Re: Tor,security and web-usability
On Mon, 2006-12-06 at 20:56 -0400, [EMAIL PROTECTED] wrote: > The next question is related to these problems: if I want to create an > email-account with any of the big free webbased mail-services I know, I HAVE > to switch Java and Javascript on, otherwise the configurations will fail. I > understand that configurating, e.g. Yahoo with Tor enabled and the required > Java/Javascript turned on, renders Tors efforts null and void. I could as > well surf openly to Yahoo like say 10 years ago. > Does anybody know of a web-based mail-service, that does not require > Java/Javascript during configuration or use? Or do I have to accept that I > also have to use some remailer to reduce traceability to a secure amount? > You might want to try FastMail (http://www.fastmail.fm) I'm not 100% sure on this as I did not go through the entire process of setting up an account (I have one already) but the account creation page loaded no problem and I can read mail there no problems. Both tested with Tor on, and Java/JavaScript off. Hope this helps. -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Good reason for using Tor/Privoxy
Hi all, came across this little Gem while reading the fine print on a mailing from my ISP "... including the use of web beacons in HTML-based email." In the mailing "web beacons" was linked to: http://privacy.yahoo.com/privacy/ca/pixels/details.html Seem Yahoo has decided to be evil and use WebBugs to track movements all over the place. I've been poking around and they are certainly going out of their way to make it difficult to block the pesky little things that they use on their websites (lots of different file names, in proper size specified to bypass thing that would look for a size of 1x1, etc.). So if you friends/family/colleagues even question Why Tor/Privoxy here is a shining example of why they are important. BTW their "opt-out" option isn't worth the bits that make it up as all they do is set a cookie (yeah.. o.k. I'll let you set permanent cookies so you wont track me with the webbugs. Do they think I'm that foolish? ). Sadly many people will probably miss that it is just a cookie, very correctly flush their cookies and (oops...) opt back in. Anyways, Just figured that this tidbit would be of interest to some here. Take Care, -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Good reason for using Tor/Privoxy
On Tue, 2006-13-06 at 23:34 -0400, Harry Hoffman wrote: > Don't render html or load remote images in client software, otherwise > you are just asking for trouble :-D Too true.. by default my mail client wont even touch remote images.. the problem is Yahoo is using these things on their web pages as well. So things like yahoo groups, yahoo search, etc, etc, are all affected. (or is that infected? :) ). -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Tor bug?: AllowInvalidNodes
On Wed, 2006-16-08 at 18:00 -0400, Nick Mathewson wrote: > But seriously, we're trying to do our best here. > And IMHO, a damn fine job of it too. I think this thread points to some growing pains that Tor may face as it gets larger. Namely, people not understanding the technology, or worse (especially for security technologies) miss-understanding it. I work with people and computers all the time.. and often see people thinking their firewall will stop viruses, that e-mail is secure, etc. I think it might be good to write a "what Tor can and can't do" part of the FAQ. I'd even be willing to take a stab at writing it (time permitting... don't be expecting it tomorrow or anything like that). Sometimes it is useful to state quite clearly things like, Tor can't protect you from social engineering attacks. Tor won't make e-mail secure end-to-end, Tor wont defrag your HD. etc (o.k. that last one is a bit flip.. but you get the point) Once again I'd like to express my thanks to all those that have taken the time to Develop Tor, Tor documentation, etc. I think it is good (for what it is) and getting better. Take Care Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Traffic Logging Suggestion
On Thu, 2006-17-08 at 18:13 -0700, Anothony Georgeo wrote: > Unixgu.ru doesn't seem to be running tor.unixgu.ru > anymore as I can't find this server or derivaties on > <http://serifos.eecs.harvard.edu/cgi-bin/exit.pl> . > > Just to be extra cautious I added there old nic to my > ExcludeNodes list. > > GeoIP data: > > Server: tor.unixgu.ru > IP Address: 85.31.186.26 > Organization: EUserv Internet > Country: Germany > City, State: Jena, 15 > > WhoIS: > > Organization Name: RIPE Network Coordination Centre > Address: P.O. Box 10096 > City, State: Amsterdam , > Postal Code: 1001EB > Country: NL > > Anogeorgeo > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com From some googling I did the Nickname for the tor.unixgu.ru node seems to be/have been torxunixguxru I used that in my ExcludeNodes. After seeing your post I did some double checking and the IP addys match what you posted here. I would also like to thanks Michael Holstein for bringing this point up (back up?). Although I strongly Disagree with uinxgu.ru's actions. There does seem to be a need to educate users to the limitations of Tor. I look around after my earlier post (Sorry, Nick, et al I really didn't mean to fuel that. I was genuinely trying to be helpful.) and found that there is already a very nice write up in the Tor Wiki on the lines of "can and can't do". I do think there is a need for a more condensed version with a link or links to the nice write up on the Wiki. The condensed version being very to the point. i.e. Tor will not protect e-mail,telnet,etc passwords, Tor wont make you anonymous if you use it to log into your (pre-existing) Yahoo account, etc. Many home users I help have only the most limited concept of computer/Internet security issues and sadly no patience for reading anything the seems even remotely technical. I'm still willing to take a stab at writing it as long as the Dev's will proof read if and make sure I don't make any embarrassing misstatements. I think the hardest part will be explaining clearly what Tor CAN do in a non technical way. Take Care Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Quick Concerns re: Traffic injection + Tor Control port
Hi All, The Recent talk about an exit nodes ability to inject/modify traffic got me thinking that this might actually pose a security risk not just for users but possibly for the tor network in general. My thinking went along the lines that it would be fairly trivial for someone experienced in Java or other scripting languages to inject a script that would internally scan the receiving computer for an open Tor control port (read open and non-authenticated) once that was found the script could easily and completely hose up the security of that node by messing with the routing/exitnodes/ControlListenAddress/etc. Bad enough if it is a client tor installation, Tragic is it is an entry/middle/exit node as well. I think the simple solution would be to require authentication if the Tor control port is open. Now just to make a few things clear. I do understand that allowing any scripting when using Tor is hideously bad, but judging from all the clear text passwords going through others may not. I most certainly am not a Java/Java Script wizard and so could be way off on the triviality of such a program. My intent in posting this was not to criticize but to stimulate intelligent conversation on what I perceive as a possible risk to the Tor network. -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Dos attack against my tor node?
Hi All I was examining my system logs tonight and noticed something interesting.. What appears to be an attempt to DoS my tor node. 3 separate attempts spaced about 2 hours apart all from IP's in the same ISP (From "Pacific Internet Thailand"). I've been running the Tor node (middleman node) for a while now and this is the first time I've seen this. So my questions is: is this common have others seen this type of behaviour? Thanks in advance Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Dos attack against my tor node?
Thanks everyone for the feedback, I'm pretty happy with my iptables rules (and they both handled and logged the attack nicely) but I'll take a look around and see if there is any tightening up I can do that I've missed. (protect from more obscure attack vectors etc) -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Tor network failure
On Thu, 2006-07-09 at 08:39 -0500, Arrakistor wrote: > Greetings, > > I am wondering how many others are having this problem. I have tried > different versions of tor from several computers over the last few > days and have been unable to create circuits. I get enough information > to build, but the circuits never open. I have had others complaining > to me about this as well. Anyone else experiencing this? > > Regards, > Arrakistor > Just tried Tor after reading your post and works fine here. The load on my tor node might be a little lighter then usual I'll keep an eye on that (could just be a normal lul). If there are other specific checks I can do please feel free to ask. -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: confiscating middleman-tor-nodes
Just a thought here.. is there anyway that the Dev's or people running the main directory servers could get a list of all the compromised (confiscated) Tor Servers? They should definitely be listed as invalid at the very least. If not outright blacklisted, or at least their key pairs should be, as it would be very hard to be sure that their private keys haven't been compromised. On Fri, 2006-08-09 at 21:55 +0200, linux wrote: > Hello > > mine (stasiServer) has also gone away yesterday. > The public prosecutors authority told me it has to do with child pornography > (CP). > Look like some pervert have used tor to get some CP. :( > He also told me on the phone that they are hunting for traces. > > I have to write a letter to public prosecutors authority to get more > information about what is going on and why. He will answer on monday. > I don't know how this normally happens, but should't they inform me that they > took my server hostet at Strato? > > Big shit :( > > > PS: > Maybe this is the beginning of some kind of anti TOR war because police > cannot > find "terrorists" which are using TOR. But to make TOR more evil in the > public they start saying that perverts are using TOR to get CP. > Just my 2 euro cents... -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Tormap
Nice site.. definitely got my node in the right location.. but has the wrong IP addy for my node. (Rogers did some work in the area (i'm guessing) resulting in my ipaddy changing about 2 weeks ago.) I checked on: http://serifos.eecs.harvard.edu/cgi-bin/exit.pl and They show my IP correctly so it's not me.. (wanted to check that before I pointed it out) Still .. really nice. Has me in the wrong spot when you zoom to street level but that may be due to the old IP addy. On Sat, 2006-30-09 at 19:10 +, Christoph Sieghart wrote: > Hello, > > I just skimmed through the or-talk archives and found a thread about a map of > the TOR network. As the mentioned project seems no longer to exist I want to > point you to > > http://0x2a.at/projects/tormap > > where you can find such a map (via google or via clean jpeg). > > Please comment and suggest features. > > regards, > sigi -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Law & Order: Criminal Intent, Season 6, Episode 10.
