A recap (since this thread is about 2 weeks old): Ping latency decreases
when CPU usage is high. If an adversary can influence CPU usage (i.e.
JavaScript, GZIP decompression, expensive public-key crypto), then they
can use this as a covert channel to transmit data. (Imagine: someone
/9Z+5uDFt
h/W7Owx1WSf/4ioc8a8zxHdc5J3gaO8HrYhSskqxmQ4loHD6a77O7a2Ssay2JAAU
FjbO71xWD+4hWwRAyNfd
=9Rfq
-END PGP SIGNATURE-
On 15/07/16 11:18 AM, Ethan White wrote:
I recently had an idea for using CPU load covert channels for
practical deanonymization attacks. After using them to
deanonymize
I recently had an idea for using CPU load covert channels for practical
deanonymization attacks. After using them to
deanonymize myself multiple times, I conferred with some Tor Project
people, and they recommended I post it here.
*# Covert Channels*
A _covert channel_ is any technique that
First off, this is my first post to tor-talk, so I'm not even really
sure this is the right place, but...
Recently, I've been toying with an idea inspired by a posting on
tor-talk by Mike Perry from September 2013 [1], in which alternatives
were discussed to Web of Trust (WoT); specifically,
Hello people of tor talk,
Ever since the the TBB update to 2.3.25.4 torbirdy hasn't been
functioning, I think it's because the port change: Set the Tor
SOCKS+Control ports to 9150, 9151 respectively on all platforms This
fixes a SOCKS race condition with our SOCKS autoport configuration and
would be helped by this discussion.
- --
Ethan Lee Vita
Professional Agorist
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJQCsPFAAoJEA7VNhrVHpnSGhIP/04Ur//0zVMFU+g008jWXRoH
. But besides PGP and Tor teams I am not aware of another team
ready to redesign the mess in place today.
Have you looked at mesh net and similar technologies and groups? Off the
top of my head, I'd recommend looking into CJDNS/hyperboria, I2P,
FreedomBox, Telecomix, Freenet, GNUnet.
- --
Ethan Lee Vita
, and
based on file size, is an old version anyway. Might want to fix that link.
- --
Ethan Lee Vita
Professional Agorist
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
, so I touched only account setup settings.
Do you see the connection attempts in Vidalia's network map?
I'll check that in a moment.
- --
Ethan Lee Vita
Professional Agorist
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http
. However, when you asked me
to check connections in Vidalia, I went to the app directory and opened
it directly (I usually hide vidalia when launching from
start-tor-browser). And it showed connections. And worked. I suppose its
related to stream isolation not being in TBB yet?
- --
Ethan Lee Vita
if someone could share the
xpis 5 6, I could report on which version I started having problems with.
- --
Ethan Lee Vita
Professional Agorist
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJQCXcgAAoJEA7VNhrVHpnSPDwP/3Ahps/OEPTlebb8Vty+HiEj
- - use_status_for_biff to false (I don't use imap, but tweaked this in
case I ever changed my mind and forgot this existed)
- --
Ethan Lee Vita
Professional Agorist
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
12 matches
Mail list logo