[tor-talk] CAPTCHA for getting bridges too strong

2014-03-30 Thread Артур Истомин
It is very strong. I was trying more than ten times and did not solve
it. I am realy do not need bridges, but for those who need, this way
getting bridges (through web page and CAPTCHA) is useless.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] CAPTCHA for getting bridges too strong

2014-03-30 Thread Soul Plane
On Sun, Mar 30, 2014 at 12:58 AM, Артур Истомин art.is...@yandex.ru wrote:

 It is very strong. I was trying more than ten times and did not solve
 it. I am realy do not need bridges, but for those who need, this way
 getting bridges (through web page and CAPTCHA) is useless.

 Maybe they could do something like this instead:
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


[tor-talk] About CAPTCHA and mailservice

2014-03-30 Thread force44
Hello,

I saw this service at https://funky-mail.net/

CAPTCHA is funny, not sure that any robot may break it?

Mailservice is good to RECEIVE mails, tried it a few times. Sending Is not 
possible as it is a paid service with e-currencies that have disappeared. Site 
seems to be discontinued, anyway I have asked a free test to send mails and am 
expecting a reply :)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


[tor-talk] DNS leak in FF 27.0?

2014-03-30 Thread grarpamp
Anyone seeing a dns leak in FF 27.0 when first visit of session
is to bitcoincharts.com? socks_remote_dns is true.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


[tor-talk] PoC: End-to-end correlation for Tor connections using an active timing attack

2014-03-30 Thread grarpamp
Making the rounds on various lists...

http://git.thejh.net/?p=detour.git;a=blob;f=README;hb=HEAD
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] CAPTCHA for getting bridges too strong

2014-03-30 Thread Moritz Bartl
On 03/30/2014 06:58 AM, Артур Истомин wrote:
 It is very strong. I was trying more than ten times and did not solve
 it. I am realy do not need bridges, but for those who need, this way
 getting bridges (through web page and CAPTCHA) is useless.

This is a known problem, a fix is being worked on.

-- 
Moritz Bartl
https://www.torservers.net/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] CAPTCHA for getting bridges too strong

2014-03-30 Thread Lunar
Moritz Bartl:
 On 03/30/2014 06:58 AM, Артур Истомин wrote:
  It is very strong. I was trying more than ten times and did not solve
  it. I am realy do not need bridges, but for those who need, this way
  getting bridges (through web page and CAPTCHA) is useless.
 
 This is a known problem, a fix is being worked on.

Actually the new version of BridgeDB deployed 4 days ago should have
vastly improved the situation. See:
https://bugs.torproject.org/10809

-- 
Lunar lu...@torproject.org


signature.asc
Description: Digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


[tor-talk] fresh TBB is damaged and can't be opened on Mac OS X

2014-03-30 Thread lee colleton
Trying to open TorBrowserBundle_en-US from
TorBrowserBundle-3.5.3-osx32_en-US.zip produces an error:

TorBrowserBundle_en-US is damaged and can't be opened. You should move it
 to the Trash.


What to do?

--lee
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] fresh TBB is damaged and can't be opened on Mac OS X

2014-03-30 Thread Roger Dingledine
On Sun, Mar 30, 2014 at 12:50:49PM -0700, lee colleton wrote:
 Trying to open TorBrowserBundle_en-US from
 TorBrowserBundle-3.5.3-osx32_en-US.zip produces an error:
 
 TorBrowserBundle_en-US is damaged and can't be opened. You should move it
  to the Trash.
 
 
 What to do?

First check the signature and see if you have a genuine accurate copy
of TBB. It sounds like you probably don't. If you don't it's probably
because of a failed download, rather than somebody malicious -- try
downloading it again?

You might also like
https://blog.torproject.org/blog/ways-get-tor-browser-bundle

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] Pirate Linux 2.0 alpha

2014-03-30 Thread intrigeri
Hi,

AK wrote (30 Mar 2014 20:14:06 GMT) :
 More details are here: https://piratelinux.org/?p=567.

