[tor-talk] Craigslist now blocking all Tor IPs? Template for anyone:

2014-08-07 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
Craigslist was slowing down anyone with a tor IP, though it appears
they may be blocking the majority now.



The automated messages from Craiglist appear like this:

This IP has been automatically blocked. If you have questions, please
email: blocks-b1406984946068...@craigslist.org



A template for anyone who feelsl ike emailing craigslist (or their
favorite site):


Please kindly remove Tor IP addresses from the list of blocked IPs
by your site! 

The IP address your site has blocked is from the Tor network, which is
a censorship resistance, privacy, and anonymity system used by whistle
blowers, journalists, Chinese dissidents skirting the Great Firewall,
abuse victims, stalker targets, the US military, and law enforcement,
just to name a few. For more information, please see: 
https://www.torproject.org/about/torusers.html.en

Unfortunately, some people misuse the network. However, compared to the
rate of legitimate use (the IP range in question processes nearly a
gigabit of traffic per second), abuse complaints are rare.
 As can be seen from
the overview page, the Tor network is designed to make tracing of users
impossible. The Tor network is run by some 5000 volunteers who use the
free software provided by the Tor Project to run Tor routers. 

It is also possible to download a list of all Tor exit IPs that will
connect to your servers at the following link:
https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=YOUR_IP&port=80

For more information, please see: 
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates

Sincerely, 

An honest, privacy-sensitive user

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] howsmyssl

2014-10-15 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 


On Wed, 15 Oct 2014 02:53:03 +
tor-talk-requ...@lists.torproject.org wrote:

> Hi!  It's a new month, so that means there's a new attack on TLS.
> 
> This time, the attack is that many clients, when they find a server
> that doesn't support TLS, will downgrade to the ancient SSLv3.  And
> SSLv3 is subject to a new padding oracle attack.
> 
> There is a readable summary of the issue at
> https://www.imperialviolet.org/2014/10/14/poodle.html .
> 
> Tor itself is not affected: all released versions for a long time have
> shipped with TLSv1 enabled, and we have never had a fallback mechanism
> to SSLv3. Furthermore, Tor does not send the same secret encrypted in
> the same way in multiple connection attempts, so even if you could
> make Tor fall back to SSLv3, a padding oracle attack probably wouldn't
> help very much.
> 
> TorBrowser, on the other hand, does have the same default fallback
> mechanisms as Firefox.  I expect and hope the TorBrowser team will be
> releasing a new version soon with SSLv3 enabled.  But in the meantime,
> I think you can disable SSLv3 yourself by changing the value of the
> "security.tls.version.min" preference to 1.
> 
> To do that:
> 
> 1.  enter "about:config" in the URL bar.
> 
> 2. Then you click "I'll be careful, I promise".
> 
> 3. Then enter "security.tls.version.min" in the preference "search"
> field underneath the URL bar.  (Not the search box next to the URL
> bar.)
> 
> 4. You should see an entry that says "security.tls.version.min" under
> "Preference Name".  Double-click on it, then enter the value "1" and
> click okay.
> 
> You should now see that the value of "security.tls.version.min" is
> set to one.
> 
> 
> (Note that I am not a Firefox developer or a TorBrowser developer: if
> you're cautious, you might want to wait until one of them says
> something here before you try this workaround.)
> 
> 
> Obviously, this isn't a convenient way to do this; if you are
> uncertain of your ability to do so, waiting for an upgrade might be a
> good move.  In the meantime, if you have serious security requirements
> and you cannot disable SSLv3, it might be a good idea to avoid using
> the Internet for a week or two while this all shakes out.
> 
> best wishes to other residents of interesting times,
> -- 
> Nick


While on the topic, these links discuss this issue and provide a test
for the TLS suite:
https://blog.dbrgn.ch/2014/1/8/improving_firefox_ssl_tls_security/
https://www.howsmyssl.com/

The link states that: Another issue is the support for the
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA cipher, which may or may not be a
good idea to use: https://github.com/jmhodges/howsmyssl/pull/17.
Firefox 26 supports cipher suites that are known to be insecure.

