Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Inquisitor Sasha

Pages: [1]

Hacking and Security / Re: Hosting a .onion server and staying anonymous?

« on: January 18, 2014, 04:46:25 pm »

Hosting a .onion site is not going to make you anonymous. Not in the slightest. I believe that the .onion TLD is part of a DNS root hosted by Tor and only accessible through Tor or maybe though using their DNS server. I don't know what the process for registering a .onion domain is. There might be less requirements to turn over information for .onion than with other TLDs, but that's not going to make you anonymous.

Use of a specific TLD will not make you anonymous. Where you're going to run into trouble staying anonymous is with the server. You're going to need to have a server hosted somewhere that people won't be able to hunt for you. In most cases, a hosting provider's privacy policy will be enough, as long as you don't host sites with domains that are known to be owned by you or anything like that. If you're trying to evade the law, which I do not support, you're going to need to host the server in a country that won't cooperate with your country's law enforcement agencies. Even then, the NSA might try to do things like hack your server to install spyware and catch you that way, depending on how popular your server is. Staying anonymous from governments is very difficult.

Domain names go to IP addresses. These IP addresses identify the device connected to the internet. If you host a server for publishing a drug market website, it doesn't matter if you use .onion for your domain name; it will lead to your IP address if you host the server in your house, which will lead to the police breaking down your door.

General discussion / Re: website freedom

« on: December 13, 2013, 05:20:33 pm »

My org has a .lt domain. We got it as a virtual TLD, like .org.uk or something like that. It's good to see that there's not many regulations on it. It was registered through Gandi. The downside with them if you're looking for privacy is that someone's name has to appear in WHOIS because all contacts have to be Gandi accounts, which must be actual people. You can't just write "Domain Administrator" the way that you can with other registrars. The upside is that a lot of European TLDs have default privacy on registration. On our .ru domain for example, all the contact information is hidden.

I don't know completely how this works, but I think the US has some influence on all TLDs. It's the only country that doesn't have a CCTLD in front of .gov. The us .gov is just .gov, not .gov.us. For practical or ethical reasons, they might not interfere with the domains given to other countries. But I think technically if they really wanted, they could seize any domain they want.

I'm not sure what you mean by "non TLD." All domains have a TLD, which is the top level domain. You can't avoid having a TLD unless you only use the IP address of the server. In such an event you wouldn't be able to have multiple web hostnames.

Mobile Hacking / Re: SSH into iOS device and steal data!

« on: December 08, 2013, 07:27:26 pm »

I know another way of gaining access to the file system of the iOS device by connecting it to a Mac computer. You can use the command line to navigate to /Volumes, then into the device. It doesn't require any sort of jail breaking. The down side is a lot of folder names are nonsensical, so navigation is difficult. Back in the day before Apple introduced iCloud and it's ability to download stuff multiple times, you could use it to recover music off an iPod.

I can't begin to imagine why Apple makes the root password "alpine" on all of its devices. It can't be that hard to randomize. Even I could easily write a script for generating a random password. Or random string for anything for that matter.