On 12/22/10 08:38, Praedor Atrebates wrote:
I have always been disturbed by the fact that javascript or flash
can sidestep tor and give away your real IP. Is there truly no way
to control one's own computer so that any and ALL traffic that goes
out to the ethernet port or wlan gets directed
On 12/22/10 17:10, Praedor Atrebates wrote:
Could one setup a VM with some arbitrary timezone for it alone and
run tor and bind there so that flash and javascript cannot get such
info as local timezone, etc? Would it be possible to have the VM
change timezone in some random/semi-random
On 12/22/10 20:32, Kyle Williams wrote:
On Wed, Dec 22, 2010 at 8:39 AM,
7v5w7go9ub0o7v5w7go9u...@gmail.comwrote:
Any and ALL suggests a machine that allows only HTTP/S activity
to/from a TOR process; to/from a TOR entry node; all other traffic
(e.g. UDP from some sneaky plugin) is blocked.
On 12/18/10 12:25, intrigeri wrote:
7v5w7go9ub0o wrote (18 Dec 2010 16:45:06 GMT) :
Did you do any testing with SIP clients - e.g. SIP Communicator
and/or SFLphone? I ask because each of these seem to be very
active, and also offer ZRTP.
I did not. Please let me know any testing results
On 06/14/10 10:02, alex-...@copton.net wrote:
I am running the exit-node tor-readme.spamt.net.
Thank You tor-readme.spamt.net, for your generous contribution to tor!!!
My provider, server4you, keeps getting abuse reports from
shadowserver.org. According to the abuse service they are running
On 06/14/10 18:52, John Brooks wrote:
[]
And second, the exit policy of my node does not allow
IRC.
For me this makes no sense at all.
From my experience, shadowserver has a habit of being overzealous
like this. I've never dealt with them in the context of Tor, but I
had an
On 05/01/10 00:15, John M. Schanck wrote:
[]
I'm going to be working on improving the Snakes on a Tor (SoaT) exit
scanner. For those of you not familiar with it, SoaT aims to detect
malicious, misconfigured, or heavily censored exit nodes by comparing the
results of queries fetched across
On 03/01/10 11:38, Kyle Williams wrote:
You might want to look at JanusVM.
I can't quite tell; I'm guessing that JanusVM uses a VPN(TUN/TAP) to
redirect all host packets to the VM - thereby blocking any loose
packets? (any non-TOR interaction with the ISP - which may be a hotspot)?
TIA
[]
On 02/24/10 23:16, Ted Smith wrote:
On Wed, 2010-02-24 at 11:56 -0500, 7v5w7go9ub0o wrote:
[]
Perhaps mention the benefits of TPM chips (on 'ix, they can be
configured to benefit the user, not some record company)?
Yup. Check out Trusted Grub if you're blessed with the appropriate
hardware
On 02/24/10 00:10, Ringo wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
One update that should be noted is that this doesn't protect against
bad nanny attacks. With full disk encryption, the boot partition isn't
encrypted (as you have to load it so it can ask for your passphrase and
On 02/23/10 22:38, Paul Campbell wrote:
[snip]
It is possible to run Off-the-Record Messaging over Tor.
Off-the-Record Messaging has all kinds of features: encryption,
perfect forward secrecy and deniable authentication. And it doesn't
have the problems of TorChat.
Good point on OTR
Good job!
IMHO this is a very nice paper; well written!
(Adjusted the title of this post a bit, in case the readers weren't
aware your goal )
(FWIW, some might want to read the paper - to gain a lot of insight and
background - and then download/test a copy of your (sanitized) .img
On 02/19/10 16:13, Rich Jones wrote:
Thanks for the reply. After some thought, I realize that the perfect
should not be an enemy of the good; that TORing the net remains
valuable, even if the OS is handshaking the cloud.
It is also important that as many (cell) users as possible use/support
On 02/19/10 20:09, Jacob Appelbaum wrote:
7v5w7go9ub0o wrote:
On 02/18/10 20:07, Jacob Appelbaum wrote:
The performance of Tor is similar to any other Tor client - this is our
reference C implementation running on the N900.
With that said - You may want to hold out and get an Android phone
On 02/18/10 20:07, Jacob Appelbaum wrote:
The performance of Tor is similar to any other Tor client - this is our
reference C implementation running on the N900.
With that said - You may want to hold out and get an Android phone.
We're looking to do a release of Tor on Android next week. We
Andrew Lewman wrote:
On 01/30/2010 08:40 PM, 7v5w7go9ub0o wrote:
Given the implications of panopticlick, have you any interest/plans
in making Torbutton fingerprints even more indistinguishable (e.g.
give every user a windows I.E. fingerprint)
Just to highlight what Mike said
Kyle Williams wrote:
7v5w7go9ub0o wrote:
Andrew Lewman wrote:
On 01/29/2010 08:20 PM, 7v5w7go9ub0o wrote:
As we slowly transition to web 2.0, probably the next step is
putting the TOR browser in a VM full of bogus, randomized
userid/sysid/network information - carefully firewalled
Andrew Lewman wrote:
On 01/29/2010 08:20 PM, 7v5w7go9ub0o wrote:
As we slowly transition to web 2.0, probably the next step is
putting the TOR browser in a VM full of bogus, randomized
userid/sysid/network information - carefully firewalled to allow
TOR access only (TOR would be running
scar wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
Mike Perry @ 01/28/2010 02:04 PM:
After all, in normal operation, your history leaks one fuckload of
a lot of bits. And that's a technical term. Sensitive ones too,
like what diseases and genetic conditions you may have (via
scar wrote:
Mike Perry @ 01/28/2010 02:04 PM:
After all, in normal operation, your history leaks one fuckload of
a lot of bits. And that's a technical term. Sensitive ones too,
like what diseases and genetic conditions you may have (via Google
Health url history, or Wikipedia url history).
Mike Perry wrote:
[]
The reason why Torbutton didn't opt for the same origin policy method
is because Tor exit nodes can impersonate any non-https origin they
choose, and query your history or store global cache identifiers
that way. It was basically all or nothing for us.
Ah.
Mike Perry wrote:
Thus spake Seth David Schoen (sch...@eff.org):
Mike Perry writes:
Thus spake coderman (coder...@gmail.com):
EFF has an interesting tool available:
https://panopticlick.eff.org/
technical details at
Andrew Lewman wrote:
On 01/29/2010 04:36 PM, Michael Holstein wrote:
The main cause was the screen resolution.
https://blog.torproject.org/blog/effs-panopticlick-and-torbutton
Running TOR and leaving javascript enabled sort of defeats the
point, doesn't it?
Not really. Most of the
Rich Jones wrote:
Hello!
I know there have to be some really interesting .onions out there, but I've
been having trouble finding them, so I started a reddit.com 'subreddit' to
do some of that web 2.0 magic and let the good ones bubble up.
http://www.reddit.com/r/onions/ , if any of you
Ringo wrote:
I would appreciate any feedback people have on this. This is just an
idea and it's kind of beta, so don't use this unless you know what
you're doing. PGP key at bottom of message
More Secure Tor Browsing Through A Virtual Machine in Ubuntu
IMHO, you're on the right
Kyle Williams wrote:
On Mon, Aug 24, 2009 at 6:18 AM, 7v5w7go9ub0o
7v5w7go9u...@gmail.comwrote:
==
1. Which VM software are the most breakout proof, should an
attacker gain access with a root shell?
This is a tricky question which depends on your requirements. Before
I get
Sigh... yes; especially when one (upon rare occasion) requests the
embedded http images, and thereby asks TBird to visit a web page. One
would then want the transaction monitored by both TorButton and
NoScript. :-(
(p.s. open up about:config in TB and scan for jav. I hope there really
is no
Juliusz Chroboczek wrote:
Is anyone know where find an how to use TOR against HADOPI ?
Using tor to evade the French data retention and HADOPI laws is no different
from using tor for evading the surveillance of other police states.
(Hadopi is the new law in france about P2P: if you download
Scott Bennett wrote:
On Mon, 05 Jan 2009 12:01:29 +0100 gabrix gab...@gabrix.ath.cx wrote:
Scott Bennett wrote:
I know people are doing FTP transfers via tor, but I don't know how
they are doing it. What are people using for a proxy to sit between either
a native FTP client or a web
Adlesshaven wrote:
Does anyone here jail, sandbox or chroot the applications they use
with Tor?
yep.
1. Separate, individual (GRSecurity-hardened) jails on Linux for
Thunderbird, Opera, and TOR itself.
2. Opera connects to TOR via polipo - which is jailed in a common
jail; and Thunderbird
Eugen Leitl wrote:
FYI: http://howtoforge.com/ultimate-security-proxy-with-tor
Ultimate Security Proxy With Tor
Nowadays, within the growing web 2.0 environment you may want to have some
anonymity, and use other IP addresses than your own IP. Or, for some special
purposes - a few IPs or
Erilenz wrote:
* on the Sun, Oct 19, 2008 at 07:14:31AM -0500, Scott Bennett wrote:
Besides, opening ports 1024 usually requires root-privileges,
which could introduce serious security issues if an exploitable
flaw were found in Tor. You can still advertise port 443 as your
ORPort and listen
Roger Dingledine wrote:
snip
Otherwise, all german nodes have to switch to middle man.
snip
1. Given that the ISP will have logs anyway, why disallow German exit
nodes?
2. How about changing all TOR port useage - including relays and entry
ports - to 443?
'Twould be hard to know
Roger Dingledine wrote:
On Sat, Oct 18, 2008 at 06:43:34PM -0400, 7v5w7go9ub0o wrote:
Roger Dingledine wrote:
snip
Otherwise, all german nodes have to switch to middle man.
snip
To be clear, I didn't write the above line.
1. Given that the ISP will have logs anyway, why disallow German
David Howe has been running some tests, and has discovered that in many
cases, SSL transactions can be recorded, and decrypted by Wireshark
after the fact - this because an ephemeral cipher was NOT chosen by the
server; i.e. a cipher was chosen that does not provide Perfect Forward
Secrecy .
Bernhard Fischer wrote:
On Monday 15 September 2008, Sven Anderson wrote:
Am 15.09.2008 um 16:16 schrieb Bernhard Fischer:
We have a new version of OnionCat ready which is now capable of
IPv4-forwarding.
Read http://www.abenteuerland.at/onioncat/ for further instructions
on how to
use
Nick Mathewson wrote:
On Thu, Sep 04, 2008 at 03:20:34PM -0700, Kyle Williams wrote:
Hi all,
I've been playing around with Google's new web browser and Tor. I thought
it might be good to share my findings with everyone.
After reading Google's privacy policy[1], I for one would not want to use
Camilo Viecco wrote:
7v5w7go9ub0o wrote:
What a great idea!
Thank you for working on this!! And thanks to Google for supporting
this project.
Sadly, I get a clean linux compilation, but no extra tab. Is there an
additional dependency? e.g. geoip?
TIA
gcc-3.4.6, glibc-2.6.1
anonym wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/08/08 15:42, 7v5w7go9ub0o wrote:
anonym wrote:
Email clients leak tons of information, the most critical I know of
being your IP address and/or host in the EHLO/HELO in the beginning
of the SMTP(S) transaction.
Nope
anonym wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/08/08 15:42, 7v5w7go9ub0o wrote:
anonym wrote:
Email clients leak tons of information, the most critical I know of
being your IP address and/or host in the EHLO/HELO in the beginning
of the SMTP(S) transaction.
Nope
Dawney Smith wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
krishna e bera wrote:
I'm not clear on how authentication (on any port) stops spam,
other than the ISP cutting off a given userid after complaints.
A lot of spam already comes from malware infected computers
via their
IIUC, I should be able to list the current configuration via the control
port. My attempt at this fails... help!
getinfo config/*
552 Unrecognized key config/*
(when I list valid GETINFO commands, I get this:
getinfo info/names
250+info/names=
accounting/bytes -- Number of bytes
Karsten N. wrote:
I have read a thread at the JonDos forum about browser footprints.
A browser is not only identified by the user-agent, it is possible to
use the accepted language, the accepted content, accepted charsets...
To create a highly anonymous group, many user should use the same
Matthieu Dalissier wrote:
Hi there,
I don't know if it is the right place to post this.
A few days ago i ve upgraded my torbutton to 1.2.0RC4 with FF3.0 and
now can't toggle away from the Tor-state.
The plugin is in default configuration, when i click on the Torbutton an
error message with
F. Fox wrote:
scar wrote:
F. Fox @ 2008/06/26 02:39:
7v5w7go9ub0o wrote:
(snip)
This actually creates another question (not to be argumentative :-) ).
Given that there is no exit node, would an OnionCat to OnionCat
connection over TOR need to be encrypted? Is it plain-text anywhere
along
Kyle Williams wrote:
On Thu, Jun 26, 2008 at 4:30 PM, [EMAIL PROTECTED] wrote:
On Thu, Jun 26, 2008 at 02:30:30PM -0400, [EMAIL PROTECTED] wrote
0.9K bytes in 29 lines about:
: 'til you get a better reply, my newbie guess is that this sounds like a
: vidalia connection response. i.e. the
Bernhard Fischer wrote:
On Tuesday 24 June 2008, 7v5w7go9ub0o wrote:
snip
My hope is to use OnionCat on my laptop to VNC via TOR to my home
computer using nomachine NX. Is that kind of use possible with OC?
Thanks again.
Yes, this should work. But why would you like to do this? TOR's hidden
Dave Page wrote:
On Wed, Jun 25, 2008 at 09:16:12AM -0400, 7v5w7go9ub0o wrote:
Bernhard Fischer wrote:
On Tuesday 24 June 2008, 7v5w7go9ub0o wrote:
My hope is to use OnionCat on my laptop to VNC via TOR to my home
computer using nomachine NX. Is that kind of use possible with OC?
1
F. Fox wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
7v5w7go9ub0o wrote:
(snip)
1. Connecting via TOR would be an extra, minor security option to
conceal the fact that my home is running a VNC server - eavesdropping
kids at the hotspot may try to make it a hacking prize.
You should
Bernhard Fischer wrote:
OnionCat creates a transparent IPv6 layer on top of TOR's hidden services. It
transmits any kind of IP-based data transparently through the TOR network on
a location hidden basis. You can think of it as a point-to-multipoint VPN
between hidden services.
See
50 matches
Mail list logo
