[tor-talk] Tor and BitCoin miner trojans - perfect pair
TorVersion Tor 0.2.3.25 (git-17c24b3118224d65) LastWritten 2012-01-24 09:17:26 zs5uletlmms6euux.onion -BEGIN RSA PRIVATE KEY- MIICXQIBAAKBgQChhKL+kMqphdtGQoFluAhvZOxhoguZaMcoakTV0oolnkM0UbaE fU6oeaHJduOIkrsXFfiZuH/m16t6qM3OX01TjbPBjUWzTGeRvTtmX5yymZ3omLV4 A1q5M2PZEn1gggk9c0TTMzup79WV0Kri0Jvn2B2NwkhpBcr5SFAjFu+VHQIDAQAB AoGBAIqfYqDnNfiuuJYhiBr8CslILhRRVnEw2xUVt8RoMUa+AOHLa8FkJnk0AyX8 kqXpgQb8RWPxVFyUJ0lbzV7crmi1ZfDmbCUJqIaiGkqLVGcFr5z4NezElhlzb5ll rHCm2RR/I1yqJoXQ9CGWwdrlXvTHsMAXWvMqBiIBiQoutJshAkEA0Dq+ieSle3WC vHPxut/3F7s1hqhZB0ZkJkj0dkvE0+s40zcj4okcyGEGa7grADXD0+Hu/Q311+n3 27VE/7j5+QJBAMaSjE2aNlsiv2bMTe+bdLXtaQ/O06X6PmM3aHKtVKVWw0V1m1ZF ozwxB3t4gt38RofzgnE7ny6L76JvALybHUUCQCaocU1aZJqKE253PA6Mm+wM9n/8 ayLdn6Q38SKxKGaLie40k3XwLKbK1I1VEK6mTKfejybt25FtP3XLrnanWckCQQCb oqUA9cuApr1prtuu3yMcrFVaJHtSbc6UKQteRmg/pr8qI8F6Xt5QAQWiSpQXtPD7 AWrNoTNkYh2SLHphWRoZAkAmaQ38mRMncxQzKAg62j3oBS1T4E0THFiPPq0bsLFa Eaw/Yr9b0wMVPCQm1spbWZXM2xvoRSYVE+6c7QcnHj6U -END RSA PRIVATE KEY- Between Tor being used in malware and being used to abuse Usenet, Tor's onion core is rotting. I wonder what OTHER malware I am missing that is using the Tor network to obfuscate the malicious activity. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] On the Theory of Remailers
From: Tom Ritter t...@ritter.vg I'm hoping this will be of interest to this list. To encourage interest in the waning art of remailers, I'm starting what I aim to be a long series on how they work, design choices, technical limitations, and attacks. The first five are now live at https://crypto.is/blog/ I hope you fully elaborate on how remailers are used for abuse. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] On the Theory of Remailers
From: Moritz Bartl mor...@torservers.net On 07.01.2013 21:53, David H. Lipman wrote: I'm hoping this will be of interest to this list. To encourage interest in the waning art of remailers, I'm starting what I aim to be a long series on how they work, design choices, technical limitations, and attacks. The first five are now live at https://crypto.is/blog/ I hope you fully elaborate on how remailers are used for abuse. Without being racial, sounds like an American idea to me, similar to crazy Disclaimers on almost every product. If every system ever invented would come with an elaboration on how it is being abused (hey, that's in the name, AB-USE) that list would most likely be illegal for most things (because assisting crime is illegal in most places) and otherwise very tiresome. I'm afraid you are as YOU state sounds like an American idea to me... If you are looking for studies on abuse of remailer technology, no larger instance so far bothers to collect figures. Same for Tor. How could Tom know? Yes, this is indeed a sad state. Everything and everyone needs more open data. As one data point, unlikely to be of relevance for neither Tor nor remailers: We run both, and judging from a comparison of bandwidth consumption or passed messages vs. abuse complaints (because that's all I can take into account): widely below one percent. That's my rough estimate -- sorry, I would like to have better statistics but I currently don't. Are there any on general abusive Internet traffic? What is that? In the case of remailers, it's additionally hard because of all the dummy traffic. Also, in the end all abuse statistics can and always will be only about reported abuse, not actual abuse. I am not basing it on abuse complaints, I am basing it based upon viewed abuse. I have been on Usenet a long time and I often see remailers used to post abuse to Usenet. I have seen personal attack campaigns using numerous systems to perform the attacks such as; dizum.com, remailer.privacy.at, remailer.paranoici.org and anonymitaet-im-inter.net to name a few. Te systems were used for privacy b ut were used tol obfuscate one's identity whiles committing the abuse of an individual or on Usenet as a whole. BTW: Since you have www.torsewrvers.net in your signature, I will also add that I have seen Usenet abuse through that system as well. The following is an example of a very recent spam campaign Message-ID: 3f25c5add3e59183593b48fcca0bb...@foto.ro1.torservers.net -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TEMPEST Attacks! LCD Monitor leaks system noise to FRS
From: jackinthecr...@tormail.org TEMPEST Attacks! LCD Monitor leaks system noise to FRS This post is one example of why Tor developers should focus on anti-TEMPEST-ing the Tor Browser, in color, fonts, etc. Software on a computer can't mitigate TEMPEST Monitoring. TEMPEST Monitoring has a limited didtance from the equipement to be effective. If you are that paranoid, place your equipemnt in a Faraday enclosure and place line filtering on all your AC sockets. No software can also mitigate the insider threat. Do not look at Tor or any other software to mitigate physical security threats. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia Bundle (Tor, Polipo Vidalia)
