Hi,
How can someone verify the downloaded Torbutton file?
https://www.torproject.org/torbutton/index.html.en
I did not see any way to do that.
Thanks,
M
2011/9/15 tagnaq
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 09/01/2011 10:47 AM, Roger Dingledine wrote:
> > For those who ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 09/01/2011 10:47 AM, Roger Dingledine wrote:
> For those who haven't been following, check out
> https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
>
> You should pay special attention if you're in an environment w
On 08/09/11 15:20, Joe Btfsplk wrote:
> My point was (& I think Julian's) was, aside from certificate issues,
> various practices of many sites where security is vitally important,
> their WORDS "~ we take customers' security & online safety very
> seriously & use high security standards...," and t
On 9/7/2011 3:42 PM, Marsh Ray wrote:
On 09/07/2011 03:19 PM, Julian Yon wrote:
My bank forces me to enter part of my password using unobscured
dropdowns "for security". Sure, it avoids keyloggers, but what about
*someone standing behind me*?
Do they have a gun? Otherwise, cover the screen wi
On 07/09/11 23:19, Marsh Ray wrote:
> Realistically today the bank may have thousands of customers with
> malicious keyloggers for every one who is protected by an obscured
> display. This was not the case just a few years ago, the threat has
> changed. The keylogger threat might be somewhat mitiga
On 09/07/2011 04:48 PM, Julian Yon wrote:
There's no need to be patronising. I have plenty of security
experience.
Sorry, wasn't trying to be patronizing. Just trying to give my opinion
plainly.
This is where, IMHO, computer security people can maybe take a step
back. Sure we should all remin
On 09/07/2011 03:19 PM, Julian Yon wrote:
My bank forces me to enter part of my password using unobscured
dropdowns "for security". Sure, it avoids keyloggers, but what about
*someone standing behind me*?
Do they have a gun? Otherwise, cover the screen with your hand or ask
them to look away.
On 07/09/11 21:42, Marsh Ray wrote:
> Do they have a gun? Otherwise, cover the screen with your hand or ask
> them to look away.
>
> Realistically, this is nowhere near the biggest threat these days. It's
> mostly a holdover from security guidance from shared computing labs and
> pre-internet days
On 07/09/11 19:40, Joe Btfsplk wrote:
> I can't even convince several financial sites to allow more than 10 PW
> chars, & to allow special characters.
My bank forces me to enter part of my password using unobscured
dropdowns "for security". Sure, it avoids keyloggers, but what about
*someone stan
On 9/3/2011 3:51 PM, Lee wrote:
On 9/3/11, Joe Btfsplk wrote:
No. I understand Tor Project's main concern is Tor / TBB. I fail to
understand why the issue / problem being discussed is in any way limited
to Tor or a few softwares.
My understanding is that the issue is common to all 'secured'
On Sat, Sep 03, 2011 at 02:36:54PM -0400, ler...@gmail.com wrote 2.2K bytes in
43 lines about:
: Is there a solution for this specific case? Someone claiming to be
: Roger Dingledine included a PGP signature block in the msg that
: started this thread. Nobody's responded "Hey! That wasn't me!!"
On Sat, Sep 03, 2011 at 04:51:49PM -0400, ler...@gmail.com wrote 4.3K bytes in
111 lines about:
: My understanding is that the issue is common to all 'secured' web
: sites. HTTP is trivially subverted; HTTPS needs a valid cert or the
: user clicking past a "No, I don't care about my security; go
On Sat, Sep 03, 2011 at 02:27:47PM -0500, joebtfs...@gmx.com wrote 4.2K bytes
in 84 lines about:
: is about as technical as it gets. My 1st impression w/ the process
: (& instructions on Tor page - verifying signatures) is, it will be
: over the avg users' heads, or more trouble / effort than the
On 03/09/11 19:36, Lee wrote:
> Is there a solution for this specific case? Someone claiming to be
> Roger Dingledine included a PGP signature block in the msg that
> started this thread. Nobody's responded "Hey! That wasn't me!!" or
> "That's not my PGP sig!" so it seems safe enough to trust tha
On 9/3/11, Joe Btfsplk wrote:
[.. snip stuff addressed to others ..]
> Lee:
>> These are all rhetorical questions - right?
> No. I understand Tor Project's main concern is Tor / TBB. I fail to
> understand why the issue / problem being discussed is in any way limited
> to Tor or a few software
On 9/3/2011 11:00 AM, Netizio wrote:
I'm just asking here - other than entities (gov'ts?) targeting anonymity
software (for now) what prevents this issue from becoming widespread?
If I download an update from MS - how do I know it's the authentic pkg
from the real MS? There's no authentication (
On 9/3/11, Joe Btfsplk wrote:
> On 9/2/2011 4:46 PM, and...@torproject.org wrote:
>> On Fri, Sep 02, 2011 at 01:31:53PM -0400, col...@averysmallbird.com wrote
>> 4.5K bytes in 109 lines about:
>> : According to a number of bloggers(1), torproject.org was include among
>> those
>>
>> Here's another
On 03/09/11 15:59, Jim wrote:
> I don't have a solution to this problem but I am raising it in case
> somebody else does. It's great that you not only sign your packages but
> that the page above also lists the fingerprints of the signing keys.
> But in case of a man-in-the-middle attack (or a com
On 9/3/11, Julian Yon wrote:
> On 03/09/11 15:59, Jim wrote:
>> I don't have a solution to this problem but I am raising it in case
>> somebody else does. It's great that you not only sign your packages but
>> that the page above also lists the fingerprints of the signing keys.
>> But in case of
> I'm just asking here - other than entities (gov'ts?) targeting anonymity
> software (for now) what prevents this issue from becoming widespread?
> If I download an update from MS - how do I know it's the authentic pkg
> from the real MS? There's no authentication (or even check sums) for
> d/l
Roger Dingledine wrote:
Perhaps now is a great time for you to learn how to verify the signatures
on Tor packages you download:
https://www.torproject.org/docs/verifying-signatures
I don't have a solution to this problem but I am raising it in case
somebody else does. It's great that you not o
Joe Btfsplk wrote:
I'm just asking here - other than entities (gov'ts?) targeting anonymity
software (for now) what prevents this issue from becoming widespread?
If I download an update from MS - how do I know it's the authentic pkg
from the real MS? There's no authentication (or even check s
On 9/2/2011 4:46 PM, and...@torproject.org wrote:
On Fri, Sep 02, 2011 at 01:31:53PM -0400, col...@averysmallbird.com wrote 4.5K
bytes in 109 lines about:
: According to a number of bloggers(1), torproject.org was include among those
Here's another blogger for your list,
https://blog.torproject
On Fri, Sep 02, 2011 at 01:31:53PM -0400, col...@averysmallbird.com wrote 4.5K
bytes in 109 lines about:
: According to a number of bloggers(1), torproject.org was include among those
Here's another blogger for your list,
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-
According to a number of bloggers(1), torproject.org was include among those
domains targeted in the certificate breach. In at least the case of Google,
these certificates have been offered to Iranian Internet users by a number
of ISPs, in a number of city.
Risk is a product of situation, and if y
On 9/2/2011 12:11 PM, Seth David Schoen wrote:
Joe Btfsplk writes:
Is it really a risk, d/l Tor or TBB directly from Tor Project's
site, that verifying signatures is necessary? What is the reasoning
here - if getting files from Tor Project server?
How do you know it was really the Tor Projec
Joe Btfsplk writes:
> Is it really a risk, d/l Tor or TBB directly from Tor Project's
> site, that verifying signatures is necessary? What is the reasoning
> here - if getting files from Tor Project server?
How do you know it was really the Tor Project server?
--
Seth Schoen
Senior Staff Te
On 9/2/2011 9:28 AM, Joe Btfsplk wrote:
> On 9/2/2011 7:55 AM, Achter Lieber wrote:
>> - Original Message -
>> From: Roger Dingledine
>> Sent: 09/01/11 03:47 PM
>> To: tor-talk@lists.torproject.org
>> Subject: [tor-talk] Dutch CA issues fake *.torproje
On 9/2/2011 9:57 AM, David Carlson wrote:
On 9/2/2011 9:28 AM, Joe Btfsplk wrote:
Is it really a risk, d/l Tor or TBB directly from Tor Project's site,
that verifying signatures is necessary? What is the reasoning here -
if getting files from Tor Project server?
_
On 9/2/2011 7:55 AM, Achter Lieber wrote:
- Original Message -
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
To: tor-talk@lists.torproject.org
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many
others)
New bundles are out now:
https://blog.torproject.org
- Original Message -
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
To: tor-talk@lists.torproject.org
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many
others)
For those who haven't been following, check out
https://blog.torproject.org/blog/diginotar-de
For those who haven't been following, check out
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
You should pay special attention if you're in an environment where your
ISP (or your government!) might try a man-in-the-middle attack on your
interactions with https:
32 matches
Mail list logo
