DOCSLIB.ORG

CPSC 257: Information Security in the Real World

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CPSC 257: Information Security in the Real World CPSC 257: Information Security in the Real World Ewa Syta April 28, 2016 CPSC 257 April 28, 2016 1 / 48 1 Attacks on Anonymity 2 Tools for Secure Communication CPSC 257 Outline April 28, 2016 2 / 48 Announcement Final Exam Friday, May 6 at 9am, WLH 207 Final Exam Review Session Tuesday, May 3 at 2:30pm, WLH 208 CPSC 257 Outline April 28, 2016 3 / 48 Announcement Final Exam Lectures 13-24 and all major concepts covered in class CPSC 257 Outline April 28, 2016 4 / 48 Announcement Peer Tutors Office Hours (reading period) Monday and Wednesday, 2-5pm CPSC 257 Outline April 28, 2016 5 / 48 Attacks on Anonymity CPSC 257 Attacks on Anonymity April 28, 2016 6 / 48 Staining Attack An active attack that leaves behind evidence: higher risk but better payoff. • Web Cookies • Web Trackers • Flash Cookies • Web Beacons • Header enrichments • Zombie Cookies CPSC 257 Attacks on Anonymity April 28, 2016 7 / 48 Web cookie Source: Wikipedia:HTTP Cookie Web cookie - (HTTP cookie), a piece of data sent from a website and stored within a browser. • Meant to make browsers stateful (e.g., remember preferences, authentication, items in a shopping cart). CPSC 257 Attacks on Anonymity April 28, 2016 8 / 48 Web tracker Source: The Murky World of Third Party Web Tracking, MIT Review Web tracker - (third-party cookie), a piece of data sent from a website other than the one user is connecting to. • First-party cookies vs. Third-party cookies • Allow to track users across multiple websites • Advertising purposes You can control the use of cookies by adjusting your browser's privacy settings. CPSC 257 Attacks on Anonymity April 28, 2016 9 / 48 Flash cookie Source: Wikipedia: LSO Flash cookie - (Local Shared Object), a piece of data that websites which use Adobe Flash may store on a user's computer. • Stored outside the browser. • Used to store settings for games, videos, etc. • Only in 2011 functionality added to allow browsers to manage LSOs. CPSC 257 Attacks on Anonymity April 28, 2016 10 / 48 Web beacon Source:Wikipedia: Web beacon Web beacon - an object embedded in a web page or email, which unobtrusively (usually invisibly) allows checking that a user has accessed the content. • Transparent image (usually 1 pixel x 1 pixel) that is placed on a site or in an email. • Typically used by third parties to monitor the activity of customers at a site. CPSC 257 Attacks on Anonymity April 28, 2016 11 / 48 Header enrichment Source: Does your phone company track you? Arstechnica HTTP Header enrichment - adds information such as the Mobile Subscriber ISDN (MS-ISDN) number to HTTP headers on mobile devices. • Tracking on mobile devices if difficult. • Applications • Attribution of network resources, performance enhancement, analytics, advertising. • Added info visible to everyone. • You have no control over it. Unless you use HTTPS. Zombie cookie - an HTTP cookie that is recreated after deletion.1 1 Verizon's zombie cookie gets new life. Arstechnica. 10/2015 CPSC 257 Attacks on Anonymity April 28, 2016 12 / 48 Examples https://panopticlick.eff.org/ Ghostery Lightbeam CPSC 257 Attacks on Anonymity April 28, 2016 13 / 48 Staining and Fingerprinting Attacks Both attacks have serious implications not only for anonymity, but also privacy. Routinely used in tracking web users, targeted advertising but also for more adversarial purposes. CPSC 257 Attacks on Anonymity April 28, 2016 14 / 48 Privacy Policy Wikipedia: Privacy Policy Privacy policy is a statement or a legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Most websites publish them. No one reads them. TL;DR: \We collect everything. We use it as we see fit”. Google Privacy Policy: http://www.google.com/intl/en/policies/privacy/ CPSC 257 Attacks on Anonymity April 28, 2016 15 / 48 Real-world attack against anonymity: NSA vs Tor CPSC 257 Attacks on Anonymity April 28, 2016 16 / 48 NSA about Tor23 \Tor stinks." \Very Secure." \Still the King of high secure, low latency Internet Anonymity. There are no contenders for the throne in waiting." \We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user (...) on demand." 