Re: JanusPA - A hardware Privacy Adapter using Tor
Hi Dante, 680MHz and 128MB of RAM would work just fine for the application this was intended for.Thanks for the feedback! - Kyle On Tue, Dec 23, 2008 at 10:46 AM, dante wrote: > Hi Kyle, > > What about the RB433 or RB433AH which are 300MHz / 64MB / $100 and > 680MHz / 128MB / $??? boards? (See http://routerboard.com). > I know the extra ports are overkill, but they might handle a better load. > > Isn't memory also an issue? My problem running a tor client on the > Linksys wrt54g was memory ( BCM4710 / 16MB ). > > --Tony Basile > http://opensource.dyc.edu > > > Kyle Williams wrote: > > Hi John, > > Yeah, the 133MHz CPU just isn't going to be fast enough for my needs, > plus > > the extra ports is a bit over kill for this specific application. I know > > the gumstix is a higher price, but it is exactly what I needed. Thanks > for > > the feedback though. All this neat hardware that people are sharing is > > giving me ideas for future projects. > > > > - Kyle > > > > On Tue, Dec 23, 2008 at 8:18 AM, Jonathan Yu >wrote: > > > > > >> Hi: > >> > >> What about the Soekris boards? > >> > >> The lowest end board, net4501, with a case is $173 USD. > >> > >> https://www.soekris.com/shop/product_info.php?products_id=75 > >> > >> 133 Mhz CPU, 64 Mbyte SDRAM, 3 Ethernet, 2 Serial, CF socket, 1 > >> Mini-PCI socket, 3.3V PCI connector. > >> > >> The low processor speed may hinder encryption, but other than that, it > >> looks like it would make a pretty good replacement for Gumstix. > >> Probably not as small, though. > >> > >> It might be nice to note that these boards have been in production for > >> a pretty long time and continue to be so. Also some firmwares like > >> DD-WRT support this hardware. > >> > >> Cheers, > >> > >> Jon > >> > >> On Sun, Dec 21, 2008 at 8:14 AM, Kyle Williams < > kyle.kwilli...@gmail.com> > >> wrote: > >> > >>> Hello Everyone, > >>> I've been working on a project for a couple of months now that I'm sure > >>> would be of interest to some of you. The goal was to apply the same > >>> transparent model coderman and I used with JanusVM and Tor VM into > >>> hardware. I wanted something small that you could connect, power on, > and > >>> use. Literally plug-n-privacy. After several weeks of searching the > web > >>> looking at different hardware configuration, specs, etc, etc, I decided > >>> > >> to > >> > >>> go with Gumstix(.com). > >>> The privacy adapter is a ARM 400MHz Xscale CPU with 64MB RAM (@100MHz), > >>> > >> 16MB > >> > >>> of Flash memory for storage, and *TWO* 10/100 NICs. It uses Linux for > >>> > >> the > >> > >>> OS. > >>> The first thought that many people get, including myself, have is that > it > >>> > >> is > >> > >>> not powerful enough to run Tor. Well, after 2 months of breaking this > >>> > >> in, > >> > >>> I'm very happy with the results. > >>> I ran this as a Tor server for about 4 days, and got a good baseline > for > >>> > >> how > >> > >>> much data it can handle. As a Tor server, it was pushing about > 250KB/sec > >>> (125KB in, 125 KB out). > >>> As a Tor client, the best speed test I got was about 1.2MB/sec. BTW, > >>> > >> that > >> > >>> was after about 45 minutes of "SIGNAL NEWNYM" and speedtest before I > >>> > >> found a > >> > >>> fast circuit. > >>> Here's the URL for what I've got so far. > >>> http://www.janusvm.com/goldy/JanusPA/index.html > >>> It is lacking all forms of documentation, and the source code needs to > be > >>> cleaned up some. > >>> It does have a general description, the index of the soon to come > >>> documentation, openssl speed test benchmarks, pictures, and stats of > when > >>> > >> I > >> > >>> tested it as a Tor server. > >>> After about two months of using it, I've never felt more secure and > >>> satisfied when using Tor. This is a hardware router that routes your > >>> traffic through the Tor network, it's small, and is easy to use. As > for > >>> security, all TCP and DNS are routed through Tor, and everything else > is > >>> dropped. So all the nasty side-channel attacks that us hackers have > been > >>> working on to leak your real IP address are rendered useless. > >>> But there is good news and bad news. > >>> The bad news: > >>> The manufacture (Gumstix.com) is "Phasing Out" this particular setup at > >>> > >> the > >> > >>> end of DECEMBER 2008!! That's in 10 days! Any orders after Dec. 31, > >>> > >> 2008 > >> > >>> will have to be in bulk orders, which is 120 or more units. Shitty. > >>> Because of the short amount of time left to get this hardware, I've > >>> > >> jumped > >> > >>> the gun and chosen to notify the Tor community about this hardware > before > >>> > >> it > >> > >>> is gone or out of a practical price range for most of us. > >>> The good news: > >>> I've been in communication with a very nice gentleman at gumstix who > said > >>> "Gumstix is also working on a netDUO expansion board for Overo, > although > >>> > >> a > >> > >>> release date has not been announced." There is
Re: Perfect MITM attack with valid SSL Certs
On Tue, Dec 23, 2008 at 8:47 AM, Roc Admin wrote: > ... receive a completely valid certificate for a random domain > of his choosing without any questions or verification. > ... the browser pre-trusted certificate authorities > really needs to be cleaned up. this is why i am fond of the petname toolbar to identify server certificates using local trust information rather than assuming any cert signed by any of the dozens of random CA's bundled with Firefox is legit: https://addons.mozilla.org/en-US/firefox/addon/957 for other applications that use system or application CA certificate stores you've got fewer options. if you're really concerned you can extract the few roots you trust into a new certificate store and tell the app in question to validate against those CA's only. supposedly extended validation certs will restore trust in the PKI hierarchy, but i'm not holding my breath... *grin* best regards,
Re: JanusPA - A hardware Privacy Adapter using Tor
Hi Kyle, What about the RB433 or RB433AH which are 300MHz / 64MB / $100 and 680MHz / 128MB / $??? boards? (See http://routerboard.com). I know the extra ports are overkill, but they might handle a better load. Isn't memory also an issue? My problem running a tor client on the Linksys wrt54g was memory ( BCM4710 / 16MB ). --Tony Basile http://opensource.dyc.edu Kyle Williams wrote: > Hi John, > Yeah, the 133MHz CPU just isn't going to be fast enough for my needs, plus > the extra ports is a bit over kill for this specific application. I know > the gumstix is a higher price, but it is exactly what I needed. Thanks for > the feedback though. All this neat hardware that people are sharing is > giving me ideas for future projects. > > - Kyle > > On Tue, Dec 23, 2008 at 8:18 AM, Jonathan Yu wrote: > > >> Hi: >> >> What about the Soekris boards? >> >> The lowest end board, net4501, with a case is $173 USD. >> >> https://www.soekris.com/shop/product_info.php?products_id=75 >> >> 133 Mhz CPU, 64 Mbyte SDRAM, 3 Ethernet, 2 Serial, CF socket, 1 >> Mini-PCI socket, 3.3V PCI connector. >> >> The low processor speed may hinder encryption, but other than that, it >> looks like it would make a pretty good replacement for Gumstix. >> Probably not as small, though. >> >> It might be nice to note that these boards have been in production for >> a pretty long time and continue to be so. Also some firmwares like >> DD-WRT support this hardware. >> >> Cheers, >> >> Jon >> >> On Sun, Dec 21, 2008 at 8:14 AM, Kyle Williams >> wrote: >> >>> Hello Everyone, >>> I've been working on a project for a couple of months now that I'm sure >>> would be of interest to some of you. The goal was to apply the same >>> transparent model coderman and I used with JanusVM and Tor VM into >>> hardware. I wanted something small that you could connect, power on, and >>> use. Literally plug-n-privacy. After several weeks of searching the web >>> looking at different hardware configuration, specs, etc, etc, I decided >>> >> to >> >>> go with Gumstix(.com). >>> The privacy adapter is a ARM 400MHz Xscale CPU with 64MB RAM (@100MHz), >>> >> 16MB >> >>> of Flash memory for storage, and *TWO* 10/100 NICs. It uses Linux for >>> >> the >> >>> OS. >>> The first thought that many people get, including myself, have is that it >>> >> is >> >>> not powerful enough to run Tor. Well, after 2 months of breaking this >>> >> in, >> >>> I'm very happy with the results. >>> I ran this as a Tor server for about 4 days, and got a good baseline for >>> >> how >> >>> much data it can handle. As a Tor server, it was pushing about 250KB/sec >>> (125KB in, 125 KB out). >>> As a Tor client, the best speed test I got was about 1.2MB/sec. BTW, >>> >> that >> >>> was after about 45 minutes of "SIGNAL NEWNYM" and speedtest before I >>> >> found a >> >>> fast circuit. >>> Here's the URL for what I've got so far. >>> http://www.janusvm.com/goldy/JanusPA/index.html >>> It is lacking all forms of documentation, and the source code needs to be >>> cleaned up some. >>> It does have a general description, the index of the soon to come >>> documentation, openssl speed test benchmarks, pictures, and stats of when >>> >> I >> >>> tested it as a Tor server. >>> After about two months of using it, I've never felt more secure and >>> satisfied when using Tor. This is a hardware router that routes your >>> traffic through the Tor network, it's small, and is easy to use. As for >>> security, all TCP and DNS are routed through Tor, and everything else is >>> dropped. So all the nasty side-channel attacks that us hackers have been >>> working on to leak your real IP address are rendered useless. >>> But there is good news and bad news. >>> The bad news: >>> The manufacture (Gumstix.com) is "Phasing Out" this particular setup at >>> >> the >> >>> end of DECEMBER 2008!! That's in 10 days! Any orders after Dec. 31, >>> >> 2008 >> >>> will have to be in bulk orders, which is 120 or more units. Shitty. >>> Because of the short amount of time left to get this hardware, I've >>> >> jumped >> >>> the gun and chosen to notify the Tor community about this hardware before >>> >> it >> >>> is gone or out of a practical price range for most of us. >>> The good news: >>> I've been in communication with a very nice gentleman at gumstix who said >>> "Gumstix is also working on a netDUO expansion board for Overo, although >>> >> a >> >>> release date has not been announced." There is reasonable hope that >>> >> there >> >>> new motherboad product line (the Overo) will at some point have a dual >>> >> NIC >> >>> expansion board. >>> So this is somewhat a conflicting situation. I've spent months working >>> >> on >> >>> this awesome anonymity adpater, and it's about to be discontin
Re: JanusPA - A hardware Privacy Adapter using Tor
Hi John, Yeah, the 133MHz CPU just isn't going to be fast enough for my needs, plus the extra ports is a bit over kill for this specific application. I know the gumstix is a higher price, but it is exactly what I needed. Thanks for the feedback though. All this neat hardware that people are sharing is giving me ideas for future projects. - Kyle On Tue, Dec 23, 2008 at 8:18 AM, Jonathan Yu wrote: > Hi: > > What about the Soekris boards? > > The lowest end board, net4501, with a case is $173 USD. > > https://www.soekris.com/shop/product_info.php?products_id=75 > > 133 Mhz CPU, 64 Mbyte SDRAM, 3 Ethernet, 2 Serial, CF socket, 1 > Mini-PCI socket, 3.3V PCI connector. > > The low processor speed may hinder encryption, but other than that, it > looks like it would make a pretty good replacement for Gumstix. > Probably not as small, though. > > It might be nice to note that these boards have been in production for > a pretty long time and continue to be so. Also some firmwares like > DD-WRT support this hardware. > > Cheers, > > Jon > > On Sun, Dec 21, 2008 at 8:14 AM, Kyle Williams > wrote: > > Hello Everyone, > > I've been working on a project for a couple of months now that I'm sure > > would be of interest to some of you. The goal was to apply the same > > transparent model coderman and I used with JanusVM and Tor VM into > > hardware. I wanted something small that you could connect, power on, and > > use. Literally plug-n-privacy. After several weeks of searching the web > > looking at different hardware configuration, specs, etc, etc, I decided > to > > go with Gumstix(.com). > > The privacy adapter is a ARM 400MHz Xscale CPU with 64MB RAM (@100MHz), > 16MB > > of Flash memory for storage, and *TWO* 10/100 NICs. It uses Linux for > the > > OS. > > The first thought that many people get, including myself, have is that it > is > > not powerful enough to run Tor. Well, after 2 months of breaking this > in, > > I'm very happy with the results. > > I ran this as a Tor server for about 4 days, and got a good baseline for > how > > much data it can handle. As a Tor server, it was pushing about 250KB/sec > > (125KB in, 125 KB out). > > As a Tor client, the best speed test I got was about 1.2MB/sec. BTW, > that > > was after about 45 minutes of "SIGNAL NEWNYM" and speedtest before I > found a > > fast circuit. > > Here's the URL for what I've got so far. > > http://www.janusvm.com/goldy/JanusPA/index.html > > It is lacking all forms of documentation, and the source code needs to be > > cleaned up some. > > It does have a general description, the index of the soon to come > > documentation, openssl speed test benchmarks, pictures, and stats of when > I > > tested it as a Tor server. > > After about two months of using it, I've never felt more secure and > > satisfied when using Tor. This is a hardware router that routes your > > traffic through the Tor network, it's small, and is easy to use. As for > > security, all TCP and DNS are routed through Tor, and everything else is > > dropped. So all the nasty side-channel attacks that us hackers have been > > working on to leak your real IP address are rendered useless. > > But there is good news and bad news. > > The bad news: > > The manufacture (Gumstix.com) is "Phasing Out" this particular setup at > the > > end of DECEMBER 2008!! That's in 10 days! Any orders after Dec. 31, > 2008 > > will have to be in bulk orders, which is 120 or more units. Shitty. > > Because of the short amount of time left to get this hardware, I've > jumped > > the gun and chosen to notify the Tor community about this hardware before > it > > is gone or out of a practical price range for most of us. > > The good news: > > I've been in communication with a very nice gentleman at gumstix who said > > "Gumstix is also working on a netDUO expansion board for Overo, although > a > > release date has not been announced." There is reasonable hope that > there > > new motherboad product line (the Overo) will at some point have a dual > NIC > > expansion board. > > So this is somewhat a conflicting situation. I've spent months working > on > > this awesome anonymity adpater, and it's about to be discontinued without > > knowing an exact date as to when the new line with have the capabilities > to > > do what needs to be done. ugh. I'm very much looking forward to their > new > > product line when a dual NIC expansion board is available, but I don't > know > > when that'll be. If anyone is interested in this, but cannot afford to > buy > > hardware at the moment, please contact Don Anderson (d...@gumstix.com)and > > encourage the idea of extending their phase out date or express and > interest > > in a dual NIC expansion board for their new Overo product line. > > If anyone is interested in getting a hardware based Tor solution, you > might > > want to consider buying a gumstix soon. > > You'll need the following. > > Connex 400mx Motherboard: > > > http://www.gumstix.com/sto
Perfect MITM attack with valid SSL Certs
http://blog.startcom.org/?p=145 Slashdot and others are reporting on this story about how it was possible for a person to receive a completely valid certificate for a random domain of his choosing without any questions or verification. In this case he generated a certificate for mozilla.com from a reseller of the Comodo certificate authority. I'm hoping this is just a single instance but it makes you remember that the browser pre-trusted certificate authorities really needs to be cleaned up. If it's not obvious enough, this is not good for Tor users due to the fact that we try to rely on SSL certificates to make sure that traffic isn't sniffed while using Tor. -Roc Tor Admin
Re: Perfect MITM attack with valid SSL Certs
I'm not certain which way you meant this, but just in the interest of clarification: This sort of attack, or any PKI attacks, *do not* affect the way that tor nodes authenticate or communicate with eachother - that is all based on the directories, signatures, and certificate fingerprints. Those can't be faked without breaking the math involved. Where this does come into play, however, is communicating with external services - smart use of this attack could allow an exit node to snoop on or modify your SSL-encrypted communications. Tor is more susceptible to that than most because anybody can be your exit node. In this instance, the exit node would have to be prepared with certificates for various sites - it couldn't pick any site at random and instantly impersonate that. I think that may have been what you were saying, but I just wanted to state it clearly to avoid misinterpretation. - John Brooks On Tue, Dec 23, 2008 at 9:47 AM, Roc Admin wrote: > http://blog.startcom.org/?p=145 > > Slashdot and others are reporting on this story about how it was possible > for a person to receive a completely valid certificate for a random domain > of his choosing without any questions or verification. In this case he > generated a certificate for mozilla.com from a reseller of the Comodo > certificate authority. I'm hoping this is just a single instance but it > makes you remember that the browser pre-trusted certificate authorities > really needs to be cleaned up. > > If it's not obvious enough, this is not good for Tor users due to the fact > that we try to rely on SSL certificates to make sure that traffic isn't > sniffed while using Tor. > > -Roc Tor Admin >
Re: JanusPA - A hardware Privacy Adapter using Tor
Hi: What about the Soekris boards? The lowest end board, net4501, with a case is $173 USD. https://www.soekris.com/shop/product_info.php?products_id=75 133 Mhz CPU, 64 Mbyte SDRAM, 3 Ethernet, 2 Serial, CF socket, 1 Mini-PCI socket, 3.3V PCI connector. The low processor speed may hinder encryption, but other than that, it looks like it would make a pretty good replacement for Gumstix. Probably not as small, though. It might be nice to note that these boards have been in production for a pretty long time and continue to be so. Also some firmwares like DD-WRT support this hardware. Cheers, Jon On Sun, Dec 21, 2008 at 8:14 AM, Kyle Williams wrote: > Hello Everyone, > I've been working on a project for a couple of months now that I'm sure > would be of interest to some of you. The goal was to apply the same > transparent model coderman and I used with JanusVM and Tor VM into > hardware. I wanted something small that you could connect, power on, and > use. Literally plug-n-privacy. After several weeks of searching the web > looking at different hardware configuration, specs, etc, etc, I decided to > go with Gumstix(.com). > The privacy adapter is a ARM 400MHz Xscale CPU with 64MB RAM (@100MHz), 16MB > of Flash memory for storage, and *TWO* 10/100 NICs. It uses Linux for the > OS. > The first thought that many people get, including myself, have is that it is > not powerful enough to run Tor. Well, after 2 months of breaking this in, > I'm very happy with the results. > I ran this as a Tor server for about 4 days, and got a good baseline for how > much data it can handle. As a Tor server, it was pushing about 250KB/sec > (125KB in, 125 KB out). > As a Tor client, the best speed test I got was about 1.2MB/sec. BTW, that > was after about 45 minutes of "SIGNAL NEWNYM" and speedtest before I found a > fast circuit. > Here's the URL for what I've got so far. > http://www.janusvm.com/goldy/JanusPA/index.html > It is lacking all forms of documentation, and the source code needs to be > cleaned up some. > It does have a general description, the index of the soon to come > documentation, openssl speed test benchmarks, pictures, and stats of when I > tested it as a Tor server. > After about two months of using it, I've never felt more secure and > satisfied when using Tor. This is a hardware router that routes your > traffic through the Tor network, it's small, and is easy to use. As for > security, all TCP and DNS are routed through Tor, and everything else is > dropped. So all the nasty side-channel attacks that us hackers have been > working on to leak your real IP address are rendered useless. > But there is good news and bad news. > The bad news: > The manufacture (Gumstix.com) is "Phasing Out" this particular setup at the > end of DECEMBER 2008!! That's in 10 days! Any orders after Dec. 31, 2008 > will have to be in bulk orders, which is 120 or more units. Shitty. > Because of the short amount of time left to get this hardware, I've jumped > the gun and chosen to notify the Tor community about this hardware before it > is gone or out of a practical price range for most of us. > The good news: > I've been in communication with a very nice gentleman at gumstix who said > "Gumstix is also working on a netDUO expansion board for Overo, although a > release date has not been announced." There is reasonable hope that there > new motherboad product line (the Overo) will at some point have a dual NIC > expansion board. > So this is somewhat a conflicting situation. I've spent months working on > this awesome anonymity adpater, and it's about to be discontinued without > knowing an exact date as to when the new line with have the capabilities to > do what needs to be done. ugh. I'm very much looking forward to their new > product line when a dual NIC expansion board is available, but I don't know > when that'll be. If anyone is interested in this, but cannot afford to buy > hardware at the moment, please contact Don Anderson (d...@gumstix.com)and > encourage the idea of extending their phase out date or express and interest > in a dual NIC expansion board for their new Overo product line. > If anyone is interested in getting a hardware based Tor solution, you might > want to consider buying a gumstix soon. > You'll need the following. > Connex 400mx Motherboard: > > http://www.gumstix.com/store/catalog/product_info.php?cPath=27&products_id=136 > netDUO-mmc/SD expansion board: > http://gumstix.com/store/catalog/product_info.php?cPath=31&products_id=156 > 4.0v Power Adapter: > http://gumstix.com/store/catalog/product_info.php?cPath=28&products_id=148 > Screws and spacer kit: > http://gumstix.com/store/catalog/product_info.php?cPath=28&products_id=161 > This will run you $237.00 USD + shipping and handling. > I would also *HIGHLY* recommend the following because flashing the device > over the network is very, very risky and has resulted in me having to > re-flash it through the serial port ma