Re: [tor-talk] Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

Confirmed - the problem remains: Failed 0 B InRelease tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease in Tails 3.8 & Debian -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to

Re: [tor-talk] Tails: Failed InRelease - tor+http://vwakviie2ienjx6t.onion/

RE: https://lists.debian.org/debian-user/2017/08/msg01420.html RE: https://lists.torproject.org/pipermail/tor-talk/2018-May/044171.html This continues to be a problem in Tails 3.7.1 and in Debian when configured with the .onion URLs. (and running Tor) To quote the second URL above: ### In

Re: [tor-talk] [Tails-dev] Help us build Tails 3.2~alpha1 build reproducibly

anonym: > ### ... and the checksums differ (i.e. reproduction failed). > [...] > sudo apt -o APT::Install-Suggests="true" \ > -o APT::Install-Recommends="true" \ > install diffoscope -t stretch-backports It was reported to us that the above command pulls in ~3500

Re: [tor-talk] Tails prevents MAC changes as design feature

> > Geographical movement is revealed by device leaks before Tails boots. Tor is not meant to protect against a global active adversary. In any case, one should look at who was caught using Tor, and how one should improve upon them. -- tor-talk mailing list - tor-talk@lists.torproject.org To

[tor-talk] Tails prevents MAC changes as design feature

> intrigeri intrigeri at boum.org > Tue Jul 4 06:13:41 UTC 2017 > > We don't actively support the use case described below It seems that you do: >>Tails User Goals: Hide geographical movement >>Tails User Goals: No unspoofed usage of Tails >>Tails User Goals: Not raising alarms on the network

Re: [tor-talk] Tails prevents MAC changes as design feature

krishna e bera: > On 04/07/17 02:13 AM, intrigeri wrote: >> Answered on tails-...@boum.org. > That shows as a mailto: link. Perhaps meant to point to […] Sorry I was too lazy to express what I meant clearly enough. I wasn't overly enthusiastic at the idea of spending time myself dealing with

Re: [tor-talk] Tails prevents MAC changes as design feature

On 04/07/17 02:13 AM, intrigeri wrote: Answered on tails-...@boum.org. That shows as a mailto: link. Perhaps meant to point to https://mailman.boum.org/pipermail/tails-dev/2016-August/010898.html which leads to these issues: https://labs.riseup.net/code/issues/7380

Re: [tor-talk] Tails prevents MAC changes as design feature

> Why continue with the insecure model of changing NIC only? Willfully > leaking network device manufacturer info is irresponsible. > > didukno > changing only first half of the MAC is same as not changing your MAC. Sit in a coffee shop with packet sniffer, most laptops have unique

Re: [tor-talk] Tails prevents MAC changes as design feature

On 07/04/2017 06:13 AM, intrigeri wrote: > Answered on tails-...@boum.org. > What? TAILS will no longer randomize MAC address? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tails prevents MAC changes as design feature

Answered on tails-...@boum.org. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Tails prevents MAC changes as design feature

I have issues with network interfaces, like wlan0, changing back to what the system wants. This is not what I want. Case: - Start Tails (MAC Address Spoofing: On) - Plug in network card (wlan0) - macchanger assigns wlan0 random MAC string - Bring wlan0 down - Set new MAC string (macchanger or

Re: [tor-talk] TAILS people

On Tue, Jan 24, 2017, at 16:00, I wrote: > > > Probably because you don't want the release candidate. > > > --Roger > > Isn't the idea to seed the prospective version for testing, hence the > button to get it? > The button leads to the dud link. Right now there isn't a prospective version,

Re: [tor-talk] TAILS people

> Probably because you don't want the release candidate. > --Roger Isn't the idea to seed the prospective version for testing, hence the button to get it? The button leads to the dud link. Robert -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other

Re: [tor-talk] TAILS people

On Tue, Jan 24, 2017 at 03:44:15PM -0800, I wrote: > The requested URL /torrents/files/tails-i386-2.10~rc1.torrent was not found > on this server. Probably because you don't want the release candidate. https://blog.torproject.org/blog/tails-210-out https://tails.boum.org/install/download/