2 Tor: 'The king of high-secure, low-latency anonymity'. The Guardian. 10/2013 3 'Peeling back the layers of Tor with EgotisticalGiraffe’. The Guardian. 10/2013 CPSC 257 Attacks on Anonymity April 28, 2016 17 / 48 Peeling back the layers of Tor with EGOTISTICALGIRAFFE3 Based on what we know, NSA cannot de-anonymize users by breaking the core Tor protocol. Instead, they target software vulnerabilities in Firefox that the Tor Browser is built upon. NSA actively searches for and exploits vulnerabilities \around" Tor. CPSC 257 Attacks on Anonymity April 28, 2016 18 / 48 QUANTUM4 QUANTUM - NSA's program to insert packets from the Internet backbone. • Quantum servers are at key places on the Internet backbone. • They can react faster than other servers. • Leaked NSA slides showed a Quantum server impersonating Google. 4 How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID, Bruce Schneier, 10/2013 CPSC 257 Attacks on Anonymity April 28, 2016 19 / 48 Man-on-the-side Attack Man-on-the-side attack - an adversary reads the traffic and inserts new messages, but does not modify or delete messages sent by other participants. • Relies on a timing advantage so that the attacker's response reaches the victim before the legitimate response. • The client uses the first response he receives. CPSC 257 Attacks on Anonymity April 28, 2016 20 / 48 FOXACID4 FOXACID - NSA codename for an Internet-enabled system capable of attacking target computers in a variety of ways. • FoxAcid servers are accessible using regular domain names. • If visited using a personalized url, a FoxAcid tag, the server attempts to infect that browser and the computer. • FRUGALSHOT are severs that handle call backs from infected machines and provide further instructions (e.g., upload data, location). CPSC 257 Attacks on Anonymity April 28, 2016 21 / 48 NSA's 6 Step Attack on Tor Users56 1 Scan Internet traffic. Use \upstream" data collection programs. 2 Mark Tor requests using fingerprinting techniques. Use XKeyscore to do so. 3 Sift out marked traffic. All Tor users look alike so it is easy to tell them apart from non-Tor users. 5 How the NSA identifies Tor users in 6 easy steps , DailyDot. 10/2013 6 Our Government Has Weaponized the Internet. Here's How They Did It, Wired. 11/2013 CPSC 257 Attacks on Anonymity April 28, 2016 22 / 48 NSA's 6 Step Attack on Tor Users 4 Send users to NSA servers. Use Quantum to re-direct targets to FoxAcid servers pretending to be the legitimate server that the Tor user is trying to access. 5 Attack users' computers. Use FoxAcid servers to deliver exploits. 6 Identify Tor users. After obtaining access to the target computer, it is easy to identify the user based on email accounts accessed from the same computer, stored information, etc. CPSC 257 Attacks on Anonymity April 28, 2016 23 / 48 Freedom Hosting7 & Silk Road Freedom Hosting, a provider of anonymous hosting and Silk Road, a black market website, were both operated as Tor hidden services. Both were shut down by FBI. • In 2013, all sites hosted by Freedom Hosting began serving an error message with hidden code embedded into the page. • It was an exploit leveraging a security hole in Firefox to identify Tor users by reporting back the user's IP to a server in Northern Virginia. • Later, FBI admitted it was behind this mass malware attack. 7 FBI Admits It Controlled Tor Servers Behind Mass Malware Attack. K. Poulsen. Wired. 