[–] anthonylancer 0 points 2 points (+2|-0) ago 

I appreciate your contribution. People have to realize that death is better than slavery so we must finally start fighting back


[–] fluhthreeex 0 points 1 point (+1|-0) ago 

Wouldn't anyone working on the servers with root access be able to get the SSL keys?


[–] x13 [S] 0 points 1 point (+1|-0) ago 

No no need to hand out root.

no IT person you hire would get root access. They would have "wheel" at best or "system". The company owner would restrict access to root account, if the machine even has one. Then the ssl .key files would then be set set accessible to an owner account used by the launch mechanism that fires up the server.

A few files on a system can also be guarded using low level kernel hooks to monitor read access and restrict which binaries and owners can read bytes from the file ever. including banning root. (its part of DTrace)

mac os x in many recent years does not even have a root account at all on its unix systems , just to promote this level of safety.


[–] x13 [S] 1 point 1 point (+2|-1) ago  (edited ago)

The keys would be nearly useless, because its the server side key not a critical any-domain signing key, and the server side key is meant to be protected for a variety of reasons, but if you had for example someones ssl xxx.key and xxx.cert files, the thing is associated right in the record itself with a domain, or a subdomain, or sometimes a "wildcard" (*) domain, but the word DOMAIN is important in this context.

The record in SSL (HTTPS) is used along with DNS. So the DNS server record points to the machine to go to, and the machine has to have ssl certificate matching the domain someone is using at that ip address as well. traditionally you use one ip per ssl , but in recent years you can concatenate a few.

The cert has no value if stolen other than as part of a NSA man in the middle along the exact ip path to the same target IP from the dns record.

someone getting all your ssl key types including the messages signing ones could sign documents in your name, but for https purposes it requires an attack on DNS as well.

regarding root : On macintosh os x machines there no longer is root unless you boot a special way, and also setup a root and root password with another tool. Nevertheless I understand you mean that people on a machine could possibly copy the files somehow. It is possible in a file server (web server, node web server, apache, etc) to store certs in memory ram only and write gibberish over the disk source files or keep them in unmounted after boot volume with a password. But its not a big deal if you loose them the way you are thinking. To issue a new SSL requires control of the email server email accounts with the domain as part of a special set of allowed email addresses.

If an IT contractor stole a copy of the whole hard drive, and also got passwords to control all DNS server records everywhere... that would be a problem, but the real owner would revoke the ssl certificates and get new ones issued or would use their power account for their domain record to redirect the 2 or 3 (sometimes 5) primary authoritative DNS servers to use new trusted servers under the owners control and delist the old ones the it contractor took over. propagation in 1 to 2 days max would flush out all the old cached dns records to the compromised dns servers.

If you know that key and cert files might be copied, you can add the untrusted old SSL Certificate to the Certificate Revocation List (CRL). This will alert other participants in the Public Key Infrastructure (PKI) that the certificate in question can no longer be trusted, but your new SSL key files would not be on that blacklist database.

You cant steal a web site really without stealing control of domain records and email that controls ssl records and domain itself.

if that still happens... then a photo id tied to corporate documents sent to the .com registrar and a legal notice can still steal it back if you are merely regaining legit ownership you had prior.


[–] derram 0 points 1 point (+1|-0) ago 

https://archive.fo/Jib0x :

George Soros has given $18 billion to his pro-democracy foundation

This has been an automated message.


[–] degoogle ago 

What happened to Hatreon? I know Cody Wilson was vanned, but did that cause the pledging problems?


[–] x13 [S] ago 

No visa card. dead end.

They did not own their own bank, so could not get SWIFT directly from wire transfers, or process EFT checks directly, or contract with VISA directly. This made them have to use a PAYMENT PROCESSOR between them and VISA, and they got blocked by (((middlemen))) between visa card and their merchant account.

All mid tier and upper tier (((payment processors))) banned voat, gab, Hatreon, or would ban if utilized :

  1. Stripe (Visa owns a lot of this company since 2015, a few months ago they also became a Bank and Visa issuer) 2 . PayPal
  2. GoFundMe, Patreon,and any crowdfunding platforms other than Hatreon itslef
  3. Coinbase (for the recipient. they take visa and allow xfer between Coinbase accounts)
  4. Marqeta
  5. Alipay (not too many usa credit cards allowed any more)
  6. Square
  7. Helsim
  8. Quickbooks
  9. Worldpay
  10. Dwolla

It appears that the nexus between Visa and Mastercard and these payment processors are coerced or muscled a bit.

Being directly a bank and beholden to your customers independently especially if one of the main customers of your private bank is a USA registered Political Action Committee (PAC), would stop all blocking or banning or interference between VISA and MASTERCARD.

But making that size bank is expensive but REQUIRED to be the one-stop entire internet payment processor.

Sadly, the end game is that if you use investors they will make you sell your bank (LIKE ALL BANKS IN HISTORY have been sold) to larger (((banks))) and to (((larger payment processors))). Many on that list above are mergers and buyouts, or bought many competitors.

Whoever makes Hatreon2 needs to not sell out.

The simplest solution that would have kept the first Hatreon working fine, is in my 10 step list above :

First all customers open cheap CoinBase.com accounts fund with a visa card or any instrument. Wait. Buy cryptocoins. Then to pay people like Hatreon , a coinbase account owner would xfer to an anonymouse cypto wallet created in moments and used foreever that runs in a browser window. From the wallet (tied to a mobile phone number and SMS text for whatever reason) you can xfer to a wallet tht does not use a mobile phone number and SMS text, or just finally send crypto currency to Hatreon, Voat, Gab, whoever. NOTHING CAN INTERFERE.

NOTHING!!! crypto coin blockchain was designed to get rid of ANY single point of authority.


[–] slevin_kelevra 2 points -2 points (+0|-2) ago 

Are clothes expensive in the matrix?