Security In Mind, piggies at my door.

Here are a few tips of information that I have to offer, I don't mean to sound like a know it all, but this in the game we're in, it's about security and keeping one step a head of anyone whose trying to infringe on our freedom.

IPhones are also another freedom-rapist, for those of you who take pics of their grows with your latest greatest high-def phones, don't. Geolocation statistics in the 'meta' data tags of each picture you take, so the leo can download a pic that you uploaded from your phone to icmag and find out exactly where it was taken from. Same goes with youtube, any video's or anything else created with images taken from iphones can also be tracked. Not only that, but google tracks statistics and knows what internet provider you use. This information can be forwarded to the coppies and they can secure a warrant through your internet provider, some internet providers will track your pot fascination and alert local law enforcement. If you take pictures with your Iphone, upload them to your computer, and take a screenshot of the picture, paste it in paint/photoshop and save over the picture to remove any traceable data.

So far, this has provided enough information to get a bunch of my buddies houses raided, thankfully no one has found anything pot related, and the consequences are on the light side. (thank the lord)

Another, check out some of this software if you haven't already.
Consider downgrading your computer to windows xp, or buy a hipster mac book. (Most people settle for windows/mac, linux is highly recommended by spurr)
Download Firefox along with the private browsing plugin, Don't bookmark shit, don't save anything on your computer unless it's to another portable drive. (of course tor button extension like mentioned by spurr, k++)

[thread got modded]
Scroll down and read spurr's posts. They are very helpful and informative. You can learn a lot by doing so!

Thank you for a nice post. i will try to implement a bit of net security my selfe. right now i am thinking (probably falsly) that all that spy stuff is a usa. thing. and here in cet.that stuff dont go on. and i have the sloppiest of security.

I will have to do something.

Your buddies got tracked down because of what exactly again? Was it because of posting with iphones that did not have the geo tagging disabled? Or was it the use of the net constantly going to sites? Good info by the way I just want to know what was assumptions and facts.

firefox links look to be to mozilla...that's kinda where firefox lives.

lol wtf, dude, you fucked up your own computer. Applications wont work after a system restore, somethings bonkers with your computer bud take it in to get fixed. (if you can safely). You might need to format or get new ram/a bigger hard drive)

motta-tokka: It was a combination of things, the major tidbit was a video on youtube that was private, (share only) that they got a hold of, once they saw the video they found some shit online from two forums. One of the things the piggie slipped in one of the interviews was about one of the pictures because a guy I know told him it was somewhere else but the cop said he knew exactly where it was (there weren't any visual clues or anything out of the ordinary in the pic). He told me this and I knew exactly how and explained it to him (because he had used his iphone for that pic instead of his fancy canon ti-something.) I don't want to discuss too much, we're still waiting for the BIG knock down, we suspect that they're waiting until 'heat' dies down to really deliver the final blow. They have enough evidence to get another couple warrants (all they needed was suspicion of trafficking to get the first warrant), they seized a ton of incriminating digital equipment. more than enough.

k++ gdtrfb.
[edit] To those curious about the latest edit, I edited the main thread post to add https info for those who don't want to read more than the first post.

protea: I know for a fact that more cops scower the net than just american ones. k++

1. Why are you under the impression that illegal versions (meaning cracked) of windows wouldn't have the same code in em? Especially if they use windows update?

This isn't to say I think you're correct, but in all honesty, the backdoors in things like windows are only available to people like the NSA, they're not gonna use em to bust pot growers.

2. If you save an image from your iphone, and resize it in photoshop, then save it for the web, it won't have the meta info there anymore. You can even script it, in Adobe bridge, or apply a metadata template with the info you want, personal messages to the oinkies if you prefer..

3. There are plenty of proxies for anonymous browsing, try the one the piratebay offers..

4. It's more likely someone's loose lips sank your ships.

microgram said:

It's come around, and almost kicked down my door. The LEO's are after a 'crew' that I'm apart of. Now it's time for me to spread the knowledge until it's too late.