Not just you.. I got it again and it behaved exactly as described. Strangely it wasn't like that when it was first put up. (that I recall). I'm taking a look at the video streams now. I'll let you know if I can find anything interesting. On Mon, 2007-05-02 at 16:55 +0100, Andrea Lusuardi - UoVoBW wrote: > thanks for the file, very funny but: > did this happen only in my version - both streamed and downloaded - or > in the beginning there really is a voice saying - very jumpy and with > corrupted video - "in cyberspace everyone can hear your scream" ? > scary... ------ Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: pop3 and smtp over ssh
If you use the port forwarding feature of ssh then you don't need to worry about the exit nodes (other then that they allow ssh). once the ports have been forwarded by ssh you'd connect to them on localhost and they would get tunnelled through the ssh connection so all the tor network would see is the ssh connection going on. hope this helps Freemor On Mon, 2007-05-03 at 12:58 +0800, Kees Vonk wrote: > I would like to connect to a pop3 and smtp server over ssh server (ports > 995 and 465) via tor, but I seems that a lot of exit nodes do not allow > connections to these ports (even though they are always authenticated). > Is there a way of specifying that I only want exit nodes that allow > these ports. If not, can I create a list of exit nodes that allow these > ports and tell tor to only use the nodes on that list (or the reverse of > course: a list of nodes not allowing these ports and tell tor not to use > them). > > Kees > > -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Building tracking system to nab Tor pedophiles
O.K. I've been biting my tongue on this one for a while now. I'll try to keep this short as it is not specifically TOR related As a survivor of childhood sexual abuse. I'm personally getting annoyed by this whole "nab the paedophiles thing". for several reasons: 1.) 90+ percent of sexual abuse of children happen from family members or friends of the family.. so wasting huge resources on 10% while blatantly (and blissfully) ignoring the 90%, does society a huge disservice. by focusing the public's attention on the smallest part of the problem and away from the real problems. 2.) I can almost guarantee that his guys "key words" would trigger on abuse survivors talking in an online support group and I can't even begin to tell you how damaging it would be for an abuse survivor to have to deal with being falsely accused of being a perp. I think what needs to be done here is to create a FAQ or other standard document that will 1.) inform the vastly misinformed public. 2.) list places and ways they can make a difference. I do appreciate that people are actually trying to look at this.. it would just be nice if they were looking at the real problem. in short trying to destroy anonymity (which is necessary for many abuse survivors to begin the healing process) to waste the courts time with illegally obtained evidence, from chasing a small fraction of abusers, while ignoring the real problem and misleading the public while doing so is NOT a service to me nor to society in general. To the people on this list that are all gung ho to stop internet paedophiles I'd suggest you leave TOR alone and get involved with an established group such as perverted justice ( http://www.perverted-justice.com/ ) who have a history of working with law enforcement and making a real difference. Better yet volunteer at your local rape crisis centre. hound your government officials so perps don't walk with a 6 mo sentence after abusing their children for years. etc. I do apologize for the lack of brevity and the slightly OT post. 'nuff said Freemor On Wed, 2007-07-03 at 05:28 +, Fergie wrote: > Hmmm. > > http://blogs.zdnet.com/security/?p=114 > > Comments? > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Warnings on the download page
I've been watching this thread with some interest and as the Talk of mis-onfigured browsers and mis-behaving plug-ins grew I found myself thinking that there must be an easier way to fix the problem. It occured to me that what is needed (at least until a more permenant solution can be found) is a way to stop the offending material from making it to a potentially misconfigured application. So I started thinking about another proxy in the chain to strip all java and java script etc.. it then occured to me that Privoxy can most likely do this if a much more strict action file were written. so my questions are: 1 - Can a modified actions file be made that would strip all Java/javascript, flash, steaming media, etc. From looking at the Privoxy documentation it looks possible so far (but I'm no privoxy guru) 2 - If 1 is possible wouldn't it be easiest to include the stricter action file in the tor/privoxy/vidalia bundle. Tell people "look, a lot of stuff isn't going to fly.. but trust us.. you don't want it too" Just wondering Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Warnings on the download page
On Fri, 2007-09-03 at 10:55 -0800, light zoo wrote: > --- Freemor <[EMAIL PROTECTED]> wrote: > > > > > so my questions are: > > > > 1 - Can a modified actions file be made that > > would strip all Java/javascript, flash, steaming > > media, etc. From looking at the Privoxy > > documentation it looks possible so far (but I'm no > > privoxy guru) > > (Note: Mr. Keil is the authority on Privoxy in this > list so he may have better information.) > > Privoxy doesn't filter HTTPS and IMO that makes > Privoxy a non-starter in regards to filtering. OH yes, makes sense that HTTPS would be untouched. Guess I should have had another coffee before posting. > > > IMO all filtering, User-Agent spoofing, etc should be > handled by the browser (about:config is your friend) > because the HTTP/S protocol is filtered. > > The 'warning' intro Mr. Perry and Mr. Dingledine wrote > should be followed. > http://tor.eff.org/download.html.en#Warning > > > These are the extensions I use: > TorButton > CookiesCuller > QuickJava > NoScript > Flashblock > AdBlockPlus > Filterset G. Updater > RefControl (spoof referrer) > http://www.stardrifter.org/refcontrol/ > > I have my about:config edited to spoof my User-Agent I agree and currently use either a config very similar to yours or use Lynx/elinks for browsing with TOR. I still think that stopping as much evil content as possible inbound has it's merit bit HTTPS does pose a problem .. one possible solution to stop the outbound leakage might be to (and I am certianly not suggesting this be done any time soon) make TOR a virtual interface device. then one could just send all internet traffic through it (oh, trust me I have some small idea of how ugly and complicated this would be.. it'd probably mean very different source trees for Windows/*nix/Mac) So, well just file that in the Porches and other pipe dreams pile. Thanks everyone for the feedback Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Ultimate solution
I've been watching this thread with some interest and just wanted to add my view to the discussion. I think there is a real danger in making TOR too easy. Yes, I do understand that Microsoft and others have created a world of people that want every program to function completely with 3 clicks. For some applications this is a laudable goal. However, when one is dealing with a program that deals with security or anonymity I think it is important that people who intend to use the program take the time and effort to learn. They need to learn what it does, what it doesn't do, how it does it, how it is circumvented, how to check if it is working correctly, etc. One of the major reasons there is so much tracking of personal data on the web is most users lack of responsibility for their own privacy and security. For these reasons, my concern is that making TOR a 3 click wonder will not only further propagate this "some one else will worry about my privacy/security for me" thinking and ultimately would lead people to a false sense of security because they wont properly understand the TOR network, and will blissfully find ways to make their computer leak more then a bucket with no bottom, all the while thinking "oh, it's fine, I've got TOR on, I can see the icon in the systray right there". I feel that rather then head down the 3 click wonder path, it would be better to invest time in reminding users that we are talking about their security, or their anonymity, that as such it is their responsibility, and decidedly worth the time to learn as much as possible about the programs or systems they use to protect it. I would hate to see the day when the TOR team has to waste countless hours and resources to battle complaints that "TOR failed to protect me when I ". Just my thoughts on the subject Freemor P.s. to the tor Dev's -- Yes, I know TOR is not a security application. That just snuck in there as I deal with computer security regularly and often see the same "the computer/internet/isp/mysterious someone" should take