On Wed, Apr 9, 2014 at 2:29 PM, Christopher J. Walters cwal...@comcast.net
It makes me wonder if the NSA was involved in inserting this bug into
OpenSSL clients and servers.
That would be 2+ years of amazing win on NSA part [1]. Any unlikely
impropriety would come out soon. More likely
Hi,
are we really sure that the private keys are being compromised due to
the heartbleed attack?
I see many people upgrading, that's OK, but then i see many people
changing private keys.
I read here that's very unlikley that a private key can be retrieved:
Hello experts!
What do you think about Pogoplug?
https://pogoplug.com/safeplug
Why do I use it instead of Tor Browser in my computer?
Thanks!
Marcos Kehl (Brasil)
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other
Hi everyone
I want to announce to the list that a new release of tor-ramdisk is out.
Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux
distribution whose only purpose is to host a Tor server in an
environment that maximizes security and privacy. Security is enhanced by
On 4/10/2014 3:16 AM, Fabio Pietrosanti (naif) wrote:
Hi,
are we really sure that the private keys are being compromised due to
the heartbleed attack?
I see many people upgrading, that's OK, but then i see many people
changing private keys.
I read here that's very unlikley that a private key
Hi,
I am Linux user for almost 10 years. I am Debian user, and I am use to
update software the Debian way using apt/aptitude (confortable with
yum too for other distros). However for Tor Browser Boundle I don't know
what would be the best way to upgrade.
As a newbie with Tor, what I am doing is
On Thu, 2014-04-10 at 15:46 +, Nunostc wrote:
Hi,
I am Linux user for almost 10 years. I am Debian user, and I am use to
update software the Debian way using apt/aptitude (confortable with
yum too for other distros). However for Tor Browser Boundle I don't know
what would be the best
I've got a small server with a few hundred kilobytes/sec spare; I'm
considering running a bridge node on it (including obfsproxy). I've got
3 questions:
1. Is such a small bandwidth going to make a worthwhile contribution?
2. What port number should I run obfsproxy on, to minimize the chance
of
On Thu, Apr 10, 2014 at 06:24:00PM +0100, John Williams wrote:
1. Is such a small bandwidth going to make a worthwhile contribution?
Yes probably. Can't hurt, might help! :)
2. What port number should I run obfsproxy on, to minimize the chance
of it being blocked from potential users? I'm
Hello experts!
I had troubles running Tails as main boot on live dvd, because the internet
always failed and disconected after few minutes. Even with or without spoofing
my mac adress. I really don't understand why it happens.
But, running Tails on virtual machine (VMWare), it runned fine. I
On 04/10/2014 03:01 PM, Marcos Eugenio Kehl wrote:
Hello experts!
What do you think about Pogoplug?
https://pogoplug.com/safeplug
Why do I use it instead of Tor Browser in my computer?
Nothing is safe enough against NSA. The safeplug developers never
reached out to the Tor project, which
I am having a problem with my Tor daemon on my server which is Gentoo
Hardened. Hidden services never seem to come online since restarting.
There are some interesting messages in the log about the Tor network
being overloaded. I've tried to look them up but couldn't find anything.
I think there
Update: this problem seems resolved. I manually set the date on the
system and made a typo. I am not sure why Tor didn't complain about the
time being out, though it was out by exactly 24 hours.
On 04/11/2014 06:02 AM, Cyrus wrote:
I am having a problem with my Tor daemon on my server which is
If you want to run Tor on something from PogoPlug I'd recommend installing
Linux on one of their NAS devices instead of using the SafePlug.
https://duckduckgo.com/?q=pogoplug+debian
--lee
On Thu, Apr 10, 2014 at 1:03 PM, Ed Fletcher e...@fletcher.ca wrote:
On 10/04/2014 8:01 AM, Marcos
On Thu, Apr 10, 2014 at 09:55:03PM +0200, Moritz Bartl wrote:
On 04/10/2014 03:01 PM, Marcos Eugenio Kehl wrote:
Hello experts!
What do you think about Pogoplug?
https://pogoplug.com/safeplug
Why do I use it instead of Tor Browser in my computer?
Nothing is safe enough against NSA.
Since I am neither an expert on OpenSSL nor TOR, let's get one question out of
the way before anything further is said on the topic: Does TOR actually use
potentially vulnerable versions of OpenSSL (or use it at all, for that matter)?
If so, then it *could* pose a risk to TOR (until and
On Thu, Apr 10, 2014 at 1:57 PM, Roger Dingledine a...@mit.edu wrote:
On Thu, Apr 10, 2014 at 06:24:00PM +0100, John Williams wrote:
3. If I run obfsproxy, should I open the regular tor port 9001 to the
internet also? Or will that get me onto blacklists of known tor
bridges and cause my
I would categorically assume the answer to be no until the NSA starts working
for the people of the United States instead of against us. Until they are
completely transparent in what they do, and completely honest in their results,
it is easier to assume no. The NSA does not even trust itself.
On Thu, 10 Apr 2014 18:24:00 +0100
John Williams j...@pond-weed.com wrote:
3. If I run obfsproxy, should I open the regular tor port 9001 to the
internet also? Or will that get me onto blacklists of known tor
bridges and cause my whole IP address to be blocked?
The regular tor port doesn't
On 04/10/2014 12:55, Moritz Bartl wrote:
Staying with Tor Browser is the best bet for now. Tor Browser on the
client side protects against a lot of problems that transparent proxying
cannot solve.
Isn't Whonix approach the best now for users security-wise?
Its just doesn't come from the Tor
I posted a leak a couple weeks back failing to connect
the dots. It's this one...
https://bugzilla.mozilla.org/show_bug.cgi?id=751465
In the meantime...
network.websocket.enabled = false
Observed on...
bitcoincharts.com
blockchain.info
disqus.com
--
tor-talk mailing list -
On 4/10/2014 3:44 PM, Christopher J. Walters wrote:
Since I am neither an expert on OpenSSL nor TOR, let's get one question out of
the way before anything further is said on the topic: Does TOR actually use
potentially vulnerable versions of OpenSSL (or use it at all, for that matter)?
Should
On 4/10/2014 7:37 PM, Joe Btfsplk wrote:
On 4/10/2014 3:44 PM, Christopher J. Walters wrote:
.snip.
Should Tor / TorBrowser be patched for heartbleed bug?
Apparently so:
https://blog.torproject.org/blog/
Tor Browser users should upgrade as soon as possible to the new 3.5.4 release
On 4/11/14, Lars Luthman m...@larsluthman.net wrote:
On Thu, 2014-04-10 at 15:46 +, Nunostc wrote:
Hi,
I am Linux user for almost 10 years. I am Debian user, and I am use to
update software the Debian way using apt/aptitude (confortable with
yum too for other distros). However for Tor
It says in the blog:
Hidden services: Tor hidden services might leak their long-term hidden service
identity keys to their guard relays.
Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the
location of the hidden service,
but an attacker who knows the hidden service
25 matches
Mail list logo