9/2013 CPSC 257 Attacks on Anonymity April 28, 2016 24 / 48 Additional Resources • The Tor Project, https://www.torproject.org/ • Tor Browser • How Tor works? by Artist Molly Crabapple and Writer John Leavitt https://www.eff.org/whatistor • EFF on NSA Spying on Americans https://www.eff.org/nsa-spying • The definitive guide to NSA spy programs http://www.dailydot.com/politics/nsa-spy-prgrams-prism-fairview-blarney/ CPSC 257 Attacks on Anonymity April 28, 2016 25 / 48 Tools for Secure Communication CPSC 257 Tools for Secure Communication April 28, 2016 26 / 48 What is secure communication? Source: Wikipedia:Secure Communication Secure communication is often thought of as preventing unauthorized access to information authorized parties are exchanging while being in distinct physical locations. Secure communication on the Internet tries to mimic a private face-to-face conversation. • You know who you are talking to. • No one else knows what you are talking about. • Often there is no proof the conversation took place. CPSC 257 Tools for Secure Communication April 28, 2016 27 / 48 Goals of secure communication Authentication • Verifying the parties to a communication. Confidentiality and integrity • Hiding and protecting the content of a communication. Anonymity • Hiding the parties to a communication. Deniability • Hiding the fact that a communication takes place. Availability • Allowing a communication to take place. CPSC 257 Tools for Secure Communication April 28, 2016 28 / 48 Tools for secure communication • Secure email: OpenPGP, Hush Mail (and similar) • Secure/anonymous communication: Tor Browser • Secure search: DuckDuckGo, Disconnect.me, StartPage • Secure messaging: OTR; Signal and similar apps. • Secure file transfer: SecureDrop • Secure environment: Tails • Secure device: Blackphone CPSC 257 Tools for Secure Communication April 28, 2016 29 / 48 Secure email As we discussed, email is inherently insecure. Two ways to secure it: • Encrypting network connections (SSL). • Encrypting and signing messages (OpenPGP, S/MIME) CPSC 257 Tools for Secure Communication April 28, 2016 30 / 48 Secure email in practice While encryption and signing offer some additional protections, they are not always easy to set up and use.
Load more

Recommended publications
  • Download Here
    Seminar Nasional Sistem Informasi Indonesia, 1 Nopember 2016 SECURE REAL TIME PROTOCOL: SOLUSI ALTERNATIF PENGAMANAN CHATTING 1) Donny Seftyanto 1Sekolah Teknik Elektro dan Informatika, Institut Teknologi Bandung Jatinangor, Sumedang, 45363 Telp : (022) 7798600, Fax: (022) 7798617 1) E-mail : [email protected] Abstrak Off The Record (OTR) merupakan protokol kriptografi yang digunakan untuk menjamin keamanan chatting pada banyak aplikasi, seperti Xabber. Tetapi terdapat kelemahan pada protokol ini, yaitu kegagalan otentikasi, penipuan, dan penyangkalan. Untuk memberikan solusi alternatif dalam pengamanan chatting, maka dirancang protokol bernama Secure Real Time (SRT). SRT terdiri dari tiga tahap, yaitu Trusted Public Key Distribution, Key Exchange with Digital Signature, dan Signed and Encrypted Message Transmission with Key Derivation Function. Tahapan tersebut diterapkan dengan algoritma ECDSA-384, ECDH-384, AES-256, dan SHA-384 pada aplikasi Xabber, sehingga memberikan kekuatan keamanan algoritma yang lebih tinggi dari OTR. Lalu berdasarkan hasil evaluasi yang meliputi uji keamanan komunikasi dan pembandingan performa aplikasi Xabber, diketahui bahwa protokol SRT dapat menjamin kerahasiaan, keutuhan, keotentikan, nir-penyangkalan, dan tahan replay attack terhadap data penting di ketiga tahap SRT. Sedangkan tingkat kecepatan dan kemudahan aplikasi Xabber dengan SRT relatif lebih tinggi dari aplikasi Xabber dengan OTR. Kata kunci: chatting, kriptografi, OTR, SRT. Abstract Off The Record (OTR) is cryptographic protocol that is used to ensure the chatting safety in many applications, like Xabber. But there are weaknesses in this protocol, namely authentication failure, fraud, and repudiation. To provide alternative solution in securing chatting, then designed a protocol called Secure Real Time (SRT). SRT consists of three stages, namely The Trusted Public Key Distribution, Key Exchange with Digital Signature, and Signed and Encrypted Message Transmission with Key Derivation Function.
