration of human form where 12 billion unique bodies on the planet will combine with
an inevitable computer-aided diversification of thought culminating in a world
where nothing is strange or different and everything is comfortably normal
created by content that is so diverse and omnipresent that all senses are rendered numb
and all minds are sated with a perception of just how many things ARE, which is a feeling
called "sonder" in the french.

At the same time, a small minority of prepper, hipster, cultic,
mystic, hermetic, erstotic individuals who do not want all things to be same and who
uniquely have some fault about them mentally or physically that they have conclusively proven
without a doubt will not be accepted by the majority as part of this sonder will go to any
length to stay alive as it will be a fight to continue to percieve their own existence suffocating
in the humanity swelling around them in an infinite sea, seeking blindly to "accept" them and absorb
them, crushing out their unique-ness and forcing them to be one with the singularity.

In these times, those with these irredemable faults and those with these uncomprehensible flaws
will be able to value each other solely on these flaws and faults. Eventually, unstoppably, they will
come to form tribes that accept a creed of rejecting that which is percieved as part of the singularity,
including technology, and will practice ludditism and absurdly antisocial practices. Indeed, even today
we are already seeing similar prototypes to such, but we do not percieve them as original, new responses
to the human swarm, but rather throwbacks to an ancient and primative past.

People cannot handle being universally Concious of all things. Individuals
who are genetically human cannot sanely tolerate the absorption of their ego-self into the collective. And those
who would alter their form and function, their very genetics and minds to overcome this, would go insane with
the comprehension of just how flawed and alien they would by these very actions become.

This brings us to a rather thrilling and painful question. Is this past that we vision merely a point
in a neverending cycle where the war culminated in the victory of the isolate over the solution, allowing
the destruction of a previous singularity and a complete conversion to the practices of the tribes?
Our tower of babel is coming."

Posts: 33
Joined: Mon Sep 21, 2015 5:46 pm

Re: I can feel the heat

Postby JC0137130 » Mon Sep 21, 2015 7:15 pm

What if, like, the whole universe is just a big computer computing itself. What if it stores memory at zero because zero contains all possible combinations of information and anything within our outside zero just, like, computes itself and tries to improve itself.

What if the only reality is, like, the information process in your mind and we are the information processors of the universe and it knows about us and is trying to teach us something. Have you ever felt like the universe is trying to tell you something? Do you sometimes feel like you are just shouting into an endless hallway and nobody is there to hear you? Maybe the point is for you to hear yourself. Maybe the universe only hears itself. It's all so weird when you really think about it but I guess thoughts are all there are so thoughts are weird and anything new is sort of weird right? Hmm.

Posts: 33
Joined: Mon Sep 21, 2015 5:46 pm

Re: I can feel the heat

Postby JC0137130 » Mon Sep 21, 2015 7:17 pm

Weird reply I know but I was just thinking about what mustardman wrote. Very good stuff. I actually posted before reading it and then realized that the ideas are similar.

I found this forum through a guy named Heaven on Twitter. Heaven if you read this tell me your username bro.

Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 7 guests