[tor-talk] TAILS people

The requested URL /torrents/files/tails-i386-2.10~rc1.torrent was not found on this server. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [Tails-dev] systemd: ruh roh! Crippling Bug!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anonymous : > Multiple Linux Distributions Affected By Crippling Bug In Systemd > > Story is at Slashdot and the bug report is: Anyone who chooses systemd over traditional sysvinit deserves being affected. >

Re: [tor-talk] [Tails-dev] [Secure Desktops] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

I mistyped. Here is the correct version. day 1 1) Tails user regularly goes to physical place A that provide [free] WiFi. 2) The name of the wifi is FreeWifi832458252823523 with MAC address "A". The user uses the regular way to set up a WiFi connection. Network Manager etc. 3) Now, Tails would

Re: [tor-talk] [Tails-dev] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

intrigeri: > sajolida wrote (07 Feb 2016 13:01:57 GMT) : >> If we think that the relationship between location and entry guard is a >> meaningful information, for the mobile user for example, maybe the name >> of the entry guard could at least be fed back somehow before the >> connection takes

Re: [tor-talk] [Tails-dev] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

sajolida wrote (07 Feb 2016 13:01:57 GMT) : > If we think that the relationship between location and entry guard is a > meaningful information, for the mobile user for example, maybe the name > of the entry guard could at least be fed back somehow before the > connection takes place, in Tor

Re: [tor-talk] [Tails-dev] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

intrigeri: > [can you please decide what mailing-list this discussion should happen > on, and then we can stop cross-posting over 4 mailing-list?] We're in a quite abstract cross-distro Tor discussion, so let's go for [tor-talk]. > Patrick Schleizer wrote (02 Jan 2016 22:36:13 GMT) : >> The

Re: [tor-talk] [Tails-dev] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

Hi, [can you please decide what mailing-list this discussion should happen on, and then we can stop cross-posting over 4 mailing-list?] Patrick Schleizer wrote (02 Jan 2016 22:36:13 GMT) : > But I think location aware Tor entry guards (LATEG) are wrong headed. > The topic of LATEG is so

[tor-talk] Tails vulnerability specific to I2P, not Tor

http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/ SILVER BULLETS AND FAIRY TAILS Introduction This week we made mention on Twitter of a zero-day vulnerability we’ve unearthed that affects the popular Tails operating system. As the Tails website states: Tails is a live

[tor-talk] Tails on virtual machine.

Hello experts! I had troubles running Tails as main boot on live dvd, because the internet always failed and disconected after few minutes. Even with or without spoofing my mac adress. I really don't understand why it happens. But, running Tails on virtual machine (VMWare), it runned fine. I

[tor-talk] TAILS uses one DNS server from OpenDNS **WARNING **

Tails uses one DNS server from OpenDNS. What prevents a malicious party from signing up exit nodes at OpenDNS and logging traffic, blocking content, and/or redirecting traffic? Please consider switching Tails' DNS to another provider in addition to adding more than one DNS IP, some

Re: [tor-talk] TAILS uses one DNS server from OpenDNS **WARNING **

On 10/27/2013 12:15 AM, communicationsys...@safe-mail.net wrote: Tails uses one DNS server from OpenDNS. What prevents a malicious party from signing up exit nodes at OpenDNS and logging traffic, blocking content, and/or redirecting traffic? Assuming the malicious party runs the exit

Re: [tor-talk] TAILS uses one DNS server from OpenDNS **WARNING **

communicationsys...@safe-mail.net: Please consider switching Tails' DNS to another provider in addition to adding more than one DNS IP, some service where nobody can sign up anonymously and possibly perform MITM attacks via DNS. tor-talk is not the right place to make suggestions about how

Re: [tor-talk] TAILS uses one DNS server from OpenDNS **WARNING **

On Sun, 2013-10-27 at 03:41 -0400, Michael Wolf wrote: On 10/27/2013 12:15 AM, communicationsys...@safe-mail.net wrote: Tails uses one DNS server from OpenDNS. What prevents a malicious party from signing up exit nodes at OpenDNS and logging traffic, blocking content, and/or

