Unsubscribe
Unsubscribe
Re: Free Software and Torpark (was: Ultimate solution)
On 25 mar 2007, at 22.48, H D Moore wrote: This is a stupid argument to start with -- ignoring the license, TorPark should be recommended based on the quality of the code and the features of the software. If TorPark LLC does something evil at a later date, stop recommending them. -HD Amen, Preach it Brother HD! Brad
Re: Ultimate solution
On 25 mar 2007, at 21.16, Michael_google gmail_Gersten wrote: The whole "Because some aspect of Flash can kill you, all of flash must be junked" approach won't work. That's like saying, "Because Java could contain an unsafe program, no Java can be used". Or like saying "Because SOME people are using Tor for bad things, we need to get rid of Tor." Brad
Re: Building tracking system to nab Tor pedophiles
On Wednesday, March 07, 2007, at 07:42AM, "Roger Dingledine" <[EMAIL PROTECTED]> wrote: >On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote: >> > http://blogs.zdnet.com/security/?p=114 >> >> The approaches suggested won't work if you use Firefox with NoScript set >> to disable JavaScript, Java, Flash and any other plugins. > >You still have to be careful though -- if you enable them for some >domains that you trust (say, foo.com), then you can still get nailed >when you visit foo.com from an evil exit node, it inserts some malicious >applets, and your noscript says "well yeah, but the user typed in foo.com, >therefore this applet is from foo.com, so I trust it". > >So the moral of the story appears to be turn the plugins off, period. >The broader moral is: don't run code from strangers on your computer. The >even broader moral would be to lament that we're still not using SSL on >most Internet interactions. And maybe the fourth is that we (somebody >here) should work on easy instructions for locking down common OS network >interfaces so only Tor communications can get through. Or Tor LiveCDs >that have that already done. Or VM images that can be run as routers >between your computer and the Internet. > >--Roger > Actually the moral of the story would be to surf using Lynx w/SSL from a Linux or BSD Tor enabled LiveCD. Unfortunately you won't see any pictures or movies so that will eliminate most users who use Tor for "private" surfing. ;-) Or you could get REALLY secure and just unplug the computers from the net and go outside for some fresh air and get a life! IMHO, Brad
Re: Tor appliance
How about tor on a WRTG54 wireless router? That would be cheap, and I would guess it's possible given the linux OS firmware. I can't make this happen since I'm not a programmer, but the idea has occurred to me before. I like the HyperWRT project, Thibor version. (http://www.thibor.co.uk/). Maybe start a thread in the forums to see what the response is. -P I've considered this option also on my WRT54GL flashed with DD-WRT if it would work and be able to process the encryption fast enough without overclocking the router. I've also considered setting up a linux box as a firewall with either IPCop, Astaro, or Smoothwall. Does anyone have experience with these or another OS as a firewall appliance? My primary goal is not only security but to control/monitor QoS and total amount of bandwidth used. Even though I have a 24Mbit/s connection with high bandwidth allowance, I need to use some of it also! Thanks, Brad