Interesting, thanks!

Where can I read about the threat model this system is meant to address?

Cheers,
--
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] Pirate Linux 2.0 alpha

2014-03-30 Thread AK
Hi

I was expecting you to ask something like that :). Well for now it just an
alpha version, so I would not count on it for robust security. In fact,
security is not the main focus of this project (unlike Tails and Liberte).
Of course, it should still be reasonably secure, but I am focusing more on
ease of use and privacy, rather than bulletproof security. If there is
enough interest, I will make a formal document outlining the model, since I
have been asked this before.

Cheers


On Sun, Mar 30, 2014 at 2:33 PM, intrigeri intrig...@boum.org wrote:

 Hi,

 AK wrote (30 Mar 2014 20:14:06 GMT) :
  More details are here: https://piratelinux.org/?p=567.

 Interesting, thanks!

 Where can I read about the threat model this system is meant to address?

 Cheers,
 --
   intrigeri
   | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
   | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsubscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] fresh TBB is damaged and can't be opened on Mac OS X

2014-03-30 Thread Matt Pagan
Roger Dingledine:
 On Sun, Mar 30, 2014 at 12:50:49PM -0700, lee colleton wrote:
 Trying to open TorBrowserBundle_en-US from
 TorBrowserBundle-3.5.3-osx32_en-US.zip produces an error:

 TorBrowserBundle_en-US is damaged and can't be opened. You should move it
 to the Trash.


 What to do?
 
 First check the signature and see if you have a genuine accurate copy
 of TBB. 

If you still get the same message after verifying the signature of your
download [0], press the Control-key, then click on the Tor Browser
Bundle icon. Choose 'Open' from the shortcut menu, then click 'Open'.

The app is saved as an exception to your security settings, and you
will be able to open it in the future by double-clicking it, just
like any authorized app [1].

Apple's condition regarding signing applications are currently not
friendly at all to the security needs of a project like Tor. We will
hopefully resolve the issue at some point [2].

[0]: https://www.torproject.org/docs/verifying-signatures
[1]: https://support.apple.com/kb/PH14370?viewlocale=en_US
[2]: https://trac.torproject.org/projects/tor/ticket/6540


-- 
Matt Pagan
m...@pagan.io
PGP: 0xE9284418E360583C
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] fresh TBB is damaged and can't be opened on Mac OS X

2014-03-30 Thread lee colleton
I've checked the signature on TBB and it's good.

The security setting allows all binaries to be run but it's still a no-go.

Any other ideas?

--lee


On Sun, Mar 30, 2014 at 1:58 PM, Matt Pagan m...@pagan.io wrote:

 Roger Dingledine:
  On Sun, Mar 30, 2014 at 12:50:49PM -0700, lee colleton wrote:
  Trying to open TorBrowserBundle_en-US from
  TorBrowserBundle-3.5.3-osx32_en-US.zip produces an error:
 
  TorBrowserBundle_en-US is damaged and can't be opened. You should
 move it
  to the Trash.
 
 
  What to do?
 
  First check the signature and see if you have a genuine accurate copy
  of TBB.

 If you still get the same message after verifying the signature of your
 download [0], press the Control-key, then click on the Tor Browser
 Bundle icon. Choose 'Open' from the shortcut menu, then click 'Open'.

 The app is saved as an exception to your security settings, and you
 will be able to open it in the future by double-clicking it, just
 like any authorized app [1].

 Apple's condition regarding signing applications are currently not
 friendly at all to the security needs of a project like Tor. We will
 hopefully resolve the issue at some point [2].

 [0]: https://www.torproject.org/docs/verifying-signatures
 [1]: https://support.apple.com/kb/PH14370?viewlocale=en_US
 [2]: https://trac.torproject.org/projects/tor/ticket/6540


 --
 Matt Pagan
 m...@pagan.io
 PGP: 0xE9284418E360583C
 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsubscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] fresh TBB is damaged and can't be opened on Mac OS X

2014-03-30 Thread Matt Pagan
lee colleton:
 I've checked the signature on TBB and it's good.
 