Re: [tor-talk] TAILS uses one DNS server from OpenDNS **WARNING **

On Sun, 27 Oct 2013 14:06:35 -0400 Ted Smith te...@riseup.net allegedly wrote: OpenDNS authenticates by IP, so anyone using the exit node can change the OpenDNS settings if the exit node operator hasn't made an account. The exit node operator can do all of those things, but anyone using

Re: [tor-talk] TAILS uses one DNS server from OpenDNS **WARNING **

On 10/27/2013 2:06 PM, Ted Smith wrote: On Sun, 2013-10-27 at 03:41 -0400, Michael Wolf wrote: On 10/27/2013 12:15 AM, communicationsys...@safe-mail.net wrote: Tails uses one DNS server from OpenDNS. What prevents a malicious party from signing up exit nodes at OpenDNS and logging

Re: [tor-talk] [Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?

Hi, Anonymous Remailer (austria) wrote (17 Oct 2013 17:58:39 GMT) : I have a question: @OP: first, it seems you have cross-posted this to at least tor-talk, tails-dev and Full-Disclosure, without making it clear with an explicit Cc:. This will painfully lead to various unlinked discussions

[tor-talk] TAILS versus TBB (Latest versions): Additional CA Certs appearing in TAILS browser. LEGIT or not ?

I have a question: Tor Browser Bundle - Firefox ESR 17.0.9 (LATEST TOR) Compared to: Iceweasel 17.0.9 (LATEST TAILS Linux distribution) To be found in Tails (not found in TBB), some additional certificates: DigiCert Inc - DigiCert High Assurance EV CA-1 DigiCert Inc - DigiCert High Assurance

Re: [tor-talk] Tails statistics / browser homepage [Was: CloudFlare]

Hi, NoName wrote (22 Apr 2013 06:00:48 GMT) : Only there is no conspiracy. Only plain stupidity. Regardless of the actual wording of the emitted judgment, I suggest you check your facts, and make sure you know what you're talking of, before judging other people's action. Just a friendly advice.

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Hi, intrigeri: Hi Jacob and Elly, Thanks for your answers! See more questions bellow. Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) : Basically - tlsdate in Tails would be a minor set of users compared to the much larger user base of ChromeOS. Sure. I doubt we can blend in this

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

intrigeri: Jacob, are you interested in implementing something like our current multiple pool -based approach [2], or something else with similar security properties? What version of htpdate are you shipping currently? I've just been reading the source for htpdate-1.0.4 - is that the right

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Hi, Jacob Appelbaum wrote (17 Apr 2013 08:58:32 GMT) : What version of htpdate are you shipping currently? This is documented there: https://tails.boum.org/contribute/design/Time_syncing/#index2h2 Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

intrigeri: Hi, adrelanos wrote (17 Apr 2013 19:33:23 GMT) : Why not build the required features into Tor itself? (Let's assume this is no rhetorical question.) My best guess is that nobody had 1. enough interest in this topic; 2. the right set of skills; 3. enough free time. In my

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

adrelanos: Jacob Appelbaum: If I were to reinvent the wheel without having read any of tordate's source, I would: open the consensus or the cached-microdescs parse the absolute minimum time stat the respective file to see the last possible atime/mtime/ctime pick the later time of

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

adrelanos: Jacob Appelbaum: Elly Fong-Jones: On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote: Hi Jacob and Elly, Thanks for your answers! See more questions bellow. Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) : Basically - tlsdate in Tails would be a minor set of users

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Hi Jacob and Elly, Thanks for your answers! See more questions bellow. Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) : Basically - tlsdate in Tails would be a minor set of users compared to the much larger user base of ChromeOS. Sure. I doubt we can blend in this anonymity set, though:

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

I don't really understand your reservation about this project. It's reasonable to want authenticated time to a non-webserver of ones choice. Depending on your environment, tlsdate is complementary to the various other programs. You can (and will) use whatever you decide fits your needs, but please