    [Show full text]
  • 2019-02-01-FOSDEM-Matrix-1.0.Pdf
    Matrix in the French State and introducing… Matrix 1.0 [email protected] @matrixdotorg 1 Matrix is an open network for secure, decentralised real-time communication. Interoperable chat Interoperable VoIP Open comms for VR/AR Real-time IoT data fabric 2 Mission: to create a global decentralised encrypted comms network that provides an open platform for real-time communication. Discord Telegram Slack IRC Gitter XMPP 4 Discord Telegram Slack IRC Gitter XMPP 5 No single party owns your conversations. Conversations are shared over all participants. 6 Matrix Architecture Clients Home Servers Application Servers Identity Servers What do you get in the spec? • Decentralised conversation history • Group Messaging (and 1:1) • End-to-end Encryption • VoIP signalling for WebRTC • Server-side push notification rules • Server-side search • Read receipts, Typing Notifs, Presence • Synchronised read state and unread counts • Decentralised content repository • “Account data” for users per room 8 Matrix Ecosystem Matrix Matrix Other Clients: Web iOS Console Console “Riot X” gomuks Quaternion (CLI/go) (Qt/C++) matrix- client matrix- matrix- sdk- react- angular- MatrixKit (iOS) Seaglass - android- side sdk sdk matrix- Fractal (macOS) android- rx (Gtk+/Rust) sdk matrix- (Java) weechat- sdk- nheko-reborn matrix-js-sdk matrix-ios-sdk matrix android (Kotlin) …and many many more The Matrix Specification (Client/Server API) server Synapse Dendrite Matrix Application Other Servers: Other Services: st nd - (1 gen Matrix (2 gen Services and Ruma (Rust), side Bridges, Bots, Integs… Server) Server) Bridges jeon (Java)… A brief history of Matrix • 2014: First alpha! • 2015: Federation becomes usable; add Postgres; add IRC • 2015: First release of Vector as a flagship Matrix client; r0 CS API • 2016: Scaling; First cut of E2E Encryption; Vector becomes Riot • 2017: Widgets, Stickers, Jitsi, Communities, i18n, Dendrite, • 2018: Feature freeze.
    [Show full text]
  • Universidad Pol Facultad D Trabajo
    UNIVERSIDAD POLITÉCNICA DE MADRID FACULTAD DE INFORMÁTICA TRABAJO FINAL DE CARRERA ESTUDIO DEL PROTOCOLO XMPP DE MESAJERÍA ISTATÁEA, DE SUS ATECEDETES, Y DE SUS APLICACIOES CIVILES Y MILITARES Autor: José Carlos Díaz García Tutor: Rafael Martínez Olalla Madrid, Septiembre de 2008 2 A mis padres, Francisco y Pilar, que me empujaron siempre a terminar esta licenciatura y que tanto me han enseñado sobre la vida A mis abuelos (q.e.p.d.) A mi hijo icolás, que me ha dejado terminar este trabajo a pesar de robarle su tiempo de juego conmigo Y muy en especial, a Susana, mi fiel y leal compañera, y la luz que ilumina mi camino Agradecimientos En primer lugar, me gustaría agradecer a toda mi familia la comprensión y confianza que me han dado, una vez más, para poder concluir definitivamente esta etapa de mi vida. Sin su apoyo, no lo hubiera hecho. En segundo lugar, quiero agradecer a mis amigos Rafa y Carmen, su interés e insistencia para que llegara este momento. Por sus consejos y por su amistad, les debo mi gratitud. Por otra parte, quiero agradecer a mis compañeros asesores militares de Nextel Engineering sus explicaciones y sabios consejos, que sin duda han sido muy oportunos para escribir el capítulo cuarto de este trabajo. Del mismo modo, agradecer a Pepe Hevia, arquitecto de software de Alhambra Eidos, los buenos ratos compartidos alrrededor de nuestros viejos proyectos sobre XMPP y que encendieron prodigiosamente la mecha de este proyecto. A Jaime y a Bernardo, del Ministerio de Defensa, por haberme hecho descubrir las bondades de XMPP.
