Per tutti quelli che cercano sempre più sicurezza e privacy ( #AGGIORNAMENTI )

Privacy Guide
https://thetinhat.com/index.html
https://archive.is/zq2Ip
http://crypty22ijtotell.onion/handbook/
http://yuxv6qujajqvmypv.onion
http: // deepdot35wvmeyd5 .onion / security-tutorial /

Software Recomendations
https://prism-break.org/en/
https://www.privacytools.io/
http://hjvx7xg3n4ejezmh.onion

Email Provider
riseup.net https: //mail.riseup .net
Protonmail https://protonmail.com/
Openmailbox https://www.openmailbox.org/
Tutanota https://www.tutanota.com/
cock.li https://cock.li/

Il proprio server di posta. Postfix + Dovecot

http://www.linuxmail.info/

GPG GNU Privacy Guard
https://emailselfdefense.fsf.org/en/
http://deepdot35wvmeyd5.onion/2015/02/17/basic-guide-pgp-linux /

Tor
https://www.torproject.org
http://torsiteyqk5ajx5o.onion

Security focalizzata sui Sistemi Operativi
OpenBSD https://www.openbsd.org , https://libreboot.org/docs/bsd/openbsd.html
LibertyBSD http : //libertybsd.net/ , https://libreboot.org/docs/bsd/openbsd.html
Parabola GNU / Linux https://www.parabola.nu/ , https://wiki.parabola.nu/index. php? title = principianti% 27_guide
Arch Linux https://www.archlinux.org/ , https://wiki.archlinux.org/index.php/Beginners%27_guide
Gentoo https://www.gentoo.org/ , https : //wiki.gentoo.org/
Fonte Mage https://sourcemage.org/
alpino Linux https://www.alpinelinux.org
QubesOS https://www.qubes-os.org/ http://qubesosmamapaxpa.onion /
Whonix https://www.whonix.org/

Systemd libero
devuan https://www.devuan.org/ http://devuanzuwu3xoqwp.onion
Parabloa GNU / Linux / OpenRC https://wiki.parabola.nu/OpenRC# Installazione_ on_a_fresh_system
Systemd libero http://systemd-free.org/

Live CD
Tails , https://tails.boum.org ;
TENS , https://spi.dod.mil/lipose.htm , Aeronautica militare americana Live CD, per la sicurazza  dei servizi bancari online.
Teste https://heads.dyne.org/ http://fz474h2o46o2u7xj.onion 
https://libreboot.org/docs/gnulinux/index.html
https://libreboot.org/docs/gnulinux/encrypted_parabola.html
https: //libreboot.org/docs/gnulinux/encrypted_trisquel.html

Hardware
Qualsiasi computer in grado di eseguire libreboot .
https://libreboot.org/docs/hcl/

Router Software
OpenWRT https://openwrt.org/
LibreCMC https://librecmc.org
pfSense https://pfsense.org
P.ORTAL https://github.com/ grugq / portale

Endware
http://42xlyaqlurifvvtq.onion
https://gitgud.io/Endwall/
https://github.com/endwall2/

SearX
https://www.searx.me

searX casi
https://github.com/asciimoo/searx/wiki/Searx-instances

searx selettore casuale
https://searxes.danwin1210.me/
http://searxeszsqlt6325.onion/

Hidden istanze del servizio
http://searxeszsqlt6325.onion/
http://searxl7u2y6gvonm.onion/
http://nxhhwbbxc4khvvlw.onion/
http://o2jdk5mdsijm2b7l.onion/
http://eljwdzi4pgrrlwwq.onion/
http://searx7gwtu5rh6wr.onion /
http://ulrn6sryqaifefld.onion/
http://searchb5a7tmimez.onion/
http://eb6w5ctgodhchf3p.onion/
http://searx.cwuzdtzlubq5uual.onion/

SearX installazione
https://github.com/asciimoo/searx/wiki / Installazione
https://asciimoo.github.io/searx/dev/install/installation.html
https://github.com/asciimoo/searx/wiki/Installation-on-RHEL-7---CentOS-7
https: //github.com/asciimoo/searx/wiki/How-to-create-and-configure-SSL

Risk of not being able to vote in #Italy in 2018.

Even if Renzi finds itself in great difficulty, the forces that still
support him are still in great difficulty.
studying a strategy to try to avoid
the final collapse of the Pd. The parliamentary elections for this
reason must be moved as far as possible, and the Pd - this is the
indisputable political result of the Sicilian elections - is out today.
It would take a new team, a new team, a new team and a new team.
new coach and even a new league to start playing again from
To do all this takes time, so much time. Route it is easy, build on the
much more difficult rubble. And then Renzi not
has no intention of going aside. Bullies
never give up, even when they have
lost. Renzi and what remains of his party
need time to reorganise.
They are doomed to lose, but at least they will avoid a humiliating defeat.
However, we are at the end of the legislature. Lo
The President of the Republic is responsible for the dissolution of the
Chambers, and Mattarella would have time to issue the decree of
dissolution up to
14 March of next year, having taken place on the
Parliament installed on March 15. from
that date, the elections must take place no later than
seventy days. That is how it prescribes the Constitution.
In short, theoretically you could vote
even at the end of May. A coward
made specifically for postponing the popular vote as much as possible,
especially in order to justify a vote.
such an extension of the legislature until
extreme limit of its natural expiration, the
PD might try to pass a series
very controversial laws, such as the law on
ius soli, biological will, etc. The fact
that the President of the Republic has
these days denying such a hypothesis means only one thing: Renzi is
seriously thinking about it, he just has to convince Gentiloni and above
all the Presidents of the House and Senate to
game. And at that point also the "Notary" can only take note of it.
This is Renzi's drawing. You will see us try to make it happen. And it
is not at all impossible to exclude
that he can even find support even in Berlusconi, who always hopes,
thanks to a decision in favour of him by the Strasbourg Court, in a
political rehabilitation that would allow him to be, in full rights, of
the game (as Renzi in these days has been the case.
I hope that it will be, sending Berlusconi a
implicit message). On the other hand, Renzi and
on the other hand, Berlusconi have both, for various reasons, a
converging interest in the
move the date of the elections as far as possible
bile. To be damaged, if the thing will go
in port, it will be above all Salvini. But there is no
no valid reason to support this plan. Until recently there was the
excuse for the
absence of electoral law. A law
now there is an election, and then go to the vote as soon as possible,
bringing an end to a parliamentary term.
useless, not to say harmful, which has given rise to life
three governments, Letta-Renzi-Gentiloni, three faithful
executors of the Brussels orders, who do not
have done nothing but continue the work of
massacre of the middle delceto started by Monti. The real
"unpresentable" are them. After approval of the budget law, the Chambers
of Parliament
may be dissolved without further delay.
Now just play with the game, give yourself again
voice to the people, without wasting time, and if you
Want to save money find the way to merge
policies and regional (in several regions, votes are taken on
next year) in March. The gardens of March are dressed in new colours,
especially orange.

Cannabis terapeutica? Non è una novità: dal 1850 al 1937 è stata la principale medicina per più di 100 malattie… Poi le multinazionali hanno stabilito che faceva male …ai loro affari!

L'Italia in quegli anni era il secondo produttore mondiale, poi come al solito arrivarono gli americani, ci occuparono militarmente chiamandola liberazione, poi bruciarono i campi di cannabis e cominciarono a vendere vaccini e medicine.

La marijuana è davvero una medicina?" E' una domanda che alcune persone ancora si chiedendo, quindi ecco un po 'di storia di come la marijuana è stata utilizzata nel corso della storia.

Il più antico uso documentato di marijuana (cannabis) come medicina risale a circa 2900 aC in Cina.

1850-1937: molte preparazioni di marijuana brevettate sono state vendute nelle farmacie.

1851: La cannabis è stata inclusa nella farmacopea degli Stati Uniti, il libro usato per identificare e standardizzare farmaci in uso medico.
La marijuana è stata indicata come utile per il trattamento di numerose affezioni, tra cui: nevralgia, alcolismo, dipendenza da oppiacei, il tetano, tifo, colera, dissenteria, la lebbra, incontinenza, gotta, disturbi convulsivi, tonsillite, la pazzia, e eccessivo sanguinamento mestruale.
Le forniture (fiori indica) utilizzati nella fabbricazione del medicinale provenivano principalmente dall'India. Queste forniture sono state interrotte dalla Prima Guerra Mondiale

1913: il Dipartimento dell'Agricoltura degli Stati Uniti ha annunciato che era riuscito a coltivare cannabis nazionale di parità di qualità della canapa indiana. Nel 1918, circa 60.000 piante sono state prodotte ogni anno, provenienti da aziende farmaceutiche.