This setting can also be disabled in the Firefox configuration. In the
about:config screen, search for security.ssl3.rsa_fips_des_ede3_sha and
disable it.

Should this also occur in TBB?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] firewall prompt gone in 4.0?

2014-10-18 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
It appears the nice firewall prompt has been removed in TBB 4.0. For
those of us who block all but a couple outgoing ports (and all the
incoming), is the only way to retain this functionality to edit the
"torrc" file with something like below for every new download?

ReachableAddresses accept *:80
ReachableAddresses accept *:443

Compared to the menu item, this seems rather inconvenient for linux
users who (quite surprisingly) don't have any well-developed means
to block outgoing traffic on a per-application basis, and resort to the
less effective, though slightly more cautious practice of just opening a
couple outgoing ports?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor-talk Digest, Vol 46, Issue 19

2014-11-06 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
Excellent. Thanks!

I'm not sure if you are familiar with a more friendly sandbox use
of docker (subuser), e.g. with an easy firefox setup preconfigured: 
http://subuser.org/
https://github.com/subuser-security/subuser

Perhaps this work might help as a comparison, or to avoid re-inventing
the wheel.



On Thu, 06 Nov 2014 19:45:17 +
tor-talk-requ...@lists.torproject.org wrote:

> Hello !
> I found some dockerfile example to use tor within a docker container.
> But all are running tor as root user (which is bad) so I decided to
> make my own Dockerfile with some improvements for example the
> possibility to modify the configuration while the container is
> running.
> 
> check the Dockerfile at :
> https://github.com/revollat/torbox
> 
> What do you think of the code in the Dockerfile ? any ideas for some
> improvements ?
> What do you think about keeping ".tor" directory in a volume ? is
> there security risk ?
> 
> 
> Thanks !

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] force apt-get & yum updates through tor?

2015-01-18 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
I'm wondering what the best way to force yum and apt-get through tor
is, in fedora 21 and debian 7.7 respectivly. Are any of the following
least likely to produce dns or other leaks, or considered safest?

In fedora, I see several options for forcing yum through tor:

OPTION 1: (appears to work)
sudo nano /etc/yum.conf
ADD THIS: proxy=socks5://127.0.0.1:9050
Use yum normally...is this likely to leak anything, dns perhaps?

OPTION 2: (safest?)
sudo torsocks yum ...
This seems to work, though produces lots of this error at the command
line: WARNING torsocks[12367]: [syscall] Unsupported syscall number 191.
Denying the call (in tsocks_syscall() at syscall.c:165). Is this a
concern or just noise?

OPTION 3: setup privoxy with tor, direct yum through privoxy

OPTION 4: specify tor-ip:port as socks_proxy enviornment variable

OPTION 5: 
proxy3 recommended here, though I don't see why this isn't just less
clean:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Misc


For debian 7.7, the only one that seems to actually force apt-get
through tor is torsocks

OPTION 1: 
sudo nano /etc/apt/apt.conf
ADD THIS: Acquire::socks::proxy "socks5://127.0.0.1:9150";
When using apt-get as normal, debian ignores this and skips tor

OPTION 2: 
sudo socks_proxy=socks5://127.0.0.1:9150 apt-get update
Debian ignores this too.

OPTION 3: (the only one that works)
sudo torsocks agt-get ...
Appears to work and produces no errors as it does in fedora 21

OPTION 4: (untested)
privoxy-tor-apt-get

Thanks!

Alternatively, does anyone know a clean way to force all traffic
through tor?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] jondonym over tor, tor over jondo?

2014-01-05 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
>From these links:

https://anonymous-proxy-servers.net/en/help/net.html
https://anonymous-proxy-servers.net/en/help/services_tor.html

It appears that with JonDo (similar to tor), it is possible to use tor
as the initial proxy used to connect to the jondo network. Is it
appropriate to call this "jondo over tor"?