Here are a few tips of information that I have to offer, I don't mean to sound like a know it all, but this in the game we're in, it's about security and keeping one step a head of anyone whose trying to infringe on our freedom.

Click to expand...

Here's some knowledge for you.
Stop acting like a wannabe gangster, with a "crew" and "the game" and a lot of your problems will go away.

The first step in good security/privacy for me has always been not to download strange zip files linked to from random guys on the internet.

Since I didn't download it, I can't confirm if that zip file you want us to download is safe or not, but if its just an encryption or secure deletion program, those can be found from reputable software vendors with some quick searches (safer, in my mind, than downloading an unknown ZIP from uploading.com).

peace

microgram said:

​

It's come around, and almost kicked down my door. The LEO's are after a 'crew' that I'm apart of. Now it's time for me to spread the knowledge until it's too late.

Here are a few tips of information that I have to offer, I don't mean to sound like a know it all, but this in the game we're in, it's about security and keeping one step a head of anyone whose trying to infringe on our freedom.

Click to expand...

I think it's a good idea you are trying to help others, but, you are spreading FUD and have a few things mixed up. I will try explain what I mean in your post, and offer suggestions about how to do things 'right'.

microgram said:

First and foremost, Your computer isn't safe unless you're running a non-legitimate version of windows. The latest versions of windows are insecure and are known to have backdoor viruses installed by microsoft in your computer, They have denied this, but we know it's a lie. They are known to be in windows vista and windows 7. Microsoft has a criminal compliance handbook with international governments, among microsoft so does yahoo (flickr) and google (gmail, youtube, etc).

Click to expand...

If you're using any Microsoft based OS you already failed from a security viewpoint. You should be using *nix, at least Ubuntu, but better yet using BSD or some other hardened *nix OS, but, Ubuntu is good enough for most people and most windows users can learn it pretty easily. Ubuntu is freeware and open source. If using Ubuntu then make sure to WDE (whole disk encryption) and use > 1gig RAM and disable paging file.

If someone has to use Windows, then it's most wise to use TrueCrypt to encrypt the system as WDE (Whole Disk Encryption) and use the Hidden OS feature. That means LEO tries to access you computer they will be unable to, the whole disk is encrypted, and if they force you via court order to decrypt the disk then you simply give them the passphrase to "honey pot" OS. The honey pot OS is second OS installed that is not the one you use day to day. The honey pot OS will have no incriminating data on it. This is important due to the vast amount of data left on a Windows OS, and the fact with NFTS filesystems you can't be sure you securely shredded evidence like browsing history, documents, etc. There are many steps that must be taken to secure a windows OS, it's almost not worth the effort, mostly because windows is closed source so you can't trust it.

The best way to use Windows is to use Ubuntu and setup a virtual machine (VM) to run Windows. That way Windows will be setup to not be allowed to access the Internet, and you can still use windows programs (if they don't work under the windows emulator WINE in Ubuntu). TrueCrypt is available for Ubuntu, and it might be possible to setup a VM of Windows using TrueCrypt to encrypt the Windows VM a la WDE with hidden OS feature (untested, but I plan to test it someday soon).

There area many areas in a Windows install that you need to configured to make it more secure, such as disabling System Restore, Shadow Volume Copy, Write Behind Disk Cache, encrypt (or disable) SWAP (aka paging) file, setup a restricted guest account and only use the guest account, disable various services (see BlackViper services website), setup a firewall with "stealth ports" mode (windows firewall sucks ass; Comodo is good and free), setup a good virus scanner, malware scanner (like Malware Bytes and Super Anti Spyware), etc, etc, etc...

So, in short, for a secure computer use Ubuntu (or even Kubuntu), enable WDE when installing from Ubuntu Live-Cd and make sure the firewall has stealthed ports.

Going even a step further, one could use a Live-CD or Live-DVD as their OS (see link below). So, they could use Windows for normal stuff they don't worry about, and use a Live-CD or Live-DVD for anonymity related stuff. Using the Tor Live-CD below is a great way to go. Live-OS's leave zero data on the HDD, they only use RAM...however, using Live-OSs limits their usability big time, e.g., you can't save files, bookmarks, etc (unless using a Live-USB but that kind of defeats the purpose of using a Live-OS unless the Live-USB is encrypted). Thus, for usability we are back to Ubuntu with WDE with Microsoft inside VM that isn't allowed to access the Internet if one needs Microsoft.

