Re: New tor debs repo live
Il 16/09/2009 06:11, Roger Dingledine ha scritto: Peter (our Debian guy) plans to continue updating the debs at noreply.org for a while. The current plan is to do it until the current signing subkey for the noreply repository expires (another year or so). At that point users will think it's broken anyway, so the easiest fix will be to update their repository address. This news should go to the blog and the home page sooner or later. Jan
Re: New tor debs repo live
Andrew Lewman schrieb: You can find the updated signing key and instructions at https://www.torproject.org/docs/debian#ubuntu May be, you can add the fingerprint of the OpenPGP signing key to the instructions. Thanks. Karsten N.
Tor and Java
Hi, Roger and I recently decided we should have a list centering around Tor and Java development. The tor-java list is now live and is welcoming new subscribers: http://archives.seul.org/tor/java/ Best, Jacob signature.asc Description: OpenPGP digital signature
Re: Tor and Java
Jacob Appelbaum wrote: Hi, Roger and I recently decided we should have a list centering around Tor and Java development. The tor-java list is now live and is welcoming new subscribers: http://archives.seul.org/tor/java/ Best, Jacob Why? What are the issues? -- Anthony G. Basile, Ph.D. Chair of Information Technology D'Youville College Buffalo, NY 14201 USA (716) 829-8197 signature.asc Description: OpenPGP digital signature
Unsubscribe
Unsubscribe Angela Morley Computer Specialist Salem State Information Technology Services 978-633-3965 General Manager, WMWM Salem 352 Lafayette St, Salem, MA 01970 978-542-8501 Columnist, The Silver Onion (http://silveronion.net) President, Salem State ACM Club
Re: Vidalia exit-country and Hulu
On Tue, Sep 15, 2009 at 7:26 PM, bao song michaelw...@yahoo.com.au wrote: Some time ago (2008) I read about a Canadian who used Tor to view Hulu. I tried it from outside the US, and it worked, but the speed was too slow for me to use it regularly. Today, a clip from Hulu was highly recommended by the New York Times, so I tried again: Hulu now tries to block all attempts to connect via Tor. I tried two US exits, and both were blocked. Of course, the idea of Tor is NOT to allow people to watch high bandwidth commercial videos restricted to US audiences, but to allow people who need privacy to obtain it. [clip] You seem to understand the burden such activities place on the Tor network, in which case I'm curious what reason one might have for accessing Hulu anonymously? (Genuine question, not a snide comment) -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net
Re: Vidalia exit-country and Hulu
On Wed, Sep 16, 2009 at 1:23 PM, Flamsmark flamsm...@gmail.com wrote: On Wed, Sep 16, 2009 at 10:02, Brian Mearns bmea...@ieee.org wrote: On Tue, Sep 15, 2009 at 7:26 PM, bao song michaelw...@yahoo.com.au wrote: Some time ago (2008) I read about a Canadian who used Tor to view Hulu. I tried it from outside the US, and it worked, but the speed was too slow for me to use it regularly. Today, a clip from Hulu was highly recommended by the New York Times, so I tried again: Hulu now tries to block all attempts to connect via Tor. I tried two US exits, and both were blocked. Of course, the idea of Tor is NOT to allow people to watch high bandwidth commercial videos restricted to US audiences, but to allow people who need privacy to obtain it. [clip] You seem to understand the burden such activities place on the Tor network, in which case I'm curious what reason one might have for accessing Hulu anonymously? (Genuine question, not a snide comment) If such material (western TV) is deemed inappropriate by the local authorities, then you wouldn't want them to know that you were accessing it. It might not be of life-or-death importance that you did manage to access it for entertainment, but you would nonetheless desire anonymity. [clip] Understood, thank you for informing me. =) -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net
I Write Mass Surveillance Software
http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_software_that_runs/ Thoughts? also, I realized that two of the posts I've made this this list have now been reddit-related. Sorry about that. But I'd really like to know what you all make of this. He doesn't give very many specifics, unfortunately. What do you think his 'sidestepping' is? R
Re: I Write Mass Surveillance Software
On Wed, Sep 16, 2009 at 5:01 PM, Rich Jones r...@anomos.info wrote: http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_software_that_runs/ Thoughts? also, I realized that two of the posts I've made this this list have now been reddit-related. Sorry about that. But I'd really like to know what you all make of this. He doesn't give very many specifics, unfortunately. What do you think his 'sidestepping' is? The hostility on reddit is odd and unfortunate. The obvious sidestepping is MITM-ing connections for users then shove manipulated binaries at them which disable encryption, leak key material, or intercept keystrokes ... or simply perform degradation attacks, either forcing protocols to less secure modes, or simply blocking or massively slowing secure connections to make the user switch to something insecure. These have the enormous downside of being detectable active attacks. Not something you could afford to apply frequently against general public unless you were willing to tip off your primary target that you were watching. Then again— with ISPs like comcast injecting RST packets, would a degradation attack be distinguishable? Less obvious sidestepping would include things like simply monitoring the remote side with the expectation that they won't be as prudent with security as your primary target. Black-helicopter mode sidestepping would be having pre-arranged back doors in popular operating systems or client software.
Re: I Write Mass Surveillance Software
On Wed, 16 Sep 2009 17:26:31 -0400 Gregory Maxwell gmaxw...@gmail.com wrote: On Wed, Sep 16, 2009 at 5:01 PM, Rich Jones r...@anomos.info wrote: http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_= software_that_runs/ Thoughts? also, I realized that two of the posts I've made this this list have now been reddit-related. Sorry about that. But I'd really like to know what y= ou all make of this. He doesn't give very many specifics, unfortunately. Wha= t do you think his 'sidestepping' is? The hostility on reddit is odd and unfortunate. The obvious sidestepping is MITM-ing connections for users then shove manipulated binaries at them which disable encryption, leak key material, or intercept keystrokes ... or simply perform degradation attacks, either forcing protocols to less secure modes, or simply blocking or massively slowing secure connections to make the user switch to something insecure. These have the enormous downside of being detectable active attacks. Not something you could afford to apply frequently against general public unless you were willing to tip off your primary target that you were watching. Then again=E2=80=94 with ISPs like comcast injecting RST packets, would a degradation attack be distinguishable? I wondered why my system sent so many RSTs that it sometimes self-limited them. I dealt with the problem by setting net.inet.tcp.blackhole=2 to stop sending RSTs for ports that had no listener. I later discovered that Comcast runs port scanners against its own customers' IP addresses, so most likely Comcast itself was responsible for the output RST overloads my system had been getting. I did not know, however, that Comcast was also sending bogus RSTs, which I think would simply be dropped by most TCP/IP stacks. Less obvious sidestepping would include things like simply monitoring the remote side with the expectation that they won't be as prudent with security as your primary target. Black-helicopter mode sidestepping would be having pre-arranged back doors in popular operating systems or client software. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: I Write Mass Surveillance Software
On Wed, 2009-09-16 at 17:01 -0400, Rich Jones wrote: http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_software_that_runs/ Thoughts? also, I realized that two of the posts I've made this this list have now been reddit-related. Sorry about that. But I'd really like to know what you all make of this. He doesn't give very many specifics, unfortunately. What do you think his 'sidestepping' is? R The jig is up guys, apparently lateral thinking bypasses Tor. signature.asc Description: This is a digitally signed message part
Re: I Write Mass Surveillance Software
It's not clear that he said that. He was sufficiently evasive to so many questions, that there are lots of ways to put it back together. It's also not clear what sort of threat his software poses. Does it do OS attacks, degradation? We just don't know what he means. On Thu, Sep 17, 2009 at 00:25, Ted Smith ted...@gmail.com wrote: On Wed, 2009-09-16 at 17:01 -0400, Rich Jones wrote: http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_software_that_runs/ Thoughts? also, I realized that two of the posts I've made this this list have now been reddit-related. Sorry about that. But I'd really like to know what you all make of this. He doesn't give very many specifics, unfortunately. What do you think his 'sidestepping' is? R The jig is up guys, apparently lateral thinking bypasses Tor.