This can also be done in Whonix: https://www.whonix.org/wiki/JonDonym

Is it be possible to do the opposite, "tor over jondo", where jondo is
used as the initial proxy into tor? Particularly, by entering the jondo
ip/port settings into this vidalia panel:
https://www.torproject.org/docs/proxychain.html.en

What would the implications of each be, and is this kind of thing just
strengthening a link that doesn't happen to be the weakest in the first
place?

Which setup would you trust more, and could this cause any potential
problems?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] PDF download difficulty in TBB

2017-07-19 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
Lately, I have been having trouble downloading PDF files with the tor
browser bundle. Viewing PDFs in-browser works fine. But, if I "save as"
or if I try to save the file from the built-in viewer in the browser,
the download just ques indefinitely. Is anyone else having this issue? 

This problem does not seem to occur for other file types, such as
images for example. It is also not a problem in stock firefox routed
through tor.

Thanks!

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Fedora repo Tor broken?

2016-12-09 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
Tor recently removed their Fedora repos, which leaves the fedora native
repo. However, it's not working for me, and never has. Any help would be
appreciated, since I depend heavily on the system tor, and the Tor project
repos are gone!

What I'm doing:

sudo dnf install tor (from fedora)

sudo service tor start (or systemctl start tor.service)

produces:

Job for tor.service failed because the control process exited with error
code. See "systemctl status tor.service" and "journalctl -xe" for details.

systemctl status tor.service

 tor.service - Anonymizing overlay network for TCP
   Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor
preset: disabled)
   Active: inactive (dead)

Dec 09 11:59:12 localhost tor[4096]: Dec 09 11:59:12.070 [notice] Read
configuration file "/etc/tor/torrc".
Dec 09 11:59:12 localhost tor[4096]: Dec 09 11:59:12.073 [notice] Opening
Socks listener on 127.0.0.1:9050
Dec 09 11:59:12 localhost systemd[1]: tor.service: Main process exited,
code=exited, status=1/FAILURE
Dec 09 11:59:12 localhost systemd[1]: Failed to start Anonymizing overlay
network for TCP.
Dec 09 11:59:12 localhost systemd[1]: tor.service: Unit entered failed state.
Dec 09 11:59:12 localhost systemd[1]: tor.service: Failed with result
'exit-code'.
Dec 09 11:59:13 localhost systemd[1]: tor.service: Service hold-off time
over, scheduling restart.
Dec 09 11:59:13 localhost systemd[1]: Stopped Anonymizing overlay network
for TCP.
Dec 09 11:59:13 localhost systemd[1]: tor.service: Start request repeated
too quickly.
Dec 09 11:59:13 localhost systemd[1]: Failed to start Anonymizing overlay
network for TCP.

