Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Chaos is King and Magic is loose in the world.


rocksolid / Security / None

SubjectAuthor
* How to: contact vendors like Steady Supplies Securely over XMPPSteadySuppliesSupport01
+- NoneAnonymous
`* Re: How to: contact vendors like Steady Supplies Securely over XMPPGuest
 `- Re: How to: contact vendors like Steady Supplies Securely over XMPPGuest

1
Subject: None
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: def2
Date: Sat, 6 Feb 2021 22:12 UTC
References: 1
Path: i2pn2.org!rocksolid2!.POSTED.novabbs-internal!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: None
Date: Sat, 06 Feb 2021 14:12:45 -0800
Organization: def2
Message-ID: <opsec.777.1wch89@anon.com>
References: <pa3ajr$u05$1@novabbs.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def2"; posting-host="novabbs-internal:10.136.143.187";
logging-data="27593"; mail-complaints-to="usenet@novabbs.org"
View all headers
Hi

--
Posted on def2


Subject: How to: contact vendors like Steady Supplies Securely over XMPP
From: SteadySuppliesSuppor
Newsgroups: rocksolid.shared.security
Organization: RetroBBS II
Date: Wed, 4 Apr 2018 19:55 UTC
Path: rocksolid2!.POSTED.localhost!not-for-mail
From: armadyld...@protonmail.com (SteadySuppliesSupport01)
Newsgroups: rocksolid.shared.security
Subject: How to: contact vendors like Steady Supplies Securely over XMPP
Date: Wed, 04 Apr 2018 19:55:39 +0000
Organization: RetroBBS II
Lines: 84
Message-ID: <pa3ajr$u05$1@novabbs.com>
Reply-To: SteadySuppliesSupport01 <armadyldread@protonmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 4 Apr 2018 19:55:39 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="localhost:127.0.0.1";
logging-data="30725"; mail-complaints-to="usenet@novabbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: d41d8cd98f00b204e9800998ecf8427e <154827>
View all headers
CoyIM is a cross-platform (Windows, Mac and Linux) chat tool
oriented towards user security. An overt goal of its
developers is to reduce the attack surface of your system to
the minimum. For this reason, CoyIM supports only one
communication protocol (XMPP, the same we use for our
instant messaging services); it does not envisage the
installation of third-party plugins; and features a minimal
graphic interface, which doesn't even include emoticons. The
embedded components in the client are very limited and
represent the recognized standard in the field of secure
online communication.

Some interesting features of CoyIM are:

    Tor. CoyIM automatically detects whether Tor is
installed on the user's computer: in this case, it
automatically routes its connections towards the onion
network, thus making them anonymous.
    OTR. Every message sent through CoyIM is automatically
encrypted with OTR. Moreover, CoyIM does not allow to send
unencrypted messages to other XMPP clients.
    TLS. The communication channel between CoyIM and the
chat server is encrypted with a further encryption layer.

Let's do it ourselves step by step.

Download CoyIM
https://coy.im/download

The first time you launch CoyIM this window will appear:
https://linx.li/selif/coyim3.jpg
CoyIM gives you the chance of saving your client
configuration file in an encrypted mode. In this way, should
someone illegitimately access your computer, they will be
neither able to see your username, nor your login password
or the chat server you are using. If you choose to enable
this option, click on "Yes".

Choose a password to encrypt the CoyIM configuration and
press "Ok". Your CoyIM configuration file is now encrypted.
You'll be required to enter the password to decrypt it each
time you launch the program. If you lose it by any chance,
you will have to configure CoyIM anew.
https://linx.li/selif/coyim1password1.jpg

Register account...
https://linx.li/selif/coyim4.jpg

Choose a server I suggest using jabber.calyxinstitute.org
https://linx.li/selif/server1.jpg

Create a new account
https://linx.li/selif/creating.jpg

Connect your account
https://linx.li/selif/connect.jpg

Adding a new contact. Go to: Menu > Contacts > Add...
Insert "mailto:SteadySupplies@disroot.org" into "Contact to
add" and click "Add.". Repeat for:
"mailto:SteadySupplies@jabber.calyxinstitute.org".
https://linx.li/selif/newcontact.jpg

As explained in the introduction of this tutorial, CoyIM
will automatically encrypt the content of your conversations
with OTR and will not allow sending unencrypted messages.

After Steady Supplies accepts your request you will have to
verify the conversation. Check Steady Supplies OTR
fingerprints by going to:
http://dreadecomdopooda.onion/post/5e7120c26678b95f/

Start encrypted chat
https://linx.li/selif/13.jpg

Verify fingerprint
https://linx.li/selif/14.jpg
Click on the box "Verify" and compare the OTR fingerprint
with the offical OTR fingerprint from Dread
https://linx.li/selif/15.jpg
https://linx.li/selif/16.jpg

You can now chat securely with your vendor over XMPP

Start off by mentioning you were sent by support01 ;)
Posted on RetroBBS II


Subject: Re: How to: contact vendors like Steady Supplies Securely over XMPP
From: Guest
Newsgroups: rocksolid.shared.security
Organization: Dancing elephants
Date: Thu, 5 Apr 2018 19:23 UTC
References: 1
Path: rocksolid2!.POSTED.10.128.12.155!not-for-mail
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.security
Subject: Re: How to: contact vendors like Steady Supplies Securely over XMPP
Date: Thu, 05 Apr 2018 15:23:33 -0400
Organization: Dancing elephants
Lines: 13
Message-ID: <pa5t3l$t9r$1@novabbs.com>
References: <pa3ajr$u05$1@novabbs.com>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 5 Apr 2018 19:23:34 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="10.128.12.155";
logging-data="30011"; mail-complaints-to="usenet@novabbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: e4062714e2d275bd0cc7c3ee636428b0 <1433>
View all headers
From the faq of coy https://coy.im/faq/

What does it mean 'not yet audited'?

'Not yet audited' means that CoyIm is still under active
development. There have been no security audits of the code,
and you should not currently use this for anything
sensitive.

lmao.

at least warn your potential customers that the software you
recommend to them might be well meant, but nobody knows if
it is well done. Posted on: def3.i2p


Subject: Re: How to: contact vendors like Steady Supplies Securely over XMPP
From: Guest
Newsgroups: rocksolid.shared.security
Organization: Dancing elephants
Date: Sun, 8 Apr 2018 00:41 UTC
References: 1
Path: rocksolid2!.POSTED.10.128.12.155!not-for-mail
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.security
Subject: Re: How to: contact vendors like Steady Supplies Securely over XMPP
Date: Sat, 07 Apr 2018 20:41:19 -0400
Organization: Dancing elephants
Lines: 4
Message-ID: <paboff$po3$1@novabbs.com>
References: <pa5t3l$t9r$1@novabbs.com>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 8 Apr 2018 00:41:21 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="10.128.12.155";
logging-data="26371"; mail-complaints-to="usenet@novabbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: e4062714e2d275bd0cc7c3ee636428b0 <1460>
View all headers
I almost got taken for almost six figures with your method
of checking fingerprints.  Checking fingerprints is no good
if one of the systems is compromised.  That was a decade
ago.  A voice call and an honest person saved my ass from a
very big loss!
Posted on: def3.i2p


1
rocksolid light 0.7.2
clearneti2ptor