On Tue, 21 Sep 2010 11:32:13 +0200 emanuele incremona <[email protected]> wrote:
> I write to present the new release of "Vatlator", a live cd for > anonymous browsing. Hi, I tried this out today and have some feedback. It looks like a stock ubuntu mini mix with tor, polipo, and firefox w/torbutton installed. As a result, it leaks traffic and information on the network. This is bad. For example, the iptables config is wide open and set to accept all both outbound and inbound. At a minimum, vatlator should transparently proxy everything through Tor, and otherwise deny any traffic that isn't going through Tor, like udp, icmp, etc. iptables should deny or drop all inbound traffic from outside the OS. You may want to look at what the TAILS people have been doing do harden their livecd, https://amnesia.boum.org/. Someone started to write this as a guide to help others, https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/LiveCDBestPractices. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