journalctl -xe

-- 
-- Unit tor.service has begun starting up.
Dec 09 11:59:11 localhost tor[4093]: Dec 09 11:59:11.946 [notice] Tor
v0.2.8.9 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2j-fips
and Zlib 1.2.8.
Dec 09 11:59:11 localhost tor[4093]: Dec 09 11:59:11.946 [notice] Tor
can't help you if you use it wrong! Learn how to be safe at
https://www.torproject.org/download/download#warning
Dec 09 11:59:11 localhost tor[4093]: Dec 09 11:59:11.946 [notice] Read
configuration file "/usr/share/tor/defaults-torrc".
Dec 09 11:59:11 localhost tor[4093]: Dec 09 11:59:11.946 [notice] Read
configuration file "/etc/tor/torrc".
Dec 09 11:59:11 localhost tor[4093]: Configuration was valid
Dec 09 11:59:12 localhost tor[4096]: Dec 09 11:59:12.070 [notice] Tor
v0.2.8.9 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2j-fips
and Zlib 1.2.8.
Dec 09 11:59:12 localhost tor[4096]: Dec 09 11:59:12.070 [notice] Tor
can't help you if you use it wrong! Learn how to be safe at
https://www.torproject.org/download/download#warning
Dec 09 11:59:12 localhost tor[4096]: Dec 09 11:59:12.070 [notice] Read
configuration file "/usr/share/tor/defaults-torrc".
Dec 09 11:59:12 localhost tor[4096]: Dec 09 11:59:12.070 [notice] Read
configuration file "/etc/tor/torrc".
Dec 09 11:59:12 localhost tor[4096]: Dec 09 11:59:12.073 [notice] Opening
Socks listener on 127.0.0.1:9050
Dec 09 11:59:12 localhost Tor[4096]: OpenSSL version from headers does not
match the version we're running with. If you get weird crashes, that might
be why. (Compiled with 100020af: OpenSSL
Dec 09 11:59:12 localhost Tor[4096]: Tor v0.2.8.9 running on Linux with
Libevent 2.0.21-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8.
Dec 09 11:59:12 localhost Tor[4096]: Tor can't help you if you use it
wrong! Learn how to be safe at
https://www.torproject.org/download/download#warning
Dec 09 11:59:12 localhost Tor[4096]: Read configuration file
"/usr/share/tor/defaults-torrc".
Dec 09 11:59:12 localhost Tor[4096]: Read configuration file
"/etc/tor/torrc".
Dec 09 11:59:12 localhost Tor[4096]: Opening Socks listener on 127.0.0.1:9050
Dec 09 11:59:12 localhost Tor[4096]: Couldn't open "/var/lib/tor/lock" for
locking: Permission denied
Dec 09 11:59:12 localhost Tor[4096]: set_options(): Bug: Acting on config
options left us in a broken state. Dying. (on Tor 0.2.8.9 )
Dec 09 11:59:12 localhost systemd[1]: tor.service: Main process exited,
code=exited, status=1/FAILURE
Dec 09 11:59:12 localhost systemd[1]: Failed to start Anonymizing overlay
network for TCP.
-- Unit tor.service has failed.

Just running tor produces:

Dec 09 12:19:11.594 [notice] Tor v0.2.8.9 running on Linux with Libevent
2.0.21-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8.
Dec 09 12:19:11.595 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Dec 09 12:19:11.595 [notice] Read configuration file "/etc/tor/torrc".
Dec 09 12:19:11.598 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 09 12:19:11.598 [warn] Directory /run/tor cannot be read: Permission
denied
Dec 09 12:19:11.598 [warn] Before Tor can create a control socket in
"/run/tor/control", the directory "/run/tor" needs to exist, and to be
accessible only by the user and group account that is running Tor.  (On
some Unix systems, anybody who can list a socket can connect

Re: [tor-talk] tor-talk Digest, Vol 71, Issue 12

2016-12-12 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 
On Sun, 11 Dec 2016 12:00:02 +
tor-talk-requ...@lists.torproject.org wrote:

> Message: 1
> Date: Sat, 10 Dec 2016 21:15:06 +0100
> From: Jonathan Marquardt 
> To: tor-talk@lists.torproject.org
> Subject: Re: [tor-talk] Fedora repo Tor broken?
> Message-ID: <20161210201506.gb17...@parckwart.de>
> Content-Type: text/plain; charset=us-ascii
> 
> > Dec 09 11:59:12 localhost Tor[4096]: Couldn't open
> > "/var/lib/tor/lock" for locking: Permission denied
> > Dec 09 11:59:12 localhost Tor[4096]: set_options(): Bug: Acting on
> > config options left us in a broken state. Dying. (on Tor 0.2.8.9 )
> > Dec 09 11:59:12 localhost systemd[1]: tor.service: Main process
> > exited, code=exited, status=1/FAILURE
> > Dec 09 11:59:12 localhost systemd[1]: Failed to start Anonymizing
> > overlay network for TCP.  
> 
> Make sure that the user "toranon" is installed on your system and
> that the directory /var/lib/tor is recursively owned by this user.
> Write permissions are also required.
> 
> chown -R toranon:root /var/lib/tor/


Thanks! The 2nd fixed the problem for me. 

It occurs on multiple versions of fedora and systems, so it seems like a
small bug in the Tor install they should probably fix. 

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk