Re: hijacked SSH sessions

[Taka Khumbartha]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

i had another questionable MITM attack today.  fortunately, i was connecting to 
my own server and was able to check the SSH logs.  the connection came from 
82.103.134.252/tor-proxy.thing2thing.com.

the interesting thing is: after waiting 2-3 minutes (hoping to get a new 
circuit and log in to my server securely) i logged in from the same IP/exit 
node without any complaints from ssh about differing fingerprints!

another interesting observation is that 82.103.134.252 is not listed in the Tor 
node listing (http://torstat.xenobite.eu/), however 82.103.134.253 (AKA 
madrid2) is, which also resolves to the same hostname.  in fact, 
tor-proxy.thing2thing.com seems to have 13 IP addresses.

-BEGIN PGP SIGNATURE-

iD8DBQFFcmLAXhfCJNu98qARCJpMAKC/FjCyN5kWC1udDnf9qxrKF1U6GQCdFw/i
lUDkir2bctnxTP33F7WP9rQ=
=q+ZD
-END PGP SIGNATURE-

Re: How can I trust all my Tor nodes in path

[Jeff]

On 1-Dec-06, at 5:29 PM, Robert Hogan wrote:


On Friday 01 December 2006 21:23, Seth David Schoen wrote:


Some people have suggested that this is a good application for
trusted computing; proxies could prove that they're running the
real, official proxy software on top of real hardware.  Then timing
attacks are still possible, but actually logging data directly could
be prevented.  The problem with this seems to be that intentionally
doing timing attacks directly against a proxy you operate, from  
within

the same network, is probably pretty effective!


You've lost me here - could you explain further? How would it  
prevent logging

data?

It's exactly right though! This has got to be the only good use of  
Trusted Computing I've ever seen!


Basically you know, and I know, precisely what's running on the  
machine. Say we share the secret keys of the tor nodes, they'd be  
guaranteed to be running a known, non-logging version of Tor!



This approach might
be more relevant to lower-latency anonymity services such as e-mail
remailers.


--

KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE  - http://tork.sf.net

Re: How can I trust all my Tor nodes in path

[Jeff]

Here's a thought... I was contemplating the ramifications of, say an  
exit node designed purely to log traffic directed through it. Assume  
the most malicious intent here too. Listening to every frame that  
comes out, you're bound to find something that leaks information. Has  
anyone considered a concept of listening on the client end and  
scrubbing anything that could identify (at least, electronically)  
you. Maybe there's a privoxy configuration or even something like a  
snort rule.


Has anyone given thought to some Tor-based snort rules? We could make  
at least outbound trivial into leaks (exact text of IP address,  
hostname, etc.) and detection of generic Tor traffic.


On 1-Dec-06, at 4:14 PM, Tim Warren wrote:

Thank you, just trying to make sure I understand. I will also  
follow that link.



On 12/1/06, Robert Hogan < [EMAIL PROTECTED]> wrote:
On Friday 01 December 2006 20:55, Tim Warren wrote:
> On 12/1/06, Robert Hogan <[EMAIL PROTECTED]> wrote:
> > The real danger with Tor is using sensitive information over  
http rather

> > than
> > https and mixing anonymous and non-anonymous traffic over the same
> > circuit.
> > Those two are the most common and most easy mistakes to make.
>
> Maybe you could answer a question for me. Should I NOT login in  
to a site,
> such as a bank, when using Tor? Or do I need to make sure it is  
https:?

>
> Appreciate any clarification.
>
> Thanks,

If you use https (and your browser hasn't complained about the ssl
certificate) you're fine.  The exit node can see everything (if  
they want)

over http.

Everything after the exit node is just as good or bad as if you  
weren't using
tor. Tor just adds an extra guy to the chain of *reputable*  
carriers who
*could* monitor your traffic - and it is best practice to assume  
that at
least the tor exit node is doing exactly that. see http:// 
tor.unixgu.ru



--

KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE  - http://tork.sf.net



--
Tim Warren
SD CA USA

Re: How can I trust all my Tor nodes in path

[Watson Ladd]

Ringo Kamens wrote:
> Linux is very tor friendly. If you are a linux noob I suggest ubuntu. I
> oppose the idea of a tor police force for several reasons:
> 1. Lie detectors don´t work
> 2. It is no better than the opressive governments tor tries to circumvent
> 3. It would take too much work.
>  
> I do appreciate the effort to find a solution. Perhaps there is a way
> that tor clients to calculate a checksum of the server files?
> Ringo Kamens
Nope. At the very best case a VM could run tor halting on every
instruction, and logging the relevant parts of memory. Tor would be
unable to tell. That's why someone came up with Trusted Computing. But
that has enough evil uses to make its implementation a bad idea.
> 
>  
> On 12/2/06, *Total Privacy* <[EMAIL PROTECTED]
> > wrote:
> 
> "Tim Warren" <[EMAIL PROTECTED] > said:
> > Maybe you could answer a question for me. Should I NOT login in to
> > a site, such as a bank, when using Tor? Or do I need to make sure
> > it is https:?
> >
> > Appreciate any clarification.
> >
> > Thanks,
> 
> I´ll put it this way, if you are registered as your real identity
> on your bank (and not going to hack somebody else´s account), then
> just log in by https directly from your machine/ISP. No need for
> hiding by using Tor.
> 
> Then about malicious nodes. Since the Tor is be open source, it
> gotta be decompilable reversing ingengeering to whatever anybody
> want with it, such as example tap out data in between itself or
> log what in is what out to middle node and so on. If not, why not?
> 
> A soution could be to set up a private "Tor police force" and let
> everyone that want to be accepted as a part of the system, sign
> a legally deal to let this international Tor police force (how
> about the name TPF or ITPF or TIPF) at any moment without warning
> run in to every Tor computer node/router room and get full access
> to everything in it. Of course the members of such "police force"
> should be hand picked by comprehensive test (lying detectors and
> lot of advanced stuff) to be legitimated. Every aproved Tor node
> runner should then be very happy to be granted vit such visit of
> the Tor International Police Force, because if they not find a
> compromised, modified, malicious Tor software, You´r clean!
> 
> BTW, now I´ve also received a maybe fishing from "Hokata Japan Ltd"
> about some business and money transactions. Funny or not, the IP
> was from Italy!
> 
> At last, I´m considerating to switch from Windows to Unix (Linux)
> and hope it is user friendly with Tor. Anybody knows about it?
> 
> --
> http://www.fastmail.fm  - Does exactly what
> it says on the tin
> 
> 


-- 
They who would give up essential Liberty to purchase a little temporary
Safety, deserve neither Liberty or Safety
--Benjamin Franklin



signature.asc
Description: OpenPGP digital signature

Re: How can I trust all my Tor nodes in path

[Ringo Kamens]

Linux is very tor friendly. If you are a linux noob I suggest ubuntu. I
oppose the idea of a tor police force for several reasons:
1. Lie detectors don´t work
2. It is no better than the opressive governments tor tries to circumvent
3. It would take too much work.

I do appreciate the effort to find a solution. Perhaps there is a way that
tor clients to calculate a checksum of the server files?
Ringo Kamens


On 12/2/06, Total Privacy <[EMAIL PROTECTED]> wrote:


"Tim Warren" <[EMAIL PROTECTED]> said:
> Maybe you could answer a question for me. Should I NOT login in to
> a site, such as a bank, when using Tor? Or do I need to make sure
> it is https:?
>
> Appreciate any clarification.
>
> Thanks,

I´ll put it this way, if you are registered as your real identity
on your bank (and not going to hack somebody else´s account), then
just log in by https directly from your machine/ISP. No need for
hiding by using Tor.

Then about malicious nodes. Since the Tor is be open source, it
gotta be decompilable reversing ingengeering to whatever anybody
want with it, such as example tap out data in between itself or
log what in is what out to middle node and so on. If not, why not?

A soution could be to set up a private "Tor police force" and let
everyone that want to be accepted as a part of the system, sign
a legally deal to let this international Tor police force (how
about the name TPF or ITPF or TIPF) at any moment without warning
run in to every Tor computer node/router room and get full access
to everything in it. Of course the members of such "police force"
should be hand picked by comprehensive test (lying detectors and
lot of advanced stuff) to be legitimated. Every aproved Tor node
runner should then be very happy to be granted vit such visit of
the Tor International Police Force, because if they not find a
compromised, modified, malicious Tor software, You´r clean!

BTW, now I´ve also received a maybe fishing from "Hokata Japan Ltd"
about some business and money transactions. Funny or not, the IP
was from Italy!

At last, I´m considerating to switch from Windows to Unix (Linux)
and hope it is user friendly with Tor. Anybody knows about it?

--
http://www.fastmail.fm - Does exactly what it says on the tin

Re: How can I trust all my Tor nodes in path

[Total Privacy]

"Tim Warren" <[EMAIL PROTECTED]> said:
> Maybe you could answer a question for me. Should I NOT login in to 
> a site, such as a bank, when using Tor? Or do I need to make sure 
> it is https:?
> 
> Appreciate any clarification.
> 
> Thanks,

I´ll put it this way, if you are registered as your real identity 
on your bank (and not going to hack somebody else´s account), then 
just log in by https directly from your machine/ISP. No need for 
hiding by using Tor. 

Then about malicious nodes. Since the Tor is be open source, it 
gotta be decompilable reversing ingengeering to whatever anybody 
want with it, such as example tap out data in between itself or 
log what in is what out to middle node and so on. If not, why not? 

A soution could be to set up a private "Tor police force" and let 
everyone that want to be accepted as a part of the system, sign 
a legally deal to let this international Tor police force (how 
about the name TPF or ITPF or TIPF) at any moment without warning 
run in to every Tor computer node/router room and get full access 
to everything in it. Of course the members of such "police force" 
should be hand picked by comprehensive test (lying detectors and 
lot of advanced stuff) to be legitimated. Every aproved Tor node 
runner should then be very happy to be granted vit such visit of 
the Tor International Police Force, because if they not find a 
compromised, modified, malicious Tor software, You´r clean! 

BTW, now I´ve also received a maybe fishing from "Hokata Japan Ltd" 
about some business and money transactions. Funny or not, the IP 
was from Italy! 

At last, I´m considerating to switch from Windows to Unix (Linux) 
and hope it is user friendly with Tor. Anybody knows about it? 

-- 
http://www.fastmail.fm - Does exactly what it says on the tin

Re: Problems under Windows Millenium

[Matt Edman]

On Dec 2, 2006, at 4:28 AM, Stegozor wrote:
Then I removed Vidalia, tor and Privoxy (using their own uninstall  
option from Start/Programs/app/uninstall menu) and installed the  
latest Vidalia package. The problem is that when I launch Vidalia  
now I get the following error message:
Vidalie.exe is linked (or bound) to a missing export of  
ADVAPI32DLL:ChangeServiceConfig2W (roughly translated from French).


You will have to stick with Vidalia 0.0.7 until the next Vidalia  
release. The service support we added in Vidalia 0.0.8 broke support  
for Windows 95/98/ME. We'll have it fixed for the next release.


--Matt

Re: Appeal for class-action lawsuit against connection data storage in Germany

[Enigma]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Hello everyone,

The translated article is now online at:
http://www.anti1984.com/en/articles/8.html

And no, I translate articles myself and instead of using Google. ;)

Sincerely,
Enigma

- --
German Tor mailing list / surveillance and anonymity:
http://www.anti1984.com

GPG key ID: 4096R/602492EA



Paul Syverson schrieb:
>> I know, this topic will not be interesting to everyone but there are
>> German users in this mailing list after all and I considered this to
>> be important enough to let them know about it in case they haven't
>> heard of this yet.
>
> Everyone on the list is enriched by hearing about important relevant
> issues, perhaps especially for things from beyond the US (and all the
> more so for those of us in the US).
>
>> http://www.anti1984.com/de/artikel/12.html
>>
>> Sorry, there's no English article for that so far since I wonder if
>> it's interesting enough for non Germans? Feedback on this is welcomed. ;)
>>
>
> Google web page translation does an OK job. It won't win any awards
> for prose, but one can generally understand what is being said.
>
> aloha,
> Paul

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQIVAwUBRXGFi6wicbNgJJLqAQI4PxAAldIb792+jff2Kn099Dk5Z+KI5lfKfP/j
Y2MVRWT3dXMRJAdtkI4rLpbZA1IWWIEsPNtujmKYTxNViUYmZDuNpjur/mc9d22v
HUwh2Xt6WkwkHij/pU2bb7XPCQkGah2IQ4KcWSF328TSDkHMFBMzAiSgRj9wLOei
z6nmz5tHFGzdZuDezyk/JGfuOLi24afjWXz18oC0W9gp73IoUQxqb9L2BfhCps/g
GvDva51eZKpPQSbV/rIOM4l55Eldj1j92l4K5cCjulZo6vi4mdBQ1fyQCjm1zm3Y
gyPbEOV5of91qIpikXrRlcL7nfr4kZPL/+FZgRGZ00KilyKPuRSyl8oXFPAFGkVj
L2YtS17cxU43LcSz+tjMV5qz912sl+xLJmkl59NwS6hvx8avh7iLk+cNlltZTg+x
PhjxuJikwtKhiDpQYBlpvGGpjxD2UTkGRljJja0cNSuvjBxWx5zkqTJciBy7t41v
1dCGvJJKOPVRJLgWKp+ZGV+PEQb8BIOf70tf8LrTQNiIuKZD/RlsH+nZCUZZfI1K
VANFcds3zzUuaaNjo63hPh9IHl3Z0CiInVgjsXgfmTjAPATfoQq9uNiAjVHENY0F
zjL19AIuiCHVwo8aMbsYQyM3HTK0rRSY+dCyhyjMotad9AUj9uDQDxw2ggkQTKSp
9xpF46FRSK4=
=vDb6
-END PGP SIGNATURE-

Problems under Windows Millenium

[Stegozor]

Hi everyone,

Willing to give aioe's tor NNTP service a try, I installed Vidalia 0.7 
and tried to run it under Windows Millenium together with Thunderbird 
and Torbutton, but my system was becoming sluggish and unresponsive. A 
ctrl-alt-del returned a message telling that the ressources of my system 
were at a critically low level and suggested to close some applications, 
often tor.exe.


Then I removed Vidalia, tor and Privoxy (using their own uninstall 
option from Start/Programs/app/uninstall menu) and installed the latest 
Vidalia package. The problem is that when I launch Vidalia now I get the 
following error message:
Vidalie.exe is linked (or bound) to a missing export of 
ADVAPI32DLL:ChangeServiceConfig2W (roughly translated from French).


Unfortunately I couldn't find any related information on the FAQ so here 
I am. What went wrong? Have I made a stupid mistake somewhere? Also, 
please allow me little suggestion: it would be nice if minimum system 
requirements were made clear on the Viadalia website.


My configuration: AMD 2000 XP+ running at 1.1 Ghz (voluntary BOIS 
setting), 384 Mb of RAM, the whole thing under Windows Me with all 
security updates installed, fairly enough hard disk space and a 1 
Mbps/128 Kbps broadband cable connection.