From: Sebastian G. bastik.tor bastik@googlemail.com David H. Lipman: I wanted to update my Vidalia Bundle (Tor, Polipo Vidalia) but I could NOT find the software I have traditionally used. I want to use Tor mainly for its Proxy capability and no-where could I find the Vidalia Bundle which contains Vidalia, Tor and Polipo. You can use the TorBrowserBundle (TBB), it contains Tor and Vidalia. The downside is you would have to launch the TorBrowser (Firefox with some patches and addons) although you don't plan to use it as browser. At the current state you have to start the browser and if you close it Tor and Vidalia will exit. That was supposed to be changed so that Tor and Vidalia would keep running and Tor could be used for other traffic or just for (re-)starting the TorBrowser only when needed without bootstrapping again. All the other Vidalia Bundles (Bridge/Relay/Exit) contain Tor and Vidalia. So you could download the Vidalia Bridge Bundle, install it and change the settings in Vidalia* to be a client only. (If you aren't comfortable with helping censored people or your system isn't up long enough, or for what ever reason) *Settings [Sharing] Run as a client only Polipo was removed from the bundles. If your software requires a proxy because it can't speak socks you can install it on your own. People should be knowing what they are doing or use it for their special cases... It can be started when Vidalia starts Settings [General] Start a proxy app... when Tor starts check it and point to the executable. You can pass arguments to the proxy if required. Regards, Sebastian (bastik_tor) Danke. At this time I have downloaded the TBB and extracted the DLL and EXE files for Tor, OpenSSL and Vidalia and copied the respective updated files to their C:\Program Files\Vidalia Bundle respective locations. I am ONLY interested in the Tor Network and Proxy association on 127.0.0.1:8118. As noted, I am not alone in this application of the traditional Vidalia Bundle. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia Bundle (Tor, Polipo Vidalia)
From: and...@torproject.is On Wed, Dec 05, 2012 at 10:10:54PM -0500, dlip...@verizon.net wrote 0.6K bytes in 15 lines about: : I wanted to update my Vidalia Bundle (Tor, Polipo Vidalia) but I could NOT find the : software I have traditionally used. : : I want to use Tor mainly for its Proxy capability and no-where could I find the Vidalia : Bundle which contains Vidalia, Tor and Polipo. : : What happened to this combo ? We stopped linking to it from the website with this latest release of Tor Browser. Over a year ago we stated we were going to remove the plain vidalia bundles in favor of Tor Browser, see https://blog.torproject.org/blog/plain-vidalia-bundles-be-discontinued-dont-panic. The reasons in that blog post are still valid today. Even moreso as Tor continues to attract a less-technology savvy userbase. You can use the tor browser bundle to do the same things you did in the past with the vidalia bundle, it just comes with a free browser. Or if you understand the moving components, use one of the bridge/relay-by-default bundles and reconfigure it, or use the tor expert bundle for your SOCKS proxy needs. We stopped distributing polipo a while ago, see https://trac.torproject.org/projects/tor/ticket/6039 for the progress in getting the references off the page. Not happy about that. I guess I will NOT update the software and Tor Browser bundle is NOT what is wanted at all. For example I uses the combo of Tor, Polipo and Vidalia with Malzilla. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia Bundle (Tor, Polipo Vidalia)
From: Julian Yon jul...@yon.org.uk On Thu, 6 Dec 2012 08:39:05 -0500 David H. Lipman dlip...@verizon.net wrote: From: and...@torproject.is We stopped distributing polipo a while ago, see https://trac.torproject.org/projects/tor/ticket/6039 for the progress in getting the references off the page. Not happy about that. I guess I will NOT update the software and Tor Browser bundle is NOT what is wanted at all. For example I uses the combo of Tor, Polipo and Vidalia with Malzilla. Nothing stops you pointing your browser at your own copy of Polipo[1] and pointing that at Tor's SOCKS port. Or skipping Polipo (as it's no longer a technical necessity) and pointing your browser directly at Tor. Having said that, the Tor Browser *is* Mozilla, with a handful of patches and a couple of preinstalled addons. If you're experienced enough to understand the implications of not using the default