Here are two great resources:

1. Tor Live-CD/Live-USB:
Incognito + Amnesia = The (Amnesic) Incognito Live System: https://amnesia.boum.org/ (the SSL cert is not from a SSL cert authority, it's self signed, so you will need to accept it in the browser)

2. Setup secure VM browsing with Tor inside Ubuntu:
"More Secure Tor Browsing Through A Virtual Machine in Ubuntu" I uploaded that PDF to this post.

microgram said:

IPhones are also another freedom-rapist, for those of you who take pics of their grows with your latest greatest high-def phones, don't. Geolocation statistics in the 'meta' data tags of each picture you take, so the leo can download a pic that you uploaded from your phone to icmag and find out exactly where it was taken from.

Click to expand...

It's easy enough to remove meta-data from pics...also, just disable GPS geo-tagging in the phone, the same goes for new cameras and all smart phones.

microgram said:

Same goes with youtube, any video's or anything else created with images taken from iphones can also be tracked. Not only that, but google tracks statistics and knows what internet provider you use. This information can be forwarded to the coppies and they can secure a warrant through your internet provider, some internet providers will track your pot fascination and alert local law enforcement. If you take pictures with your Iphone, upload them to your computer, and take a screenshot of the picture, paste it in paint/photoshop and save over the picture to remove any traceable data.

Click to expand...

You are posting lots of misinformation and FUD. To remove meta-data read my posts on the subject in this sub-forum, or the other myriad of posts on the subject in this sub-forum.

If anyone is posting pics/video's without using Tor if they worry about anonymity then they failed anyway. Also, google doesn't know what ISP you use if you don't use google, and don't allow google via cross-site scripting.

microgram said:

So far, this has provided enough information to get a bunch of my buddies houses raided, thankfully no one has found anything pot related, and the consequences are on the light side. (thank the lord)

Click to expand...

What has "provided enough information"? Do you mean meta-data from pics? That claim smells like FUD to me, do you have any proof they got raided due to meta-data? And do you really mean "a bunch", that is more than half a dozen...

microgram said:

Another, check out some of this software if you haven't already.
Consider downgrading your computer to windows xp, or buy a hipster mac book.

Click to expand...

Do neither of those for security, simply download the free Ubuntu and install it on your HDD setting up WDE...

microgram said:

Download Firefox along with the private browsing plugin, Don't bookmark shit, don't save anything on your computer unless it's to another portable drive.

Click to expand...

Please do not use that add-on, you need to use TorButton with Tor! It is a must for a myriad of reasons I don't fell like covering here.

Please read my posts in this thread, and use the add-ons I suggest in that thread for a sufficient level of security and anonymity:
https://www.icmag.com/ic/showthread.php?t=194459


If someone is using Tor but not TorButton with Firefox they are sticking out like a soar thumb and they are very vulnerable to a myriad of attacks on their anonymity. Not using TorButton with Tor is a major fail.

microgram said:

***No matter what web browser you use, it will ALWAYS send the website that you were just at to the website you want to visit. Example: If you're on icmag, checking out some wicked bud porn, don't click on a "www.dea.gov/howwecatchpotgrowers.html" kind of link because they'll know where you just came from!

Click to expand...

Just use the RefControl add-on I wrote about in that thread I linked to above. Done and done. Then you can visit FOO.com from icmag.com and FOO.com only sees a referrer for FOO.com.

microgram said:

https:// doesn't mean it's totally secure, this just tells you that NORMAL people can't intercept your data. Law enforcement can still decrypt this data with FREE programs, which are available to us!...

Click to expand...

That is total FUD man. Sure SSL can be broken, but it's not non-trivial and it's not done by LEA, nor by hackers. What is more likely to happen is MIM (Man In the Middle) attacks, SSL spoofing, etc. But it's not nearly as easy as you are implying. Current SSL is safe, more of a worry is SSL cert authorities, that is why using a self-singed cert is often a better choice.

microgram said:

Second, if you must still use windows, I'd recommend downloading: Freeotfe, it's a free encryption program, easy to use and very secure. (Use blowfish at 448 bit, and use a hard ass password 20-30 mixed characters, numbers, symbols. This is better grade encryption than the military. With encryption/security strength comes the cost of time.) Encrypt all your incriminating information. Though, Encrypting files IS ILLEGAL in some places, it's somewhat of an unwritten law in places where it's not illegal.

Click to expand...

Blowfish is NOT better "encryption than the military", no matter what bit length; Blowfish is old. The best option for strong encryption is using an algorithm chain, e.g. AES > Twofish > Serpent. And make sure to use a hash algorithm that adds salt, like SHA-512 or better yet use Whirlpool (third version).

FreeOTFE is not a good choice, people should use TrueCrypt if they want to make encrypted volumes, and they should use the "hidden volume" feature; which is analogous to the "hidden OS" feature in TrueCrypt I wrote about above. Also, with TrueCrypt you can use the encryption algorithm chain and hash algorithms I listed above; which are much better than using Blowfish.

microgram said:

Download Tor&Vidalia Tor is known as the onion router, and vidalia is the 'front end' for it, it lets you configure the proxy (you can't torrent shit through tor though). It's free software obviously, and it'll connect through it's private network (specify as many connections as possible)

Click to expand...

You cannot "specify as many connections as possible" in Tor, you only get to use 3 nodes for non-hidden service surfing. I.e., your computer > Tor entry node > Tor middleman node > Tor exit node. There is no proven security or anonymity gained with node chains longer than 3.

microgram said:

and it'll encrypt your data a million times over the strength of military encryption by the time it gets to it's destination.

Click to expand...

No it does not. Tor uses standard encryption via OpenSSL (IIRC Tor uses TLS), and data is encrypted with 3 'layers', once at your computer, a second time at the entry node and a third time at the middleman node; then the exit node decrypts the layers and passes the data on to the website "in the clear".

If using HTTP with Tor (which is a bad idea if one can use HTTPS), then the data from the Tor exit node is not encrypted en route to the website. That means the Tor exit node can "sniff" all the data "packets" and see what is being transferred like passwords, posts, etc. That is why if using Tor then it's very important to try and use HTTPS, especially when entering passwords. For ICmag a Tor user should always use HTTPS. See the thread I linked to above for my directions on configuring NoScript to force HTTPS at ICmag and for Icmag cookies too.

On that point: cookies, especially HTML 5 cookies, aka EverCookies, are very dangerous for anonymity. See the thread I linked to for info about the only way to remove EverCookies (re: BleachBit).

The thread I linked to covers lots of topics about security and anonymity for Internet traffic, issues such as JavaScript, etc.

microgram said:

Some configuration is necessary, you might have to read their FAQ and learn how to allow your firewall/router to work with tor.

Click to expand...

You do not need to configure a firewall/router to use Tor. Have you even used Tor before? You only need to configure firewall/routers (i.e. open incoming ports/port forward 9001 and 9030) if you are running a Tor node...

If using Tor one should configure their local firewall to stealth all ports, this defeats port scanners, etc. In fact, one should stealth all ports all the time, and if using online gaming, running a Tor node, etc., then one would need to forward specific ports.

microgram said:

This will let you browse the internet anonymously, configure firefox to connect through this proxy (through tools&options&advanced&network), and do all of your email/pot/surfing crap through firefox.

Click to expand...

What you wrote will provide much reduced anonymity and security, you didn't even discuss issues about Javascript that can fully break anonymity when using Tor. When using Tor it's imperative to use Firefox and TorButton add-on, and it's wise to use the other add-ons I listed in the thread I linked to above.

microgram said:

Any other pointers, let us know!

Click to expand...

