Re: Traffic Logging Suggestion
Anothony Georgeo [EMAIL PROTECTED] wrote: Crackerdactor: What is the nick of your node? I ask because after reading your posts I want to add YOUR node to my ExcludeNodes list. I am not trying to be rude, it's just I don't trust you or your ability to run a secure node. Anogeorgeo Well well well A tor operator comes on line and asks, reasonably, for some explanations as to why the safety of the tor service has changed without notifying the server operators or the users. That operator also calls for a tightening up of server verification/validation/registration process (or in this case we find out there is no real proecess now) and you somehow?? conclude that this tor operator is risk??? So.. If you cant... ** bluff your way through it.. ** be-little or insult the person.. ** ridicule the person as a trouble maker/moaner (re: Wes).. you just ** slander the person by suggesting they run an unsafe server (nice one Eric Ano) ... look kiddies ... you are only doing yourselves damage by acting in this manner. Try to refrain from silly games in future. Humour is fun but silly games are not. I'm sure you already knew my nick, honestly. CA --- Message sent with Supanet E-mail Signup to supanet at https://signup.supanet.com/cgi-bin/signup?_origin=sigwebmail
Re: Traffic Logging Suggestion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Freemor wrote: On Thu, 2006-17-08 at 18:13 -0700, Anothony Georgeo wrote: [...] I think the hardest part will be explaining clearly what Tor CAN do in a non technical way. - From the FAQ: 7.2. Can exit nodes eavesdrop on communications? Isn't that bad? Yes, the guy running the exit node can read the bytes that come in and out there. Tor *anonymizes the origin* of your traffic -- it does not magically encrypt all traffic throughout the Internet. http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers I think it's a clear answer. The problem is that a normal user doesn't read documentation, where to write this important informations? The 90% of user will find the some news about tor across the internet, click the download link and read nothing. Back to http://tor.unixgu.ru/, they write something wrong: ... communication from client to entry node and exit node to server will still remain as is. Pop3, telnet and others will still be plain-text and thus subject to sniffing. Dan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE5XsPbVJpv1t+ohsRAvacAKCOYC9sDIXgiVSEbOcWPM4SksCqkgCgg9hJ wqSLEEHGuvEdx5xDweMO6wg= =fFAC -END PGP SIGNATURE- -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.11.2/422 - Release Date: 17/08/2006
Re: My ExcludeNodes list...post yours
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anothony Georgeo wrote: Hi, Due to recent discussions about an ExcludeNodes list I thought I would post mine. Roger (or Nick?) mentioned they do not use an ExcludeNodes list because it can mess with Tor's load balancing but I hope this isn't the case with my list as it only has 11 nodes. Please post any issues you may have with this list or any problems you find. If Tor devs. strongly advise against this list please let me know. I don't use ExcludeNodes at the moment just because i don't trust some router more than another This list blocks all nodes from China and Hong Kong how good are (will be) US nodes? Any router from exit node to destination can be bad along with the traffic sniffing/public posting node TORxUNIXGUxRU (aka tor.unixgu.ru)- Thanks Freeman Most recently I included TORxUNIXGUxRU because they are sniffing exit traffic and posting it! :-o http://tor.unixgu.ru/ because they say they're doing something that anybody else can do without saying? Isn't better not to use clear authentication at all? Dan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE5X9qbVJpv1t+ohsRAsDjAKCe208bmceh4QUtVmIxyIkVdnR3lACdGIca 4C9njHxtpjKQdkWRk8z1v2Y= =S6qV -END PGP SIGNATURE-
what data transmission with tor is a security risk ?
- plain text pop3 - telnet ok. Is it save to surf with tor and enter login username and passwort for the website, if the form is in https ? If it's not https, is it unsafe? What other types of data transmission of login/passwort combination is sniffable ? (i know, every unencrypted, please give tricky examples, if there are) I think with .htaccess authentication the passwort is transmitted encrypted? But if the Password is weak, the sniffer can easily do an brute force attack at home...
Re: what data transmission with tor is a security risk ?
--- Matej Kovacic [EMAIL PROTECTED] wrote: Is it save to surf with tor and enter login username and passwort for the website, if the form is in https ? If it's not https, is it unsafe? My suggestion is to use: POP3 -- POP3S IMAP -- IMAPS telnet -- ssh http -- https and secure authentication for mail clients. At least that. bye, Matej SMTP = The payload (body) should be encypted using GnuPG (or other variations). Anogeorgeo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: what data transmission with tor is a security risk ?
Hi, SMTP = The payload (body) should be encypted using GnuPG (or other variations). SMTP can also use TLS/SSL. bye, Matej
Re: My ExcludeNodes list...post yours
On Fri, Aug 18, 2006 at 12:12:15PM +0300, M wrote: Yeah. Clear authentication isn't safe anywhere. I use cleartext authentication only for some must-register websites. Encrypting authentication has no point if rest of the communication is unencrypted. Depending on what constitutes authentication (and encryption). If the encryption adds integrity to the authentication (if not there already) and prevents an eavesdropper from being able to trivially learn what is needed to masquerade as you, then it has value against adversaries not sophisticated enough or motivated enough for stream hijacking. Good enough for many purposes. But in principle and for more sensitive usage your point is well taken, thus worth raising. aloha, Paul -- Paul Syverson () ascii ribbon campaign Contact info at http://www.syverson.org/ /\ against html e-mail
Re: My ExcludeNodes list...post yours
Depending on what constitutes authentication (and encryption). If the encryption adds integrity to the authentication (if not there already) and prevents an eavesdropper from being able to trivially learn what is needed to masquerade as you, then it has value against adversaries not sophisticated enough or motivated enough for stream hijacking. Good enough for many purposes. But in principle and for more sensitive usage your point is well taken, thus worth raising. You need not stream-hijack .. you can cookie-jack (like in Yahoo's case .. would give you 24hr access) .. then you look through old mail to see who else somebody does business with, request password-resets be emailed to you, and viola! You're in. If you use TOR 24x7, I'd suggest judicious use of FoxyProxy's rules to ensure traffic that you'd rather be secure than anonymous just use your own ISP (why pass a message through 3 strangers when you don't have any desire to deny you sent it?). Alternately, you can use FoxyProxy to *only* annonymize some things (like your Google searches). /. published an article on this a week or so ago. ~Mike.
Re: Traffic Logging Suggestion
On Thu, Aug 17, 2006 at 10:36:01PM +0200, David T. wrote: :I do believe one Russian exit node (was/is?) doing that .. by posting :usernames/passwords (I guess they're dunning dsniff or whatever on their :TOR box and piping the output to a webserver). : :Their stated motivation for this was to drive home the point about :end-to-end encryption, but I question their methods, which brings me to : :http://tor.unixgu.ru/ So should we be worried about the people who are pulishing (a sanitized version of) their actions or the people who discretely trolling through the traffic for their own more nafarious purposes? Their point is valid and while other have made it in theory I've never seen it generate much in the way of discussion, but when you see the number of credentials these people are getting (not to mention the associated traffic) it seems to really make people think. The big point is you can't *really* trust the exit node, that's not the way TOR works. You can have reasonable trust that the exit node can't get your IP from the available routing info, but any plain text you send through is well plain text on the way out... You should assume all exit nodes are doing this, not because they are, but becasue they could be, or other nodes on their local network could be. -Jon
A brief response on TRUTHWORTHY
Fabian Keil [EMAIL PROTECTED] wrote I don't see the problem here. The option is called AllowInvalidNodes not DoNotOnlyUseTrusworthyNodes. You can't assume that every node not marked as invalid is trustworthy. Hi Fabian, I notice you snipped away quite a lot of what I wrote and I'd ask you to please read some of it again. If you have questions feel free to email me direct. The term trustworthy comes from the passage in the manual, I didnt write it. http://tor.eff.org/tor-manual.html.en I quote AllowInvalidNodes entry|exit|middle|introduction|rendezvous|... Allow routers that the dirserver operators consider invalid (not trustworthy or otherwise not working right) in only these positions in your circuits. The default is middle,rendezvous, and other choices are not advised. Some of my text was in in colloquial English, sorry.. The term muster essentially means to gather together (usually an army or troop) So you would muster you men - OK so far? In this context (tor) it just means anyone who can put together a server. It has no connotation on that servers ability for or against its accessing any keys or its ability at all. Im afraid you took a wrong turn there, sorry. As for the Levels1..4 pushing folk away - on the contrary, everyone at the moment would slot into one or other of these categories. Just that some might not want to or get to the upper levels. There would be no loss of servers just the ability for the user to choose which level of security they prefer. Thats democratic yes/no? Of course you can still use your cryptic keys, if you want to, just like the internet uses ip addresses today. But for many internal torland websites, a userfriendly URL like alternative, supported by something akin to a torlandDNS system, would be an advantage to get the average man/woman in the street interested. We are thinking BIG here, not a few thousand nodes, but a few hundred thousand perhaps a few million. A complete hidden internet, backed up by tens/thousands of terabytes of disk space, web sites served up/duplicated across the entire system. This is what ENTROPY (the network - is this dead yet?) does, approximately. You know, you could always argue to do nothing, never create a Tor network, never use Tor, never encrypt, never invent guard nodes etc. Its easy - just think of the exteme case when these defenses dont work and reason its not worth bothering to do in the first place. But we dont - or at least not all of us do! The thing about security is like anything in life - its an uphill struggle. Always changing, always getting more difficult, as your adversary gets better. Really just like LIFE and EVOLUTION, just like living viruses and bacterial adaptation to drugs etc. Everytime you develop something, some monkey with a wrench comes along and makes all your efforts as nothing. The ONLY way to stay on top of this is to get out there and do something! We ALL know this - its our natural instinct, survival. So to keep these flood servers at bay we need to erect barriers, hence my Levels1..4. OK some Agent Blacks may be able to pass themselves off as home nodes but how many and will the tor community get wise to them? The way it stands at the moment we do NOTHING! So we will eventually be overrun, if we do nothing. WHAT everyone needs to understand is that your adversary out there, who snoops on you, will ALREADY be watching and infiltrating the tor network, forums, mailing lists, dev teams and the likes. His/her interest is to snoop on you and what better way to do this than from the inside. ASK yourselves - WHY is it that people keep posting on commonly (for most tor users?) understood problems of EXIT node logging of passwords etc, when a successful attack can only really be traced to a source by both entry and exit node logging and timing solutions, exactly what we are told is going on in the US. Why arent they screaming from the rooftops about these highvolume snoop nodes? Once again to date we still have no server nicks having been circulated here for users to exclude. Again thats odd, dont you think? If I were a Tor adversary (a government say) I would first get control of as much of the development team as possible. I would put in a few trustable fast nodes - say by using university departments or the like (those who have an excuse to have high bandwidth/fast servers) - staffed with a few chosen men/women. Then I would alter the code so that it was luke warm. If I was wanting to use it myself (with military strength) I would write the code with sections (functions/proceedures) which could easily (by a build server) be replaced with my hardening code versions. I would do my level best to stop any of those hardening techniques from getting into the actual code. But of course, some items I would have to add, say like guard nodes, because thats system wide. Anyone suggesting hardening changes (particularly
Re: A brief response on TRUTHWORTHY
On 18.08.2006 at 17:23 [EMAIL PROTECTED] wrote: Of course you can still use your cryptic keys, if you want to, just like the internet uses ip addresses today. But for many internal torland websites, a userfriendly URL like alternative, supported by something akin to a torlandDNS system, would be an advantage to get the average man/woman in the street interested.There already is torque, a naming daemon which allows you to map .onion addresses to keys which are more easily to remember (e.g. 6sxoyfb3h2nvok2d.onion becomes hiddenwiki.tor) It can be checked out from http://balrqba4x57ofa6s.onion/torque.php, but I'd like to refrain from commenting on possible security issues for now.Niels --OpenPGP key fingerprint:D778 942B F1E4 45E2 E8ED 32AE F980 011B 393D FBF9 PGP.sig Description: Signierter Teil der Nachricht
Re: following on from today's discussion
On Friday 18 August 2006 22:47, Roger Dingledine wrote: [Dropping the or-dev CC since this isn't related to Tor development] On Fri, Aug 18, 2006 at 10:14:29PM +0100, Robert Hogan wrote: That aside, I think it has highlighted a security risk that Tor itself may be guilty of understating to new users, namely that using Tor exposes your traffic to a much higher likelihood of being eavesdropped than normal. For example, I am not a network admin by day so I do not have access to public internet traffic through legal means. Yet I am running a Tor exit server, so I can now legally (though unethically) listen to your internet traffic and harvest any passwords that go by. Actually, look at http://tor.eff.org/eff/tor-legal-faq.html.en#ExitSnooping It is an open legal question -- that is, there's no clear precedent with respect to Tor servers -- but it's probably not wise to just assume that it's legal. Also, remember that there are many jurisdictions out there, and they all have their own complex laws. I do not think the gravity of this trade-off by the tor user (security for anonymity) is adequately represented. I agree. Somebody should write a clear introduction to Tor, what it does, and what it doesn't do. One day that somebody will be me, but I would welcome some early versions to help me along. Now that I see it for what it is, I am definitely going to introduce some sort of nag/warning to TorK so that the user is warned at least once that using plaintext protocols carrying authentication information on Tor carries a serious health warning. Am I overstating the case? Do others think that the nature of the compromise tor users make is transparent to them? The reason I haven't emphasized the issue so far is that I think you're overstating the protection ordinary users get from the Internet as it is. For example, if you're on a local network with other users (often including everybody in your neighborhood for cablemodem systems), you're not in very good shape. Tor solves this issue, and for many users it's a huge issue. Then there's the question of the Internet infrastructure itself -- your Internet packets travel over a wide variety of places on the way to their destination. Sometimes packets get mis-routed to, well, pretty much anywhere. The chance that any hop along the way is able to observe them -- for example because of a crooked employee, but also because some Russian cracker 0wns a computer nearby in the path -- is hard to estimate in general, but from studying botnets and dealing with net security for the past decade or so, I don't feel it's as low as you imply. All that said, I agree with you that most of the danger is probably at the endpoints of the communication -- on the path from you to your entry Tor node, and on the path from your exit node to your destination. Tor solves the first issue and changes the second issue -- possibly for the worse, depending on your situation. So barring any actual data about the security of the Internet as a whole, which seems hard to get, I still stick with my answer from http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers If you're not using end-to-end encryption, then you're in bad shape, whether you use Tor (and are exposed to one set of risks) or don't use Tor (and are exposed to a different set of risks). --Roger Thank you for that very considered response. Tor definitely does change the qualtitative and quantative risk of being eavesdropped though - and i think it is this fact that is understated. The anonymity provided by tor comes at a price: the increased risk of any-old-joe (and not just the corener cases of a crooked isp employee, or a hacker listening to misrouted packets) harvesting your traffic. The exact degree of this increased risk obviously depends on your view of the risk posed by normal use of the internet, as you have pointed out. My feeling is that anything that extends the circle of risk from exposure to hackers/crooked ISP employees/ISPs themselves to exposure to the likes of me (a curious amateur with no special priveleges) represents a sea-change in the user's security 'posture'. I'm not saying that the shift is catastrophic but it is definitely a compromise that needs more emphasis. -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net
Re[2]: Traffic Logging Suggestion
Are there other possible solutions that we could integrate with Tor to make an end to end encrypted connection, or equivalent privacy? We could implement SSL proxies, but this simply takes the burden of plain-text from the exit node to the end of the SSL connection. Or better yet, should there be a new international policy that all websites/ISPs should impose SSL? What would the effects be on traffic loads if this were to take place? In the very least we should consider informing website hosts that if they have sensitive information where dissidents or otherwise often visit, that SSL should be mandatory. Regards, Arrakistor Thursday, August 17, 2006, 11:27:57 PM, you wrote: On Thu, 2006-17-08 at 18:13 -0700, Anothony Georgeo wrote: Unixgu.ru doesn't seem to be running tor.unixgu.ru anymore as I can't find this server or derivaties on http://serifos.eecs.harvard.edu/cgi-bin/exit.pl . Just to be extra cautious I added there old nic to my ExcludeNodes list. GeoIP data: Server: tor.unixgu.ru IP Address: 85.31.186.26 Organization: EUserv Internet Country: Germany City, State: Jena, 15 WhoIS: Organization Name: RIPE Network Coordination Centre Address: P.O. Box 10096 City, State: Amsterdam , Postal Code: 1001EB Country: NL Anogeorgeo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From some googling I did the Nickname for the tor.unixgu.ru node seems to be/have been torxunixguxru I used that in my ExcludeNodes. After seeing your post I did some double checking and the IP addys match what you posted here. I would also like to thanks Michael Holstein for bringing this point up (back up?). Although I strongly Disagree with uinxgu.ru's actions. There does seem to be a need to educate users to the limitations of Tor. I look around after my earlier post (Sorry, Nick, et al I really didn't mean to fuel that. I was genuinely trying to be helpful.) and found that there is already a very nice write up in the Tor Wiki on the lines of can and can't do. I do think there is a need for a more condensed version with a link or links to the nice write up on the Wiki. The condensed version being very to the point. i.e. Tor will not protect e-mail,telnet,etc passwords, Tor wont make you anonymous if you use it to log into your (pre-existing) Yahoo account, etc. Many home users I help have only the most limited concept of computer/Internet security issues and sadly no patience for reading anything the seems even remotely technical. I'm still willing to take a stab at writing it as long as the Dev's will proof read if and make sure I don't make any embarrassing misstatements. I think the hardest part will be explaining clearly what Tor CAN do in a non technical way. Take Care Freemor -- Freemor [EMAIL PROTECTED] Freemor [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG
Re: Tor and Google Image search
Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): Brian C wrote: Hi, Shatadal wrote: Hi, Whenever I use google image search via tor the search page serves up empty pages. Without tor google image search behaves as it normally does. Does anybody else face this problem? Thanks. Just tried http://images.google.com using tor on Debian. Did two searches which worked great. Brian i've the problem on w2k with the last vidalia bundle. I think it's a new privoxy default config, if I use tor as a socks proxy i can see the thumbs images.google Dan Actually, I've started noticing this even though my privoxy config hasn't changed in a long while. I think its something new that images.google.com is doing that privoxy doesn't like. If you add: { fragile } images.google.com to your Privoxy action file, it works again. To declare everything as fragile: { fragfile } . Perhaps the images.google.com declairation should be added to the Privoxy that is shipped with vidalia/tor. It is likely to be pretty frustrating to new users. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Re: following on from today's discussion
Thus spake Roger Dingledine ([EMAIL PROTECTED]): It's certainly hard to pin down the exact risks here -- there are clearly huge risks on both sides. Somebody should write up a clear concise explanation, perhaps based on some statements from this thread. :) I'd like to also add that it is possible for rogue Tor servers to go beyond simply evesdropping on traffic. On one occasion I recieved a corrupt .exe file via Tor.. It appeared to be just noise, but it woke me up to the possibility that it is quite feasible that Tor exit nodes can do all sorts of things to traffic: modifiying .exes, injecting browser/media format exploits, etc etc. Since the Tor client scrubbs logs, it can be difficult to tell which exit server was in fact responsible, especially if they only target a small percentage of connections. It might be nice if Vidalia had an option to retain some connection history in-memory only for a period of time on the order of 10s of minutes for the purposes of monitoring for malicious/censored exit nodes. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Re: Tor and Google Image search
Thus spake Mike Perry ([EMAIL PROTECTED]): to your Privoxy action file, it works again. To declare everything as fragile: { fragfile } .. Ouch. Two typos, one caused by me, one by mailinglist/MTA. This should be one period. And { fragile }, just like before. { fragile } . -- Mike Perry Mad Computer Scientist fscked.org evil labs
Polipo web proxy (was Re: Tor and Google Image search)
On Fri, Aug 18, 2006 at 06:42:28PM -0500, Mike Perry wrote: Actually, I've started noticing this even though my privoxy config hasn't changed in a long while. I think its something new that images.google.com is doing that privoxy doesn't like. Exciting. Thanks for tracking this down. Perhaps the images.google.com declairation should be added to the Privoxy that is shipped with vidalia/tor. It is likely to be pretty frustrating to new users. What I'd like to do actually is move to some other http proxy one day. (I once dreamed of taking the http proxy out of the loop entirely now that Firefox supports safe socks, but it turns out that the entire networking component of Firefox blocks during socks handshakes, so that is not an option until somebody does a major overhaul of Firefox.) I am thinking Polipo is a nice next option: http://www.pps.jussieu.fr/~jch/software/polipo/ I've been using it the past month or two with good success. Can other people here give it a try and see if we can clean it up? (You will need the latest development version.) Known issues when using Polipo with Tor: 1) In the config.sample, it suggests socksParentProxy = localhost:9050 You should either change this to 127.0.0.1:9050, or enable the dnsUseGethostbyname config option -- otherwise polipo asks your name servers where localhost is, with possibly disastrous implications. 2) Polipo doesn't do as much application-level scrubbing as Privoxy tries to do. But Privoxy isn't very good at it anymore anyway, and Firefox is getting better. See previous threads about all the Firefox plugins you need so you can discard Privoxy -- I recommend Noscript, Adblock, and Adblock Filterset.G. 3) I've seen some funny behavior from its caching. But Privoxy also gives funny behavior. And Polipo breaks fewer sites than Privoxy does. :) 4) It crashes (albeit rarely). The developer knows and is looking for more clues. 5) I've never tried it on Windows. I don't think its developer has either. 6) Polipo writes your hostname in every request. Either define proxyName to something else, or set DisableVia = true in your config file. See also http://article.gmane.org/gmane.comp.web.polipo.user/1016 Thanks, --Roger
Re: Polipo web proxy (was Re: Tor and Google Image search)
On Fri, Aug 18, 2006 at 07:49:56PM -0500, Mike Perry wrote: 7) The definition of parent proxy is different between Polipo and Privoxy. It turns out Privoxy has teh awesoma poweru of being able to have an HTTP proxy after Tor. This is useful for sites that block Tor, such as slashdot wikipedia (for posting), craigslist, IRC, etc etc etc. I was unable to find a way for Polipo to do this. It made me sad. Course it aint exactly convenient for Privoxy, but at least it's there when you absolutely need to start some flame wars on /. ;) Polipo can do this too. Just set both your parentProxy and your socksParentProxy. --Roger