    [Show full text]
  • Download Windows Live Messenger for Linux Ubuntu
    Download windows live messenger for linux ubuntu But installing applications in Ubuntu that were originally made for I found emescene to be the best Msn Messenger for Ubuntu Linux so far. It really gives you the feel as if you are using Windows Live Messenger. Its builds are available for Archlinux, Debian, Ubuntu, Fedora, Mandriva and Windows. At first I found it quite difficult to use Pidgin Internet Messenger on Ubuntu Linux. Even though it allows signing into MSN, Yahoo! Messenger and Google Talk. While finding MSN Messenger for Linux / Ubuntu, I found different emesene is also available and could be downloaded and installed for. At first I found it quite difficult to use Pidgin Internet Messenger on Ubuntu Linux. Even though it allows signing into MSN, Yahoo! Messenger. A simple & beautiful app for Facebook Messenger. OS X, Windows & Linux By downloading Messenger for Desktop, you acknowledge that it is not an. An alternative MSN Messenger chat client for Linux. It allows Linux users to chat with friends who use MSN Messenger in Windows or Mac OS. The strength of. Windows Live Messenger is an instant messenger application that For more information on installing applications, see InstallingSoftware. sudo apt-get install chromium-browser. 2. After the installation is Windows Live Messenger running in LinuxMint / Ubuntu. You can close the. Linux / X LAN Messenger for Debian/Ubuntu LAN Messenger for Fedora/openSUSE Download LAN Messenger for Windows. Windows installer A MSN Messenger / Live Messenger client for Linux, aiming at integration with the KDE desktop Ubuntu: Ubuntu has KMess in its default repositories.
    [Show full text]
  • An Evolving Threat the Deep Web
    8 An Evolving Threat The Deep Web Learning Objectives distribute 1. Explain the differences between the deep web and darknets.or 2. Understand how the darknets are accessed. 3. Discuss the hidden wiki and how it is useful to criminals. 4. Understand the anonymity offered by the deep web. 5. Discuss the legal issues associated withpost, use of the deep web and the darknets. The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online ‘dark’ marketplaces. Operation Onymous, coordinated by Europol’s Europeancopy, Cybercrime Centre (EC3), the FBI, the U.S. Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI) and Eurojust, resulted in 17 arrests of vendors andnot administrators running these online marketplaces and more than 410 hidden services being taken down. In addition, bitcoins worth approximately USD 1 million, EUR 180,000 Do in cash, drugs, gold and silver were seized. —Europol, 20141 143 Copyright ©2018 by SAGE Publications, Inc. This work may not be reproduced or distributed in any form or by any means without express written permission of the publisher. 144 Cyberspace, Cybersecurity, and Cybercrime THINK ABOUT IT 8.1 Surface Web and Deep Web Google, Facebook, and any website you can What Would You Do? find via traditional search engines (Internet Explorer, Chrome, Firefox, etc.) are all located 1. The deep web offers users an anonym- on the surface web. It is likely that when you ity that the surface web cannot provide. use the Internet for research and/or social What would you do if you knew that purposes you are using the surface web.
    [Show full text]
  • Openfire Service Level Agreement
    Service Level Agreement Technical Services — Communications Service University Technology Services 1. Overview This Service Level Agreement (SLA) is between University Technology Services (UTS) and either departments or groups choosing to utilize the internal Oakland University instant messaging (OUIM) service. The OUIM service is currently referenced by talk.oakland.edu and runs XMPP/Jabber software called Openfire. Under this SLA, UTS agrees to provide specific information technology (IT) services. This SLA also covers performance and reliability targets and objectives. Section 7 requires the signature and contact information of the group coordinator as an agreement to the SLA. OUIM is an online service that is available on campus and off campus. The requirements to utilize the service are a NetID, an XMPP client, and an Internet connection. XMPP clients are available online. The UTS Helpdesk supports the XMPP clients Spark, Pidgin, and Adium. Instructions are available on the UTS Web site at http://www.oakland.edu/?id=13849&sid=70. 2. Purpose The purpose of this SLA is to establish a cooperative partnership between UTS staff members with the community of customers who may opt into its use by clarifying roles, setting expectations, and providing service objectives and limitations. 3. Terms of Agreement This service is provided on an ongoing basis. From time to time, it may be reviewed and modified by UTS. Modifications to this agreement will be done at the sole discretion of UTS and the Technical Support and Services team (TSS). 4. Service Hours Regularly scheduled maintenance will be scheduled during low-use hours as much as possible; such work will be done either before 8:00 A.M.
    [Show full text]
  • XEP-0113: Simple Whiteboarding
    XEP-0113: Simple Whiteboarding Huib-Jan Imbens mailto:jabber@imbens:nl xmpp:imbens@jabber:org 2003-09-07 Version 0.2 Status Type Short Name Deferred Informational Not yet assigned A proposal for an extremely simple whiteboarding protocol over Jabber. Legal Copyright This XMPP Extension Protocol is copyright © 1999 – 2020 by the XMPP Standards Foundation (XSF). Permissions Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the ”Specification”), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specifi- cation, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or sub- stantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or pub- lisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation. Warranty ## NOTE WELL: This Specification is provided on an ”AS IS” BASIS, WITHOUT WARRANTIES OR CONDI- TIONS OF ANY KIND, express or implied, including, without limitation,
    [Show full text]
  • 'Building' Architects and Use of Open-Source Tools Towards Achievement of Millennium Development Goals
    'Building' Architects and Use of Open-source Tools Towards Achievement of Millennium Development Goals. Oku, Onyeibo Chidozie Department of Architecture Faculty of Environmental Sciences Enugu State University of Science and Technology Email: [email protected] ABSTRACT Millennium Development Goals (MDGs) were established by the United Nations to improve the well-being of humans and their habitat. Whether they are the target beneficiaries or amongst the parties administering services for achieving the MDGs, humans must carry out these activities in a physical environment. Hence, the Seventh Goal of the MDG has an indirect and far-reaching relationship with the others because it deals with the sustainable development of the built environment. Architects deliver consultancy services that span the design, documentation and construction supervision of the built environment. This study sought to determine the extent to which these professionals can do this, with respect to the Seventh Millennium Development Goal, using mainly open-source tools. The study draws from literature reviews, end-user feedback or reports, interviews with developers of applicable open-source products, and statistics from a survey, launched in 2011, for capturing how architects use ICT in their businesses. Analysis of popular open-source technologies for the Architecture, Engineering and Construction (AEC) industry show a concentration of resources in favour of the later stages of the Architect's role, rather than the design and contract-drawing stages. Some of the better-implemented tools are either too cryptic for professionals who communicate in graphical terms, or heavily biased towards software engineering practices. The products that promise Building Information Modelling (BIM) capabilities are still at an early developmental stage.
    [Show full text]
  • Tao-Of-Tmux Documentation 发布 V1.0.2
    tao-of-tmux Documentation 发布 v1.0.2 Tony Narlock 2020 年 04 月 18 日 Contents 1 前言 3 1.1 关于本书 ............................................... 3 1.2 代码等风格说明 ........................................... 4 1.3 本书主要内容 ............................................. 4 1.4 打赏 .................................................. 5 1.5 书籍形式(Formats) ........................................ 5 1.6 勘误说明(Errata){#errata} ................................... 5 1.7 感谢 .................................................. 6 1.8 本书跟新和 tmux 的变动 ...................................... 6 2 tmux 初识 {#thinking-tmux} 7 2.1 terminal 的窗口管理器 ....................................... 8 2.2 多任务处理 .............................................. 9 2.3 在后台运行程序 ........................................... 10 2.4 Powerful combos ........................................... 11 2.5 小节 .................................................. 12 3 Terminal 基础知识(fundamentals){#terminal-fundamentals} 13 3.1 POSIX 标准 ............................................. 13 3.2 Terminal interface .......................................... 14 3.3 Terminal emulators ......................................... 15 3.4 Shell languages {#shell-languages} ................................ 15 3.5 Shell interpreters (Shells) {#shells} ................................ 15 3.6 小节 .................................................. 16 4 开始使用(Practical usage){#practical-usage} 17 4.1 前缀组合快捷键(prefix key ){#prefix-key} ........................... 17 4.2 Session persistence and the server model ............................. 19
    [Show full text]
  • Introduction Points
    Introduction Points Ahmia.fi - Clearnet search engine for Tor Hidden Services (allows you to add new sites to its database) TORLINKS Directory for .onion sites, moderated. Core.onion - Simple onion bootstrapping Deepsearch - Another search engine. DuckDuckGo - A Hidden Service that searches the clearnet. TORCH - Tor Search Engine. Claims to index around 1.1 Million pages. Welcome, We've been expecting you! - Links to basic encryption guides. Onion Mail - SMTP/IMAP/POP3. ***@onionmail.in address. URSSMail - Anonymous and, most important, SECURE! Located in 3 different servers from across the globe. Hidden Wiki Mirror - Good mirror of the Hidden Wiki, in the case of downtime. Where's pedophilia? I WANT IT! Keep calm and see this. Enter at your own risk. Site with gore content is well below. Discover it! Financial Services Currencies, banks, money markets, clearing houses, exchangers. The Green Machine Forum type marketplace for CCs, Paypals, etc.... Some very good vendors here!!!! Paypal-Coins - Buy a paypal account and receive the balance in your bitcoin wallet. Acrimonious2 - Oldest escrowprovider in onionland. BitBond - 5% return per week on Bitcoin Bonds. OnionBC Anonymous Bitcoin eWallet, mixing service and Escrow system. Nice site with many features. The PaypalDome Live Paypal accounts with good balances - buy some, and fix your financial situation for awhile. EasyCoin - Bitcoin Wallet with free Bitcoin Mixer. WeBuyBitcoins - Sell your Bitcoins for Cash (USD), ACH, WU/MG, LR, PayPal and more. Cheap Euros - 20€ Counterfeit bills. Unbeatable prices!! OnionWallet - Anonymous Bitcoin Wallet and Bitcoin Laundry. BestPal BestPal is your Best Pal, if you need money fast. Sells stolen PP accounts.