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

intrigeri: Hi, Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) : intrigeri: So, Jake tells me that ChromeOS will use tlsdate by default, and that this should solve the fingerprinting issue. Therefore, I assume this implicitly answer the (half-rhetorical, I admit) question I asked in

Re: [tor-talk] [Tails-dev] Tails Mac support

Hi, Maxim Kammerer wrote (22 Feb 2013 20:45:24 GMT) : Don't you already regret basing Tails off a binary distro like Debian? Personally, I have to say I absolutely do not regret this. not only are you completely dependent on an upstream distro's features implementation cycle I've no idea

Re: [tor-talk] [Tails-dev] Tails Mac support

On Mon, Feb 25, 2013 at 3:33 PM, intrigeri intrig...@boum.org wrote: not only are you completely dependent on an upstream distro's features implementation cycle I've no idea what misconceptions about Tails and Debian make you think this, but this is incorrect in practice. I really don't know

Re: [tor-talk] Tails Mac support [Was: Training Journalists in Istanbul]

Hi, Runa A. Sandvik wrote (04 Feb 2013 15:12:51 GMT) : - Tails has very limited support [8] for Apple hardware. 23 out of 30 attendees were Mac users. I tried booting Tails on my MacBook Air, but OS X was unable to find the USB stick. OK. As discussed on IRC, we're aware of this serious

Re: [tor-talk] [Tails-dev] Tails Mac support [Was: Training Journalists in Istanbul]

On Fri, Feb 22, 2013 at 6:58 PM, intrigeri intrig...@boum.org wrote: The remaining part of the problem will be solved by adding UEFI support [3] to Tails. We're currently making plans with Debian Live upstream so that this support is added there, and benefits all Debian Live systems. [3]

[tor-talk] Tails 0.16: Why the fsck does Tails 0.16 use an ancient version of OpenSSL? And has it been crippled somehow?

Look at this: [notice] No AES engine found; using AES_* functions. [notice] This version of OpenSSL has a slow implementation of counter mode; not using it. [notice] OpenSSL OpenSSL 0.9.8o 01 Jun 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation [notice] We

[tor-talk] Tails 0.16: DEBsig-verify disabled by default? EXCELLENT so I can get pwned and never know it, thanks guys.

cat /etc/dpkg/dpkg.cfg # dpkg configuration file # # This file can contain default options for dpkg. All command-line # options are allowed. Values can be specified by putting them after # the option, separated by whitespace and/or an `=' sign. # # Do not enable debsig-verify by default; since

Re: [tor-talk] Tails 0.16: Why the fsck does Tails 0.16 use an ancient version of OpenSSL? And has it been crippled somehow?

Perhaps you want to get in touch with the tails team, https://tails.boum.org/support/index.en.html -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org

[tor-talk] tails suppport channels

On Sat, 01 Dec 2012 14:31:15 +0100 intrigeri intrig...@boum.org wrote: Please direct questions about Tails to the Tails communication channels. which are listed at https://tails.boum.org/support/ ___ tor-talk mailing list

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

Hi, Nick Mathewson wrote (30 Aug 2012 15:10:52 GMT) : * Pidgin Not too scary, I think. You'd typically wind up with one destination per chat, or one per chat protocol? Typically, per chat account. * Liferea RSS feed reader This one is a little scary. Do I understand correctly that

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

intrigeri: Hi, Nick Mathewson wrote (30 Aug 2012 15:10:52 GMT) : or using some kind of iptables trickery? I'm not sure how doable it is to use iptables to convert HTTP proxying to SOCKS, but I'd be happy to learn :) Iptables can not translate from one protocol to another. The closest

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

On Sep 3, 2012 2:21 PM, adrelanos adrela...@riseup.net wrote: intrigeri: Hi, Nick Mathewson wrote (30 Aug 2012 15:10:52 GMT) : or using some kind of iptables trickery? I'm not sure how doable it is to use iptables to convert HTTP proxying to SOCKS, but I'd be happy to learn :)

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

Nick Mathewson: On Sep 3, 2012 2:21 PM, adrelanos adrela...@riseup.net wrote: intrigeri: Hi, Nick Mathewson wrote (30 Aug 2012 15:10:52 GMT) : or using some kind of iptables trickery? I'm not sure how doable it is to use iptables to convert HTTP proxying to SOCKS, but I'd be happy to

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

On 9/3/12, adrelanos adrela...@riseup.net wrote: Nick Mathewson: Failing that, torsocks is indeed a way pretty good option. I don't think so. It's only a hack. Doesn't work on Windows. APT doesn't work on Windows either. Robert Ransom ___

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

On Wed, Aug 29, 2012 at 10:04 AM, intrigeri intrig...@boum.org wrote: Hi, Nick Mathewson wrote (29 Aug 2012 13:22:36 GMT) : I'd need an actual list of applications to think about IsolateDestAddr. Which ones did you have in mind? Thank you for having a look. You're welcome! Now here's the

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

Hi, Thank you for having had a look. adrelanos wrote (28 Aug 2012 23:53:01 GMT) : Consider Pidgin with several accounts configured for different identities. If you connect with all of the accounts at the same time, they'll all get the same circuit, so the identities can be correlated. While

Re: [tor-talk] [Tails-dev] Please review Tails stream isolation plans

Hi, Nick Mathewson wrote (29 Aug 2012 13:22:36 GMT) : I'd need an actual list of applications to think about IsolateDestAddr. Which ones did you have in mind? Thank you for having a look. The main network applications shipped in Tails, that would get IsolateDestAddr according to our plan,

Re: [tor-talk] Tails question: Desktop in laptop mode during shutdown, mysterious sense data?

Hi, goosee...@safe-mail.net wrote (25 Aug 2012 15:39:56 GMT) : I'm posting here because this was not solved/addressed on the Tails forums. The Tails forum homepage reads The forum is open for discussions that *do not* belong to bugs [...]. You may be more lucky by following our bug reporting

[tor-talk] Tails question: Desktop in laptop mode during shutdown, mysterious sense data?

Why is my desktop being shown as in laptop mode when I shutdown? There's also some myserious SENSE or sense data shown, much like would be shown within a binary. The shutdown screen quits after wiping so I don't have a chance to catch the information to write it down unless I take a photograph

[tor-talk] Tails question: Cannot rename old configuration file (torrc.orig.1)

When the network is up and Vidalia/tor/browser all opens, I peek inside the tor log (/var/log/tor) and this error is included: [notice] Renaming old configuration file to /etc/tor/torrc.orig.1 [warn] Couldn't rename configuration file /etc/tor/torrc to /etc/tor/torrc.orig.1: Permission denied

[tor-talk] [tails] Crypto enforcement proposal

Hello, I took a look on the persistant partition of tails : # cryptsetup luksDump /dev/sdb2 [...] Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 [...] MK bits: 256 [...] Even if it look secure, I think you could better do this : [...] Cipher name:

Re: [tor-talk] [tails] Crypto enforcement proposal

Hi, HardKor wrote (23 Aug 2012 09:05:00 GMT) : I took a look on the persistant partition of tails : [...] Thank you for caring about this. What do you think about that ? Not all Tails developers read tor-talk, so please direct such discussion threads to the communication channels documented

Re: [tor-talk] [tails] Crypto enforcement proposal

Thank you, I'll forward the mail to the mails ML. HardKor On Thu, Aug 23, 2012 at 12:40 PM, intrigeri intrig...@boum.org wrote: Hi, HardKor wrote (23 Aug 2012 09:05:00 GMT) : I took a look on the persistant partition of tails : [...] Thank you for caring about this. What do you

[tor-talk] TAILS server?

hello! i would like a tails that can be installed as minimal webserver configured for hidden service delivery. no need for careful security configuration, but ready to go from the box. is there anything close now? -- Jerzy Łogiewa -- jerz...@interia.eu

[tor-talk] TAILS: Please include a real IRC client (Pidgin sucks!)

