×
all 14 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted]  (3 children)

[deleted]

    [–]imakechili[S] 9 points10 points  (2 children)

    Sorry man I have no time or will to do this. All communications I send involving the black market communities will be via this reddit account and this reddit account only. This is simply for my safety.

    I was putting this here in the hopes that someone else would link them. Trust me, this is not helping the feds. The feds are not idiots, they wouldn't miss something like a web header. And unlike SR, which was based in the US, for Sheep the NSA can claim a right to be involved as it is a foreign marketplace conspiring to import drugs into the US (and slap on "aiding terrorism too!"). When the NSA can claim the right to be involved the heat is on.

    I'm sorry you feel that this doesn't help much, but these kinds of messages are the full extent of what I wish to contribute.

    [–][deleted]  (1 child)

    [deleted]

      [–]imakechili[S] 2 points3 points  (0 children)

      Fair enough. As much as a part of me wishes I could do more I'm not at the point where I can expose myself to that amount of risk. Keep on keepin on guys, as long as we keep learning we'll be fine.

      [–]throwawaysilky 4 points5 points  (1 child)

      Is there something inherent in PHP which means badness for we non-tech folks?

      [–]jahwolf 2 points3 points  (0 children)

      Early SR had similar issues, which were supposedly fixed.... be careful.

      [–]Fakje 1 point2 points  (0 children)

      Plot twist : no framework, fake leaks.

      [–][deleted] 1 point2 points  (1 child)

      Hey I know this is long dead, but I am curious, what kind of education does it take to know the stuff you do. Thanks.

      [–]imakechili[S] 1 point2 points  (0 children)

      If you're serious about security I would recommend at least a Master's in computer engineering. If you're looking for specific educational advice I would say make sure you go to a top ten school in your field. Otherwise make sure you stand out from those around you and you will be fine.

      My credentials are only an undergraduate degree from a top three American institution with a specialization in computer security (among other things). Despite this security is not my chosen career, so do take anything I say with a grain of salt as there is much that I do not know.

      If you have any specific questions about this let me know.

      [–][deleted] -3 points-2 points  (6 children)

      edited for stupidity.

      [–]AStringOfWords 10 points11 points  (2 children)

      Rest assured that the FBI and NSA have already performed a far more thorough attack vector analysis.

      [–][deleted] 5 points6 points  (1 child)

      Rest assured that the FBI and NSA already have UC's in place at both sites.

      FTFY

      [–]TrevorWormsley 2 points3 points  (0 children)

      Noooooo. Cops wouldn't really sell hundreds of pounds of drugs and then make selective busts.

      It's not like they did anything like that before the internet was a thing.

      [–]Jhoppa 5 points6 points  (0 children)

      If they could get shut down that quickly you didn't want to be spending money there anyway.

      [–]TorXic 1 point2 points  (1 child)

      Security through obscurity never worked

      [–]smurfix 2 points3 points  (0 children)

      No, but compare that to the physical world. Leaving a spare key under a rock in your back yard is the equivalent of security through obscurity. Posting a sign "my spare house key is under the rock in the back yard" in front of your house is the equivalent of leaving your Apache and PHP and whatnot version numbers all over the place. In other words, it's a very bad idea. Just like the burglar doesn't have to check all the hiding places around all the houses as soon as he sees that sign, you don't need to probe for vulnerabilities (which might trigger suspicious log entries) when you see these version numbers. You just go and crack the thing.