    [Show full text]
  • Computer Science 161 Fall 2020 Weaver Misc Topics 2
    Computer Science 161 Fall 2020 Weaver Misc Topics 2 1 Pre Lecture Facepalm... From just a year ago! Computer Science 161 Fall 2020 Weaver Welcome to Hell Week.... Computer Science 161 Fall 2020 Weaver • Mental pressure of "Curl up in a ball with a rifle" vs "Pretend everything is normal" continues... • Highly likely Biden will be the winner: But we won't know for sure for another few days at least.... • Really a massive screwup: We should just have preliminary results announced on Friday at once for all states • Today is More Off Topic Stuff: • Nukes • Tor Hidden Services • Sidechannels 3 And Checking In With Everyone Again... How Are You on the Fauci Scale? Computer Science 161 Fall 2020 Weaver 4 The Interesting Problem: Limiting Use Computer Science 161 Fall 2020 Weaver • Who might use a nuke without authorization? • Our "allies" where we station our nukes • Original motivation: Nukes stored in Turkey and Greece • Someone who can capture a nuke • This is what sold the military on the need for the problem: We had nukes in Germany which would be overrun in case of a war with the USSR • Our own military • General Jack D Ripper scenario • The mandated solution: • Permissive Access Link (PAL) 5 Nuke Safety Features Computer Science 161 Fall 2020 Weaver • One-point safety – no nuclear yield from detonation of one explosive charge. • Strong link/weak link – • strong link provides electrical isolation; • weak link fails early under stress (heat, etc.) • Environmental sensors – detect flight trajectory. • Unique signal generator – digital signal used for coupling between stages. • Insulation of the detonators from electrical energy.
    [Show full text]
  • Novell Messenger 3.0 May 2015
    Novell Messenger 3.0 May 2015 1Overview The information in this Readme file pertains to Novell Messenger 3.0. Novell Messenger 3.0 offers enhanced functionality over prior Messenger versions: Mobile Applications: Novell Messenger 3.0 provides native applications for iOS, Android, and BlackBerry devices. For more information, see “Using Novell Messenger on Your Mobile Device” in the Novell Messenger 3.0 Client User Guide. For information about the administrative tasks associated with Messenger mobile applications, see “Managing Messenger Mobile Applications” in the Novell Messenger 3.0 Administration Guide. Simultaneous Client Connections: Novell Messenger 3.0 allows you to maintain simultaneous connections to your Messenger system from multiple workstations or devices. For example, you can be connected to Messenger on your workstation, and then connect to Messenger from a mobile device without being logged out of Messenger on your workstation. For more information about this feature, see “Limiting Physical Access to Client Workstations” in “Securing Novell Messenger” in the Novell Messenger 3.0 Administration Guide. Update Clients (Look and Feel): Novell Messenger 3.0 provides an updated look and feel for both the Windows and Linux/Mac client interfaces. The Messenger 3.0 release also contains the following changes: Removal of NetWare support: With Messenger 3.0 and later, NetWare is no longer supported. ConsoleOne download option: If you have not already installed ConsoleOne, it is available with the Messenger distribution. 2 System Requirements Novell Messenger 3.0 system requirements (including requirements for mobile devices) are listed in “Novell Messenger Hardware and Software Requirements” in the Novell Messenger 3.0 Installation Guide.
    [Show full text]