Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

The world is no nursery. -- Sigmund Freud


computers / Security / Re: How to: contact vendors like Steady Supplies Securely over XMPP

SubjectAuthor
* How to: contact vendors like Steady Supplies Securely over XMPPSteadySuppliesSupport01
+- NoneAnonymous
`* How to: contact vendors like Steady Supplies Securely over XMPPGuest
 `- How to: contact vendors like Steady Supplies Securely over XMPPGuest

1
None

<opsec.777.1wch89@anon.com>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=203&group=rocksolid.shared.security#203

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.novabbs-internal!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: None
Date: Sat, 06 Feb 2021 14:12:45 -0800
Organization: def2
Message-ID: <opsec.777.1wch89@anon.com>
References: <pa3ajr$u05$1@novabbs.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def2"; posting-host="novabbs-internal:10.136.143.187";
logging-data="27593"; mail-complaints-to="usenet@novabbs.org"
 by: Anonymous - Sat, 6 Feb 2021 22:12 UTC

Hi

--
Posted on def2

How to: contact vendors like Steady Supplies Securely over XMPP

<pa3ajr$u05$1@novabbs.com>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=296&group=rocksolid.shared.security#296

 copy link   Newsgroups: rocksolid.shared.security
Path: rocksolid2!.POSTED.localhost!not-for-mail
From: armadyldread@protonmail.com (SteadySuppliesSupport01)
Newsgroups: rocksolid.shared.security
Subject: How to: contact vendors like Steady Supplies Securely over XMPP
Date: Wed, 04 Apr 2018 19:55:39 +0000
Organization: RetroBBS II
Lines: 84
Message-ID: <pa3ajr$u05$1@novabbs.com>
Reply-To: SteadySuppliesSupport01 <armadyldread@protonmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 4 Apr 2018 19:55:39 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="localhost:127.0.0.1";
logging-data="30725"; mail-complaints-to="usenet@novabbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: d41d8cd98f00b204e9800998ecf8427e <154827>
 by: SteadySuppliesSuppor - Wed, 4 Apr 2018 19:55 UTC

CoyIM is a cross-platform (Windows, Mac and Linux) chat tool
oriented towards user security. An overt goal of its
developers is to reduce the attack surface of your system to
the minimum. For this reason, CoyIM supports only one
communication protocol (XMPP, the same we use for our
instant messaging services); it does not envisage the
installation of third-party plugins; and features a minimal
graphic interface, which doesn't even include emoticons. The
embedded components in the client are very limited and
represent the recognized standard in the field of secure
online communication.

Some interesting features of CoyIM are:

Tor. CoyIM automatically detects whether Tor is
installed on the user's computer: in this case, it
automatically routes its connections towards the onion
network, thus making them anonymous.
OTR. Every message sent through CoyIM is automatically
encrypted with OTR. Moreover, CoyIM does not allow to send
unencrypted messages to other XMPP clients.
TLS. The communication channel between CoyIM and the
chat server is encrypted with a further encryption layer.

Let's do it ourselves step by step.

Download CoyIM
https://coy.im/download

The first time you launch CoyIM this window will appear:
https://linx.li/selif/coyim3.jpg
CoyIM gives you the chance of saving your client
configuration file in an encrypted mode. In this way, should
someone illegitimately access your computer, they will be
neither able to see your username, nor your login password
or the chat server you are using. If you choose to enable
this option, click on "Yes".

Choose a password to encrypt the CoyIM configuration and
press "Ok". Your CoyIM configuration file is now encrypted.
You'll be required to enter the password to decrypt it each
time you launch the program. If you lose it by any chance,
you will have to configure CoyIM anew.
https://linx.li/selif/coyim1password1.jpg

Register account...
https://linx.li/selif/coyim4.jpg

Choose a server I suggest using jabber.calyxinstitute.org
https://linx.li/selif/server1.jpg

Create a new account
https://linx.li/selif/creating.jpg

Connect your account
https://linx.li/selif/connect.jpg

Adding a new contact. Go to: Menu > Contacts > Add...
Insert "mailto:SteadySupplies@disroot.org" into "Contact to
add" and click "Add.". Repeat for:
"mailto:SteadySupplies@jabber.calyxinstitute.org".
https://linx.li/selif/newcontact.jpg

As explained in the introduction of this tutorial, CoyIM
will automatically encrypt the content of your conversations
with OTR and will not allow sending unencrypted messages.

After Steady Supplies accepts your request you will have to
verify the conversation. Check Steady Supplies OTR
fingerprints by going to:
http://dreadecomdopooda.onion/post/5e7120c26678b95f/

Start encrypted chat
https://linx.li/selif/13.jpg

Verify fingerprint
https://linx.li/selif/14.jpg
Click on the box "Verify" and compare the OTR fingerprint
with the offical OTR fingerprint from Dread
https://linx.li/selif/15.jpg
https://linx.li/selif/16.jpg

You can now chat securely with your vendor over XMPP

Start off by mentioning you were sent by support01 ;)
Posted on RetroBBS II

Re: How to: contact vendors like Steady Supplies Securely over XMPP

<pa5t3l$t9r$1@novabbs.com>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=299&group=rocksolid.shared.security#299

 copy link   Newsgroups: rocksolid.shared.security
Path: rocksolid2!.POSTED.10.128.12.155!not-for-mail
From: guest@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.security
Subject: Re: How to: contact vendors like Steady Supplies Securely over XMPP
Date: Thu, 05 Apr 2018 15:23:33 -0400
Organization: Dancing elephants
Lines: 13
Message-ID: <pa5t3l$t9r$1@novabbs.com>
References: <pa3ajr$u05$1@novabbs.com>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 5 Apr 2018 19:23:34 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="10.128.12.155";
logging-data="30011"; mail-complaints-to="usenet@novabbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: e4062714e2d275bd0cc7c3ee636428b0 <1433>
 by: Guest - Thu, 5 Apr 2018 19:23 UTC

From the faq of coy (https://coy.im/faq/)

>>What does it mean 'not yet audited'?

>>'Not yet audited' means that CoyIm is still under active
development. There have been no security audits of the code,
and you should not currently use this for anything
sensitive.

lmao.

at least warn your potential customers that the software you
recommend to them might be well meant, but nobody knows if
it is well done.
Posted on: def3.i2p

Re: How to: contact vendors like Steady Supplies Securely over XMPP

<paboff$po3$1@novabbs.com>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=303&group=rocksolid.shared.security#303

 copy link   Newsgroups: rocksolid.shared.security
Path: rocksolid2!.POSTED.10.128.12.155!not-for-mail
From: guest@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.security
Subject: Re: How to: contact vendors like Steady Supplies Securely over XMPP
Date: Sat, 07 Apr 2018 20:41:19 -0400
Organization: Dancing elephants
Lines: 4
Message-ID: <paboff$po3$1@novabbs.com>
References: <pa5t3l$t9r$1@novabbs.com>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 8 Apr 2018 00:41:21 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="10.128.12.155";
logging-data="26371"; mail-complaints-to="usenet@novabbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: e4062714e2d275bd0cc7c3ee636428b0 <1460>
 by: Guest - Sun, 8 Apr 2018 00:41 UTC

I almost got taken for almost six figures with your method
of checking fingerprints. Checking fingerprints is no good
if one of the systems is compromised. That was a decade
ago. A voice call and an honest person saved my ass from a
very big loss!
Posted on: def3.i2p

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor