pfont face=TahomaHello/font/p
pfont face=TahomaA good web for you :a
href=http://www.bestchoosing.info;*amp;www.bestchoosing.info%amp;/a
.Hope
you will like it./font/p
pfont face=TahomaMAC,Tiffany,Nike,Adidas,benefit,GUCCI,Juicy,Chanel
etc/font/p
pfont
http://check.torproject.org/cgi-bin/TorBulkExitList.py
Reports error:
Mod_python error: PythonHandler TorBulkExitList
Traceback (most recent call last):
File /usr/lib/python2.4/site-packages/mod_python/apache.py, line 299, in
HandlerDispatch
result = object(req)
File
Phobos et al,
xB Browser installs giving a user a choice of two modes.
The first is Tor, the second is the XeroBank network. xB
Browser is included in the XeroBank Installer bundle which
includes xB VPN and xB Mail as well.
xB Browser, if Tor is installed, will just run Tor for it's
this is nothing like the Torpark
you remember.
Steve
Jacob Appelbaum wrote:
Arrakis wrote:
Phobos et al,
xB Browser installs giving a user a choice of two modes.
The first is Tor, the second is the XeroBank network. xB
Browser is included in the XeroBank Installer bundle which
xB Browser now detects and warns about certificate chains
that use the MD5 algorithm for RSA signatures via popup,
thanks to Philipp Gühring of CACert, and Márton Anka's
SSL Blacklist.
This release includes 60MB of 512, 1024, 2048, and 4096 bit
certificate MD5 blacklists.
XeroBank Installer
Robert,
At first glance your statement above could be taken to suggest that Onyx
provides provably better anonymity than Tor. A second reading suggests
that you are merely claiming Onyx deploys additional techniques that are
regularly investigated for their anonymity properties, while at
OgnenD,
I think peer review exists in science (and technology) for a purpose. If
there
is only one analyst, maybe your claim holds. However, results in general need
to be testable and reproducible by anyone, so that everyone can convince
themselves in the validity of claims being made.
Phobos,
XeroBank's network doesn't use Tor. Common misnomer. But we did stay at a
holiday inn express:
XeroBank uses IPSec cascades and is distinguished by have additional anonymity
features tor doesn't employ such as mixing, crowding optimization, channel
multiplexing, traffic
padding,
Tor Community,
We are working on a news aggregation website that will coalesce
privacy related matters into a single rich-media website. That
means technology, politics, business, finance, etc. as they
relate to solely privacy, typically affecting the individual.
We are looking for
is not necessarily a
square.
Arrakis
M. Peterson wrote:
cool, XB = Tor, and Tor has changed to XB.
On Fri, Aug 15, 2008 at 10:36 PM, Arrakis [EMAIL PROTECTED] wrote:
We've just uploaded the XeroBank 2.8.8.15 installer.
It includes xB Browser 2.0.0.16a, and the full
source and library and tools
to discuss the implications of sending mail over tor so I can produce
actual software that real people can use, and you're here for some reason other
than that. Pardon me if I don't allow you to undermine my purpose.
Arrakis
were.
For the specifics, we are interested in those columns
I pointed out, as those are directly related to
internet privacy. The rest are areas that are outside
the scope of our threat model.
Arrakis
[EMAIL PROTECTED] wrote:
Arrakis:
[EMAIL PROTECTED] wrote:
macintoshzoom:
Sorry
the
better.
Arrakis
seriously consider uploading
your consciousness to the google collective.
Kind Regards,
Arrakis
P.S. Privacy enhancing technologies are a young science. Who
knows, some people might appreciate such a license...
http://www.securityfocus.com/news/6779
http://blogs.stopbadware.org/articles/2007/09
Roy,
Free, no strings attached. Naturally I cannot disclose what specific
organizations we work with, as that would be counter-intuitive to
privacy protection. Here is one offer, currently, just take a look
for yourself: http://xerobank.com/olympics.php
We'll consider others on a case
Mac,
For high bandwidth in addition to low latency, you are correct
that commercial anonymity is the only option. However there are a
lot of issues with commercial anonymity, and anonymity that is
not purely P2P designed. These issues can result in worse privacy
if you don't pay attention to the
We've just uploaded the XeroBank 2.8.8.15 installer.
It includes xB Browser 2.0.0.16a, and the full
source and library and tools. Just install NSIS,
put the plugins in the plugin directory, and run
make.bat to compile your own xB Browser and xB VPN
and/or installer to pack them both.
Naturally
Kyle
Can you get uTorrent to work if you change the tld of address
to .something ? How is the filtering taking place?
Steve
Kyle Williams wrote:
On Fri, Aug 15, 2008 at 3:29 PM, Teddy Smith [EMAIL PROTECTED] wrote:
On Fri, 2008-08-15 at 12:33 -0600, Kasimir Gabert wrote:
On Fri, Aug 15,
Curious,
If you just download the source code from the xb browser page, you
get all the build requirements and library and source, and even another
program to configure it for tor to dump in the commands you
would use in the torrc. Essentially the xB Config program parses
and writes INI
So this attack is nothing to worry about? It is just FUD? Was it done
on a private Tor network (as is my assumption)?
If you read the slides, you will see it appears the nodes in the
attack were real. Maybe they just named them that way for humor,
however how funny is it that one of the nodes
Yes, it can be done.
If the talk is accepted at DefCon, it will be demonstrated live.
MadAtTorHackers wrote:
I read that hackers are breaking Tor and turning into a trojan/rootkit? Is
this possible? How can they do this?
In post:
Foxyproxy+Polipo+Tor will not be immune.
xB Machine and JanusVM will be immune to the attack.
Steve
Florian Reitmeir wrote:
On Tue, 10 Jun 2008, MadAtTorHackers wrote:
Is there a safe Tor Virtual Machine to use?
as always.. define what is safe.
For me, Foxyproxy+Polipo+Tor is enough.
versions
and have not informed Tor developers of details yet??
I would hope DefCon does not accept presenters having such ethics.
On Tue, Jun 10, 2008 at 12:50:10PM -0500, Arrakis wrote:
Yes, it can be done.
If the talk is accepted at DefCon, it will be demonstrated live.
MadAtTorHackers wrote
Phobos, et al,
I don't see what Xerobank could
gain from devaluing the software they rely upon for their product.
Exactly. This is hopefully going to make tor stronger and raise
awareness about proper implementation regarding the OSI model.
Unfortunately it pushes most tor-related software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
xB Machine 0.9 Beta is now available for download.
For those of you unaware, it is the security hardened
next-gen anon OS. This package is ~400MB. The 4GB of
source code will be made available via torrent file
when the official version is released in
Howdy Roger,
I thought the original question was asking about an alternative
to torbutton.
No plans to include torbutton in future versions of xB Browser.
The reason we took it out is because it is counter-intuitive
to user behaviors.
Most users don't want a browser for both anonymous and
We'll be releasing a version of xB Browser using
the firefox 3 core after more stability testing.
Otherwise, your Firefox 2 solution is xB Browser:
http://xerobank.com/xB_Browser.html
Rochester TOR Admin wrote:
Not a helpful response but I wanted to second that request.
The current configuration can use either the Tor or the XB network.
Does that not satisfy the request?
Steve
Rochester TOR Admin wrote:
Yes, XeroBank's Browser is based on Tor [it used to be called TorPark] but
it also uses their own XeroBank network which is a privatized anonymity
network.
XeroBank's network is not based off onion routing, although we do
have a private onion routing network that isn't available to the
public yet. It uses 2-hop relay traffic over TLS, as 2 hops are
unneeded in a single trust domain, unless you want to do some
extra country hopping. The XeroBank
I haven't seen anything back from you yet, so I'll just pre-empt
some things you may want to know about the upcoming release.
Currently XeroBank is officially scheduled to release their
personal privacy services at the end of March. For personal
services, we are going to offer VPN access into
but do you know what the status of the xerobank
project/company is?
On Wed, Mar 5, 2008 at 5:26 PM, Arrakis [EMAIL PROTECTED] wrote:
Moved throbber into splash screen
Automatic flash cookie removal
Auto-updater with gpg signature verification
Latest Tor build
Minor bug fixes
Enhanced firefox control
Download Installer here:
http://update.xerobank.com/distro/XeroBank/xB-Browser_latest.exe
http://update.xerobank.com/distro/XeroBank/xB-Browser_2.0.0.11a.exe.sig
Source:
http://update.xerobank.com/distro/XeroBank/source/xBB_source_2.0.0.11a.zip
Now anyone can run the automated build process and build an xB Browser
installation pack themselves. I wrote the make script in batch language.
This current make automatically downloads the latest firefox from mozilla,
verifies the signatures, and unpacks it. In the future, when the tor win32
://metasploit.com/research/misc/decloak/
--- Arrakis [EMAIL PROTECTED] wrote:
It appears that Java attacks for causing external IP data to be leaked
can be mitigated to some good degree. The upshot is that you can now run
Java applets that even when attempting to phone home directly (revealing
Okay pause.
We need to distinguish here because ya'll are talking about different
terms. Internal network IP (192.168.x.x, etc), external IP (your public
IP address), and DNS requests (locally vs remote through socks). The
internal network IP probably isn't a terribly valuable piece of
I can confirm that this code does indeed expose the external IP address,
despite the setting in JCP/deployment.properties.
James Muir wrote:
[EMAIL PROTECTED] wrote:
On Sun, Dec 02, 2007 at 11:35:49PM -0800, [EMAIL PROTECTED] wrote
0.9K bytes in 21 lines about:
: I remember these tests. I
be
cornered in, but most seem to be. Regarding DNS, well that is again
another issue to be looked at, unfortunately.
Steve
James Muir wrote:
Arrakis wrote:
It appears that Java attacks for causing external IP data to be leaked
can be mitigated to some good degree. The upshot is that you can now run
How about instead of Make, we use Scons? It should be easier for people
to read and modify.
Additionally, for the list of tor 3rd party devs...
I figured out how to implement the (more) secure persistent settings in
firefox. This will be useful for others trying a similar approach to xB
Browser.
Greetings,
We've rewritten xB Browser to version 2.0.0.9/10 and are about to
introduce some new functionality to it. I thought this would be a lovely
time to take a step back and acquiesce to some prior requests for a doc
on how to build xB Browser from scratch. I've got some questions, and
I'm writing the preferences for the xB Browser, and I've been thinking
about the problem of users who are smart enough to be dangerous to
themselves. I'm talking about those that jump into the proxy settings
and think they are speeding things up by changing to a direct connection
or auto-detect.
I actually know of such a company that is interested in supplying tor
legal insurance in DE. Is anyone interested?
Steve
linux wrote:
There is already a thread about this organization/fund.
I am watching it carefully because I am interested.
It looks for like like we need a legal costs
direction.
Steve
Jacob Appelbaum wrote:
Arrakis wrote:
Greetings,
We've rewritten xB Browser to version 2.0.0.9/10 and are about to
introduce some new functionality to it. I thought this would be a lovely
time to take a step back and acquiesce to some prior requests for a doc
on how
can keep it win32. But if we had to, we could probably build
in in nix.
And you're right about the default file issue. Just a method of
preference but it would be nice if our distro hash was the same as our
build hash.
Steve
Jacob Appelbaum wrote:
Arrakis wrote:
Jacob,
This might be able
Greetings and welcome to 2006!
3,
Steve
Excerpt from How To Create Torpark
Step 31. set as follows:
noscript.notify.hideDelay = 30
noscript.statusIcon = false
network.dns.disableIPv6 = true ; ipv6 addresses fail through tor.
network.proxy.socks_remote_dns = true
- New Installer for Windows
- Creates Desktop/Start Menu Icons
- 10MB including archives
- Can Register for free xB account
- xB Members can upgrade via their Trans ID
- Enhanced Windows Vista compatibility
- Firefox 2.0.0.8
- Tor 0.1.2.17
- Addons all updated
- New Password Addon
-
We call this xB Browser.
3 Steve
Alexander W. Janssen wrote:
The easiest solution would be just using different browser-profiles
and run them simultaneously. One for Tor, one for everything else.
Cheers, Alex.
Alex,
That is exactly the distinction I am looking for.
Does Tor care about the destination of the TCP request, when deciding to
make a new circuit, and thus will use one because it is already dirtied
by that domain?
Steve
Alexander W. Janssen wrote:
However, considering your question... It
and
have them be separate processes with separate configurations.
Cheers-
-Andy
Arrakis wrote:
Kyle
You could if you want to recompile. Now I'm about to release xBB
2.0.0.7, and my concern about that is if the user can't tell the
difference, visually, between Firefox and xB Browser. I can
Report comes back that this is hosted from Taipei, Taiwan.
Comes back negative for viruses, scanned against 13 popular virus
scanners. Time to run it in a VM and capture the activity, if it even
executes...
Steve
Kyle Williams wrote:
I just found this myself and am digging into it
Ran it against a bunch more scanners and came up with a suspicious
payload. F-Secure refers to it as Tibs.gen134, Sophos as Mal/Dorf-E,
etc, but just because it is suspicious doesn't mean anything definitive.
Other than, it probably isn't tor since it is 1/20th the size.
Eugen,
Torpark was rebranded to xB Browser. It is still free and open source
as per usual. In addition, we have released a new free software called
xB Machine, a secure virtual workstation.
This should explain it:
http://xerobank.com/torrify.html
Steve
Eugen Leitl wrote:
I've been out of the
When do you use it? On what websites?
Kyle Williams wrote:
I use it, and I like it.
On 8/15/07, Arrakis [EMAIL PROTECTED] wrote:
Saw it. Thought about it.
Matej Kovacic wrote:
Hi,
check this out: http://firegpg.tuxfamily.org/
Useful in cobination with Tor button.
bye, Matej
xB Machine v0.2.2 DEVELOPMENT PRE-RELEASE(370MB)
DOWNLOAD HERE:
http://update.xerobank.com/beta/xBVM-0.02.2.zip
xB Machine is a virtual machine built on the Gentoo platform, and is
designed to provide a strong IP leak-resistant system and network
design, hardened security against local attacks,
The question is if the stand-alone player, just like regular flash
player, phones home without regard to your proxy settings.
Or you could just wait till xB Machine is released on August 3rd and
never worry about it again.
Steve Topletz
scar wrote:
OK, we all know the threats of watching flash
Benjamin,
Sorry to hear you won't be keeping up on the ROCKate and
have been forced to succumb to Germany's turn. I expect
more such tor-related shutdowns among fear and legislation.
I'll be picking up the slack shortly, so no worries.
A development release
JT,
XeroBank has such a VM that will be released August 3rd, called xB
Machine. The system is encrypted, except for the kernel, and it is
incapable of leaking true IP data. It can also remotely mount encrypted
filesystems.
Regards,
Steve
JT wrote:
Hi,
is it now possible to offer an openBSD
JT
Expect crickets. The fines will be 500,000 Euro + 2 years prison for
disobeying, I've heard. Pretty outrageous, considering Germany is such a
strong proponent for privacy.
XeroBank has a solution we are hoping we won't have to implement, but it
will allow Tor nodes to continue to operate in
I'm excited. I'll check this out tonight.
Last time I tried to download the link was dead.
Regards,
Arrakis
Hi List.
I fully expect everyone to ridicule me for the ChangeLog of the just
released ROCKate 0.3.1:
ChangeLog:
* added various fixes to make the nifty 0.3 features work
JT,
1) This could potentially break some websites that rely on ref link.
I've let users decide by putting in an extension that allows them to
play with this.
2) Why?
3) Torpark users can already set what they want their useragent to be, via
an extension.
Regards,
Arrakis
Hi,
could you
Does anyone here know if these photos are licensed or who owns the
copyright?
http://tor.eff.org/images/htw1.png
http://tor.eff.org/images/htw2.png
http://tor.eff.org/images/htw3.png
Regards,
Steve
node you could use to access it, you could
simply do torrify.com.onion... a simple naming convention.
Regards,
Arrakis
It sounds to me like we need:
1. Absolutely easy to use client software that automatically acts as a
router/server
-- Needs to determine the lower (upstream) bandwidth
Paul and Michael,
Correct. Apparently when something is free of charge whatever, and
yours to do with what you wish unless you are unethical, we call that
arrakis-free or free as in arrakis.
And to Kasimir, the license has been updated, and definitions are
forthcoming.
Regards,
Steve
how onion routing
works? I've been toying with the idea of putting one together.
Regards,
Arrakis
On Sun, Mar 25, 2007 at 09:57:20AM -0600, Arrakis wrote:
2) Torpark is not commercial, it is totally free and open source. We
simply offer an upgrade to get higher speeds than the tor network can
JT,
I wrote Torpark, so let me respond to your points.
1) Torpark is only for windows at the moment, it will be available for
Mac and Linux shortly.
2) Torpark is not commercial, it is totally free and open source. We
simply offer an upgrade to get higher speeds than the tor network can
Nick,
You are right. We don't allow governments to subvert our software,
commercial competitors, or people to install spyware and redistributed
that way.
Saying free and open-source software isn't Free and Open Source is
giving in to a combination of semantics and snobbery of licensing. It
Fabian et al,
The terms free software and open source software have been
around for a while and so has there meaning. No one said Torpark
wasn't delivered free of charge or that its source wasn't open for
review.
Torpark's license just doesn't give the user enough rights to
call Torpark
Michael,
Well that sounds good in theory, and admittedly I don't know enough
about scripting languages to say it can't be done. But it does occur
to me that the SM would have to be very intelligent to know that the
harmless X, Y, and Z parts of the script form a dangerous whole. I
think that
I'll address these issues since you didn't feel it was
necessary to read the followups on the thread you posted:
1) tor devs are not qualified to review the code. Shava Nerad of the
Tor project asked me to refer someone to do QA on 3rd party win32 apps for the
Tor
project, which I did. Will it
Roger, Nick, et al
I am pleased to report that `tor log notice file log.txt` works
perfectly under Windows XP.
Thank you for your quick response,
Steve
69 matches
Mail list logo