Re: gratuitous change blocks upgrade to 0.2.2.15-alpha :-(
Sorry I'm so far behind on email. Will try to catch up soon. On Fri, 24 Sep 2010 22:05:45 +0200 Sebastian Hahn m...@sebastianhahn.net wrote: On Sep 11, 2010, at 3:47 AM, Sebastian Hahn wrote: On Sep 10, 2010, at 10:40 AM, Roger Dingledine wrote: In any case, Sebastian started a trac entry for this one: https://trac.torproject.org/projects/tor/ticket/1929 wherein he starts out by listing a reason that we shouldn't fix it. Please add more pros and cons to the trac entry. it'd be nice if further discussion could be moved to the bug report. Nick had a nice idea how to solve the situation without breaking our controllers. It would be great to get feedback on this (positive or negative) so please do reply with your thoughts. Patches for the documentation are also welcome, if they help to clarify the situation. Thanks Sebastian To let those know who didn't start monitoring the bug report, as of 851255170 we implemented a new feature to allow using multiple lines when specifying a torrc entry. To indicate that a line ends in the torrc but Tor should treat the next line as if it belonged to the current line, use a backslash at the end of the line. Comments inside such a block are ignored. What terminates a comment inside such a block? To provide an example, here is what the new syntax might look like (basically all previously valid torrcs should remain valid): ExcludeNodes \ # I don't like kittens lolcat1, \ Is the lolcat1, part of the comment about kittens? lolcat2 \ # / I also don't like bunnies! I really hate them. \ Is the \ part of the comment? The early comment line about kittens lacks a \. Are both validly continued lines? ,cutebunny, extracutebunny, \ # and this node appeared on my mother's birthday birthdaynode StrictNodes 1 I hope this is an acceptable solution for those who wanted a change, and doesn't upset those that thought the old behaviour was like it should be. Wow. That's the most incredibly *ugly* kluge I've seen in many a year, but if it works, then at least it does provide the functionality. I'll make the required changes to a copy of torrc and then try the upgrade to 0.2.2.17-alpha sometime in the next few days. Answers to the questions above would be helpful, though, in making those modifications. However, I don't understand the need for compatibility for tor controllers on this one. It seems to me that changes to the ExcludeNodes and ExcludeExitNodes lists are the kind of thing that should require rereading torrc, throwing away the previous lists and replacing them with the new ones read from torrc. Controllers should have the ability to trigger rereading of torrc, but not to make this sort of major operational change on the fly directly rather than by through rereading torrc. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Me - Tor - VPN - Internet?
On Thu, Oct 7, 2010 at 5:19 AM, John Brooks spec...@dereferenced.net wrote: On Wed, Oct 6, 2010 at 9:11 PM, Load Bear loadbear...@gmail.com wrote: I am aware of that limitation. However, I am currently less concerned about eavesdroppers between a given VPN and the destination than I am about Tor exit-node eavesdroppers. Knowing the limitations involved, do you know of some method to accomplish my expressed goal? Assuming it's not a free VPN, you also run the risk of being identified by your billing information. If it is free, I would say that there is just as much if not more risk of your traffic being used maliciously. There are VPN providers that will let you pay anonymously. However, if you're taking anonymity on the Internet seriously, using a VPN as the last and only line of defense carries all kinds of risks: Traffic analysis (Let's look at all traffic going in and out of this VPN server and match the traffic), single point of failure in form of the VPN provider (Do you trust him not to keep logs and sell them to the next highest bidder?) and some more. From an academic point of view, there isn't much anonymity to gain from a VPN. You could run Tor on top of the VPN to gain anonymity. That sounds technically possible even though I haven't tried it -- but I don't see much benefit here unless you're living in a country that blocks the public Tor nodes and most bridges. Best, /C *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
On Sun, Oct 3, 2010 at 2:05 PM, kalitnik...@privatdemail.net wrote: Hello everyone. I found a fork (?) of tor software with GUI named Advanced Tor. I was surprised of its features, but found just nothing about it in web, though it has opened source placed in sf.net. Have you people discussed it? Please give a link to discussion if yes. Otherwise you are welcome (if it won`t break any or-talk rules), especially I`d like to know if someone can get through the code to check it for backdoors or something like that. Description and source: http://nemesis.te-home.net/Projects/AdvTor.html http://sourceforge.net/projects/advtor/ http://nemesis.te-home.net/Projects/AdvTor.html When connecting to this site through Tor either I get a disconnect or a weird message saying I am connecting via a proxy which is changing my data. I have only once had an acutual web page to browse (right after it the first post to OR-TAlk). Is this a TOr problem (e.g. a ban by Tor exits) or a site problem? Jo *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
On Thu, Oct 7, 2010 at 4:32 AM, Anon Mus my.green.lant...@googlemail.com wrote: On Sun, Oct 3, 2010 at 2:05 PM, kalitnik...@privatdemail.net wrote: Hello everyone. I found a fork (?) of tor software with GUI named Advanced Tor. I was surprised of its features, but found just nothing about it in web, though it has opened source placed in sf.net. Have you people discussed it? Please give a link to discussion if yes. Otherwise you are welcome (if it won`t break any or-talk rules), especially I`d like to know if someone can get through the code to check it for backdoors or something like that. Description and source: http://nemesis.te-home.net/Projects/AdvTor.html http://sourceforge.net/projects/advtor/ http://nemesis.te-home.net/Projects/AdvTor.html When connecting to this site through Tor either I get a disconnect or a weird message saying I am connecting via a proxy which is changing my data. I have only once had an acutual web page to browse (right after it the first post to OR-TAlk). Is this a TOr problem (e.g. a ban by Tor exits) or a site problem? Not sure what your trouble is here, but Tor doesn't ban sites. I just tried connecting there, and it worked fine for me. yrs, -- Nick *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Nick Mathewson wrote: On Thu, Oct 7, 2010 at 4:32 AM, Anon Mus my.green.lant...@googlemail.com wrote: On Sun, Oct 3, 2010 at 2:05 PM, kalitnik...@privatdemail.net wrote: Hello everyone. I found a fork (?) of tor software with GUI named Advanced Tor. I was surprised of its features, but found just nothing about it in web, though it has opened source placed in sf.net. Have you people discussed it? Please give a link to discussion if yes. Otherwise you are welcome (if it won`t break any or-talk rules), especially I`d like to know if someone can get through the code to check it for backdoors or something like that. Description and source: http://nemesis.te-home.net/Projects/AdvTor.html http://sourceforge.net/projects/advtor/ http://nemesis.te-home.net/Projects/AdvTor.html When connecting to this site through Tor either I get a disconnect or a weird message saying I am connecting via a proxy which is changing my data. I have only once had an acutual web page to browse (right after it the first post to OR-TAlk). Is this a TOr problem (e.g. a ban by Tor exits) or a site problem? Not sure what your trouble is here, but Tor doesn't ban sites. I just tried connecting there, and it worked fine for me. yrs, Well, well, well suddenly the problem fixes itself... after 20+ disconnects and 10+ You are using a proxy which is changing your data... refusing connection.. over the past 3 days. Must be just another co-incidence ..funny though how it was still failing a minute prior to my post being written today. This must be similar to the DNS resolution problem (unable to resolve DNS and so failed page access) to webcrawler.com when using these servers as exits the last 4 weeks... (might be fixed now, but these are all in my exclude as exits list, so I wouldn't know). spfTOR1,spfTOR2,gpfTOR1,gpfTOR2,Amunet1,Amunet2,Amunet3,Amunet4,Amunet5,Amunet6,Amunet7,Amunet8,Amunet9,Amunet10,Amunet11,Amunet12,blutmagie,blutmagie2,blutmagie3,blutmagie4 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
On Thu, Oct 07, 2010 at 05:20:08PM +0100, my.green.lant...@googlemail.com wrote 2.3K bytes in 55 lines about: : Well, well, well suddenly the problem fixes itself... after : 20+ disconnects and 10+ You are using a proxy which is changing : your data... refusing connection.. over the past 3 days. This would be a lot better if it came with logs, bug reports, and data. It could also be the destination site having problems, or the exit relay is overloaded, or sun flares. The Internet is complex, narrowing down the problem to Tor or not Tor is a first step. -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Hidden service: Is it possible for an attacker to break out of a VM?
The title says it all: Several people recommend running a hidden service from within a VM, to prevent attackers from doing side channel attacks and reading off your hardware components and serial numbers. Then I heard that attackers can actually break out of VM's if they get root access on it due to a successful attack. I just want your opinions on that one, thanks! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hidden service: Is it possible for an attacker to break out of a VM?
Hikki, From a defense in depth point of view it can help to use a VM. It is not impossible for an adversary to break out of a VM, but if you are using a good VM it will at least require a pretty sophisticated attacker. I would say that using a VM would increase the security of your hidden service. On Thu, Oct 7, 2010 at 5:12 PM, hi...@safe-mail.net wrote: The title says it all: Several people recommend running a hidden service from within a VM, to prevent attackers from doing side channel attacks and reading off your hardware components and serial numbers. Then I heard that attackers can actually break out of VM's if they get root access on it due to a successful attack. I just want your opinions on that one, thanks! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ -- Sincerely Yours, ---Thomas S. Benjamin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hidden service: Is it possible for an attacker to break out of a VM?
Hi! If there is no back-door or bug in your VM software, how you wanna break out of the VM? Even with root privileges you will be a prisoner within the VM. Proof me wrong. Michael 2010/10/7 hi...@safe-mail.net The title says it all: Several people recommend running a hidden service from within a VM, to prevent attackers from doing side channel attacks and reading off your hardware components and serial numbers. Then I heard that attackers can actually break out of VM's if they get root access on it due to a successful attack. I just want your opinions on that one, thanks! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ -- Michael Gomboc www.viajando.at pgp-id: 0x5D41FDF8
Re: Hidden service: Is it possible for an attacker to break out of a VM?
On Thu, 7 Oct 2010 18:12:45 -0400 hi...@safe-mail.net wrote: Several people recommend running a hidden service from within a VM, to prevent attackers from doing side channel attacks and reading off your hardware components and serial numbers. Using a VM doesn't prevent most side-channel attacks. It only blocks access to a description of your hardware. Then I heard that attackers can actually break out of VM's if they get root access on it due to a successful attack. It depends on the VM software you are using. Robert Ransom signature.asc Description: PGP signature
Re: Hidden service: Is it possible for an attacker to break out of a VM?
On Thu, Oct 07, 2010 at 08:31:14PM -0400, michael.gom...@gmail.com wrote 2.8K bytes in 78 lines about: : If there is no back-door or bug in your VM software, how you wanna break out : of the VM? That's a perfect world that doesn't exist. The VM software will have bugs, someone will exploit it. For a start, http://duckduckgo.com/?q=virtual+machine+attacks -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Me - Tor - VPN - Internet?
a free VPN There are VPN providers that will let you pay anonymously. Among others, I would be interested in reading posts containing lists of VPN providers that offer one or more of these two services. Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Me - Tor - VPN - Internet?
On Thu, 7 Oct 2010 23:58:28 -0400 grarpamp grarp...@gmail.com wrote: a free VPN There are VPN providers that will let you pay anonymously. Among others, I would be interested in reading posts containing lists of VPN providers that offer one or more of these two services. Thanks. No -- put them on the Hidden Wiki. Finding *that* is left as an exercise for the reader. Robert Ransom signature.asc Description: PGP signature