care of that for me mentality. On Fri, 2007-23-03 at 02:44 -0700, JT wrote: > Hi, > > why spend hundreds and thousands of hours of coding? > > Is there a browser that doesn't support javascript, java, flash, > quicktime, etc but only pictures so one can read html text and pictures > and can read a normal newspaper? If there is such a browser why not > force Tor users to use it? Make Tor only work with that browser. > > If Tor wants to be an anonymous communication tool it should come in an > entire package. If Tor wants to be successful it MUST come in complete > package. > 90% of the users use it to surf anonymously, the rest use ftp, chat or > whatever. > > How about instead of telling a user to: > > install tor and vidalia > activate tor > install the tor button > intstall the noscript > install flashblock > configure noscript > deactivate flash, etc > install cookie culler > turn off the referer header in the browser > etc > etc > > have them just install the "package for free communication". > That way there is no way they can forget to turn anything off or on. > That way every person that uses the "Tor package for free communication" > can benefit from the expertise of the people that release the package. > All the "hacks" that are published are not against Tor but against the > users "communication package" that the users put together himself. Why > not help/force internet noobs to be safe. > > I know it is called the Tor project but why not extend it to a real > communication package. Vidalia was as good start. Now one step further!! > > Is there a free open source browser that could be shipped with the Tor > package that is fully configured for anonymous surfing and fine tuned to > be most anonymous, set so that it can be only used through Tor? It > should be modified so that a noob can not change the settins by > accident. > > I am not a programmer but this is what must happen. If Tor is only > supposed to be for technical experts and people that hang out in > security forums every day then we should continue as is but if Tor is > supposed to be for the masses(more people more distributed trust) then > there must be a bundle. A package with everything set up for anonymous > browsing where some internet newbie can not possibly reveal his IP by > misconfiguration. The user clicks the setup program Tor installs, the > Tor browser opens, ready to go. No way the surfer can use that browser > without Tor. > > Such a software package would make Moore's publications completely > uncecessary. > > I wish I could help implement this but I am not a programmer. > > But t
Re: Ultimate solution
On Sat, 2007-24-03 at 08:52 -0400, Paul Syverson wrote: > On Sat, Mar 24, 2007 at 12:50:15AM -0400, Freemor wrote: > > > > P.s. to the tor Dev's -- Yes, I know TOR is not a security application. > > That just snuck in there as I deal with computer security regularly and > > often see the same "the computer/internet/isp/mysterious someone" should > > take care of that for me mentality. > > > > I don't understand this statement. Tor was reasearched and developed > by and for the US DoD as an onion routing project, the explicit purpose > of which is security for DoD and other communications: > traffic analysis resistance, DoS resistance, personnel protection, > etc. > > -Paul I can see your point and TOR does have some security applications if used in properly and with those goals in mind. (i.e. only connecting to https or other encrypted endpoints). The main goal of TOR is clearly anonymity. If the main goal was security having data leave the exit nodes in the clear would be a definite no no. I was also just being clear that I did not think of TOR as a firewall/antivirus/anti-malware/etc system when I used the term Security. Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Ultimate solution
On Fri, 2007-23-03 at 22:04 -0700, Andrew Del Vecchio wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: RIPEMD160 > > Freemor, > What if it was done in a way that educates and informs users, such > as how Bastille Linux works? Someone could probably easily create an > installer/GUI config program that teaches the user about network > security as he uses it. I'm no coder, but I understand a good feature > when I see it! This may be why I sometimes act as a buffer between > clients and the techies that can't easily relate to 'noobs'. What do > you like about this idea? > > Gracias, > Andrew > That may be a workable model, and I definitely like the educational side of it. My concern is how would it intercept errors the user was making in non TOR applications. (i.e. warn them that logging into a non https site may leak their password, etc). There are now several viable browsers that users could choose to use with TOR and I think it would be difficult to make such an application as the one you suggest be able to intercept all the various gaffs. In my experience many users will, and do, go out of their way to circumvent their own protection unless very aware of the consequences, and sometimes even then. If they really want to see that funny flash animation on a certain site, they will find a way to do it and then often forget to undo the changes they made there by leaving they selves vulnerable. I'm not saying it's not do-able I'm just not sure how one could implement it given all the various browser, plug-in, etc. combinations that will get thrown at it. Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Ultimate solution
> I'm even more confused. Are you saying anonymity is not a security > property? By "security" are you limiting yourself to confidentiality? > There are many aspects of security, rarely all addressed at once by > any system. One of these is anonymity, which is why one finds > anonymity as a listed topic in the CFP of virtually every major > computer security conference. > > -Paul > Yes anonymity is a type of security and an important one. TOR makes me anonymous it make the data transmission secure up to the point on the exit node, it helps to prevent traffic analysis etc. all of the are security properties. I think the separation is one that exists in my mind. To my thinking TOR makes my communication anonymous, but does not make my communications secure in that everything is in the clear leaving an exit node. So, if I'm wanting secure and anonymous communications I'd have to connect to an encrypting endpoint in which case the SSH/TLS/SSL encryption is making my data secure while tor is making my communication anonymous. Clearly anonymous+encrypted = more secure then just encrypted. However anonymous + easily sniffable by an exit node or anything beyond = anonymous but not secure (encrypted). In the latter case I would need to be very judicial about what data I transmitted as if any of it were identifiable (alone or cumulatively) I will blow the anonymity that TOR provides. In the former case this concern is alleviated so long as I trust the encrypting endpoint. If I don't trust the encrypting endpoint I basically fubar'd That help? Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Ultimate solution
On Mon, 2007-26-03 at 12:47 -0400, Paul Syverson wrote: > > Yes. I understand what you mean now. But you are misusing 'secure' by > saying something is not secure if it is not confidential. As an > imperfect analogy, people sometimes say "home computer" when they are > really only counting it as a computer if it's a wintel box. > > -Paul True, I realized that I probably would have avoided a lot of confusion by choosing more specific terminology. "Secure" is a relative term like "big" where, to use your example "confidential" describes a much more specific condition. I shall endevour in the future to stick to more accurate terms. thanks, for bringing it up. I appreciate the input. Take Care, Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Ultimate solution
On Mon, 2007-26-03 at 23:53 -0700, JT wrote: > You are making a very big mistake! In theory your are correct with what > you are saying but you are assuming the total noob can learn how to safe > anonymously but also give grandma a chance to surf anonymously. Grandma > knows what a browser is but has never heard about encryption or TCP/IP. > I think that if the information is geared to the new user that they will be able to pick it up. You don't need to get all technical to explain everything. you could just say "if your browser doesn't display the lock icon, like when using a banking site, your communication is anonymous but not confidential, and may reveal identifying information." I also think there is a real problem with the "a new user could never understand this" thinking. One should never assume that ones audience is less intelligent then you are. Also, even if the effort manages to only educate 30% of the new users this is far superior to not making the effort and having only the very enthusiastic users who have the skills to dig up the documentation they need being educated. Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: Is this for real?