 The security setting allows all binaries to be run but it's still a no-go.
 
 Any other ideas?
 
 --lee
 
 

Yes, one more. First completely delete the Tor Browser you downloaded.
From System Preferences (in the Apple menu) go to Security and Privacy.
Under the General tab, select Allow downloaded applications from
anywhere. Then download the Mac Tor Browser Bundle again, unpack it and
run it.


-- 
Matt Pagan
m...@pagan.io
PGP: 0xE9284418E360583C
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] Pirate Linux 2.0 alpha

2014-03-30 Thread krishna e bera
On Sun, Mar 30, 2014 at 4:44 PM, AK aka...@gmail.com wrote:

 Hi

 I was expecting you to ask something like that :). Well for now it just an
 alpha version, so I would not count on it for robust security. In fact,
 security is not the main focus of this project (unlike Tails and Liberte).
 Of course, it should still be reasonably secure, but I am focusing more on
 ease of use and privacy, rather than bulletproof security. If there is
 enough interest, I will make a formal document outlining the model, since I
 have been asked this before.

 Cheers



interest++
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] fresh TBB is damaged and can't be opened on Mac OS X

2014-03-30 Thread Runa A. Sandvik
On Mon, Mar 31, 2014 at 1:24 AM, lee colleton l...@colleton.net wrote:
 I've checked the signature on TBB and it's good.

 The security setting allows all binaries to be run but it's still a no-go.

 Any other ideas?

Try deleting your current copy and download a new one?

-- 
Runa A. Sandvik
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] Tor Project and Youtube is blocked in Turkey too

2014-03-30 Thread krishna e bera
On Sat, Mar 29, 2014 at 9:48 PM, Ondrej Mikle ondrej.mi...@gmail.comwrote:

 On 03/29/2014 01:34 PM, Kus wrote:
  FYI, today OpenDNS and Google public DNS servers are blocked too. Other
  than that, they're redirecting DNS queries to ISP servers automatically
 if
  you try to use Google or OpenDNS servers. Probably, they're started to
 use
  transparent DNS proxy. Btw, they're blocked them one day before the
  election day.

 You can download and install unbound recursive validating DNS resolver:
 http://unbound.net/ . No need to use arbitrary DNS resolver, you have
 your DNS
 resolver locally.

 Won't save you if they are intercepting and tampering with DNS queries,
 but it
 might work for now.

 Ondrej


To tries to recognize when random DNS queries are being hijacked by ad
pushers, but i dont think it can tell when specific sites are blocked in
this manner.  Would it be possible for Exit Node operators in such an area
to have a switch they can set to reject DNS queries through it but still
accept exit traffic? ServerDNSTestAddresses seems to change the entire exit
policy if specified domains fail.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Re: [tor-talk] Tor Project and Youtube is blocked in Turkey too

2014-03-30 Thread Roger Dingledine
On Sun, Mar 30, 2014 at 10:23:10PM -0400, krishna e bera wrote:
 To tries to recognize when random DNS queries are being hijacked by ad
 pushers, but i dont think it can tell when specific sites are blocked in
 this manner.  Would it be possible for Exit Node operators in such an area
 to have a switch they can set to reject DNS queries through it but still
 accept exit traffic? ServerDNSTestAddresses seems to change the entire exit
 policy if specified domains fail.

It certainly won't be straightforward. Clients don't cache dns answers
anymore because of various attacks:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/205-local-dnscache.txt
So if you can't do dns resolves, you basically can't connect anywhere
for users.

See also
https://gitweb.torproject.org/tor.git/blob/tor-0.2.4.21:/ChangeLog#l1149
https://trac.torproject.org/projects/tor/ticket/7570

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk