On Wed, 2007-03-07 at 14:02 -0500, Michael Holstein wrote:
> > I've seen a VM that routes all traffic over TOR, invisibly to the O/S.
> > (Not sure what they do about UDP).
> > Developed at Georgia Tech.
>
> One better .. TOR on OpenWRT on a Linksys router.
>
> Tor at the *hardware* level.
WR
The approaches suggested won't work if you use Firefox with NoScript set
to disable JavaScript, Java, Flash and any other plugins.
Agreed. Firefox work better on security site nor IE is a big hole.
Cesare
On 2007-3-8 11:35 CST(UTC+8), Paul Syverson wrote:
> On Wed, Mar 07, 2007 at 09:53:08PM -0500, James Muir wrote:
>>> Heheh, well speaking of dreaming big, while both what you and Jason
>>> Edwards said are great goals to have, I think we shouldn't get
>>> distracted from "stopping the bleeding" now
On Wed, Mar 07, 2007 at 10:35:54PM -0500, Paul Syverson wrote:
> On Wed, Mar 07, 2007 at 09:53:08PM -0500, James Muir wrote:
> > >Heheh, well speaking of dreaming big, while both what you and Jason
> > >Edwards said are great goals to have, I think we shouldn't get
> > >distracted from "stopping th
On Wed, Mar 07, 2007 at 09:53:08PM -0500, James Muir wrote:
> >Heheh, well speaking of dreaming big, while both what you and Jason
> >Edwards said are great goals to have, I think we shouldn't get
> >distracted from "stopping the bleeding" now with a few sentences right
> >up front while something
Heheh, well speaking of dreaming big, while both what you and Jason
Edwards said are great goals to have, I think we shouldn't get
distracted from "stopping the bleeding" now with a few sentences right
up front while something more elaborate is devised (or a volunteer
steps up).
The problem is if
Thus spake Paul Syverson ([EMAIL PROTECTED]):
> I don't think it was off topic. To repeat what I already said in
> an individual response.
>
> I think it was not OT since your post addressed the reality of a
> situation for which people were designing Tor modifications and
> deployments and
As suggested on IRC, I think
the Tor documentation strategy needs to be rethought. Most people
barely read the download page, let alone the reems of FAQ questions.
We've had two "attacks" now on Tor that rely on unmasking users who
use Tor incorrectly. One of them actually published a paper and
On Wed, Mar 07, 2007 at 02:14:33PM -0600, Mike Perry wrote:
> Thus spake Freemor ([EMAIL PROTECTED]):
>
> > I think what needs to be done here is to create a FAQ or other standard
> > document that will 1.) inform the vastly misinformed public. 2.) list
> > places and ways they can make a differen
Thus spake Freemor ([EMAIL PROTECTED]):
> I think what needs to be done here is to create a FAQ or other standard
> document that will 1.) inform the vastly misinformed public. 2.) list
> places and ways they can make a difference.
Excellent post, even if slight off-topic. As suggested on IRC, I
A non-issue. The DNS request from the first trick will get routed
through TOR. The second trick is easily avoided by blocking Java via
NoScript.
~Mike.
Fergie wrote:
Hmmm.
http://blogs.zdnet.com/security/?p=114
Comments?
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the
I've seen a VM that routes all traffic over TOR, invisibly to the O/S.
(Not sure what they do about UDP).
Developed at Georgia Tech.
One better .. TOR on OpenWRT on a Linksys router.
Tor at the *hardware* level.
~Mike.
O.K. I've been biting my tongue on this one for a while now. I'll try to
keep this short as it is not specifically TOR related
As a survivor of childhood sexual abuse. I'm personally getting annoyed
by this whole "nab the paedophiles thing". for several reasons:
1.) 90+ percent of sexual abuse o
On Wednesday, March 07, 2007, at 07:42AM, "Roger Dingledine" <[EMAIL
PROTECTED]> wrote:
>On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote:
>> > http://blogs.zdnet.com/security/?p=114
>>
>> The approaches suggested won't work if you use Firefox with NoScript set
>> to disable JavaScri
On 3/7/07, Nick Mathewson <[EMAIL PROTECTED]> wrote:
[...] and fangirls reading harry/ron slashfic online.
The picture! It's burning into my brain-patterns! ARGH!
Cheers, Alex.
--
"I am tired of all this sort of thing called science here... We have spent
millions in that sort of thing for the
On Wed, Mar 07, 2007 at 02:50:34PM +0100, Alexander W. Janssen wrote:
> OK, we heard a lot of technical details, I'll cover the non-tech part of it.
>
> On 3/7/07, Fergie <[EMAIL PROTECTED]> wrote:
> >Comments?
>
> Yes, it's stupid.
Well, it sounds like a pretty thorough implementation of a well
OK, we heard a lot of technical details, I'll cover the non-tech part of it.
On 3/7/07, Fergie <[EMAIL PROTECTED]> wrote:
Comments?
Yes, it's stupid.
First, the legal issues. What he does is overtaking a TOR-user's
machine by malicious code. He's accusing people of being childporn
consuments
On 3/6/07, Roger Dingledine <[EMAIL PROTECTED]> wrote:
...
So the moral of the story appears to be turn the plugins off, period.
The broader moral is: don't run code from strangers on your computer. The
even broader moral would be to lament that we're still not using SSL on
most Internet interact
On Wed, Mar 07, 2007 at 05:28:13AM +, Fergie wrote:
> Hmmm.
>
> http://blogs.zdnet.com/security/?p=114
>
> Comments?
They seriously expect me to use JavaScript and Java when
using Tor? Some uber-hacker, indeed. More of the propeller
beanie kind.
--
Eugen* Leitl http://leitl.org";>leitl ht
I've seen a VM that routes all traffic over TOR, invisibly to the
O/S. (Not sure what they do about UDP).
Developed at Georgia Tech.
On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote:
> http://blogs.zdnet.com/security/?p=114
The approaches suggested won't work if you use Firefo
On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote:
> > http://blogs.zdnet.com/security/?p=114
>
> The approaches suggested won't work if you use Firefox with NoScript set
> to disable JavaScript, Java, Flash and any other plugins.
You still have to be careful though -- if you enable the
Thus spake Mike Perry ([EMAIL PROTECTED]):
> At any rate, I welcome a good open source implementation of this. If
> nothing else, it will be nice to pit it against my scanner on a test
> network to make sure this sort of thing can be reliably detected.
Oh, and we can also use this as an opportuni
Thus spake Fergie ([EMAIL PROTECTED]):
> Hmmm.
>
> http://blogs.zdnet.com/security/?p=114
>
> Comments?
Will they write a ZDnet article about me when my node scanner starts
to delist his compromised exit nodes? ;)
There's of course no way that these nodes can be allowed to continue
to be exit
Fergie wrote:
Hmmm.
http://blogs.zdnet.com/security/?p=114
Comments?
The approaches suggested won't work if you use Firefox with NoScript set
to disable JavaScript, Java, Flash and any other plugins.
-James
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also note that browsing with Firefox using the NoScript
http://noscript.net/ extension renders this attack and most others
useless, since that java applet never gets executed.
Michael_google gmail_Gersten wrote:
> Well, first, this is just the normal
Well, first, this is just the normal exit node exposure of tor.
The exit node in your circuit gets to see the raw communication
between you and your destination. If you are using an SSL channel
(SSH, https, etc) then nothing is a problem. Otherwise, the exit node
can do things like spy on usernam
26 matches
Mail list logo