setup, then you're experienced enough to take what's in the bundle and configure it some other way. And if you really can't spare the 35M that the superfluous browser takes up, then delete it! Julian [1] http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/ I depended upon the Vidalia Bundle which provided Tor and Polipo with the Vidalia GUI. I don't use my own copy of Polipo nor is it my intention to use it with with a Browser. I took advantage of the Tor Polipo combination where Vidalia managed the connection and setup and ease of editing of configuration files. Once I ran Vidalia I could use it with Malzilla http://malzilla.sourceforge.net/ (not Mozilla) or with a WGET command line such as... WGET proxy=--execute=http_proxy=http://127.0.0.1:8118/ c8.uk3.in:5754/kx/uy.exe Or with any other software that can use a Proxy. Something that is needed with GeoIP specific sites or sites that memorize and log IP addresses that have already accessed said site. Getting a new IP was as easy as selecting New Identity in Vidalia. Thus the trio worked symbiotically for the application requirement. There was no announcement of a change in tor.announce and it should NOT be assumed that we read https://blog.torproject.org/blog . I am not the only one who uses (has used) the traditional Vidalia Bundle in the fashion I described. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Vidalia Bundle (Tor, Polipo Vidalia)
I wanted to update my Vidalia Bundle (Tor, Polipo Vidalia) but I could NOT find the software I have traditionally used. I want to use Tor mainly for its Proxy capability and no-where could I find the Vidalia Bundle which contains Vidalia, Tor and Polipo. What happened to this combo ? -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wget over TBB
From: Webmaster webmas...@felononline.info Hello. If this is the wrong place for this question, please let me know where to go. Can wget be used to download from a .onion site? Where could I setup the proxy information for it? I currently use the Tor Browser Bundle, Ubuntu 12.04 64bit. thanks. On the WGET command line add the following switch parameter after Tor has been loaded. --execute=http_proxy=http://127.0.0.1:8118/ The other way is via the WGETRC configuration file by adding the following directives http_proxy=http://127.0.0.1:8118 use_proxy = on or to disable use_proxy = off Personally, I prefer to include the command line switch. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wget over TBB
From: David H. Lipman dlip...@verizon.net On the WGET command line add the following switch parameter after Tor has been loaded. --execute=http_proxy=http://127.0.0.1:8118/ The other way is via the WGETRC configuration file by adding the following directives http_proxy=http://127.0.0.1:8118 use_proxy = on or to disable use_proxy = off Personally, I prefer to include the command line switch. I should add that the above is as a Proxy. How it works with .onion pseudo-domains I don't know. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] please suggest a new project name for Anonymous Operating System
From: adrelanos adrela...@riseup.net New name will be: Whonix. Thanks to everyone for all the all suggestions! Absolutely no imagination. Just another 'nix. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] please suggest a new project name for AnonymousOperating System
From: adrelanos adrela...@riseup.net Hi TorBOX has been renamed to aos as a quick fix to avoid confusion and to solve trademark issues. [1] Aos stands for for Anonymous Operating System. aos has way too many meanings and Google results already. [2] Therefore I want to rename aos just one more time. The current website is still hosted on tpo [3]. A VPS has been purchased and the website will soon be migrated to the new webserver. Also a domain will soon be purchased. I'd be nice if you could make suggestions for a good project name. Things like anonym.os, anonymous.os, anon.os are already taken. The project name should project the nature of the project (anonymous operating system). It shouldn't lead to any confusion or trademark issues. There shouldn't be any relevant results when searching for projectname in quotes on Google. The project name should also be usable as a nice domain name. Cheers, adrelanos [1] https://www.torproject.org/docs/trademark-faq.html.en [2] https://en.wikipedia.org/wiki/AOS [3] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ [4] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening Hera ...or... Saraswati -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] zeus virus
From: scar s...@drigon.com -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 hi all, i operate the cave router from my home DSL connection, and from time to time it will get suspended because CenturyLink will notice mailicious traffic from viruses routed thru the Tor network. most of the time i can block these because my they will tell me destination IP addresses. but lately my service has been getting suspended because of this zeus virus and the reports my ISP sends don't have any destination ip addresses. below is a sample report of what they send me, you can see with with 'conficker' one there is a dst address that i can block, but with zeus there is practically no data. (the IP Address column is what my IP address was at the time) i have asked CenturyLink for more info, specifically destination ip addresses, but this is all they give me. so does anyone know of a way to block this zeus thru Tor? thanks Date/Time Seen (GMT) IP AddressInfection Data (*) - --- -- 2012-08-20 00:56:3267.1.15.107 infection = 'zeus', addl_data = '/config.bin' 2012-07-30 15:06:1397.115.197.107infection = 'zeus', addl_data = '/zs/config.bin' 2012-07-26 23:17:4897.115.196.146infection = 'conficker', subtype = 'downadup', src_port = '49510', dst_port = '80', http_host = '149.20.56.33', url = 'GET /search?q=0 HTTP/1.1', http_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)', dst_ip = '149.20.56.33', sourceSummary = 'Sinkhole HTTP Drone Report' 2012-07-04 18:46:3597.115.192.31 infection = 'zeus', addl_data = '/update32.php' Zeus Bot (aka; ZBot) is not a virus. It is a data stealing trojan with other aspects and it, and variants, have a large distribution on the 'net. Usually config.bin is an encrypted file that has instructions for the Bot component. Conficker (aka; Downup) is an I-worm and Bot. Whatever the case, malicious bot activity is being detected and thus you should stop using Tor and you should make sure you computer(s) are clean. I suggest reading this... http://forums.malwarebytes.org/index.php?showtopic=9573 Creat an account and post your problem here... http://forums.malwarebytes.org/index.php?s=547b20f67444c3ee30a883a34bf60fb0showforum=7 References: http://searchsecurity.techtarget.com/definition/Zeus-Trojan-Zbot http://en.wikipedia.org/wiki/Zeus_%28Trojan_horse%29 http://en.wikipedia.org/wiki/Conficker -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] vwfws4obovm2cydl.onion ??
From: grarpamp grarp...@gmail.com Anbody have any information on; vwfws4obovm2cydl.onion ? You must have obtained the address from somewhere. So what did the ad copy or context associated with it say? 1.It was harvested from malware which dropped a file; hostname.tmp which contained the name; vwfws4obovm2cydl.onion 2.It contained a script file named; poclbm120222.cl // -ck modified kernel taken from Phoenix taken from poclbm, with aspects of // phatk and others. // Modified version copyright 2011-2012 Con Kolivas // This file is taken and modified from the public-domain poclbm project, and // we have therefore decided to keep it public-domain in Phoenix. 3. It contained the file; private_key.tmp which contains certificate keys 4. It contained the DLLs; pthreadGC2.dll, libpdcurses.dll, libcurl-4.dll -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] vwfws4obovm2cydl.onion ??
From: Zebro kojos zebro.ko...@gmail.com So from what it seems, the malware included a bitcoin miner that perhaps is to report found blocks / sub-hashes (? is that a term; i.e. if it works in a mining pool) to a server, perhaps this site in question. Maybe it is a Bitcoin Miner. I have seen numerous Bitcoin Miners before but n othing like this. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] vwfws4obovm2cydl.onion ??
Anbody have any information on; vwfws4obovm2cydl.onion ? -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] wget - secure?
From: helpfuln...@safe-mail.net Hi Original Message From: Matthew Kaufman mkfmn...@gmail.com Apparently from: tor-talk-boun...@lists.torproject.org To: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Subject: Re: [tor-talk] wget - secure? Date: Sat, 26 May 2012 19:14:51 -0400 Hello, Thanks for these config settings, Does it also leak if I use: torify wget http://example.com ? Is this what torify does? I dont understand what you're asking. Does _what_ also leak? In my http tests [1] DNS and Headers didn't leaked (SOCKS4a and SOCKS5), but, I couldn't test the IP issue with FTP PORT Robert Randsom wrote about (I'm ignorant of testing methods). I cant write about torify as I didn't test. But yes, I believe it can be used to 'force' wget through Tor. Whether that would help with the FTP IP Robert Randsom wrote about, I have no clue, I don't know if torify does FTP. You can force WGET to use Tor just by using the WGETRC directives use_proxy = on http_proxy = http://127.0.0.1:8118/ -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] IRC bot using Tor ?
