ZeroNet Blogs

Static ZeroNet blogs mirror

Meme #2

- Posted in twentyfourzero's blog by with comments

18813300_1845960079052526_3140549978613643356_n.jpg (490x609)

Meme #1

- Posted in twentyfourzero's blog by with comments

18698197_1844344805880720_7472505384687056294_n.png (500x500)

В связи с тем, что мне не удалось связаться со Сбербанком, точнее — с кем-то вменяемым с той стороны, хочу поделиться, чтобы если не исправить утечку данных, то хотя бы предупредить о ней.

Совсем недавно случайно обнаружил, что Сбербанк Онлайн густо утыкан счетчиками. Это Google, Doubleclick, Rutarget, ЯМетрика. Еще раз подчеркну, в личном кабинете, где люди переводят деньги, вводят очень персональную информацию и т.п., в этом личном кабинете натыканы скрипты, которые Сбербанку совсем не принадлежат, а принадлежат совсем не нашим компаниям, например. Давайте посмотрим, что из этого выходит (слайды и видео ниже).

Обнаружил я эту гадость совершенно случайно, поскольку баннерорезаками не пользуюсь и брезгую в силу создаваемых ими глюков. Теперь же я настоятельно рекомендую до исправления ситуации резак включать хотя бы на сайте Сберонлайна, хотя и с ним при включенном резаке были глюки, лично у меня.

Баннерорезка блокирует часть зловредов.

Я написал на zabota@ Сберу и в FB. Звонить я не терплю, уж извините. В FB был получен замечательный ответ.

Я даже не обиделся, просто записал видео.

Слева сайт Сбербанк Онлайн, справа — мой комп в 20км от того места, где я сижу. При наборе какого-либо текста, включая пароль, данные уходят в журнал на моем компьютере. Заморачиваться не хотелось, потому на все ушло меньше времени, чем я пишу эту статью.

Суть происходящего в следующем:

1) Скрипты могут быть использованы для сбора любой информации, о платежах, картах, паролях и других вводимых и отображаемых данных. 2) Скрипты могут не принадлежать тем хостам, с которых их изначально планировалось брать (в видео выше я подменил один из скриптов на свой), поскольку оценка безопасности перекладывается на браузер пользователя, изначально крайне небезопасную вещь. 3) Скрипты могут быть использованы для подмены вводимой информации.

На видео я демонстрировал только дублирование ввода пароля. Просто потому, что не хочу входить в свою учетку публично.

Началось все с моего форума, но, к сожалению, никакого результата это не дало.

взято отсюда

Zite takedown

- Posted in twentyfourzero's blog by with comments

A few years ago you'd always hear about the anonymity of Tor and by extension how difficult it would be to take down onion sites, alas, in the years since many websites have been taken down, especially drug markets. I think it'd be very interesting to see a concerted effort by an agency like the FBI attempt to take down a zite, and see once and for all whether they could actually succeed.

"Under the circumstances of the present crisis the social democrats energetically develop the traitorous theory that the crisis hampers the revolutionary struggle of the proletariat and predestines it to failure. Trotsky joins his voice to this chorus of social democrats. The "Left" social democrats have invented a special theory that the circumstances of the crisis create not a revolutionary but a counter-revolutionary situation. Therefore, they say, the working class can only conduct a defensive but not an offensive struggle!

It is easy to grasp the full, traitorous import of such counter revolutionary inventions. The crises sharpens all the contradictions of capitalism to the utmost. It is in just such circumstances that the social democrats come out as 'healers' at the bedside of sick capitalism. They proclaim their task to be, not to help in burying capitalism, but to help in 'curing' it. Paralysing the revolutionary energy of the workers they thus open wide the door for the victory of fascism, as was clearly demonstrated in Germany."

Screenshot_from_2017-05-30_03-11-39.png (378x441)

One of those blue dots looks like its in Pyongyang.

I recently came across the routing algorithm of Distributed Hash Table, a distributed data structure in which the access and the storage of data is collectively supported by members of a virtual community. A member who respects Distributed Hash Table design is responsible for reducing the cost of searching and maintaining the availability of values. Individual characteristics of each member build up the efficiency of the whole system.

Limited Knowledge

Within a distributed network, each member has limited knowledge of his surroundings. Due to the fact that the distribution of useful resources is not deterministic, a peer without sufficient knowledge has to search desperately in a gigantic space. If I only know of one peer, who knows stuff but is unwilling to help, brute-force scanning the network is the only way to discover more data, which requires a lot of energy and time.

Knowledge by Sharing

Sharing knowledge is the key to know more and search less.

Fortunately, I found peer C who does not know stuff but is willing to help. He gave me a list of n = 10 people who may or may not have what I want. Okay, I will ask them. The time complexity of finding the right person who has what I want is O(n).

I asked peer D and he told me that peers E, F, G are most likely to have what I want, while the other people in my list are unlikely to help. At this point, peer D helped me reduce my search space by more than one half. Hopefully, everyone will guide me towards the right direction. The time complexity of finding the right person now becomes O(log(n)).

Interest and Responsibility

How does peer D know who are the most helpful people? It must be the case that either peer D used to retrieve the same files from peers E, F, G, or peers E, F, G are supposed to be responsible for saving the files I want.

Furthermore, I can verify if peer D told me the truth by asking peers E, F, G for the file. If any of them has the file I want, or brings me closer to my destination, I can be confident that peer D indeed helped me, and that peers E, F, G are also trustworthy. If none of them has the file I want, and most of them point me to a farther location, I will be skeptical about the trustworthiness of peer D. Perhaps peer D is innocent but peers E, F, G do not fulfill their responsibilities, so I will also avoid asking peers E, F, G for help in the future.

Finally, I have the file I am interested in. Most importantly, I know who has the file. I can share my knowledge with others, upon request.

At the heart of a DHT network is peer responsibility. However, ZeroNet works slightly differently. In ZeroNet, no peer has a predefined responsibility. We host data according to our interests, so that unsolicited content does not come into our computers without permission. However, responsibility can be defined anyway. In all of the files one is interested in, a subset of them should be kept longer.

The principle of sharing knowledge in a DHT network is to spread the most helpful information. By giving out a ordered list of addresses sorted by the possibility of having the desired file, a peer helps others by reducing time complexity.

Why does DHT work?

Everyone is responsible for keeping the system running. There must be people to help you store things. There must be people to help you find things.

At the beginning, everyone decides his own responsibility in such a way that if one peer fails, the network is still working. By hashing the data received, one knows if saving those data fulfills his responsibility. By comparing the other people’s responsibilities with one’s own responsibility, one knows who to keep in touch with in order to make parts of the network reachable.

Hashing also helps rank the usefulness of routing information. Time complexity cannot be reduced unless the returned list of peers is sorted by usefulness. Useful routing information makes one closer to his destination. The closeness to destination can be measured mathematically by computing requested_hash xor responsibility_of_any_person_I_know_of.

ZeroNet has a reputation mechanism in development. In addition to closeness, usefulness of routing information can be defined as to the best of the responder’s knowledge, mentioned people having high reputations. Reputation can be measured by the success rate of retrieving the desired data in untampered form. This does not utilize hashing functions, but is consistent with the principles of a DHT network.

How to fulfill routing responsibilities

Knowledge - Ask people about their responsibilities. Remember their addresses and responsibilities. Sort the addresses by closeness. - Bind the peer addresses to our interested files. - Remember Peer Exchange results.

Ranking - Evaluate the peers I know and yield reputation values. - The initial value of reputation should be 0 (neutral) and should change as the result of evaluation. - Impression fades due to infrequent contact. More complex algorithms can be applied to reset the reputations of peers we do not contact with.

Being Helpful 1. Closest: Given a file request, if I have the file, I say I have the file. 2. Second Closest: If I do not have the file, but I know who has given me the file, I return a list of peers. I put their addresses at the beginning of the list. I only include people with high reputations. 3. Closer: If I do not have the file, but I know who is responsible for saving the file, I append a list of peers to the result. I only put people with high reputations there. 4. Closer: If I do not have the file, and I do not know who is responsible for saving the file, I append a list of closest peers to the result. Hopefully, people there will help you find your file.

How to fulfill storage responsibilities

Our garbage recycler should value peer responsibility. Optional files that matches a node’s responsibility should be kept longer.

Other Notes

  • Integrity of values should be verified by checking digital signatures.
  • Key size does not need to be 160 bits. It can be any reasonable size. For instance, MORPHiS uses a bigger key size to fit a SHA-512 hash into a key.
  • DHT protocol does not need to rely on UDP. All we have to do is to get information around. For instance, MORPHiS uses TCP to transfer DHT protocol payload.
  • Responsibility of a node should be changeable by modifying configuration files.
  • ! Uniqueness of node responsibility allows potential fingerprinting attacks.

本文以Vultr购买的Centos 7主机为例,详细介绍了安装Shadowsocks Python版的方法。建议以密钥的方式绑定主机并以此登录,注意保护好自己的密钥。

准备

首先,更新系统:

yum update

为了防止被人暴力扫描破解登录密码,我们先对Vultr自动生成的密码进行重置:

passwd root

这里我个人使用了256位随机密码,包含特殊字符。

另外也可以安装fail2ban来禁止掉反复尝试登录的ip地址:

yum install fail2ban

启用fail2ban:

systemctl enable fail2ban

编辑配置文件:

vi /etc/fail2ban/jail.local

这是一个新文件,添加如下的内容:

[DEFAULT]
# Ban hosts for one hour:
bantime = 43200
findtime = 600
maxretry = 1

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

重启fail2ban:

systemctl restart fail2ban

下面分别是查看fail2ban状态的两条命令:

fail2ban-client status
fail2ban-client status sshd

安装

安装一些必要的软件:

yum install git vim -y
yum install epel-release -y
yum install mbedtls-devel -y

编译依赖:

#安装libsodium
export LIBSODIUM_VER=1.0.12
wget <https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VER.tar.gz>
tar xvf libsodium-$LIBSODIUM_VER.tar.gz
pushd libsodium-$LIBSODIUM_VER
./configure --prefix=/usr && make
make install
popd
ldconfig

安装shadowsocks:

yum install python-pip -y
pip install <https://github.com/shadowsocks/shadowsocks/archive/master.zip>

修改配置文件:

vim /etc/shadowsocks.json

同时启用ipv4和ipv6:

{
    "server":["[::0]","0.0.0.0"],
    "server_port":8388,
    "local_port":1080,
    "password":"your_password",
    "timeout":60,
    "method":"aes-256-gcm"
}

设置开机启动:

chmod +x /etc/rc.d/rc.local
vi /etc/rc.local

在文件末尾加入:

/usr/bin/ssserver -c /etc/shadowsocks.json -d start

运行

启动Shadowsocks:

ssserver -c /etc/shadowsocks.json -d start

此时,我们还不能通过外网访问服务器,因为防火墙并没有开启相应的端口,编辑防火墙开放的端口服务:

vi /etc/firewalld/zones/public.xml

添加如下行:

<port protocol="tcp" port="服务器端口"/>
<port protocol="udp" port="服务器端口"/>

使新规则生效:

firewall-cmd --complete-reload

至此,shadowsocks已经可以使用。

更新

pip install <https://github.com/shadowsocks/shadowsocks/archive/master.zip>