Dal 1920 al 1940: Reefer Madness è nato. Guidato da industriali, razzisti e media delle forze dell'ordine hype il pubblico risponde con isteria di massa sui pericoli della marijuana per la società.
Il divieto dell'alcool finì e la marijuana cominciò a prendere il suo posto.

1937: L'American Medical Association si oppose al passaggio della Marijuana (Timbro) Tax Act, che paga medici, farmacisti e produttori per le vendite. I francobolli richiesti erano costosi da acquistare e solo pochi furono emessi, scoraggiando le persone coinvolte nella vendita di cannabis. I prodotti della cannabis scomparvero dagli scaffali delle farmacie e nel 1943 la cannabis fu rimossa dalla Farmacopea.

1970: La marijuana diventa illegale e classificata al fianco dell' eroina come droga (Tabella I), una classe di farmaci che si ritiene abbiano NO valore medicinale.

1976: I governi federali riconoscono che la marijuana ha un'uso medicinale. Il Programma Investigational New Drug (Compassionate Use) (IND) è stato creato per consentire a Robert Randall di usare la marijuana per curare il suo glaucoma. Altri pazienti si iscrivono e ricevono anche 300 laminati di sigarette di marijuana al mese per curare le loro condizioni.

1978: I singoli Stati cominciano a riconoscere la marijuana come medicina utile. Il Nuovo Messico diventa il primo stato di creare un programma di marijuana medica.

1980: Marinol, una versione sintetica del THC è una corsia preferenziale come un farmaco di prescrizione, soprattutto per l'AIDS e pazienti affetti da cancro.

1990s – Scienziati scoprono due tipi di recettori cannabinoidi nel cervello umano (CB1 e CB2), che attenuano gli effetti del THC.

1992: Il "sistema cannabinoide naturale Scienziati" scoprono endocannabinoidi nel corpo. La ECS controlla le funzioni del sistema nervoso centrale e periferico, assunzione di energia, lavorazione e stoccaggio, la risposta immunitaria, la riproduzione e il destino delle cellule del sistema produttivo.
Una nuova era per la ricerca medica ha inizio !

1999: Il programma IND viene chiuso a nuovi candidati (da parte del presidente Ronald Reagan) dopo troppi centinaia di pazienti applicata. Anche se ufficialmente terminata, i 13 restanti pazienti continuarono a ricevere la marijuana emessa dal governo

2000: I legislatori dell'Hawaii riconoscono che la marijuana è un medicina e creano la Medical Marijuana Program.
Condizioni qualificanti sono: cancro, glaucoma, HIV (+) Stato, malattia cronica o debilitante: forti dolori, nausea, convulsioni (epilessia), gravi e persistenti spasmi muscolari (da sclerosi multipla o il morbo di Crohn), una grave debolezza, malnutrizione o perdita di peso (sindrome da deperimento e cachessia).

2003: Il Dipartimento di Salute e Servizi Umani ricevette Cannabinoidi brevettati (brevetto (US 6.630.507 B1) per l'uso terapeutico di "cannabinoidi come antiossidanti e neuroprotectants, suggerendo che può essere utile nel trattamento di malattie neurodegenerative come il morbo di Alzheimer."

OGGI (2015): le pratiche molte mediche includono

MARIJUANA COME MEDICINA

In Israele, la terapia cannabis è integrata in contesti clinici, ospedalieri, e la casa di cura. In Canada, i medici possono approvare una specifica quantità di cannabis per i loro pazienti, che viene consegnata a casa loro. Sono dieci i farmaci a base di sostanze chimiche presenti nella pianta di cannabis.

Negli Stati Uniti: 23 Stati hanno programmi di marijuana medica. Il Dipartimento della Salute ha assunto l'amministrazione del programma di Medical Marijuana delle Hawaii, facendo subito miglioramenti.

Operatori sanitari stanno cercando di educare gli altri operatori sanitari e pazienti. Ciò include il lavoro della Compagnia di Cannabis medici, Nursing Association cannabis, e il Gruppo Pazienti Uniti.