:New{HU-XP-x86}5120048!5120...@doink-b9c30a60.tor-node.info JOIN :#arXXn# IRC.Mixtape.Net The above lines were taken from a bot's communiication via IRC from an executable that was foisted from a PDF exploit. I have the full communication and obfuscated :#arXXn#. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] IRC bot using Tor ?
From: Andrew Lewis and...@pdqvpn.com So please ignore the previous message. On topic: that does not look like a tor address at first glance, but I'd have to look into it further. It looks like the address just randomly has tor in the host name. I saved the PCAP. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Pittsburgh Bombing Threats and Mix-Master
From: Matthew Kaufman mkfmn...@gmail.com Hello, I just heard that the University of Pittsburgh's bomb threats had been sent in via Mixmaster. I had never heard of this project until tonight and it instantly lead me to think of Tor. I had tried using Mixmaster myself but it rejects mail due to an unknown source address (eg root@localhost) -- So I was wondering of tracking capability of Mixmaster. Is it traceable? I may not have my postfix setup correctly. My last question could this work *with* tor, in combination? MixMaster sends anonymouse Usenet posts and email. The amount of Usenet abuse through MixMaster is over the top. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Forget Iran- beware of US isp's
From: punkle jones punkle.jo...@gmail.com No offence, but you may better pull the plug... Just because you're paranoid doesn't mean they're not watching you. Paranoia is just a heightened sense of situational awareness. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download manager
From: Tor User toruser0...@gmail.com Thanks. I will use something like this: wget --user-agent=Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c http://download.test You can simplify the command line by takeing advantage of the interpreted wgetrc file which stores setting ## Wget initialization file can reside in /usr/local/etc/wgetrc ## (global, for all users) or $HOME/.wgetrc (for a single user). In Windows you would create a file such as; wgetrc.txt and use trhe 'wgetrc' environemngtal variable to point to the location and name of the file such as... wgetrc=C:\wgetrc.txt Then you can have the following entries stored in the wgetrc file and not have to use the command line switches. http_proxy user-agent -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download manager
From: Zebro kojos zebro.ko...@gmail.com I hope wget does not fill in http-proxy headers in its requests, i.e. no info is leaking that way? I suppose not. When in doubt, load Wireshark for the adapter and sniff your own packets. Then you will know for sure what goes over the wire. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download manager
From: Zebro kojos zebro.ko...@gmail.com If Tor is installed system-wide and the download site actually supports resumes (if it's http, it may not; if it's ftp, it's bound to work afaik), you can just do torify wget -c http://site.com/file.ext or... wget --execute=http_proxy=http://127.0.0.1:8118/ http://site.com/file.ext -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download manager
From: Tor User toruser0...@gmail.com Thanks. And I still need the http proxy. I cant do 127.0.0.1:9050, right? That's the Tor control port not the Proxy port. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download manager
From: Joe Btfsplk joebtfs...@gmx.com On 4/10/2012 9:32 AM, Tor User wrote: Hi, I think the most annoying thing using TOR are failed downloads. :-( You try to download a 5MB file and the download stops various times and you have to start over and over again, crossing all fingers to get the file downloaded. As Firefox does not support very good download management, its a pain to download even small files with TOR. Is there any add-on or app that can be used without been concerned about security (Linux)? I just want a working resume function, nothing else. I'd be leery of stand alone download mgrs w/o thorough research. Some have been identified as adware, spyware. A safe one wouldn't be phoning home for any reason unless directed to. Meaning, you could turn off updates, etc. I can't say 100% it would never compromise Tor anonymity, but I've used DownThemAll addon for Firefox for a long time it's extremely popular. Maybe others can comment if there's a chance it could violate privacy using Tor / TBB. GNU WGET is 100% safe. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download manager
From: miniBill cmt.minib...@gmail.com Il 10 aprile 2012 20:44, David H. Lipman dlip...@verizon.net ha scritto: From: Joe Btfsplk joebtfs...@gmx.com On 4/10/2012 9:32 AM, Tor User wrote: Hi, I think the most annoying thing using TOR are failed downloads. :-( You try to download a 5MB file and the download stops various times and you have to start over and over again, crossing all fingers to get the file downloaded. As Firefox does not support very good download management, its a pain to download even small files with TOR. Is there any add-on or app that can be used without been concerned about security (Linux)? I just want a working resume function, nothing else. I'd be leery of stand alone download mgrs w/o thorough research. Some have been identified as adware, spyware. A safe one wouldn't be phoning home for any reason unless directed to. Meaning, you could turn off updates, etc. I can't say 100% it would never compromise Tor anonymity, but I've used DownThemAll addon for Firefox for a long time it's extremely popular. Maybe others can comment if there's a chance it could violate privacy using Tor / TBB. GNU WGET is 100% safe. Except for DNS requests... When going through a Tor Proxy, the proxy makes the requests. I have seen this when downloading malware from known malicious sites that some DNS servers have poisoned while my chosen DNS servers have not poisoned. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Scroogle is No More?
From: Jim jimmy...@copper.net | scroogle.org no longer resolves http://www.betabeat.com/2012/02/21/scroogle-privacy-first-search-engine-shuts-down-for-good http://seoonlinesource.wordpress.com/2012/02/20/scroogle-is-gone/ Scroogle, the search engine operated by privacy militant and self-appointed Wikipedia watchdog Daniel Brandt, has folded for real. After enduring DDOS attacks around the clock that sent a flood of unsustainable traffic to his servers, Mr. Brandt took down the search engine along with his other four domains, namebase.org, google-watch.org, cia-on-campus.org, and book-grab.com. His theory is that he was being attacked by hackers with a personal vendetta. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in Mexico
From: Mondior Folimun mfoli...@elitemail.org On Saturday, November 12, 2011 8:30 PM, Matej Kovacic matej.kova...@owca.info wrote: Gangsters killed and beheaded an Internet blogger Wednesday in Nuevo Laredo, the fourth slaying in the city involving people associated with social media sites since early September. .. The victim, identified on social networking sites only by his nickname - Rascatripas or Belly Scratcher - reportedly helped moderate a site called En Vivo that posted news of shootouts and other activities of the Zetas, the narcotics and extortion gang that all but controls the city. Possibly not. The man they killed might actually have no relation to the note they left on him. http://boingboing.net/2011/11/10/report-no-proof-man-kille.html http://boingboing.net/2011/11/10/nuevo-laredo-online-news-murd.html The site mentioned (http://www.nuevolaredoenvivo.es.tl/) is promoting Tor use. It seems the victim used Tor, but the gangsters were able to identify and kill him anyway... If you're a ruthless ex-military organized crime outfit that has decided to wage a war of intimidation on the populace, you don't need to let silly things like evidence or the truth stop you from killing random people to leave corpses with notes on them around town. To be on the safe side, someone who speaks Spanish should create a fake email account and make sure these people know about Tor Bridges. If the Zetas are as reckless as they seem, it might not be too long before any Tor user who directly accesses the Tor network from the area is in danger, regardless of what they use Tor for. https://www.torproject.org/docs/bridges But of course, the Zetas could also just continue killing complete randoms, too... Certainly requires less effort on their end. P.S. It continues to sadden and amaze me that the moral crusade against drugs can be allowed to claim so much life before people admit to themselves it is a fake war not worth fighting. As has been demonstrated time and time again, artificial supply reduction just creates violence, corruption, and even terrorism. How many times do we humans have to learn this fact? How many of ourselves must we sacrifice on the alter of Moral Temperance? If there is a god, it is certainly no more amused by the activity of either side than by sun sacrifices or witch burnings.. Absolutely with billions of of taxpayer money wasted. and add... http://www.theregister.co.uk/2011/11/07/anonymous_opcartel/ On-again-off-again plans by the Anonymous collective to publish details of the infamous Zetas drug cartel and their associates were finally cancelled over the weekend, following the supposed release of a kidnapped member of the hacktivist collective. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] SOCKS error
One moment I get name resolution and I can access a site. Then I get... Connect to THE_SITE_NAME:80 failed: SOCKS error And I can't access it any longer. WHY ? -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor http proxy
From: and...@torproject.org On Thu, Oct 27, 2011 at 12:59:58AM -0400, a...@mit.edu wrote 1.0K bytes in 24 lines about: : (Using only a plain http proxy means you only proxy your unencrypted : directory fetches, which isn't very useful, especially now that Tor : tunnels its directory fetches over the TLS (https) connection by default.) The HTTP option is still in vidalia. Nothing explains why it is there. Perhaps we should remove it? Is there any valid reason to leave HTTP only proxy options in Vidalia? If not, I'll open a ticket to remove HTTP only option from Vidalia. Remove it. ;-) -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor banned in Pakistan.
From: Anthony G. Basile bas...@opensource.dyc.edu On 09/08/2011 05:23 PM, Matthew wrote: http://www.guardian.co.uk/world/2011/aug/30/pakistan-bans-encryption-software Very disturbing. I wonder if its possible to hide encrypted traffic as seemingly unencrypted http traffic in much the same way as a gpg key is rendered as ascii armored, or stenographically inside images. Although such methods may be inefficient, they may be good enough for some purposes. It would be good to know what technologies these ISPs will implement to do the packet inspection for encrypted tunnels. Half the problem is you don't really know what they'll be looking for and so you don't know how to circumvent. LOL Steganography not stenography. ;-) They are vastly different concepts. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Norton Antivirus and Tor Browser Bundle
From: and...@torproject.org On Wed, Aug 31, 2011 at 04:18:34AM -0700, michaelw...@yahoo.com.au wrote 1.2K bytes in 33 lines about: : I extracted Tor Browser Bundle to my flash drive and clicked on Tor.exe : Norton Antivirus immediately flagged Tor.exe as a virus and deleted it. You want to run 'start tor browser.exe' to start it correctly. And norton probably quarantined it somewhere. You can remove it from quarantine. It would be interesting to know which virus/malware norton thinks it has. And exclude Tor.exe from further On Demand and On Access scans. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia bundle DNS question
From: Andrew Lewman and...@torproject.org On Wednesday, August 17, 2011 11:56:21 David H. Lipman wrote: How can I best make sure Tor/Polipo use my OS provided DNS servers or specifically provided DNS server(s) to be used when performing a Proxy ? You can't. DNS queries will go through Tor. If you query your local DNS servers, your dns provider learns every domain you wish to visit. Even if they don't see your traffic because it travels through tor, your dns lookups will give away what you are doing, when, and how often. Well that's not good. You see many DNS servers are poisoning the servers I wish to contact and when I uses a specified DNS server I get to the host. When I do Tor many Tor connections have been DNS poisoned. I can't use my IP address more than once or I get rejected. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia bundle DNS question
From: Manuel tor-t...@acanthephyra.net On Thu, Aug 18, 2011 at 07:00:20AM -0400, David H. Lipman wrote: From: Andrew Lewman and...@torproject.org You can't. DNS queries will go through Tor. If you query your local DNS servers, your dns provider learns every domain you wish to visit. Even if they don't see your traffic because it travels through tor, your dns lookups will give away what you are doing, when, and how often. Well that's not good. You see many DNS servers are poisoning the servers I wish to contact and when I uses a specified DNS server I get to the host. Huh? That sounds like a weird situation. Are you trying to circumvent a DNS-level block? When I do Tor many Tor connections have been DNS poisoned. I can't use my IP address more than once or I get rejected. Again, that sounds like a weird situation and a misguided attempt to secure something. Anyway, you're basically trying to do something that will unmask your browsing behaviour to the DNS server, as Andrew pointed out. Torbutton won't let you do that, to the best of my knowledge. You can use a browser (or a separate Firefox profile) where you set the SOCKS proxy to Tor's listening port (127.0.0.1:9050, by default) and which doesn't do DNS resolution over the proxy. Chrom{e,ium} does that by default, IIRC. Firefox will do it if you browse to about:config and set network.proxy.socks_remote_dns to false. You can then also add the name you're trying to resolve to your hosts file (as in, /etc/hosts or your OS's equivalent). That would stop most DNS lookups. The much safer alternative is to find at least a few Exit Nodes that don't poison your DNS result and explicitly specify them using the .exit TLD. For instance, to visit www.weirdsite.com via exit Alice, use www.weirdsite.com.alice.exit. See https://trac.torproject.org/projects/tor/ticket/493 for a small pitfall and some solutions when using a browser. You can also use the ExitNodes configuration option to pass all your traffic through a set of nodes. Of course, it reduces your anonymity set. Remember to specify StrictNodes (for newer versions; see release notes)/StrictExitNodes (for older versions). Anonimity is not the goal. Thwarting IP memory and GEOIP Location filtering is the goal. Using; WGET --execute=http_proxy=http://127.0.0.1:8118/ URL { also with refferal and User-Agent switches } My DNS lookups are fine due to specifically chosen servers. It is remote DNS servers I have to thwart. I'm thinking their may be a; polipo.conf setting. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia bundle DNS question
From: and...@torproject.org On Thu, Aug 18, 2011 at 07:00:20AM -0400, dlip...@verizon.net wrote 1.1K bytes in 23 lines about: : Well that's not good. You see many DNS servers are poisoning the servers I wish to : contact and when I uses a specified DNS server I get to the host. When I do Tor many Tor : connections have been DNS poisoned. : I can't use my IP address more than once or I get rejected. Do you have examples? Yes but that post was censored and never made it to GMane server. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor IM Bundle?
