• 🇬🇧󠁿 🇸🇪 🇿🇦 🇮🇪 🇬🇭 🇩🇪 🇪🇺
    European & African
    Drug Discussion

    Welcome Guest!
    Posting Rules Bluelight Rules
  • EADD Moderators: Pissed_and_messed | Shinji Ikari

I dont usually post, but this is important..

IRL.icecoolmadness

IRL.icecoolmadness

Bluelighter
Joined
Mar 27, 2008
Messages
185
Location
outside the box
As some of you know, SoS is no more. Just a few days after SoS has disappeared, a new site (not sure if im allowed to mention the name) popped up. In the interest of HR heres a copy pasta of my observations that I posted under a different thread. Please take care with this one people, I really mean it

------------------------COPY PASTA BEGIN---------------------------
Just a few observations here:

- It has open registration - defeats the purpose - does not matter if they will close it down later - what are they gonna do - purge all acounts pre-closed reg - then what was the point of open reg in the first place?. SoS was never ever open reg as far as Im aware (the admin created the site - gave out a few referrals to his buddies on a private forum, it took off from there)

- The site appeared just a few days (if even) after SoS becoming inaccessible. I do wonder if <THAT_SITE> creators just had a pre coded replica of SoS lying around ready to go (suspicious to say the least) OR they coded what they call a "secure" site in just a few days?????? (yeah, right) (EDIT: he did say the site was designed/coded in 48 hours lol - he obviously has no clue about neither the security design standards nor security coding standards and the stringent / multi-varied testing required imo)

- I feel that if SoS team decided to close it down - they would have provided at least some sort of explanation.

Regardless, ON THESE KINDS OF WEBSITES YOUR MODUS OPERANDI SHOULD BE TO ASSUME THAT THEY ARE RUN BY LAW ENFORCEMENT AND EMPLOY SUITABLE OPSEC - WHETHER ITS AN ESTABLISHED, TRUSTED, VOUCHED FOR BY MANY SITE OR A NEW ONE NOONE HAD EVER HEARD ABOUT



EDIT: Well, after signing up and asking a few questions on that site - all my questions were deleted soon after. Got banned after asking some basic security questions and pointing out a few related things. This guy is either 12 (to react like that) or a cop (doesnt want ppl to know some basic OPSEC) After taking to the admin I can assure you that he is NOT an IT security professional as he claims.


So, what do I think about it overall?

BEST CASE: Admin is a ban-trigger-happy kid that will censor any posts that he doesnt like for whatever reason, however invalid. Could also be someone hoping to harvest usernames/passwords/vendors but that is less likely based on the admins demeanour.
WORST CASE: LE

I would personally stay away, the site and the interaction with the admin has set off quite a few alarm bells.

------------------------COPY PASTA END---------------------------


TL;DR Please be careful with this one people. The admin is making false claims, censors free speech, could potentially be LE.
 
Last edited:
I was afraid of this :) SoS isnt a vendor, I promise :) If SoS is considered a vendor then so is Google :P
I have seen SoS mentioned numerous times in threads. Edited out the new sites name from my copy pasta too that I forgot to remove initially :)

in the interest of HR, provided that my suspicions are on point (which I really hope not), being careless with this service could cost a lot of people dearly. Better safe than sorry.
 
Last edited:
SoS was hardly safe & secure, they proved that, I'm sure other coders could do a better job in under 48 hours, security doesn't take a long time you just have to not fuck it up.

SoS disappeared because it was hacked.

SoS was Safe or Scam, it's not a vendor, it was a site for vendor reviews, but you needed to know the url of the vendor to see the reviews, so I'm fairly sure it was allowed to be mentioned.
 
"sos was hardly secure. they proved that" - you simply cannot have 100% impenetrable system - FACT - everything is hackable, just depends on how much time/money one is willing to invest

I never said SoS was very secure, however there was quite a bit of security going on behind the scenes - NOTHING could be called truly secure, its just a matter of time of how long it takes to find a vulnerability or chain of defects that lead to one;. SoS fell behind the times though unfortunately. Keep in mind that it did last for a respectable amount of time for such a website as well as that a respectable person was responsible for its inception.

"security doesnt take a long time, you just have to not fuck it up" - disagree in the main - however hard you try, someone will fuck it up - so YOU have to fuck it up during tests to get it more secure, then fuck it up again, etc... etc... for as long as time/budget allows.

My main gripes with this site:
- Admin willy nilly censors posts (like "YOUR MODUS OPERANDI SHOULD BE TO ASSUME THAT THEY ARE RUN BY LAW ENFORCEMENT AND EMPLOY SUITABLE OPSEC - WHETHER ITS AN ESTABLISHED, TRUSTED, VOUCHED FOR BY MANY SITE OR A NEW ONE NOONE HAD EVER HEARD ABOUT") and then bans the person making the post - the post was common sense for someone whos clued in and was even prefaced by "no offence intended" or something like that

- open registration (see my OP)
 
Thats a shame. Safe Or Scam was a great website. Always helped me decide which vendor to trust & happy to say i've never been scammed. Pity it's gone.
 
IRL.icecoolmadness said:
As some of you know, SoS is no more. Just a few days after SoS has disappeared, a new site (not sure if im allowed to mention the name) popped up. In the interest of HR heres a copy pasta of my observations that I posted under a different thread.
Click to expand...

Thanks for that.
------------------------COPY PASTA BEGIN---------------------------

pasta.jpg



pasta.jpg



pasta.jpg


------------------------COPY PASTA END---------------------------
 
IRL.icecoolmadness said:
"sos was hardly secure. they proved that" - you simply cannot have 100% impenetrable system - FACT - everything is hackable, just depends on how much time/money one is willing to invest

I never said SoS was very secure, however there was quite a bit of security going on behind the scenes - NOTHING could be called truly secure, its just a matter of time of how long it takes to find a vulnerability or chain of defects that lead to one;. SoS fell behind the times though unfortunately. Keep in mind that it did last for a respectable amount of time for such a website as well as that a respectable person was responsible for its inception.

"security doesnt take a long time, you just have to not fuck it up" - disagree in the main - however hard you try, someone will fuck it up - so YOU have to fuck it up during tests to get it more secure, then fuck it up again, etc... etc... for as long as time/budget allows.

My main gripes with this site:
- Admin willy nilly censors posts (like "YOUR MODUS OPERANDI SHOULD BE TO ASSUME THAT THEY ARE RUN BY LAW ENFORCEMENT AND EMPLOY SUITABLE OPSEC - WHETHER ITS AN ESTABLISHED, TRUSTED, VOUCHED FOR BY MANY SITE OR A NEW ONE NOONE HAD EVER HEARD ABOUT") and then bans the person making the post - the post was common sense for someone whos clued in and was even prefaced by "no offence intended" or something like that

- open registration (see my OP)
Click to expand...

No, you really have to fuck up to get hacked like that.

Why would law enforcement care about a site that reviews legal vendors? Was probably some bored kid that hacked them, or a vendor with bad reviews.

Posts like your example are psychotic.
 
Last edited:
DrGreenthumb said:
No, you really have to fuck up to get hacked like that.

Why would law enforcement care about a site that reviews legal vendors? Was probably some bored kid that hacked them, or a vendor with bad reviews.

Posts like your example are psychotic.
Click to expand...


As I said, SoS fell behind the times... In fact it was severely lacking in SOME security aspects while being excellent in others. That hack was nothing spectacular.
Why would LE care about the likes of SoS... its a goldmine for them.... just think about it before you type. It is not JUST for legal (what is legal anyways, depends on jurisdiction) RC's, far from it my good man. Think about the info that could be harvested by LE... And for whoever says that they are not interested in consumers - you would be dead wrong - any arrest is an arrest for LE.

Why do you consider such posts psychotic? You should always operate under a premise that the site is compromised, simple as - trust me on that one, please - it will hopefully save you some heart/bum ache some time in the future :)
In fact my brain *was* a bit "out of tune" when composing the initial posts, but the general warning still stands. I am not posting this for fun you know.
 
Last edited:
alasdairm said:
i don't think your post was psychotic but i do think it's redundant.

be careful. always. problem solved :)

alasdair
Click to expand...

Come to think of it, I did drone on for quite some time repeating myself constantly - as I said I was not in top mental shape at the time to say the least :) I blame zee chemicals, or lack of, or something... :)
 
I'd say a site like SoS is simple enough that fairly decent security wouldn't be much of a problem. The script running the original website had a limited surface for attack due to the simplicity. Securing the server and maintaining privacy for the users isn't so easy.
 
It really is easy, that's why I've done that job for ~15 years, automatic updates don't usually cause any problems. Most Linux distributions come with fairly secure default settings now, so you'd have to mess something up rather than not fix something to make it insecure. Just doing basic maintenance like keeping up with updates will keep out 99% of hackers & the other 1% are probably busy with better targets. Anyway, they messed up somehow & got hacked.

I think it'd be a very desperate law enforcement sting operation to go after people posting reviews of mostly legal clearnet vendors. Not saying I trust the new site, I don't even trust them enough to look at it, it seems even more suspect than the old one, but I doubt it's LE running it.

You should work on the assumption that everything is compromised, but if you start really believing it then it's paranoia.
 
Last edited:
You must log in or register to reply here.
Top