Done and done. Sorry if I seem kind of terse, it's just that the info you provided is very flawed and will make people worse off because they think they are anonymous and secure when in fact they are not. It's very important to know what you are writing about before suggesting tips to people that can make or break their freedom.

microgram said:

Also, keep some thermite handy, place it over your external hard drive and keep a copper-pipe soldering torch handy. if you hear a loud bang, run to your computer and light that sucker up. It'll melt right through the hard drive (I'd recommend placing it on about 12 inches of cold forged steel so it doesn't burn a hole through your floor).

Click to expand...

Really man, com one! That is such bad advise I don't even know where to start. Just use WDE via Ubuntu and no one will be able to access any data on your HDD. Better yet would be using WDE with hidden OS feature via TrueCrypt in case someone tortures you to get the passphrase, or you are court ordered give the passphrase otherwise facing jail time; but the hidden OS feature of TrueCrypt is only available with Windows IIRC.

Using a Live-CD/Live-DVD (I linked to above) is another route to take but one can't save data unless using an encrypted USB or encrypted container on the HDD.

microgram said:

Deleting pictures aren't permanent, so keep this in mind

Click to expand...

Yes it is, if using proper methods. But the safer route is to use WDE, then one doesn't need to worry about evidence as long as one wouldn't be forced to give up the passphrase; and in the U.S. courts can't force you to give up the passphrase (AFAIK).

ixnay007 said:

3. There are plenty of proxies for anonymous browsing, try the one the piratebay offers..

Click to expand...

Open proxies are very unwise to use (even if chained) because they can be run by anyone, and often sting operations use open proxies. Anything short of Tor is a fail in terms of anonymity, that said, a custom and private bot net can be more secure/anonymous than Tor due to "security through obscurity". However, setting up a proper bot net for secure/anonymous Internet use if far from easy, it's not like making a simple bot not for DOS attacks. Very few people have the skills to setup a properly secured and anonymous (chained) bot net in liue of Tor.

There are some Russians hackers who have bot nets for sale for anonymous surfing, but you can't trust them (ex. xsox.name and http://anyproxy.net ) .

Check out this GUI for access to a Russian run bot net proxy network that is top of the line, XSOX, but very hard to gain access for use:


"Web Fraud 2.0: Cloaking Connections"
http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html


"XSOX.NAME and Proxy Bots - Frequency X Blog"
http://blogs.iss.net/archive/XSOXProxy.html



(using bot nets is illegal; I do not suggest it, I only wrote about it as an example of what can be better than Tor if the person using the bot net is the same person who created and wrote the code for the bot net...)

spurr,

well said, you own this thread and i agree with everything you've said. OP, please don't be so sensational in the future, although i'm sure your intentions are well meaning, we must always take great pains to ensure we disseminte accurate information, particularily in so far as it pertains to security.

sorting through all of this techno jargon can be a bit tricky and confusing at times, but the most important thing when it comes to internet security for most users is simple common sense. there is nothing illegal about the free information available on icmag, but it's best to take some precautions, such as don't leave your browser open at work, make sure you use mozilla firefox, don't click on random links sent to your inbox, don't let anyone use your account, not ever, etc... with that being said, i strongly recommend all ICMAG users take some time and do a bit of research for themselves, we should all have a good fundamental understanding of at least the basics of internet security.

in the long term, the best thing we can do for all of our security in the future is continue to openly discuss cannabis in a free, safe, unbiased forum and spread the word throughout the world. they cannot keep us down, our voices are too many and too powerful, and the internet is not something that can be censored. in time we will prevail...but in the meantime, i would suggest, as i'm sure many of you are already doing on a daily basis, that we all just use common sense when browsing cannabis related sites. just my 2 cents.

- John

These links burned my computer, its more of a piece then it already was. Spurr thanks for making things right. I fully agree if OP drop's the my crew and the Game shiz the majority of the OP's problems will take care of them selves. Although you may be trying to help, leave the safety to those in the know, like Spurr. Karma, One Love

they been here 2 times and still dont know i grow LOL i am legal tho

This doormat should be mandatory...

WARNING!!!

Links below by microgram are not safe!

microgram said:

​

Download Tor&Vidalia Tor is known as the onion router,

Click to expand...

That is not the URL for Tor! The URL for Tor (and Vidalia) is http://torproject.org ; not http://tor-project.org

microgram said:

SECURITY IN MIND.zip - 2.9 MB

Click to expand...

Do NOT download that file! Firstly, when clicking the download link an exe file is automatically loaded for download titled "tubedownloader.exe". That is unsafe and most likely malware! Do not download that file. That file host uploading.com is not to be trusted, and in fact, any file host that requires JavaScript is not to be trusted for this very reason: they often try to surreptitiously install programs, or at least run addware pop-ups and other JavaScript on your computer that can break your anonymity and do other nefarious things to your computer.

Also, the OP states the file size of "Security_in_mind" is 2.9 mb, yet the actual file size of that zip folder (once downloaded) is just over 3 mb (i.e. 3,017 kb). That is not good news, it could mean the file host (uploading.com) has added files/code to the zip file (such as malware). This is a reason why ALL files uploaded to file hosts should be encrypted using 7zip or WinRar.

Within that zip file "Security_in_mind" is the old program for volume encryption called FreeOTFE. That program should not be used, instead use TrueCrypt (for Windows, *nix and Mac). I have had contact with the author of FreeOTFE years ago, Sarah, and IIRC, she stopped development FreeOTFE years ago. And once again: BlowFish is not a good algorithm to use. Besides the program being old, we can not trust the file(binary) and other files within the FreeOTFE folder are safe. Not only that, but there is a shortcut to the FreeOTFE encryption inside the outer folder, and the shortcut points to "E:\Tools\Security\FreeOTFEExplorer\FreeOTFEExplorer_Launcher.exe". The problem is the shortcut will not work unless the program is on an E:\ drive. That leads me to think the OP simply found the folder he uploaded and renamed it. Very unsafe and uncool.

Also within that zip file is "sdelete", a file shredding program that is a weak file shredder (for various reasons I don't feel like describing here such as not shredding File Slack Space). The binary sdelete can be downloaded here, from Microsoft.

A much better on-the-fly file shredder is the free Eraser 5.7 (do not download newer versions), or the free BCwipe (the bonus to BCWipe is it can be used to encrypt the windows Swap file with "Crypto Swap"). Both Eraser and BCwipe can also be used to shred filesystem locations like Recycle Bin, Free Space, File Slack Space, etc.

For a system (ex. free space, etc.) and program shredder/cleaner use the free BleachBit (a bonus is it will delete the nefarious EverCookies; i.e., HTML 5 cookies; read the FAQ) to shred/clean/remove evidence from various Windows and Linux programs and system locations. Also using the free CCleaner is a good idea (a bonus is it will safely clean/fix Windows registry issues; can be used with so-called DOD shredding algorithm of "3 passes" [under Options > Settings]). CCleaner should be used with the free CCEnhancer package to shred/clean/remove evidence from > 270 windows programs.
To securely shred an entire hard-drive disk, ex., if selling a computer, installing (or re-installing) an operating system, etc., using Darks Boot N Nuke (via burning iso file as 'bootable' to make a Live-CD or Live-DVD) is a great method. Two caveats about default settings for Darks are about wiping remapped sectors (which should be done, thus default setting of Darks isn't sufficient) and wipe the Host Protected Area.Thus, the zip file "Security_in_mind" SHOULD NOT BE DOWNLOADED. There is no way to verify that the binary files are 'safe' without checking the SHA-1 hash of the included binaries against binaries from the real host site, and even then, we can not be sure the binaries in the OPs zip file are safe. Not only that, but the included programs are weak and should not be used.

The batch file included in the OPs zip file, used to run sdelete, should not be used. It's quite obvious the OP found this batch file online somewhere, and that he didn't write the batch file. The batch file tries to run a program not even included in the OPs zip, nor installed on most Windows system, a file called "cipher.exe"...

I can not express strongly enough that the zip file the OP uploaded and posted should not be used.


