Re: Tor-ramdisk 20080606 released.
On Tue, June 10, 2008 20:06, basile wrote: We would like to announce a new release of Tor-ramdisk (version 20080606), an i686 uClibc-based micro Linux distro (about 3.1MB ISO) from the changleog I've read that you're running an hardened 2.6 kernel, which is it's size? I think that you can switch to 2.4 (GRSEC/PAX still supports this tree) to slim it down further. by the way: really nice project :) -- Marco Bonetti Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My webstuff: http://sidbox.homelinux.org/ My GnuPG key id: 0x86A91047
Re: Tor-ramdisk 20080606 released.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Bennett wrote: On Tue, 10 Jun 2008 14:06:57 -0400 basile [EMAIL PROTECTED] wrote: We would like to announce a new release of Tor-ramdisk (version 20080606), an i686 uClibc-based micro Linux distro (about 3.1MB ISO) whose only purpose is to host a tor server in an environment which maximizes security and privacy. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. Just out of curiousity, why did you choose LINUX for this project? If security is such a high priority, I would have thought that OpenBSD would have been the operating system of choice. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** Hi Scott, First let me answer a related question which is why security is a high priority for this project. We've seen lots of talk on this list about unscrupulous exit node operators. I wanted a system for the conscientious tor operator which would give a minimum amount of information in order to preserve privacy while at the same time giving enough that he/she could determine that everything is working ok. Even an innocent utility like netstat, which can be used to make sure that connections are being established by the tor server also reveal what IP addresses are connecting --- my concern may be a bit exaggerated, but I think you get the point. But while on the one hand minimizing information makes me feel good as a tor operator, it makes me very nervous as a system administrator because I no longer have the diagnotic tools that would tell me if something fishy is going on. Its not a guarantee, but hardening the kernel/system tools lets me sleep better. Having said that, why GRSEC/PaX Linux over OpenBSD? I run sereval OpenBSD and hardened Gentoo servers with GRSEC/PaX Linux and I trust both. OpenBSD is impressively secure across the board, but I what I like about GRSEC is RBAC which, when properly configured, strongly restricts a daemon's capabilities. For systems with a narrow goal, I tend towards GRSEC. (I haven't enabled RBAC yet in tor-ramdisk, but that's next.) I can also assure people that my student (Melissa) and I keep our eyes on the upstream dependencies for any security issues and will update tor-ramdisk accordingly. I don't want to annoy the list, so I think if we want to continue talking about the relative merits of the varoius hardening techniques employed by both, stackgaps, ssp, w^x and the like, we should do so privately. Anthony G. Basile -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIUBeAl5yvQNBFVTURAvjtAJ9g8cYxOGQAMdToPf6Fjl4Si+NSqwCeIrtQ TYhDrrP+KpyOwhTdeBmAdBI= =Qrlc -END PGP SIGNATURE-
Re: Tor-ramdisk 20080606 released.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marco Bonetti wrote: On Tue, June 10, 2008 20:06, basile wrote: We would like to announce a new release of Tor-ramdisk (version 20080606), an i686 uClibc-based micro Linux distro (about 3.1MB ISO) from the changleog I've read that you're running an hardened 2.6 kernel, which is it's size? I think that you can switch to 2.4 (GRSEC/PAX still supports this tree) to slim it down further. by the way: really nice project :) Ciao Marco, grazie per i complimenti. (Sono italo-canadese e parlo italiano.) The kernel right now is 1.6 MB. A lot of its size is because we're supporting all 100MB and 1GB ethernet cards in a monolithic kernel. Anyhow, that's a good suggestion. Size isn't the biggest issue, but if it slims it down, why not. Anthony G. Basile -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIUBiXl5yvQNBFVTURAugDAJ9Bqw/kkY6D7iE0LGEzWxohgpDdTACfVKf/ QVppKYIfAP+ozlxuDGpTe40= =BbYt -END PGP SIGNATURE-
Re: How are hackers breaking Tor and trojan users?
snip http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948 snip It would seem that Windows is the OS that has been the most problematic for VMWare as a guest OS. Gotta love Linux! Also, it seems that the advanced features in VMWare are the points of failure here. Advanced/complex features always me nervous. Coderman and I never trusted VMWare's ability to share a directory from the host OS to the guest OS. Now I'm really happy we didn't use that feature in JanusVM.
Re: How are hackers breaking Tor and trojan users?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arrakis wrote: Foxyproxy+Polipo+Tor will not be immune. xB Machine and JanusVM will be immune to the attack. Steve (snip) Sounds like plain-vanilla proxy circumvention to me. Old news. =:oD - -- F. Fox AAS, CompTIA A+/Network+/Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFAap+j8TXmm2ggwAQh+bw/+P6mOANdpPf/TqGi/OAV0Yj2S3Da+LTi8 VRpYEpzbVQFQGTT9ZmnOSjfWaVOdqBEL+vmG88+phvVva6U8Ppk1SQj0/a+3x2al P9AnBPgxTfoRXH0o14gSasd9XjIXwUYZzYjO6wy25VntCLNV0aNT5kXPPo8dSm0n x+49pRxkwemkpe+Cap43tbxtoal7GMmXbPbeh02eMM0nHLQ+o7jzinLKvPwG75kV xXkU0XbKpFHnC/zcMNWdJXAn2QL9qsG8guQIo8tUZ1vFQURBr0WI/5FL3vNECiJ+ kHp1BVl5buhIjGeIdYlK+qPr6IiCRTyddr7TLwrEW2BTmZTfRXjcxSHTZqXbgHRg +nkyIbsNJscHSIkslBn/8YgFahv0WT86hJ0bAUKXhwSwnqCzk4EcB84gOBBxhM4E b4Qu7lHpoIrqhTOi84QppJRlUrge3VQ/0KHW75LYVk+9ZA0UzsKp7IoqOvUu5DlV tMKsrcPWfwfik2fqMYEm7YBqWmlNGZgBJDTKVMMO3u8iQGuUAFKupvPcrwAPYM1i bcZDhPeyfnRWnP5JL41GQJ6SaQHVU4eHPGKfPK9K85bqq/ld1Y1Ek925/s9zORPE JiA2XDVb4M9oejlpOMLYmtWm6WJ7gVN4WTXphlTtcTld6bHi/B9prJXSzl7z1Sau XtP6NB1c6lw= =wNIe -END PGP SIGNATURE-
Re: How are hackers breaking Tor and trojan users?
On Wednesday 11 June 2008 06:17:38 Roger Dingledine wrote: snip He may also be referring to attacks where a local application (like the browser, but it doesn't have to be) can be tricked into connecting to your local Tor control port, like Kyle's attack from last year: http://archives.seul.org/or/announce/Sep-2007/msg0.html This was a great attack, but I think the latest versions of Torbutton and Vidalia make it a non-issue going forward. I would love to hear if you think otherwise. On a default Tor installation from source, i.e. with no authentication mechanism enabled, it is still possible successfully to send commands to the controlport if the 'authenticate' command is not preceded by any garbage. If someone were to develop a browser-based exploit that managed to get the 'authenticate', with no preceding bytes, to the controlport then they're in. I believe this is extremely difficult to do, and if such an attack was the subject of arrakis' and kyle's paper they would have much bigger fish to fry than just Tor. One way of preventing such an attack, however unlikely, would be to mandate a conversation such as: [EMAIL PROTECTED]:~$ telnet localhost 9051 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Challenge is: 0a5f37d2edd284cb 0a5f37d2edd284cb 250 OK authenticate 250 OK In the above sequence the controller has had to inspect the challenge and parrot it back in order to be allowed issue an authenticate command. As far as I'm aware this would defeat a html-form based attack of the sort released last year, since such attacks cannot process feedback from the port they're attacking. signature.asc Description: This is a digitally signed message part.
Re: Tor-ramdisk 20080606 released.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 basile wrote: Size isn't the biggest issue, but if it slims it down, why not. I was already dreaming about a floppy sized version :-p - -- Marco Bonetti Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My webstuff: http://sidbox.homelinux.org/ My GnuPG key id: 0x86A91047 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIUB5zyPKw+YapEEcRAsSqAJ0XR0ssNNCS1oTAi6BTjKpKna/FNQCgk5jg PWtxxUnRKiohyK4Gz5MLCU4= =6jsF -END PGP SIGNATURE-
Problem w/ Using tor(k) for Geostreaming Live-Videos
Hi there, here offers German Tv a live stream for soccer matches of the euro 2008! It is shielded by geostreaming! And even more, since due to some technical stuff on their side, not all German IPs are allowed accidentally.. Thus I need to use tor in order to become another German IP via an exit node, so that I can also watch them in real time! mplayer -playlist http_proxy://127.0.0.1:8118/http://wstreaming.zdf.de/zdf/veryhigh/080609_smm.asx It seems that tor is checking out the url in the playlist file but then goes there straight without the proxy? I have tried also regular German public proxies like http://www.publicproxyservers.com/page1.html but no success either.. It is an rtsp stream after all, the live video... How can I run tor(k) so that I can view the games??? Erich PS: Please reply to the list and to my email address so that I can read the replies before the daily digest with the others topics of this list.. Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv
Re: Problem w/ Using tor(k) for Geostreaming Live-Videos
Works here with torify, though painfully slow. You might chose a stream which uses less bandwidth: $ ./torify mplayer -playlist http://wstreaming.zdf.de/zdf/veryhigh/080609_smm.asx ... STREAM_ASF, URL: mms://c36000-o.w.core.cdn.streamfarm.net/36000zdf/ondemand/3546zdf/zdf/zdf/08/06/080609_smm_vh.wmv Resolving c36000-o.w.core.cdn.streamfarm.net for AF_INET... Connecting to server c36000-o.w.core.cdn.streamfarm.net[217.243.250.24]: 1755... Connected ... By the way, Switzerland-Turkey 1:1 :-) Have fun, Alex. [EMAIL PROTECTED] schrieb: Hi there, here offers German Tv a live stream for soccer matches of the euro 2008! It is shielded by geostreaming! And even more, since due to some technical stuff on their side, not all German IPs are allowed accidentally.. Thus I need to use tor in order to become another German IP via an exit node, so that I can also watch them in real time! mplayer -playlist http_proxy://127.0.0.1:8118/http://wstreaming.zdf.de/zdf/veryhigh/080609_smm.asx It seems that tor is checking out the url in the playlist file but then goes there straight without the proxy? I have tried also regular German public proxies like http://www.publicproxyservers.com/page1.html but no success either.. It is an rtsp stream after all, the live video... How can I run tor(k) so that I can view the games??? Erich PS: Please reply to the list and to my email address so that I can read the replies before the daily digest with the others topics of this list.. Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv signature.asc Description: OpenPGP digital signature
Aw: Re: Problem w/ Using tor(k) for Geostreaming Live-Videos
Sorry, MY mistake: This is the live stream url: http://wgeostreaming.zdf.de/encoder/livestream15_h.asx It also got a Dsl2000 on www.zdf.de there 2! the first one is one of their videos and they are not geostream protected! But when you use tork with it do you see while it is being streamed that it is going thru tor or just the initial request! Am I right that when it is fully going thru tor one must constantly see the yellow pop-up video that tor is in usage.. In my case it seems to start with tor but then goes for the video straight there... Hence it does not work with the life video! Do not the browser also pass on the very url to the extern prgrom like mplayer, hence to tor issue ??? @Alex: THX 4 the score, but wished I could see it also NOW! - Original Nachricht Von: Alexander W. Janssen [EMAIL PROTECTED] An: or-talk@freehaven.net, [EMAIL PROTECTED] Datum: 11.06.2008 22:02 Betreff: Re: Problem w/ Using tor(k) for Geostreaming Live-Videos Works here with torify, though painfully slow. You might chose a stream which uses less bandwidth: $ ./torify mplayer -playlist http://wstreaming.zdf.de/zdf/veryhigh/080609_smm.asx ... STREAM_ASF, URL: mms://c36000-o.w.core.cdn.streamfarm.net/36000zdf/ondemand/3546zdf/zdf/zdf/0 8/06/080609_smm_vh.wmv Resolving c36000-o.w.core.cdn.streamfarm.net for AF_INET... Connecting to server c36000-o.w.core.cdn.streamfarm.net[217.243.250.24]: 1755... Connected ... By the way, Switzerland-Turkey 1:1 :-) Have fun, Alex. [EMAIL PROTECTED] schrieb: Hi there, here offers German Tv a live stream for soccer matches of the euro 2008! It is shielded by geostreaming! And even more, since due to some technical stuff on their side, not all German IPs are allowed accidentally.. Thus I need to use tor in order to become another German IP via an exit node, so that I can also watch them in real time! mplayer -playlist http_proxy://127.0.0.1:8118/http://wstreaming.zdf.de/zdf/veryhigh/080609_smm .asx It seems that tor is checking out the url in the playlist file but then goes there straight without the proxy? I have tried also regular German public proxies like http://www.publicproxyservers.com/page1.html but no success either.. It is an rtsp stream after all, the live video... How can I run tor(k) so that I can view the games??? Erich PS: Please reply to the list and to my email address so that I can read the replies before the daily digest with the others topics of this list.. Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv
Re: Aw: Re: Problem w/ Using tor(k) for Geostreaming Live-Videos
On Wednesday 11 June 2008 21:16:00 [EMAIL PROTECTED] wrote: Sorry, MY mistake: This is the live stream url: http://wgeostreaming.zdf.de/encoder/livestream15_h.asx It also got a Dsl2000 on www.zdf.de there 2! the first one is one of their videos and they are not geostream protected! But when you use tork with it do you see while it is being streamed that it is going thru tor or just the initial request! Am I right that when it is fully going thru tor one must constantly see the yellow pop-up video that tor is in usage.. In my case it seems to start with tor but then goes for the video straight there... Hence it does not work with the life video! Do not the browser also pass on the very url to the extern prgrom like mplayer, hence to tor issue ??? Hi Erich, [EMAIL PROTECTED]:~$ lynx -dump http://wgeostreaming.zdf.de/encoder/livestream15_h.asx ASX version = 3.0 Entry Ref href = rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/encoder.geozdf.geoevent_h.wmv / /Entry /ASX [EMAIL PROTECTED]:~$ torify mplayer -playlist rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/encoder.geozdf.geoevent_h.wmv Or you can click on the 'Anonymous Telnet Session' entry in the 'Anonymize' window and run the last command there. The last command failed for me because: rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/encoder.geozdf.geoevent_h.wmv. Not a Realmedia rtsp url. Trying standard rtsp protocol. RTSP support requires the LIVE.COM Streaming Media libraries! which I assume won't be a problem for you. Robert @Alex: THX 4 the score, but wished I could see it also NOW! - Original Nachricht Von: Alexander W. Janssen [EMAIL PROTECTED] An: or-talk@freehaven.net, [EMAIL PROTECTED] Datum: 11.06.2008 22:02 Betreff: Re: Problem w/ Using tor(k) for Geostreaming Live-Videos Works here with torify, though painfully slow. You might chose a stream which uses less bandwidth: $ ./torify mplayer -playlist http://wstreaming.zdf.de/zdf/veryhigh/080609_smm.asx ... STREAM_ASF, URL: mms://c36000-o.w.core.cdn.streamfarm.net/36000zdf/ondemand/3546zdf/zdf/zd f/0 8/06/080609_smm_vh.wmv Resolving c36000-o.w.core.cdn.streamfarm.net for AF_INET... Connecting to server c36000-o.w.core.cdn.streamfarm.net[217.243.250.24]: 1755... Connected ... By the way, Switzerland-Turkey 1:1 :-) Have fun, Alex. [EMAIL PROTECTED] schrieb: Hi there, here offers German Tv a live stream for soccer matches of the euro 2008! It is shielded by geostreaming! And even more, since due to some technical stuff on their side, not all German IPs are allowed accidentally.. Thus I need to use tor in order to become another German IP via an exit node, so that I can also watch them in real time! mplayer -playlist http_proxy://127.0.0.1:8118/http://wstreaming.zdf.de/zdf/veryhigh/080609_ smm .asx It seems that tor is checking out the url in the playlist file but then goes there straight without the proxy? I have tried also regular German public proxies like http://www.publicproxyservers.com/page1.html but no success either.. It is an rtsp stream after all, the live video... How can I run tor(k) so that I can view the games??? Erich PS: Please reply to the list and to my email address so that I can read the replies before the daily digest with the others topics of this list.. Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv signature.asc Description: This is a digitally signed message part.
Aw: Re: Aw: Re: Problem w/ Using tor(k) for Geostreaming Live-Videos
Sorry! I get a DNS leaking error during the process, too! Could that kill the geostreaming backtor? Where would I fix it? Would tork also tell me if me torrc is messed up??? I have setup tork as well to have an exit node as German IP!! YET still: torify mplayer rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/encoder.geozdf.geoevent_h.wmv MPlayer dev-SVN-r25315 Can't init input joystick mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Playing rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/encoder.geozdf.geoevent_h.wmv. Resolving c36000-ls.w.core.cdn.streamfarm.net for AF_INET... Connecting to server c36000-ls.w.core.cdn.streamfarm.net[217.243.250.170]: 554... STREAM_LIVE555, URL: rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/encoder.geozdf.geoevent_h.wmv Stream not seekable! file format detected. --Unable to determine our source address: This computer has an invalid IP address: 0x0 -- Would be that geostreaming blocker, right?! Erich PS: This now works, that is the video to go via torify mplayer -playlist http://wstreaming.zdf.de/zdf/veryhigh/080609_smm.asx (Sine there is no geostreaming checker) Ok, I assume you guys have a well setup tork running, why is it not going with you, that you could acces the very live stream with any German exit node??? THX 4 all your quick help, guys!! tomorrow is already the next pair of games ;) - Original Nachricht Von: Robert Hogan [EMAIL PROTECTED] An: or-talk@freehaven.net Datum: 11.06.2008 22:44 Betreff: Re: Aw: Re: Problem w/ Using tor(k) for Geostreaming Live-Videos On Wednesday 11 June 2008 21:16:00 [EMAIL PROTECTED] wrote: Sorry, MY mistake: This is the live stream url: http://wgeostreaming.zdf.de/encoder/livestream15_h.asx It also got a Dsl2000 on www.zdf.de there 2! the first one is one of their videos and they are not geostream protected! But when you use tork with it do you see while it is being streamed that it is going thru tor or just the initial request! Am I right that when it is fully going thru tor one must constantly see the yellow pop-up video that tor is in usage.. In my case it seems to start with tor but then goes for the video straight there... Hence it does not work with the life video! Do not the browser also pass on the very url to the extern prgrom like mplayer, hence to tor issue ??? Hi Erich, [EMAIL PROTECTED]:~$ lynx -dump http://wgeostreaming.zdf.de/encoder/livestream15_h.asx ASX version = 3.0 Entry Ref href = rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/ encoder.geozdf.geoevent_h.wmv / /Entry /ASX [EMAIL PROTECTED]:~$ torify mplayer -playlist rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/e ncoder.geozdf.geoevent_h.wmv Or you can click on the 'Anonymous Telnet Session' entry in the 'Anonymize' window and run the last command there. The last command failed for me because: rtsp://c36000-ls.w.core.cdn.streamfarm.net/2R38HDlo3/36000zdf/live/3546zdf/e ncoder.geozdf.geoevent_h.wmv. Not a Realmedia rtsp url. Trying standard rtsp protocol. RTSP support requires the LIVE.COM Streaming Media libraries! which I assume won't be a problem for you. Robert @Alex: THX 4 the score, but wished I could see it also NOW! - Original Nachricht Von: Alexander W. Janssen [EMAIL PROTECTED] An: or-talk@freehaven.net, [EMAIL PROTECTED] Datum: 11.06.2008 22:02 Betreff: Re: Problem w/ Using tor(k) for Geostreaming Live-Videos Works here with torify, though painfully slow. You might chose a stream which uses less bandwidth: $ ./torify mplayer -playlist http://wstreaming.zdf.de/zdf/veryhigh/080609_smm.asx ... STREAM_ASF, URL: mms://c36000-o.w.core.cdn.streamfarm.net/36000zdf/ondemand/3546zdf/zdf/zd f/0 8/06/080609_smm_vh.wmv Resolving c36000-o.w.core.cdn.streamfarm.net for AF_INET... Connecting to server c36000-o.w.core.cdn.streamfarm.net[217.243.250.24]: 1755... Connected ... By the way, Switzerland-Turkey 1:1 :-) Have fun, Alex. [EMAIL PROTECTED] schrieb: Hi there, here offers German Tv a live stream for soccer matches of the euro 2008! It is shielded by geostreaming! And even more, since due to some technical stuff on their side, not all German IPs are allowed accidentally.. Thus I need to use tor in order to become another German IP via an exit node, so that I can also watch them in real time! mplayer -playlist http_proxy://127.0.0.1:8118/http://wstreaming.zdf.de/zdf/veryhigh/080609_ smm .asx It seems that tor is checking out the url in the playlist file but then goes there straight without the proxy? I have tried also
Re: Phish filters on exit nodes
The owner of one of the exit nodes has replied to tell me that OpenDNS has phish-filtering on by default but that it is now turned off on that node. Thanks to them and to all who helped me out. GD On 10 Jun 2008, at 03:31, downie wrote: I've done as suggested by OtherGeoff and emailed the addresses found in the exit-node descriptions. One was an abuse@ address though, which may or may not get through to the right person. Thanks, GD
Re: How are hackers breaking Tor and trojan users?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Robert Hogan @ 2008/06/11 18:48: On Wednesday 11 June 2008 06:17:38 Roger Dingledine wrote: snip He may also be referring to attacks where a local application (like the browser, but it doesn't have to be) can be tricked into connecting to your local Tor control port, like Kyle's attack from last year: http://archives.seul.org/or/announce/Sep-2007/msg0.html This was a great attack, but I think the latest versions of Torbutton and Vidalia make it a non-issue going forward. I would love to hear if you think otherwise. On a default Tor installation from source, i.e. with no authentication mechanism enabled, it is still possible successfully to send commands to the controlport if the 'authenticate' command is not preceded by any garbage. If someone were to develop a browser-based exploit that managed to get the 'authenticate', with no preceding bytes, to the controlport then they're in. I believe this is extremely difficult to do, and if such an attack was the subject of arrakis' and kyle's paper they would have much bigger fish to fry than just Tor. like this? http://www.janusvm.com/goldy/vuln/tor-controlport.html (posted earlier in the thread by Kyle Williams) -BEGIN PGP SIGNATURE- iD8DBQFIUG9eXhfCJNu98qARCAyvAJ9HaWGB9q/Ad5NLzeiFqROFAo9aqgCguhzw nHGsyhDctHwJ0yuyjdE47kc= =9xut -END PGP SIGNATURE-
Re: How are hackers breaking Tor and trojan users?
On Wed, Jun 11, 2008 at 5:35 PM, scar [EMAIL PROTECTED] wrote: ... If someone were to develop a browser-based exploit that managed to get the 'authenticate', with no preceding bytes, to the controlport... like this? http://www.janusvm.com/goldy/vuln/tor-controlport.html that is a standard HTTP post and thus sends HTTP request headers before the textarea form payload. what Robert indicated is that he thinks it is highly unlikely that you could use a browser to connect and send AUTHENTICATE before anything else, like the request headers. the challenge / response handshake he suggested is an interesting option for authenticating to the control port; it would indeed eliminate any blind injection attacks, while still making it trivial to use the control port legitimately. best regards,
SPD talk: Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems?
I just noticed this talk at the Security and Privacy Day from May 2008. While I understand that Tor's thread model does not defend against a GPA I am still curious what effect this attack can have against the current, real Tor network? Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems http://web.crypto.cs.sunysb.edu/spday/ We present a novel, practical, and effective mechanism for identifying the IP address of Tor clients. We approximate an almost-global passive adversary (GPA) capable of eavesdropping anywhere in the network by using LinkWidth, a novel bandwidth-estimation technique. LinkWidth allows network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. By modulating the bandwidth of an anonymous connection (e.g., when the destination server or its router is under our control), we can observe these fluctuations as they propagate through the Tor network and the Internet to the end-user's IP address. Our technique exploits one of the design criteria for Tor (trading off GPA-resistance for improved latency/bandwidth over MIXes) by allowing well-provisioned (in terms of bandwidth) adversaries to effectively become GPAs. Although timing-based attacks have been demonstrated against non-timing-preserving anonymity networks, they have depended either on a global passive adversary or on the compromise of a substantial number of Tor nodes. Our technique does not require compromise of any Tor nodes or collaboration of the end-server (for some scenarios). We demonstrate the effectiveness of our approach in tracking the IP address of Tor users in a series of experiments. Even for an under-provisioned adversary with only two network vantage points, we can accurately identify the end user (IP address) in many cases. Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes. -gojosan -- [EMAIL PROTECTED] -- http://www.fastmail.fm - Email service worth paying for. Try it for free