Please show your support and petition the Tails team to add a real IRC client, other than the multipurpose Pidgin client. The discussion so far: https://tails.boum.org/forum/IRC_Client:_Please_include_something_other_than_Pidgin/ or if the thread vanishes, create a new one:

Re: [tor-talk] TAILS: Please include a real IRC client (Pidgin sucks!)

Tor user and list lurker here. Pidgin for Linux does not[1] have out-of-the-box support for IRC SASL authentication, which is important to have (for example, [2]). (There are two Pidgin patches[3, 4] for SASL authentication support, but they are beyond my skill level to implement, which means they

Re: [tor-talk] TAILS: Please include a real IRC client (Pidgin sucks!)

pwnsa...@safe-mail.net: Please show your support and petition the Tails team to add a real IRC client, other than the multipurpose Pidgin client. [...] A client designed for IRC and not for multipurpose activities. It wouldn't require too much extra space to include irssi or weechat. I

Re: [tor-talk] [Tails-dev] tails_htp: exit node can fingerprint Tails users until exit node is changed

Hi, adrelanos wrote (23 Jul 2012 01:36:26 GMT) : Because Tails doesn't use stream isolation and uses tails_htp over Tor, the exit node can see Hello, this is a Tails user!. (Who else uses tails_htp over Tor.) The problem persists until the exit node is changed. To be on the safe side, I'll

Re: [tor-talk] Tails' htpdate [Was: secure and simple network time (hack)]

Hi, adrelanos wrote (21 Jul 2012 04:30:31 GMT) : If I understand correctly, you pick three random servers. One from each pool. And then build the mediate of the three. This is correct. What's the point of asking the foe pool? (Servers which generally do not care about privacy.) This means

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

adrelanos: Jacob Appelbaum: So does that mean you do or do not like DNSSEC? :) Can't say, I didn't dig into that deep enough. In a sense, we can compare the root ('.') to a single CA that can further delegate to other CAs such as '.se' and so on. I'd like to see a normal ntp client that

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Jacob Appelbaum: If anything, TLS is much harder to get right (see issue #16 on GitHub, for instance — tlsdate is currently susceptible to a MITM attack). It's a work in progress, of course. I use it with a pinned CA, so in such a case, users are not vulnerable to a MITM attack unless one

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

adrelanos: Jacob Appelbaum: If anything, TLS is much harder to get right (see issue #16 on GitHub, for instance — tlsdate is currently susceptible to a MITM attack). It's a work in progress, of course. I use it with a pinned CA, so in such a case, users are not vulnerable to a MITM attack

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Jacob Appelbaum: I think adding an option to verify the leaf certificate's fingerprint, rather than just the signature alone would be a fine idea. Yes, then we could ask eff, tpo and similars about their policy to change the certificates. If we pin their certificates, we don't have to trust

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

adrelanos: Jacob Appelbaum: I think adding an option to verify the leaf certificate's fingerprint, rather than just the signature alone would be a fine idea. Yes, then we could ask eff, tpo and similars about their policy to change the certificates. If we pin their certificates, we don't

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jacob Appelbaum: So does that mean you do or do not like DNSSEC? :) Can't say, I didn't dig into that deep enough. I'd like to see a normal ntp client that runs over Tor safely - can you show us an example of a way to do that? If so, I'd gladly

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Maxim Kammerer: On Wed, Jul 18, 2012 at 7:31 AM, intrigeri intrig...@boum.org wrote: Thoughts? After pondering about extending tlsdate for a while, I see no reason to use tlsdate instead of htpdate at the moment (or, possibly, ever). There is a difference between thinking of and

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

On Wed, Jul 18, 2012 at 7:31 AM, intrigeri intrig...@boum.org wrote: Thoughts? After pondering about extending tlsdate for a while, I see no reason to use tlsdate instead of htpdate at the moment (or, possibly, ever). There is a difference between thinking of and experimenting with a gimmick,

Re: [tor-talk] Tails and a way to permanently install it on a removable media

On Mon, Feb 20, 2012 at 8:44 AM, KRZS kro...@tormail.net wrote: I found Tails perfect for tor onion networking but it's impossible to use it on different pcs .A permanent install would allow me to carry on it my gpg and ssh keys , install programs , personalize it, customize it... i find it

Re: [tor-talk] Tails and a way to permanently install it on a removable media

On Mon, Feb 20, 2012 at 10:57 PM, Runa A. Sandvik I think this just makes a live Tail USB not an installed one. Yep. According to https://tails.boum.org/doc/encryption_and_privacy/your_data_wont_be_saved_unless_explicitely_asked/index.en.html Future versions of Tails will propose a feature

Re: [tor-talk] Tails and a way to permanently install it on a removable media

On Tue, 2012-02-21 at 00:03 +0330, kamyar b wrote: On Mon, Feb 20, 2012 at 10:57 PM, Runa A. Sandvik runa.sand...@gmail.comwrote: On Mon, Feb 20, 2012 at 8:44 AM, KRZS kro...@tormail.net wrote: I found Tails perfect for tor onion networking but it's impossible to use it on different

Re: [tor-talk] Tails and a way to permanently install it on a removable media

this may be somewhat tangetial to the issue at hand, but these tutorials for installing Backtrack on USB with an additional (encrypted) partition for persistent storage might be a starting point for a DIY solution. http://www.infosecramblings.com/backtrack/ On 20.02.2012 22:38, Ted Smith wrote:

Re: [tor-talk] tails on Microsoft Virtual PC

Hi, Matej Kovacic wrote (04 Dec 2011 16:55:00 GMT) : I tried it in VirtualBox (under Linux), and it works really nice. Nice to hear. However, I ahve one question - is it possible to copy/paste text from host to virtual machine and back? This can be configured per-VM in VirtualBox. What's

Re: [tor-talk] tails on Microsoft Virtual PC

Hi, First, please take Tails -specific questions to the places where the Tails community lives; see at the bottom of https://tails.boum.org/support/ and https://tails.boum.org/contribute/ depending on the kind of input / question. Eugen Leitl wrote (04 Dec 2011 15:24:30 GMT) : I've just

[tor-talk] tails on Microsoft Virtual PC

I've just tried tails in a Microsoft PC VM and it's quite nice. Anyone knows how to switch the screen resolution, as the default debian doesn't seem to know the virtual hardware? I know I could install it in theory, but the idea of booting afresh from a live CD has a lot of tabula rasa appeal.

Re: [tor-talk] tails on Microsoft Virtual PC

On Sun, Dec 04, 2011 at 04:52:32PM +, John Case wrote: On Sun, 4 Dec 2011, Eugen Leitl wrote: I've just tried tails in a Microsoft PC VM and it's quite nice. Anyone knows how to switch the screen resolution, as the default debian doesn't seem to know the virtual hardware? Hmm... in

Re: [tor-talk] tails on Microsoft Virtual PC

On Sun, 4 Dec 2011, Eugen Leitl wrote: On Sun, 4 Dec 2011, Eugen Leitl wrote: I've just tried tails in a Microsoft PC VM and it's quite nice. Anyone knows how to switch the screen resolution, as the default debian doesn't seem to know the virtual hardware? Hmm... in recent vmware, I

[tor-talk] Tails

Hi folks, 2 Qs for Tails: 1- Is there any trick for connecting to Internet?, i just can ping my adsl router,not more ,no web pages,nothing. 2- Is there root user like any other version of Linux ,if so what is the password by default?seems that single user exists: amnesia. Best, Kamyar

Re: [tor-talk] Tails

09/30/2011 02:42 PM, kamyar kamyar: 1- Is there any trick for connecting to Internet?, i just can ping my adsl router Ping (well, ICMP in general) is blocked for anything except the local area network. not more ,no web pages,nothing. Do you need any special software or login for using your

Re: [tor-talk] Tails

I can't browse the web, no pages, google ,yahoo, anywhere. well i thought may be should be root user to access to Internet. no aditional software I use, simply set adsl router as my gateway. Best, Kamyar On Fri, Sep 30, 2011 at 8:26 PM, anonym ano...@lavabit.com wrote: 09/30/2011 02:42 PM,