Here is the batch file "kill.bat":

@echo off
:: if "%1" == "" echo "Nothing to do" GOTO END

[edited out garbage text]
​

set choice=""
if not exist %windir%\system32\cipher.exe goto dnecipher
set /p choice="Should I Scramble %1 [Y/N]?:"
if "%choice%" == "" GOTO NOT
if /I "%choice%" == "N" GOTO NOT
%windir%\system32\cipher /w:%1
:NOT
set choice=""

if not exist %~dp0\sdelete.exe goto dnesdelete
set /p choice="_Nuke_ the file?[Y/N]?:"
if /I "%choice%" == "" GOTO END
if /I "%choice%" == "N" GOTO END
%~dp0\sdelete.exe -p 10 -s %1
echo Done.
goto end

:dnecipher
echo Cipher command doesn't exist...
goto NOT

:dnesdelete
echo SDelete doesn't exist...
:end

Click to expand...

Oops, I'll edit the main thread post, wicked, thanks for the info!

dd for the win for trashing files if you're using ubuntu. Not a fan of the local pam perm escalation sploit though.

You need sdelete in the current directory of kill.bat if you want to be able to use it, and cipher.exe in your system32 dir.

What the hell, it's 2.9 mb 'compressed', I don't understand why they'd fill it with garbage, someone upload it to a different hosting service??

I'm definitely a fan of truecrypt now, just looked it up.

You own this thread man, props . Muchos appreciated. (as ironic as that might sound) sslstrip, look'r up

I'm obviously not an officer, but I know no one 'snitched' on anyone and they must have gotten this information somehow.

Oh, I'm not gangsta by any means, I'm not some wannabe bullshitter, just playing the cards I've been dealt. I edited my thread to include some more info (thanks guys on elaborating, danka) I appreciate the corrections and elaborations, I apologize for any exaggerations or misleading statements, just trying to keep it in simpleton lingo.

The backdoors will try to do a lookup for the 'server' to connect to, the code is all there, but it'll attempt to connect to the ill-legit windows updating thing that was patched via hosts file, which will make the 'backdoor' useless.

I was under the impression tor encrypted it's content using openssh, with each node's private key.

Most users will only contend with what they have in front of them and not venture much further than that. I'd be greatful if a user decided to install tor and did 2 out of the million things mentioned here.

I would love for anyone to find that batch file online, I wrote it myself, 100%. It's a batch file, not a program. I'll 're-write it' to utilize other programs, but those are definitely being prioritized in my awesome apps list.

The reason why I added the check for cipher is because I know it's not included on most systems, only newer ones (vista and 7) but can be found on windows server os's from 2000.

As far as I recall, secure blowfish has never been broken unlike rsa? I may be wrong, but I can't recall a single instance where blowfish has ever been broken.

Use noscript to permit and deny javascript and other scripting languages from running on your computer with firefox, easily done. Shouldn't be a problem if you're running another operating system.

I don't know if this will work, but 0/43 antivirus programs threw any warnings with my zip downloaded from uploading.com....
VirusTotal analysis security in mind.zip (downloaded from uploading.com) <--- give it a second, it takes a while to queue

Just fyi-

The majority of us (and I've been an IT assistant before) won't understand half the shit you are talking about.

When you write 3 pages worth of info, citing a billion different plug ins/programs/different version of operating systems, nobody is going to be able to fallow it, or even want to.

If you want to really help, explain what to do in 5 steps, and keep each step under 3 sentences.

And overall, if cops/leo is after your computer shit, trying to track your internet activities, you've already fucked up in some way.

Real world security/procedures is much more important then going to conspiracy theory internet security status.

Well after messing with the links, I have lost all my downloads, pics and bookmarks but I probably shouldn't of had all that on my computer anyway. I now have the new bittorrent, AVG security 2011 and a new codec pack. It took a while but the computer is now working better then it has in a long time. Karma, One Love

The links from the OP were the cause of junking my computer but it did force me to rethink what was stored on my computer and do some much needed work to fix it after an armature scrub

Lol.. what a fail of a thread. OP warning us about security while posting insecure links.

First rule of security: Don't click on links to zip files from random dudes on the internet.