On Wed, 2007-11-04 at 23:18 -0700, JT wrote: > Hi, > > > The problem is that it does not scale 1:1. > > > > If you set aside the biggest problems: > > - Users with firewalls/NAT routers and lack of knowhow to set them up > > correctly. > > If they can use Tor to surf they should be able to let the Tor server > component also access it. Same program. Don't understand this arguement. Surfing with Tor uses outbound connections, being a server requires inbound connections. Inbound connections will break against a NAT/router that isn't configured correctly as the Nat/router hasn't been told to which internal IP to route incoming connections on a given port. same is true for many Firewalls. > > > And I wouldn't approve of the whole forcing-people either, at least by > > my own moral standards, especially not in a freedom-project like this! > > Where is the force. That would just be the way the program works! Same > thing with emule, freenet, etc, etc. Give and take. No harm done. > I wasn't saying that everybody should become an exit node. > Being "just the way the program works" is force. Just as a government that has a rule "we shoot all dissidents without question.. sorry that's just the way we work" is force. Now providing someone can solve the NAT problem without using UPNP or breaking anonymity I still wouldn't like to see a Tor implementation that defaults to a server. NAT/router/firewall aside there are other problems, Bandwidth shaping/throttling by ISP's, On many ISP's running a server of any kind is a direct violation of their "terms and conditions", in some jurisdictions running a Tor server may be illegal where using the client isn't, etc. So, if Tor were to come "server as default" it absolutely must have a very simple way to turn the server off permanently, which breaks the whole reasoning for having Tor be "server default" and you might as well just provide an easy way to turn the server on and let the user decide based on his, network, isp, legal situation, etc. -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
new TOR seems excessively chatty
hello, I recently upgraded to"tor 0.1.2.13-2~dapper" and although it works very nicely it seems very "chatty". by chatty I mean download 200+ KB every minute from DIR servers. That's gonna add up to a lot of traffic on my ISP account that has a bit cap (60 GB/mo so not worried too much). is there some way to curtail this "chattiness".. if not I'll have to stop leaving tor running all the time. Thanks in advance Freemor excerpts from /var/log/tor/log May 05 01:36:47.667 [info] connection_dir_client_reached_eof(): Received networkstatus objects (size 209145) from server '128.138.207.48:9030' May 05 01:36:47.708 [info] router_set_networkstatus(): Not replacing network-status from directory server "dizum" at 194.109.206.212:80 (published 2007-05-01 19:33:17); we have a newer one (published 2007-05-01 19:34:23) for this authority. May 05 01:37:48.590 [info] connection_dir_client_reached_eof(): Received networkstatus objects (size 209145) from server '88.191.38.143:9030' May 05 01:37:48.628 [info] router_set_networkstatus(): Not replacing network-status from directory server "dizum" at 194.109.206.212:80 (published 2007-05-01 19:33:17); we have a newer one (published 2007-05-01 19:34:23) for this authority. May 05 01:38:55.321 [info] connection_dir_client_reached_eof(): Received networkstatus objects (size 209145) from server '213.114.108.251:9030' May 05 01:38:55.363 [info] router_set_networkstatus(): Not replacing network-status from directory server "dizum" at 194.109.206.212:80 (published 2007-05-01 19:33:17); we have a newer one (published 2007-05-01 19:34:23) for this authority. -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: new TOR seems excessively chatty
O.k. an ~20min log and a copy of the torrc file used in the creation of said log are now at: http://74.98.7.159:16012/Chatty_Tor.zip I hope it help. If you require more info.. please let me know Freemor On Sat, 2007-05-05 at 04:22 -0400, Roger Dingledine wrote: > On Sat, May 05, 2007 at 01:50:23AM -0400, Freemor wrote: > > I recently upgraded to"tor 0.1.2.13-2~dapper" and although it works > > very nicely it seems very "chatty". by chatty I mean download 200+ KB > > every minute from DIR servers. That's gonna add up to a lot of traffic > > on my ISP account that has a bit cap (60 GB/mo so not worried too much). > > is there some way to curtail this "chattiness".. if not I'll have to > > stop leaving tor running all the time. > > You should make a debug level log for us, that lasts for 10 minutes or > so, and post that on some url somewhere. > http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Logs > It sounds like a bug, but it sure could be a lot of them based on > the above hints. :) > > In the mean time, can other people check to see if they're getting > this behavior? I would expect that 0.1.1.26 clients might also be > seeing it. > > Thanks, > --Roger > -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: new TOR seems excessively chatty
O.k. an ~20min log and a copy of the torrc file used in the creation of said log are now at: http://74.98.7.159:16012/Chatty_Tor.zip I hope it helps. If you require more info.. please let me know Freemor (Posting this to or-talk too as it origionally went to the or-talk@freehaven.net reply-to addy that doesn't seem to make it to the group) On Sat, 2007-05-05 at 04:22 -0400, Roger Dingledine wrote: > On Sat, May 05, 2007 at 01:50:23AM -0400, Freemor wrote: > > I recently upgraded to"tor 0.1.2.13-2~dapper" and although it works > > very nicely it seems very "chatty". by chatty I mean download 200+ KB > > every minute from DIR servers. That's gonna add up to a lot of traffic > > on my ISP account that has a bit cap (60 GB/mo so not worried too much). > > is there some way to curtail this "chattiness".. if not I'll have to > > stop leaving tor running all the time. > > You should make a debug level log for us, that lasts for 10 minutes or > so, and post that on some url somewhere. > http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Logs > It sounds like a bug, but it sure could be a lot of them based on > the above hints. :) > > In the mean time, can other people check to see if they're getting > this behavior? I would expect that 0.1.1.26 clients might also be > seeing it. > > Thanks, > --Roger > -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: new TOR seems excessively chatty
Would love to check thaat out for ya but it seems the 0.1.1.26 ubuntu .deb's have evaporated. if you can point me to a location containing proper versions of them I'd be glad to give that a whirl. Thanks Freemor On Sat, 2007-05-05 at 17:23 -0400, Roger Dingledine wrote: > On Sat, May 05, 2007 at 01:16:10PM -0400, Freemor wrote: > > O.k. an ~20min log and a copy of the torrc file used in the creation of > > said log are now at: > > > > http://74.98.7.159:16012/Chatty_Tor.zip > > > > I hope it help. > > If you require more info.. please let me know > > Thanks. This looks like two different bugs, triggered because dizum > has been down for the past 4 days. I've opened a flyspray entry on it: > http://bugs.noreply.org/flyspray/index.php?do=details&id=422 > > In the mean time, can you downgrade to 0.1.1.26 and confirm that you > have the same problems there? You should probably back up your datadir > first to make sure it isn't lost when you downgrade. > > Thanks! > --Roger > -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: traceroute through tor and http proxy?
On Sat, 2007-26-05 at 04:40 -0700, JT wrote: > Yes, that is what I have been doing but it still is no proof that I am > using Tor AND the http proxy when I remove the "." in privoxy config and > replace it with the http proxy IP. > Any other method? You could run Ethereal/Wireshark or Etherape and watch where your outbound traffic is going (i.e. to a Tor node or straight to the http proxy). This won't help with the question of how you are routed through Tor, but if I remember correctly there is a way to get Tor to give you information on your current circuit using the control port. Perhaps the Devs could chime in on that one. Hope this helps. Freemor -- Freemor <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part
Re: ISP TOS restrictions on servers
All the replies prior to this one are quite good.. I just wanted to add one other thing you might need to watch for. Bandwidth shaping. I ran a Tor server for a short while on my home isp account.. they didn't do anything formal to complain. However, after running it for a while (couple of month) I found that my inbound and outbound bandwidth had decreased, by about 20%. I stopped running the server (it was technically a violation of the AUP, etc) and then called tech support about the off speeds once I was fairly sure the server activity wouldn't show up in logs. The handed me a load of bull about line signal levels being off.. and could I please cycle the modem.. (you know, to pick up the new MIB).. and poof my line was fine again. (BTW, I checked the cable modem stats before and after the change.. the signal levels were exactly the same.) anyway.. long story short.. just something you might want to watch for.. Just because it happened to me (I'm not using Verizon) doesn't mean it'll happen to you. Cheers Freemor -- Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: What will happen to Tor after the new German data retention law takes effect?
Hi Everyone, Just wanted to throw out some thoughts. Since, from what's been said here, the draft is about keeping connection data and not content wouldn't it be possible to make Tor nodes (servers and clients) make trivial connections to other servers even just something like a syn<->syn,ack<-fin,rst kind of handshake so that the network load isn't much but any logs would be replete with random connections data obfuscating the actual connections (yes I know security through obfuscation isn't optimal). The time between make/break could be randomized to help muddy the waters. I do realize that this would incur a heavier number of open connections on a server. I'm sure that someway could be found to keep the random connections from overwhelming resources (i.e. connections without active data flow get dropped first if resources get low). anyways just thoughts in the wind.. I'm sure the Tor Devs are probably gnashing teeth and pulling hair as a hundred reasons why it's a bad idea stream through their minds. Take Care Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: Blocking child pornography exits
On Sun, 2007-22-07 at 13:57 -0700, Michael_google gmail_Gersten wrote: > > Short version: If I knew how to build a version of Tor that could be > > used only for Good and never for Evil, I surely would. But I have no > > idea how to do that well, and I don't think anybody else does either. > > (There are proposed solutions to do that. They are bad.) > > Ahh. When you put it that way, there is a simple solution. Remember, the > IP specs define a "malicious" bit that all bad, evil data packets will set if > they are standard compliant. > > So, as long as these evil users comply with the standards, Tor can filter > them out. All done :-). Sadly Evil (users/persons/companies/etc) almost never self identify as such. And so, would fail to set the bit because in their view it doesn't apply. Leaving us with a situation in which only people with a conscious, and a guilty one at that, would set the bit. It has been my experience that most people that fall into the "would set the bit" category are not the ones people need to worry about, but rather persons being far to hard on themselves for human failings. so unfortunatley filtering on the evil bit probably wouldn't help much. as a side note I've always thought it would be neat to packet sniff and see if anyone is actually setting this bit. But I'm routered and thus most of the interesting stuff never makes it to my machine.. I could always DMZ myself I suppose but seems like a lot of work for such trivial curiosity. Have a pleasant day all Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: critical security vulnaribility fixed in Tor 0.1.2.16
Did this end up biting TOR in the ass, or is this a Proactive move? I am just curious as I mentioned this very problem (or something extremely close to it) back in August last year (see: http://archives.seul.org/or/talk/Aug-2006/msg00187.html ) So I'm just wondering it if finally made it to the top of what I am sure is a long To-do list that the DEV's have, or was it actually exploited. I completely understand the need not to release further details until people upgrade but I am looking forward (once things are safe) to hearing how and by whom this was exploited if it was. In either case (exploited/not exploited), Kudos to the Dev's for fixing it quickly and getting the word out. This has left me wondering one thing tho.. My tor was updated auto-magically as I used a Debian based distro and have the official TOR repository in my apt list. So my question is, is there, or could there be some similar form of auto-updating for persons using the windows version of TOR? If not maybe Vadalia could be made to check for TOR updates and pop up notices to the users? ... just a thought. Sadly my coding skills are decades out of date or I'd offer to help. Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: Proposal of a new hidden wiki
Hello all, I've been watching this discussion with some interest. It's an intriguing problem you are working on. Anyways, I was just wondering.. would it not be possible to use a custom configured/hacked version of Freenet that the nodes were their own "micro Freenet" and not connected to the regular Freenet? just a thought. Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: Question about the vulnerability
On Sat, 2007-11-08 at 15:33 -0400, [EMAIL PROTECTED] wrote: > Roger, thank you for your response - I did follow that thread when > it came out and upgraded my systems. The question I have is not > really about the vulnerability but more of a general operational > one - in what situations is the control port actually used? If I am > not running a Tor server but using Tor in client mode, does the > Control Port get used? What is it used for? The control port is used to let you, another program, another computer, control/communicate with TOR. If you just install tor as a client and don't mess about with the config file the control port should be closed by default. if you install a tor/Vidalia bundle the control port will need to be open so Vidalia can control/communicate with TOR Same would go for if you were using TorK, if your TOR is on a net appliance and configured to be controlled/communicate with Vidalia/TorK/etc on another machine. Privoxy doesn't fall into this discussion as it just shuttles data through tor rather then communicating with TOR you can read more on the control port at: http://tor.eff.org/tor-manual.html.en and http://tor.eff.org/svn/trunk/doc/spec/control-spec.txt long story short... if you are using a GUI for tor the control port is most likely open. Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: Filtering traffic from your node - for exit points
Benn reading this thread with some interest and just wanted to add my 2 cents on it.. As anyone who has watched this list for any time should know I'm dead against "filtering" Tor. Not because I like objectionable content but because "filters" are notoriously badly implemented, Subjective, and completely fail to address the real problem (i.e. they don't stop the "evil" people in the least and are at most a minor and trivial inconvenience. So in that vein I just wanted to point out some of the more obvious problems with this proposed filtering scheme On Mon, 2007-10-09 at 14:21 -0700, Torified User wrote: [snipped details of the technical side of the implementation because I'm not addressing the technicalities of this] > > 8) Configure lists/bannedextensionlist: > > .asx # Windows Media Audio / Video > .rar # Similar to zip > .mp3 # Music file > .mpeg # Movie file > .mpg # Movie file > .avi # Movie file > .asf # this can also exploit a security hole allowing virus infection > .iso # CD ISO image > .ogg # Music file > .wmf # Movie file > .bin # CD ISO image > .cue # CD ISO image you're assuming that the "evil" people will be honest about the content. it's really trivial to change the extension to bypass this filter > > 9) Configure lists/bannedmimetypelist: > > audio/mpeg > audio/x-mpeg > audio/x-pn-realaudio > audio/x-wav > video/mpeg > video/x-mpeg2 > video/x-msvideo > video/msvideo > application/gzip > application/x-gzip > application/zip > application/compress > application/x-compress > #application/java-vm Again, assuming the web server in question will properly identify the mime type of the content most things will pass through to the browser fine for downloading even if labelled with an incorrect mime-type (i.e. application/octet-stream or no mime type descriptor) > > 10) Configure lists/bannedphraselist: (watch out for /etc/dansguardian > vs. /usr/local/etc/dansguardian) > > .Include > > 11) Configure lists/bannedurllist: (mine looks like this, again watch > out for /etc/dansguardian vs. /usr/local/etc/dansguardian) > .Include > .Include > .Include > .Include > .Include > .Include > .Include > .Include > .Include this assumes that: 1.) the content is sniffable (i.e. not some sort of encrypted connection, https, vpn, etc.) 2.) The person using the service doesn't use/know other ways to bypass such filters. A couple of personal side notes here. your entire filter set assumes the "bad guys" play by the rules.. they don't TOR already provides a wonderful way to block your node from exiting to all illegal/objectionable materials: reject *:* in tor RC (really about the only effective way to do such) This filter seems to cast a very wide net and thus appears to be aimed more at "objectionable" content rather then "illegal" content. If this is the case then the person implementing it is trying to thrust their world view onto others.. (basically starting their own little repressive regime) I can almost guarantee that these filters would end up blocking resources that are helpful to abuse survivors.. but I guess they don't need or deserve anonymity now do they. Please, as others have stated, do not muck up TOR by trying to make it "safe". You will only end up hurting honest users, slowing things down, making a royal mess. (directed more at others whom might be considering something like this the the original author as I am aware he has stated his server is no longer a going concern). Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Re: Tor 0.1.2.17 causing high latency after 5 - 6 hours
On Sat, 2007-06-10 at 14:51 +0200, Matthieu Dalissier wrote: > I also thought at my ISP limiting my bandwith, after a few phone calls, > they reassured me that limiting bandwith is not part of their policy. > Besides even if i would do illegal p2p traffic the ISP can't just limit > my bandwith because i pay a price for this bandwith. This would be fraud > If i am overloading the Cablemodem with TCP connections, is there a way > i can see it's limits and how much connections that i have? You might want to double check on the ISP limiting bandwidth (although they'll call it something else or deny it was intentional) I'm on Rogers and they are infamous for throttling Bittorrent/gnutella/etc down to 2 kb/s (outbound). I also suffered a drop in bandwidth capacity when I was running a TOR server. As running a server of any kind was a technical violation of their AUP (I say technical because their AUP is so vaguely worded and so overblown that using ping or traceroute could be considered a violation). I desisted the server and after a week or two complained about the drop in bandwidth. they fed me a lie about the signal strength being off (it wasn't I know how to check). and after a few minuted had me cycle the modem so it would pick up the new MIB (which I'm guessing they fixed). So long story short "Bandwidth shaping" is not uncommon on ISP Especially if you use a lot of outbound bandwidth. They screwed up years ago going with an Asymetric bandwidth model and are now suffering for it as more people are needing larger and larger outbound bandwidth (Voip, P2P, Skype, VPNs, etc) just my 2 cents worth. Freemor <[EMAIL PROTECTED]> Freemor <[EMAIL PROTECTED]> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details signature.asc Description: This is a digitally signed message part
Strange problem with Tor/Scroogle
Lately I've been having a near impossible time connecting to http://scroogle.org/ through Tor. I keep getting the error "Privoxy was unable to socks4a-forward your request http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=foo through 127.0.0.1: SOCKS request rejected or failed." all other pages seem to work.. scroogle is up at the time as I can get to it from a non tor-ed connection. Any ideas of what is going on with this? Thanks in Advance. Freemor P.s. and re-Hi's to all those there remember me from before my life went nuts and caused me to have to drop or-talk for while. -- [EMAIL PROTECTED] [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Strange problem with Tor/Scroogle
On Wed, 01 Oct 2008 13:37:38 +0200 Gitano <[EMAIL PROTECTED]> wrote: > [Update] > > Switching back my Tor node to a middleman node allows me again > connecting 'ssl.scroogle.org' directly but not over Tor. > > For me, 'scroogle' is EVIL! Thanks all for the replies.. It's nice to know it wasn't just me or some local problem so for me Scroogle out.. ixquick.com in. (the Mycroft Project even has some nice pre-made ixquick search add-ins for FF at http://mycroft.mozdev.org/search-engines.html?name=ixquick ) Later Freemor -- [EMAIL PROTECTED] [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Scroogle is allowing Tor again [Was: Re: Strange problem with Tor/Scroogle]
On Wed, 01 Oct 2008 10:53:25 -0700 "F. Fox" <[EMAIL PROTECTED]> wrote: > > I think Scroogle's blocking of Tor exit nodes may have been a mistake > in setting up block lists somewhere; I can access it again through > Tor. > > Anyone else want to confirm? yep working here too... thanks for the heads up > > > - -- > F. Fox > Owner of Tor node "kitsune" > http://fenrisfox.livejournal.com -- [EMAIL PROTECTED] [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: any middlemen seeing DoS currently?
On Fri, 07 Nov 2008 16:44:09 +0100 Karsten Loesing <[EMAIL PROTECTED]> wrote: > The problem of clients downloading certificates that often will be > solved with the next alpha. But the main solution is to upgrade the > authority certificate which should happen some time today. > > I think that it might be an idea to send out an official announcement here on or-announce and perhaps on the website to tell people to stop their inactive tor clients (i.e. sudo /etc/init.d/tor stop ) to take the pressure off the exits and middles. When I read the above thread I checked and my computer has been pinging away all day looking for an updated certificate.. and I've only used Tor a little.. It's now turned off till I need it. or the problem is fixed. Take Care, Freemor -- [EMAIL PROTECTED] [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: swap and live CD
On Sat, 22 Nov 2008 14:48:28 +0100 Matej Kovacic <[EMAIL PROTECTED]> wrote: > Hi, > > Ubuntu 8.10 has an option to create live USB disk. It could be also > writable and you can install your own software. > > So you can customize your portable USB stick, have your encrypted > private directory (https://wiki.ubuntu.com/EncryptedPrivateDirectory) > and install Tor. > > But the problem is, that Ubuntu uses swap partition of the host > machine. > > So, how to remaster live image in such a way, that live CD/USB will > not touch swap partition of the host machine? > > Thx for any info. > > Bye, Matej Unless Ubuntu has done something strange it should just be a matter of removing any references to that partition from the /etc/fstab file so they don't get mounted. To be really sure you could remove the swapon commands from the appropriate /etc/rc files. You can use swapon -s to check what swap partitions are currently in use. You can use swapoff to turn off swap partitions manually (not permanent). -- [EMAIL PROTECTED] [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Metasploit Decloak Project v2
On Sun, 14 Dec 2008 18:57:18 -0600 "Roc Admin" wrote: > I just noticed that HDMoore re-released his decloak engine. > > http://metasploit.com/data/decloak > > He's improved some of the attacks from before like java, flash, and > DNS in pretty interesting ways. There's also a test for Microsoft > Office documents which I thought was interesting. From the page: > > When Microsoft Office is installed and configured to automatically > open > > documents, a file can be returned which automatically downloads an > > image from the internet. This can bypass proxy settings and expose > > the real DNS servers of the user. > > > It doesn't seem like there are any new attack vectors but I wanted to > pass it along to see if anyone had comments. > > -ROC Tor Admin Well I must be doing something right... the only IP it showed for me was: External Address204.13.236.244 all the rest showed as "unknown". and the above is definitely not my IP Still good to have something to test my config against tho. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Some Bones to Pick with Tor Admins
On Tue, 10 Feb 2009 15:50:27 -0500 Roger Dingledine wrote: (You need Torbutton 1.2 on Firefox to > have any chance of safe browsing.) > I know that his is a bit off topic so apologies in advance, By the above are you saying that a FF with 0 plugins, 0 extensions, cookies and javascript disables running under its own profile would still be less safe then a loaded browser with Tor button? If so, could you please point me to documentation of the vulnerabilities that Tor button would cover but the completely feature denuded FF would not. Thanks in advance, Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Some Bones to Pick with Tor Admins
On Tue, 10 Feb 2009 18:24:27 -0500 Ted Smith wrote: > To be fair, though, 1, 3, and 4 could be configured away in default > FireFox. Updates can be disabled, flash can be removed, files can be > set to "ask", referrals can be disabled, and UA can be modified in > firefox or in Privoxy. > Thanks all, I've configures out all the things mentioned (as Ted suspected), I just didn't want to list them ad-nauseum in my first post. And "no plug-ins" = NO flash, nothing opens without asking. in fact nothing opens everything that might open has been defaulted to saving the files to be viewed later/offline. I just wanted to check that TorButton wasn't doing some work to cover bugs/faults in FF that would not be covered by a totally locked down/stripped down FF with it own profile the gets cleared when the session end. I not on the Tor button page some references to History probing Not sure if this is possible with Javascript turnd off or not I'll need to dig more. Thanks for the Feedback, Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Some Bones to Pick with Tor Admins
On Tue, 10 Feb 2009 16:51:42 -0700 mark485ander...@eml.cc wrote: > Maybe not many users because Tor's last two versions are buggy and > don't allow them to use it? Still plenty of 98se users out there and > I have 3 browsers now that can use tor safely. course they will not > work on .33 and .34 because tor developers do not adequately test or > code their program. > This is a simple matter, no great task. Maybe they are just lazy? > Or, perhaps they have lives. I just wanted to point out that you could always get a nice old beige box from someone put a small Linux distro on it and route you 98SE machines through Tor on that box. That way, you keep 98se. you keep Tor. Also, having the Linux box as your proxy would also let you unload both tor and privoxy from you 98se boxen. You could even configure iptables to help ensure there are no data leaks from misbehaving win98se appies. Just a though. Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Bittorrent
On Thu, 19 Feb 2009 17:21:33 -0800 "F. Fox" wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted Smith wrote: > (snip) > It's not perfect - since transfers are still done in the clear - but > it does thwart the current most commonly used method for enumerating > users (i.e., scraping the tracker). It also uses almost zero > bandwidth on the Tor network. > I believe that this is a common misconception using Tor in this manner will not hide you from someone scraping the tracker. It will hide you from your ISPs DPI throttling (watching for/blocking connections going to trackers) but what gets reported to the tracker is your actual IP as without that the other peers would be unable to connect to you. So you can use this to get around throttling or blocking but it does not hide you from anti-p2p companies. If people want anonymous transfers they should use/support gnunet, mute or the like. Bittorrent was never built to be annonymous. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Bittorrent
On Fri, 20 Feb 2009 15:36:12 +0100 (CET) "Marco Bonetti" wrote: > On Fri, February 20, 2009 15:02, Freemor wrote: > > but what gets reported to the tracker is your actual IP > > as without that the other peers would be unable to connect to you. > It's not that simple. > [snip] Thanks for the clear and comprehensive response. It's always good to have ones misconceptions cleared up. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Bittorrent
On Fri, 20 Feb 2009 15:36:12 +0100 (CET) "Marco Bonetti" wrote: > On Fri, February 20, 2009 15:02, Freemor wrote: > As you can see at > http://jonas.nitro.dk/bittorrent/bittorrent-rfc.html#anchor18 the "ip" > field is totally optional (many bt clients let you specify your real > ip, usually after you enable a proxy setting), the tracker will > identify your client with the "peer_id", the "port" values and what > you need from / have to offer to the swarm. Many other clients do not let you sent the IP that get reported Transmission for example has the option to connect to the tracker through a proxy but no way to set what IP gets reported. > The tracker response > (http://jonas.nitro.dk/bittorrent/bittorrent-rfc.html#anchor19) will > send you a list of peer_id/ip/port and your own entry will be > composed of your peer_id and and (non torified) port with the exit > node ip. The way I read this it will be the IP that was reported to the Tracker that is included unless none was reported. So if your client is reporting an your IP address (optimal for transfers/ not optimal for privacy) >Data exchange is described at > http://jonas.nitro.dk/bittorrent/bittorrent-rfc.html#anchor21 as you > can read the peers only check if the peer_id is a valid one (it is in > the tracker response), not if the ip address is a known one, in this > way you keep on reporting torified ips to the tracker and the real ip > to the clients you connect to. Peerid is used once the connection is established as we can see from the first paragraph in this section: "Any remote peer wishing to communicate with the local peer must open a TCP connection to this port and perform a handshake operation. The handshake operation MUST be carried out before any other data is sent from the remote peer" if the wrong IP address is specified (and defaulting to the exit node ip by having the client not report one results in a incorrect IP) People wont be able to connect to you at all (you'll be able to download but wont share much back) So from what I see unless you stop you client from sending the IP or the client doesn't send it. then your proper IP will be reported to the tracker. If your client doesn't send your IP and you use tor You will end up in a state that makes your client a total leech? -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: tor removed from ubuntu jaunty
On Sun, 19 Apr 2009 11:24:01 -0500 Matt LaPlante wrote: > A heads-up for fellow Ubuntu users: The tor package has been removed > from Ubuntu Jaunty due to lack of maintainership. > > https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2009-April/007866.html > > - > M@ Thanks for the heads up I'll add it to my growing list of minor annoyances with jaunty.. although I personally was just waiting for the http://mirror.noreply.org/pub/tor experimental-0.2.1.x-jaunty main or equiv. repo to show up :) -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: weird path selection
On Mon, 25 May 2009 11:41:08 -0400 Roger Dingledine wrote: > On Sun, May 24, 2009 at 08:53:24AM -0500, Scott Bennett wrote: > > Someone is up to some shenanigans, methinks. Or perhaps > > someone's copy of tor has a newly discovered bug. I just noticed > > an odd message go by, so I checked the current log file to see how > > often it was happening. It turns out it's happening fairly > > frequently. So far, there have been 348 of them today, beginning > > with > > > > May 24 02:08:04.193 [info] connection_or_connect(): Client asked me > > to connect to myself. Refusing. > > Interesting. Yeah, I've been seeing these lately as well. I added some > more logging, and it looks like the "Client" is actually a wide > variety of previous Tor relays. So somebody out there is trying to > build paths "..., X, moria2, moria2" where X varies widely. > > Is it an attack? I dunno what they'd be attacking. > > My guesses are either a) an alternative Tor client that didn't think > very hard about its path selection, or b) a scientist experimenting > with Tor paths who again didn't think very hard about path selection. > Perhaps someone once again trying to build to 1 hop Tor chain to avoid latency? -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: TOR and HADOPI
On Thu, 28 May 2009 22:25:49 -0700 (PDT) Curious Kid wrote: > > This policy model, applied globally, may put and end to Tor. Imagine > if exit nodes in every country were shut down, yet their operators > were still required to pay for an Internet connection for a long > period of time thereafter. Each country having their own special > blend of banned activities further complicates matters. > > Maybe Tor could go completely hidden. I really can't see how the pay for something you aren't receiving part of this bill will stand any kind of a legal challenge. Cutting off a persons service is one thing. Forcing a person to pay for nothing is almost universally considered theft/extortion. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, 02 Jun 2009 14:52:18 +0400 "Alexander Cherepanov" wrote: > Hello! > > Just stumbled upon a banner injected in html at tor exit node. > Nodes in question: > Thanks for the heads up.. I wasn't getting the injected banners on the link you provided but when I tried: https://torcheck.xenobite.eu.trhcourtney01.exit/ I got an invalid certificate error.. Definitely man-in-the-middle stuff going on here.. Certificate I received for the above belonged to: Issued to Common Name (CN)*.krauscomputer.de Organization (O)Manuel Kraus Organizational Unit (OU)StartCom Verified Certificate Member Serial Number 00:de Issued By Common Name (CN)StartCom Class 2 Primary Intermediate Server CA Organization (O)StartCom Ltd. Organizational Unit (OU)Secure Digital Certificate Signing Validity Issued On 08-06-25 Expires On 09-06-25 SHA1 Fingerprint 6a:cd:f2:9d:32:4d:c8:c6:af:d9:27:42:09:e2:62:57:49:c8:d0:1e MD5 Fingerprint B1:11:1f:5e:f8:47:38:d4:08:06:28:66:db:91:cf:7f Needless to say this is not the correct certificate. This is a very unfriendly exit node. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, 02 Jun 2009 "Freemor" wrote: Some rather silly stuff.. Appoligies for the proceeding post.. Certificate is correct.. The .trhcourtney01.exit/ Was throwing the browser into complaining that the certificate didn't match. I really must learn not to post before having my morning coffee. I've tried a couple of other sites now and there definitely is banner injection going on... looking into the html source now to see if there are other exploits. Strange the the provided link didn't have injection... Adaptation on the nodes part? -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Banners injected in web pages at exit nodes TRHCourtney*
On Tue, 2 Jun 2009 05:36:43 -0600
John Brooks wrote:
> Definitely abusive. Fortunately, because of how nearby most of the IPs
> are, Tor will treat them as family even if the operator neglected to,
> so it doesn't pose a risk to anonymity (other than the one outlying
> node, but even then it's a maximum of two), but this definitely looks
> like a badexit situation.
>
> Honestly, why does somebody run a tor node if they keep
> connection/session logs? Seems like an odd place to look for a
> paycheck.
>
> - John Brooks
>
Might be worse then that.. at least for improperly configures clients..
there deos seem to be javascript injection:
http://courtney.nullroute.net/2lol.gif";
style="display:none">
body {
margin: 0 0 0 0 !important;
}
#Banner2 {
width:728px;
height:90px;
}
#textme {
font-family:arial;
color:#333;
font-size:11px;
}
When I Followed
http://courtney.nullroute.net/openx-2.8.1/www/delivery/spcjs.php?id=1
it had an interesting bit bit of code which linked to:
http://courtney.nullroute.net/openx-2.8.1/www/delivery/fl.js
Which tries to load up SWF objects..
Haven't picked it all apart yet (still no coffee) but I'm guessing it's
either decloaking attempts or exploit attempts.
--
free...@gmail.com
free...@yahoo.ca
This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
signature.asc
Description: PGP signature
Re: A Few Random Thoughts...
On Fri, 26 Jun 2009 08:16:00 -0400 Michael wrote: > > Quite frankly Tor is an undervalued IT tool and it's capabilities > should be trumpeted loudly on the web page. You might also find IT > guys like me throwing up some relays in exchange. After all- who has > the bandwidth anyway? > I second this thought and have used Tor for many of the same things. Tor is immensely helpful when I was dealing with an ISP that had consistent DNS server problems. It is great for checking if my small web server is up (my current ISP blocks connections to oneself). I think that it would be an excellent Idea to have some of these uses of Tor promoted on the website. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: 25 tbreg relays in directory
Nice work tracking that down.. Thanks for the info and time. I'm not a Tor dev but as a person working with/in IT, I can appreciate the time and legwork involved.. so thanks. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Obfuscated URLs?
On Tue, 30 Jun 2009 11:47:33 -0700 (PDT) Martin Fick wrote: > > I envision an onion encrypted URL along with the exact path through > tor (the three hops) also onion encrypted. This would be similar > to the way a client normally wraps requests through tor, but the > wrapping would happen up front and then the wrapper would become > the "Obfuscated URL" which could be handed off to someone else > obfuscating both the path through tor and the final destination to > the person receiving the "Obfuscated URL". > > An interesting idea. I see two possible problems with it. Firstly I'm not sure storing the route is useful. Due to the nature of Tor some relays may not be up all the time so having them hard coded in the URL could be a path to failure. Also I am not sure there would be any security advantage (other then possibly specifying the exit node to keep it in a friendly jurisdiction or something .. but this too has it's potential problems (see next point). Secondly this idea seems more suited to malicious uses (obviscated URL to exploit site/etc) then to the more dissident need for anonymity. (I could be wrong. I welcome some examples to get me thinking in the right lines.). One of the reasons I say this is that if the information is not running on a hidden server then it will most likely be found and shutdown. Since anyone that could use these URLs would need to have TOR installed and running I'm having a hard time seeing the advantage to this over a .onion URL. (Again I welcome examples) Just my thoughts Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Obfuscated URLs?
