Download it while you can

Discussion in 'privacy technology' started by SteveTX, Dec 7, 2009.

Thread Status:
Not open for further replies.
  1. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  2. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    what is collispuro.com? Whenever I download things of this nature, I frankly get paranoid, but my av found no malware! and I noticed no unusual outbound connections (which is failsafe as far as I know, even if there is an "undetectable rootkit" it has to connect out!).
     
  3. loli22

    loli22 Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    92
    :eek: o_O

    and people here worry about google privacy :shifty:
     
  4. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
  5. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    This site isn't about giving you a trojan; you should know better. It's about exposing the surveillance state.
     
  6. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    I thought cryptome was "about exposing the surveillance state." What I mean is that it would be a good cover if you were the NSA! If we are going to go this far, wouldn't it be prudent for government organizations like the NSA or interpol to have agents, at say, the Electronic Frontier Foundation?
     
  7. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    I am trying to beg the question of a government backdoor tool. It would be a good idea to distribute among potential criminals (even if it is at the expense of those who are simply concerned about their privacy). But then I realized some sort of behavior blocker or HIPS would detect the effects of that "excepted" piece of malware...but I am always concerned about it. AV companies would have to knowingly accept the exception....I can see a huge mess in this.
     
  8. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    ...and so my last question is did anyone's HIPS or behavior blocker pick up anything unusual when they downloaded the zip files...call it a streak of paranoia after watching eraser, mind you, from 1996!
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    lol there are tons of these out there. You would be very surprised to find out which major and popular programs are backdoored. For example, practically all browsers that have the common certificate authorities are backdoored because the CAs are compromised.
     
  10. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Do tell. If not here, then on the XeroBank forums...

    Makes me glad I rolled my own S/MIME certificate and that of my partner with OpenSSL...
     
    Last edited: Dec 16, 2009
  11. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    I do not understand how exactly a browser can be "backdoored?" Anyway, would a behavior blocker or HIPS be able to pick it up? I mean, these programs would have to connect out, right?
     
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    While I was in China we saw many amazing things. One was a valid SSL cert for Apple's MobileMe, signed by Verisign. The only problem was it was not for Apple's server.

    This means massive MITM attacks against SSL certificates signed by commonly distributed root CAs. Which in turn means any site you allow to run scripts/code can be injected into, if it is trusted due to common CA.
     
  13. nancer99

    nancer99 Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    2
    Steve, xerobank is not responding to me

    I'm a new customer and I've sent three emails with all my contact info. I have customer service concerns, Onyx questions and a few other concerns. Can someone respond to me? It's been two weeks of trying to get in touch with you guys. I tried a pm to you here, but no go. If you respond here, I'll get you my contact info again.
    Nancy
     
  14. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    So simply checking out the ssl certificate can solve this problem? Then, when you know the server in the certificate is not what it's supposed to be, you simply don't use it?
    Also, who is collispuro? I just get all paranoid when I download grayish area stuff, maybe they attached a government backdoor! Which is why I was asking people if their AV or Behavior Blocker or HIPS picked up anything.
     
  15. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Re: Steve, xerobank is not responding to me

    If you are talking about xerobank, the forums over there may get your answers.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
Loading...
Thread Status:
Not open for further replies.