Re: Tor 0.2.2.22-alpha is out
*Hi* *Tor is running since yesterday!* *Thanks Tor for support us in Iran* On Sun, Jan 30, 2011 at 10:30 AM, Roger Dingledine a...@mit.edu wrote: Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The main other change is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. We don't expect this tweak will win the arms race long-term, but it will buy us a bit more time until we roll out a better solution. Anybody running a relay or bridge who wants it to work for Iran should upgrade. https://www.torproject.org/download/download Changes in version 0.2.2.22-alpha - 2011-01-25 o Major bugfixes: - Fix a bounds-checking error that could allow an attacker to remotely crash a directory authority. Bugfix on 0.2.1.5-alpha. Found by piebeer. - Don't assert when changing from bridge to relay or vice versa via the controller. The assert happened because we didn't properly initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes bug 2433. Reported by bastik. o Minor features: - Adjust our TLS Diffie-Hellman parameters to match those used by Apache's mod_ssl. - Provide a log message stating which geoip file we're parsing instead of just stating that we're parsing the geoip file. Implements ticket 2432. o Minor bugfixes: - Check for and reject overly long directory certificates and directory tokens before they have a chance to hit any assertions. Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by doorss. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNRQyK61qJaiiYi/URArD2AJ4oV2y8AkwauDI1in80SFKZH1bw9ACgpVrO RWQbSEo2twF6eMgbvsB6XNg= =RRxg -END PGP SIGNATURE-
What are email risks?
In email, what are anonymity risks? Header contains sender domain (maybe IP) but what else? -- Jerzy Łogiewa -- jerz...@interia.eu Skorzystaj ze spadku cen mieszkań - znajdź swoje nowe M! Sprawdź http://linkint.pl/f2910 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: What are email risks?
In email, what are anonymity risks? Header contains sender domain (maybe IP) but what else? Probably the whole header. But except from the obvious I would especially look for the received: lines, the date (because it might contain your timezone) and the X-Mailer header (shows your user agent). best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: What are email risks?
On Wed, Feb 2, 2011 at 5:47 PM, Jan Weiher j...@buksy.de wrote: In email, what are anonymity risks? Header contains sender domain (maybe IP) but what else? Probably the whole header. But except from the obvious I would especially look for the received: lines, the date (because it might contain your timezone) and the X-Mailer header (shows your user agent). In addition to e-mail headers which do indeed generally contain multiple IP addresses and time zone information, there is a fair bit of stuff that can be used for fingerprinting as well. Not just the obvious things like the X-Mailer header, but things like which headers are present, the order they appear in, and the formatting of the MIME envelope, can all help identify the software in use. Combine that sort of stuff with analysis of writing style, vocabulary, etc. and you might be able to correlate two e-mails as originating from the same person with some degree of accuracy. I'm not aware of any research into the trackability of such things, as e-mail generally isn't considered anonymous anyway, but a lot of the work that has gone into fighting spam would actually have implications here as well. -- Bjarni R. Einarsson The Beanstalks Project ehf. Making personal web-pages fly: http://pagekite.net/
Re: What are email risks?
Bjarni Rúnar Einarsson writes: Combine that sort of stuff with analysis of writing style, vocabulary, etc. and you might be able to correlate two e-mails as originating from the same person with some degree of accuracy. I'm not aware of any research into the trackability of such things, as e-mail generally isn't considered anonymous anyway, but a lot of the work that has gone into fighting spam would actually have implications here as well. Hi Bjarni, There is a stylometry item in the anonbib where they do statistical analysis of features of writing style: http://www.usenix.org/publications/library/proceedings/sec2000/full_papers/rao/rao.pdf I bet these techniques have gotten more powerful as the field of machine learning has developed, although I don't know if there are more recent studies of what this means for anonymity. -- Seth Schoen Senior Staff Technologist sch...@eff.org Electronic Frontier Foundationhttps://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
IP address blocked on certain site
Using latest stable Vidalia / Tor bundle for Win (Vista x64). Never really had this prob before installing latest ver, but could be coincidence. When using Tor/ Torbutton, only one site gave message (to the effect) the IP address you're using has been determined to be abusing this site ? / server ?. Access denied. Then it showed the full IP address. I could never get that site to stop showing that same, blocked address, no matter what I did. Tried closing the tab in Firefox. Then tried closing Tor Firefox, restarting. Same msg from site, w/ same IP address shown. Also, tried refreshing the Tor network, so all new nodes. Made no diff. After doing the above ( site still showing old IP address when I opened a new browser tab, then tried site again) I checked my ACTUAL current exit IP address by going to a Tor check site. As I figured, it showed a diff IP address than the blocked site was still showing, at the very same time as I checked at Tor check site. Somehow that old IP address was being stored somewhere, even though it was no longer the exit address being used in Tor network. How / why did the site keep showing the old address after doing all those steps? Is there an easier way to deal w/ this problem than the many steps I took? Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: IP address blocked on certain site
On Wed, 02 Feb 2011 16:27 -0600, Joe Btfsplk joebtfs...@gmx.com wrote: Using latest stable Vidalia / Tor bundle for Win (Vista x64). Never really had this prob before installing latest ver, but could be coincidence. When using Tor/ Torbutton, only one site gave message (to the effect) the IP address you're using has been determined to be abusing this site ? / server ?. Access denied. Then it showed the full IP address. I could never get that site to stop showing that same, blocked address, no matter what I did. Tried closing the tab in Firefox. Then tried closing Tor Firefox, restarting. Same msg from site, w/ same IP address shown. Also, tried refreshing the Tor network, so all new nodes. Made no diff. After doing the above ( site still showing old IP address when I opened a new browser tab, then tried site again) I checked my ACTUAL current exit IP address by going to a Tor check site. As I figured, it showed a diff IP address than the blocked site was still showing, at the very same time as I checked at Tor check site. Somehow that old IP address was being stored somewhere, even though it was no longer the exit address being used in Tor network. How / why did the site keep showing the old address after doing all those steps? Is there an easier way to deal w/ this problem than the many steps I took? Thanks. I had a similar problem with a site. I came to the conclusion that it was Polipo cacheing. You can try inserting a 'Pragma: No-cache' header using Modify Headers or a similar addon, though that does make you stand out. GD -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/