Così, ora se qualcuno ancora vi chiede se la marijuana è davvero una medicina si prega di dire loro che questa domanda è stata risposta molto tempo fa ….!!!

fonte articolo: http://mcchi.org/is-it-really-medicine-a-not-so-brief-but-interesting-history-of-medical-marijuana/

Can governments really hack your webcam?

I'm sure many of you have seen people withstickers over their webcams and wondered why (probably writing that person off as paranoid).  But it's well known in tech circles that a camera in a computer or smartphone can be turned on remotely by an attacker with the resources, time, and motivation.

Security is hard, and our defences are weak. The capability of an adversary to attack your devices doesn't necessarily hinge upon a consumer choice of which computer or phone you own. Nor is it likely to matter that you think nobody is interested in you.  Put another way, their reach is limited only by the tools they may have at their disposal, their motivations and, in some cases, the law.

The computer-based foundations of our modern societies are fragile.  As recent evidence of this, we have seen vulnerabilities/bugs such as HeartBleed impact the vast majority of web servers in the world, no matter how up-to-date and highly secured their operators try to keep them. There have been attacks against bluetooth, which can compromise virtually every device running Windows, Linux or Android in under 10 seconds, and wifi, which can compromise over a billion smartphones.  We live under the constant threat of phishing attacks or malware, which hold us and our data hostage. It is a fact of life that there will be some vulnerability at any given time in the technologies we use.

The rapid spread of personal devices we have seen in recent years (2.6 billion smartphones in 2015, due to rise to 6.1 billion by 2020), means the opportunity for exploiting vulnerabilities has also grown dramatically. Many of these phones are running out-of-date operating systems and apps. Sometimes the updates aren't available to us because the manufacturers are refusing to maintain a product over time, forcing people to keep using insecure devices or pay again for the latest incredibly expensive device.  This problem disproportionately affects those of us who cannot afford to regularly spend huge amounts of money on our technology - if you're getting a cheap mobile phone contract with a 'free' phone, the likelihood is it's old, outdated, and unsupported stock that your carrier is trying to get rid of.

Even 'new' technologies are vulnerable. We are installing what are effectively internet-connected hot (in other words, always on) microphones and surveillance cameras in our own homes - in our TVs, our "personal assistants", and our game consoles. Industry is looking to connect everything from lightbulbs, kettles and duvets, to showers and cars, to the internet in one way or another - each running various sets of open and proprietary software, each designed to not just connect to each other through the path of least resistance but also to advertise their existence.  We are seeing little commitment to security in these 'Internet of Things' products.

 

"No-one is interested in me!"

 

You ARE of interest to someone. One thing we do know is there is a thriving black market in both the easy to use tools that attack systems for access to their cameras, and the pictures which are taken by those tools, totally unbeknownst to their users. Voyeur photos taken from webcams are everywhere, with whole websites dedicated to them.  The tools themselves go for around $40 US (or are even free!).  Access to a woman's webcam commands 100x the price of access to a man's webcam, but it may surprise you that the market for these webcams is so saturated, we're talking about just $1 vs $0.01.

We know that GCHQ programmes such as Optic Nerve collected video chats from millions of unsuspecting Yahoo! users around the world (of which, 3%-11% of the images captured were sexually explicit in nature - with 7% containing "undesirable nudity").

So can a government agency literally switch on any webcam they choose, without your knowledge?  This question should really be broken down into three parts: is there a high likelihood the agency has the capability to do so, does the agency have the time to do so, and do we think the government has the motivation?  The answer to all of these, with increasing frequency, is yes. It was Privacy International's case against GCHQ that led the government to avow in 2015 that they had hacking capabilities, including powers to conduct real-time surveillance,, such as remotely switching on webcams. The Investigatory Powers Act, passed last year, entrenched and expanded the powers of British public bodies to hack for surveillance purposes. 

With well-resourced intelligence agencies, we can never truly know what tools they have in their arsenals. We do know that they stockpile vulnerabilities, as well as the tools to exploit them. In many cases, these vulnerabilities have been effective throughout decades, and have only been patched when they've ultimately been stolen and released to the world. We also know that the tools to do this are easy enough to build, and we've tracked how poorer governments are also seeking these powers.

Assuming intelligence agencies have the tools (of which a knowledge of vulnerabilities is one), and the motivation to use said tools, all it takes is access to the relevant network - internal or internet - to provide them with a wealth of devices to play with. And as we've seen with the attacks through bluetooth or wifi, even if it can't be done over the internet, all it takes is to be physically close to the person targeted to infect their device.

If the only thing needed for wide-scale hacking of webcams is the vulnerabilities, the tools to exploit them, the motivation and skills to use them, and the law on your side, well... A well-resourced intelligence agency like GCHQ has each of these in spades. Domestic law enforcement agencies have some elements too.  And this is why we're challenging this power. We, as Privacy International, question whether it can ever be lawful to hack as a form of surveillance, and certainly not under a single untargeted warrant which can affect thousands across the globe with one stroke of a pen.

The SSH Public Key Authentication Protocol Over Tor – How Vulnerable It Is to Timing Attacks?

The Secure Shell (SSH) public key authentication protocol represents one of the most popularly used authentication methods that rely on public key cryptography. Apart from its massive popularity, the SSH protocol hasn't been massively studied and even the most advanced users often misconceive its functionality. Version 2 of the SSH protocol is presently being used by millions of internet connected machines for remote shell communications. It is utilized in important tasks including management and is appreciated as a secure solution for this important task.

Attacks against the SSH protocol commonly target password authentication. Passwords are targeted mainly via two attack forms; server side attacks where user credentials are phished via a man in the middle adversary, and brute force attacks. Public key authentication is less vulnerable to attacks. For example, a man in the middle adversary cannot simply gain access via replaying a signature. However, attacks targeting weak keys are occasionally applicable. Practically speaking, brute force attacks against the SSH protocol usually target systems with weak keys and/or passwords, as well as known usernames. If the adversary can enter authentic usernames, the brute force attack will be more effective. The adversary can relinquish hosts lacking known accounts, and can launch attacks, using a bigger group of possible user credentials, to target valid accounts.

SSH Public Key Authentication Over Tor Hidden Services (HS) & Timing Attacks:

A recently published paper closely examined the SSH public key authentication procedure and its OpenSSH implementation as means for enumeration of user accounts on targeted servers. The paper delved into the privacy of SSH public keys, which permits the correlation of users within targeted systems, opening the door to compromise of targets with weak or short keys (<768 bytes). Even more, user enumeration by itself can yield issues across highly sensitive environments. For example, Tor Location Hidden Services (HS) can occasionally include a user's credentials that leak sensitive information.

The authors of the paper studied the extent of vulnerability of the services, that run over Tor HS, to various forms of timing attacks. As such, they contributed to timing an attack field, rather than repeatedly examining well known methods on a new group of targets. The main contributions of this study are represented by the attack framework for Tor HS, as well as the implemented filtering methods. The literature doesn't include any previous studies focusing on the feasibility of timing attacks targeting services that run on top of Tor HS frameworks.

The paper presented a synopsis of the SSH public key authentication protocol, along with its deployment in the server daemon of the OpenSSH. From the deployment details, the authors of the paper built a timing attack tool to target the server. They used the tool to validate authentic usernames on the targeted server via utilizing the query timing of the public key authentication procedure. They measured the effectiveness of timing attacks targeting LAN, Localhost (loopback interface), WAN, as well as Tor HS networks. Following presentation of the results of their experiments, the paper discussed possible solutions and their possible flaws.

The study revealed privacy flaws within the key query protocol. Even though the researchers suggested a group of protocol improvements, they acknowledged the simplicity and versatility of the presently available protocol. The research analysis of the OpenSSH deployment details showcased a timing leak that could be exploited to enumerate users of OpenSSH with relatively high levels of accuracy. They showed that the reliability of the timing channel can be estimated using a single SSH handshake. Moreover, information regarding the types of keys was prominently discoverable. On the other hand, public key bytes were not discoverable, nor could a bigger difference be identified with reliability.

The researchers deployed the first ever timing attack mechanism to target applications relying on Tor HSs. Attacks conducted over the Tor network are rather slow, yet yield results contrary to previous intuitions. They also proved that simple filtering can often be implemented to boost the accuracy of timing attacks targeting Tor HSs. These results dictate that the developers of Tor HS applications have to be meticulous on branching that relies on sensitive inputs.