On Tue, 30 Jun 2009 13:34:45 -0700 (PDT) Martin Fick wrote: > In my scenario, the point of hard coding the path is to > obfuscate the final URL, how could this be done > differently? In this scenario, it requires all 3 nodes > to decrypt the final URL, one node by itself cannot, > this should provide the same protection that you get > today by surfing with tor, should it not? It should. But hidden services provide this functionality already. I do understand the potential difficulties in setting up a hidden service. But I think it would be easier to automate this aspect of Tor then to write a new protocol. (some more thoughts on this below) > I don't see why this is more open to abuse than the > general tor network, could you explain your reasoning? Agreed.. I'm a security minded IT guy and since drive-by-downloads are the top vector for computer infection any time I hear "obvascated URL" and "Untraceable" in the same paragraph the is a knee jerk reaction to see the security implications. > > As for use cases, I envision that as a simple whistle > blower or reporter, I would post my content on various [snip] OK I now have a clearer idea of what you are wanting to do: 1). Simple anonymous publishing 2). Remove the single point of failure that a a hidden service may represent 3). Plausable deniability by not having the information hosting tied to you. I think that this could be solved in a couple of different ways. 1). Someone sets up a hidden service that automatically re-directs to the content hosted on non-Hidden sites the URL would probably end up looking like: http://blahblahblah.onion?3gYzX2(url_part)&egrtyebefrs(hashed password part) one could argue that there is still a single point of failure but if it was popular enough I'm sure it could be hidden mirrored. 2.) GnuNet may be much better suited to what you are looking to do. It already has a lot of these features (see http://gnunet.org ) Once you inserted the information into GnuNet you could share the hash for it in as many open sites as you wanted. As for making the content password protected GnuPG would work wonders for this (prior to insertion of course) Regards, Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: The dh small subgroup confinement attack and Tor
On Sun, 9 Aug 2009 04:53:15 -0700 (PDT) Curious Kid wrote: > > Maybe not a good week. > > Browser flaws expose users to man-in-the-middle attacks > http://blogs.zdnet.com/security/?p=3950 > > Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS > Deployments > http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf > > > > Interesting paper thanks for posting the link to it. I've given it a quick once over and from what I can see all variations of this attack require scripting of one sort or another. Since the recommended way to run a Browser on Tor is with ALL scripting disabled, this shouldn't effect people that are configured correctly. Of greater concern for me is if NoScript which I use for my non Tor browsing would catch this or not. Does anyone know if NoScript relies on the browser for the context of a frame or does it check the origin it self? -- free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Javascript security question
On Fri, 21 Aug 2009 09:25:15 + (GMT) Sadece Gercekler wrote: > I know that enabling javascript is insecure. But my question is > specific to gmail, google reader, yahoo mail, and blogger.com. These > are the sites I'm mainly accessing. > > Do you think enabling javascript for these sites can be OK? > > Thanks > > > It's not safe.. The problem isn't the sites you are visiting.. The problem is that an Evil exit node can inject javascript into any (non https) page you are viewing. yahoo mail falls into this category, as could google reader and blogger.com (you can force google reader to https but it is easy to forget). The clever use of javascript can pose many security risks other then simply unmasking your IP address. I would STRONGLY advise against using TOR with javascript enabled. (unless you explicitly trust (own/administer) the exit node.. but this presents problems of it's own ;) ). Regards, Freemor -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Javascript security question
On Fri, 21 Aug 2009 13:39:47 + (GMT) Sadece Gercekler wrote: > Thanks everybody for the explanation. > > So the exit node I'm using can be Evil and there is no way I can know > this. If so, is it wise to use the Tor network even with javascript > disabled? > Using a properly Locked down browser (Torbutton/etc), and staying as much as possible to encrypted connections (https) It is possible to use Tor "fairly" safely. Remember, using the open Internet is largely an exercise in trust. you trust that none of the system between you and yahoo will eavesdrop and you trust that none of them will inject anything. Both of these are Basically huge assumptions anytime you are not using SSL or some other secure end-to-end encryption. ISPs do inject (Rogers here in Canada played with it). ISPs do eavesdrop (phorm/BT). So I try to use https/etc as much as I can anyways. Considering the above (and I'm sure others will add a few points). you need to get as informed as possible on both TOR and the open net and then make an informed risk assessment. Are the risks greater then the open net? Is the anonymity worth the risk? Can I do it all over SSL? etc? Regards, Freemor -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Supercookies
On Fri, 21 Aug 2009 10:10:53 -0400 Ted Smith wrote: > On Fri, 2009-08-21 at 07:47 +, Paul Ferguson wrote: > Am I the only person who thinks it is generally a bad idea to keep > adding surface area to a browser that is supposed to be anonymous? If > we have an extension to rein in a plugin, and an extension for that > extension, that is a _lot_ more potential for exploits than just > removing that plugin. You're not alone. I use a seperate browser for Tor and it is completely stripped out no plugins, java/javascript disables, defaults to saving to disk rather then opening stuff. etc. I think the problem that people are bumping into is that many of the "popular" sites are unfriendly to such a browser if not down right hostile. The old ideal of "fail gracefully" seems lost on modern web designers. It seems little attention is paid to the fact that not everyone has a super fast machine, flash 10, ie7, ff3.x, etc., Of course the other side of the problem is that few people try to hold such sites to account. IMHO All sites should work (display something useful even if not as functional as the "full" site) with browsers as basic as Lynx. Regards, Freemor -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Annoying loop situation
On Fri, 21 Aug 2009 22:33:07 +0100 Bob Williams wrote: > At this point, http://config.privoxy.org/ shows me I'm that privoxy > is enabled, but if I then disable torbutton, I also lose my privoxy > settings, and it reverts to 'No proxy.' i had this same problem once ages ago.. To fix it I had to un-install tor button. go into preferences and set the networking to have nothing in the proxy settings. (not just hitting the "direct connection" but actually blanking all the fields first) save those settings. re-install tor button. Hope this helps, Freemor Seemed to me atthe time what was happening is that TorButton seemed to store how you proxy settings were set when it was installed.. changing them after that wasn't picked up.. the only way to get to stored Tor with Torbutton off settings out was to uninstall tor button so it would pick up the blank settings on the re-install. -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Tor a carrier for Botnet traffic?
On Tue, 1 Sep 2009 10:51:58 -0400 krishna e bera wrote: > > Until some security forensics people document that Tor is being used > in real botnets, i don't think new policies restricting Tor usage > are called for. > > I'm on the same page here until I see a properly documented case of Tor being used as a CnC channel or in some other way by a bot net I'm going to chalk it up to FUD. To the OP the open Internet carries FAR more botnet traffic.. perhaps we should block the entire net? If you want to stop botnets.. educate people. Teach them how not to get infected. Teach them how to tell if they are infected. Teach then to use firewalls that are not outbound leaky and are on an independent machine used just as a FW with no remote admin. Proper security practises would do far more to stop Botnets then worrying about Tor. -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Tor a carrier for Botnet traffic?
On Tue, 1 Sep 2009 11:38:42 -0500 (CDT) Scott Bennett wrote: > You raise a good point. Nevertheless, *we* aren't the ones doing > the banning, rather the ISPs are (e.g., Comcast in the U.S.), and the > ISPs are certainly not going to ban Windows. > There's been quite a few times that, when I've called an ISP to > try to get them to fix a problem on their end, I've been told that > they don't support FreeBSD, which, of course, is irrelevant. I don't >... [snip] You bring up a good point Scott about the Tor website referring to Tor as a server. The truth is that it is much closer to a router or proxy. The problem as I see it however is that ISPs that have AUP against servers usually include proxies as a no-no.. in fact I've seen some so broad as to claim that using ping or trace-route are "hostile" and grounds for disconnection. So I agree that the wording on the Tor site probably should be changed. I however doubt it will do much to convince errant ISPs. from what I have seen the thing that sets off hostile attitudes by some ISPs (I'm in Canada mind) is too much outbound traffic. This is especially true for ISPs that consistently oversell their bandwidth. (a la Rogers). Regards, Freemor -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Cannot Load The Onion
On Fri, 25 Dec 2009 10:17:46 -0800 Seth David Schoen wrote: > Programmer In Training writes: > > > 504 Connect to www.theonion.com:80 failed: SOCKS error: connection > > refused > > Perhaps The Onion has something against the onion router. > Loads fine for me via tor/privoxy. -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Pidgin with TOR
On Thu, 31 Dec 2009 07:10:21 -0500 Flamsmark wrote: > 2009/12/31 emigrant > > > hi all, > > i am using the pidgin with ubuntu. and i installed TOR as well. > > i want to set up TOR to one of the yahoo accounts in pidgin. > > so i went to proxy settings and changed the gnome proxy setttings > > into socks5 and host 127.0.0.1 and port 9050. > > but each time i restart pidgin the yahoo account wont' start. i > > think its may be due to yahoo email is opened? > > > > how can i solve the problem? > > > > thank you very much. > > > > > Port 9050 is your web proxy (probably Polipo). Pidgin wants to use a > Socks proxy, so you should set the port to 8118, which is where Tor > itself is listening. Um... 9050 is TOR and SOCKS5. 8118 is Privoxy and HTTP. see: http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO/InstantMessaging and/or http://www.privoxy.org/user-manual/quickstart.html His problem is more likely due to Yahoo changing their protocol and breaking Pidgin yet again. It happens quite regularly. One of the many reasons I stopped using Yahoo. Regards, Freemor -- free...@fastmail.fm free...@gmail.com This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