From: Abubekir abubekir2...@yahoo.com Hi All, I'm living in Syria, and many internet services are blocked including Yahoo messenger! Can anybody answer me about Tor IM bundle, when will it be available? Or, do you have any other proxy program to use? Thanks, Abubekir All the best wishes to you guys. Yahoo Messenger can be used with a Proxy service. Perferences -- connection Check; connect via a proxy Check; http proxy Server: 127.0.0.1 Port: 8118 -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor 0.2.2.30-rc is out
From: Roger Dingledine a...@mit.edu Tor 0.2.2.30-rc is the first release candidate for the Tor 0.2.2.x series. It fixes a few smaller bugs, but generally appears stable. Please test it and let us know whether it is! Packages will appear on the download page in the coming days. Changes in version 0.2.2.30-rc - 2011-07-07 o Minor bugfixes: - Send a SUCCEEDED stream event to the controller when a reverse resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue discovered by katmagic. - Always NUL-terminate the sun_path field of a sockaddr_un before passing it to the kernel. (Not a security issue: kernels are smart enough to reject bad sockaddr_uns.) Found by Coverity; CID #428. Bugfix on Tor 0.2.0.3-alpha. - Don't stack-allocate the list of supplementary GIDs when we're about to log them. Stack-allocating NGROUPS_MAX gid_t elements could take up to 256K, which is way too much stack. Found by Coverity; CID #450. Bugfix on 0.2.1.7-alpha. - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO events/names' control-port command. Bugfix on 0.2.2.9-alpha; fixes part of bug 3465. - Fix a memory leak when receiving a descriptor for a hidden service we didn't ask for. Found by Coverity; CID #30. Bugfix on 0.2.2.26-beta. o Minor features: - Update to the July 1 2011 Maxmind GeoLite Country database. I get confused where to download. I only found Win32 unstable 0.2.2.29 :-( -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor 0.2.2.30-rc is out
From: Sebastian Hahn m...@sebastianhahn.net On Jul 10, 2011, at 11:04 PM, David H. Lipman wrote: I get confused where to download. I only found Win32 unstable 0.2.2.29 :-( From: Roger Dingledine a...@mit.edu Packages will appear on the download page in the coming days. Be patient :) ROFLOL ;-) -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Darknet Weaknesses slides: Animation test
From: Adrian Crenshaw irong...@irongeek.com I've been working on my common Darknet Weaknesses slides for AIDE and Defcon. Any feed back on sample animations/things to add? Keep in mind I only have about 50min to speak. First network animations are at about 50 sec in. http://youtu.be/UoXk-Nx6spw?hd=1 I plan to make more changes, and intend to take this video down later as there are likely mistakes/omissions. The slides play at about 10 times faster than I plan to speak. :) Thanks, Too fast for me. I rather see it as a PP or PDF slideshow where I can control the speed. I gave up on it. -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Darknet Weaknesses slides: Animation test
From: Adrian Crenshaw irong...@irongeek.com I can send you the pptx offlist. Thanks, Adrian Got it - Thanx ! -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Official www.torproject.org onions?
From: cmeclax-sazri cmeclax-sa...@ixazon.dynip.com On Friday 17 June 2011 22:17:27 David H. Lipman wrote: Accordingto OpenDNS You tried to visit 56apzofkmsmgb3yr.onion, which is not loading. Comes up fine for me. Is your web browser set up to fetch sites through Tor? You can't look up a .onion address in DNS; it's a Tor hidden service. No, not at that time. The proxy was not enabled. -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Official www.torproject.org onions?
From: Andrew Lewman and...@torproject.org On Fri, 17 Jun 2011 16:40:32 -0400 grarpamp grarp...@gmail.com wrote: Hi. Are there Tor processes delivering the torproject websites directly to onionland? Can or should there be some? There are some, and they are listed on the main trac page. http://56apzofkmsmgb3yr.onion/ points to archive.torproject.org http://kny6sd6xdxrjaan3.onion/ points to www.torproject.org Accordingto OpenDNS You tried to visit 56apzofkmsmgb3yr.onion, which is not loading. -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Use KiXtart to change identies
From: Damian Johnson atag...@gmail.com I am not sure I know how to go about that nor do I know what a NEWNYM signal is. It's a local socket, which you'd connect to like the following with python: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((controlAddr, controlPort)) As for NEWNYM, see the following: https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-spec.txt#l288 Cheers! -Damian Thank you Damien. Its a starter. -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Use KiXtart to change identies
How can I use the KiXtart scripting laguage to change identities ? DDE ? COM Automation ? -- Dave Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk