[tor-talk] SafeLogging
I'm running Tor v0.2.3.25 in bridge mode on Win 7. I can write SafeLogging 1 | relay into torrc, but SafeLogging 0 doesn't take (I write it into torrc, but then when I go look at the running torrc from vidalia, it's not there), and the Message Log records [scrubbed]. This didn't happen - I was able to see all the nodes - in previous versions. I'm curious: is the info for SafeLogging in tor-manual.html.en out of date? If this is not the sort of question to discuss in the clear forum, I'll be glad to send it encrypted to Support. Much obliged, eliaz -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [RELEASE] Torsocks 2.0.0-rc2
David Goulet wrote (05 Nov 2013 21:08:33 GMT) : In terms of new naming, I would personally *love* that but we have to be careful with package that depends on torsocks and one comes into mind, parcimonie. So, if we decide that a new name is a good idea, packaging needs to consider the transition and possible breakage. At least for parcimonie (which I'm upstream for), I'm pretty sure we'll manage to talk to each other and provide a good transition path :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor Weekly News — November 6th, 2013
Tor Weekly News November 6th, 2013 Welcome to the nineteenth issue of Tor Weekly News, the weekly newsletter that covers what is happening in the up-to-date Tor community. Tails 0.21 is out - The Tails developers anounced the 34th release [1] of the live system based on Debian and Tor that preserves the privacy and anonymity of its users. The new version fixes two holes that gave too much power to the POSIX user running the desktop: Tor control port cannot be directly accessed anymore to disallow configuration changes and IP address retrieval, and the persistence settings now requires privileged access. On top of these specific changes, the release include security fixes [2] from the Firefox 17.0.10esr release and for a few other Debian packages. More visible improvements include the ability to persist printer settings, support for running from more SD card reader types, and a panel launcher for the password manager. For the curious, more details can be found in the full changelog [3]. As with every releases: be sure to upgrade! [1] https://tails.boum.org/news/version_0.21/ [2] https://tails.boum.org/security/Numerous_security_holes_in_0.20.1/ [3] https://git-tails.immerda.ch/tails/plain/debian/changelog New Tor Browser Bundles based on Firefox 17.0.10esr --- Erinn Clark released new versions of the Tor Browser Bundle [4] on November 1st. The previously “beta” bundles have moved to the “release candidate” stage and are almost identical to the stable ones, except for the version of the tor daemon. A couple of days later, David Fifield also released updated “pluggable transport“ bundles [5]. The new bundles include all security fixes from Firefox 17.0.10esr [6], and updated versions of libpng, NoScript and HTTPS Everywhere. It also contains a handful of improvements and fixes to the Tor Browser patches. Users of older version of the Tor Browser bundles should already have been reminded to upgrade by the notification system. Don't forget about it! This should be the last bundles based on the 17 branch of Firefox as it is going to be superseded by the 24 branch as the new long-term supported version in 6 weeks. Major progress has already been made by Mike Perry and Pearl Crescent to update the Tor Browser changes and review the new code base [7]. [4] https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-17010esr [5] https://blog.torproject.org/blog/pluggable-transports-bundles-2417-rc-1-pt1-firefox-17010esr [6] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10 [7] https://trac.torproject.org/projects/tor/query?keywords=~ff24-esr Monthly status reports for October 2013 --- The wave of regular monthly reports from Tor project members for the month of October has begun early this time to reach the tor-reports mailing-list: Damian Johnson [8], Linus Nordberg [9], Karsten Loesing [10], Philipp Winter [11], Ximin Luo [12], Lunar [13], Kelley Misata [14], Matt Pagan [15], Sherief Alaa [16], Nick Mathewson [17], Pearl Crescent [18], George Kadianakis [19], Colin Childs [20], Arlo Breault [21], and Sukhbir Singh [22]. [8] https://lists.torproject.org/pipermail/tor-reports/2013-October/000367.html [9] https://lists.torproject.org/pipermail/tor-reports/2013-October/000369.html [10] https://lists.torproject.org/pipermail/tor-reports/2013-October/000370.html [11] https://lists.torproject.org/pipermail/tor-reports/2013-November/000371.html [12] https://lists.torproject.org/pipermail/tor-reports/2013-November/000372.html [13] https://lists.torproject.org/pipermail/tor-reports/2013-November/000373.html [14] https://lists.torproject.org/pipermail/tor-reports/2013-November/000374.html [15] https://lists.torproject.org/pipermail/tor-reports/2013-November/000375.html [16] https://lists.torproject.org/pipermail/tor-reports/2013-November/000376.html [17] https://lists.torproject.org/pipermail/tor-reports/2013-November/000377.html [18] https://lists.torproject.org/pipermail/tor-reports/2013-November/000378.html [19] https://lists.torproject.org/pipermail/tor-reports/2013-November/000379.html [20] https://lists.torproject.org/pipermail/tor-reports/2013-November/000380.html [21] https://lists.torproject.org/pipermail/tor-reports/2013-November/000381.html [22] https://lists.torproject.org/pipermail/tor-reports/2013-November/000382.html Tor Help Desk Roundup - One person asked why the lock icon on the Tor Project's website was not outlined in green. Sites that use HTTPS can purchase different types of SSL certificates. Some certificate issuers offer certificates that supply ownership information, such as the physical
[tor-talk] Dangers of using Tor client as SOCKS 5 proxy from another application?
I recently added SOCK 5 client support to CGIProxy, and it can now act as a front-end to a Tor client on the same machine. I hear this isn't recommended, but I'm trying to find out any specific security risks of doing so, so I can address them. Can you think of any risks? Why is this setup not recommended? This might be useful to give a clientless interface to the Tor network, if a user can't or doesn't want to install anything on their browsing machine (e.g. Internet cafes, fear of malware). Using the Tor Browser Bundle isn't an option in these situations. I know SOCKS 5 is insecure without GSSAPI, but if both ends of the SOCKS 5 connection are on the same machine, is there any risk? Are there tools that can spy on local connections? I'm always interested to hear of any other security risks with CGIProxy too. For the record, it safely supports JavaScript and Flash, and prevents any direct connection between the user and the destination server. The next release supports and uses the Content-Security-Policy: header to ensure that, on top of what the program already does. Thanks for any thoughts. No idea too small. Links to other discussions welcome. Cheers, James -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites
On 05/11/2013 15:32, Joe Btfsplk wrote: On 11/2/2013 2:04 PM, Sukhoi wrote: I am experimenting problems with TorBrowser on the last months. On most of the web sites I have to reload it 2 to 8 times until it loads, receiving most of the times messages like this: Unable to connect Firefox can't establish a connection to the server at blog.torproject.org. Sukhoi - a bit off topic, but I'm not sure your problem is w/ Kaspersky or any AV / FW. If you haven't upgraded to TBB 2.4.x (still beta), may try that. I think what you're seeing (if using TBB 2.3.x) is pretty common. Was for me until I upgraded. Joe, Thanks for the comments. I did additional tests and possibly you are right about the Kaspersky and AV. I just installed the latest Tor 2.4.x beta version, on Win 8 x64. The problem seems to be a bit smaller, but stands, having to load and reload the pages many times to get the content. Tried also Tor 2.3 stable release on Linux, were the problem did not happened. Sukhoi -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] How to find out the session key
Hi, I have read the design paper for TOR and build my onion router successful. I know where the onion key, RSA public key, certificate stored, but I can’t find the session key (created by Diffie-Hellman algorithm, which is used to generate a cipher stream). I think the session key is stored somewhere in memory (or just in file?), could anyone please give me a hint how to find out the key. Thanks for your kindness. zhening -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB 2.3 sometimes doesn't open pages 1st try (was: Kaspersky still interferes with SSL port 443 sites)
On 11/6/2013 5:51 PM, Sukhoi wrote: On 05/11/2013 15:32, Joe Btfsplk wrote: On 11/2/2013 2:04 PM, Sukhoi wrote: I am experimenting problems with TorBrowser on the last months. On most of the web sites I have to reload it 2 to 8 times until it loads, receiving most of the times messages like this: Unable to connect Firefox can't establish a connection to the server at blog.torproject.org. Sukhoi - a bit off topic, but I'm not sure your problem is w/ Kaspersky or any AV / FW. If you haven't upgraded to TBB 2.4.x (still beta), may try that. I think what you're seeing (if using TBB 2.3.x) is pretty common. Was for me until I upgraded. Joe, Thanks for the comments. I did additional tests and possibly you are right about the Kaspersky and AV. I just installed the latest Tor 2.4.x beta version, on Win 8 x64. The problem seems to be a bit smaller, but stands, having to load and reload the pages many times to get the content. Tried also Tor 2.3 stable release on Linux, were the problem did not happened. Interesting. Each OS each TBB version may act a bit differently. I'm using Vista x64 - could be differences vs. W8. Others using W8 will have to weigh in. However, I've read many reporting same issues of TBB not loading pages, that improved or disappeared when moved to 2.4.x. Maybe new series 3.x is worth trying, but it's still alpha, so maybe ? not suitable for serious anonymity requirements (freedom, life death situations). I didn't see a speed change using TBB 3, but speed isn't Tor's purpose. I saw no diff in pages loading (or not) on 1st try, in 2.4.x vs. 3.0, using Vista. I tried 3.0a4 had same issue some others did - the browser opened empty. No menus, etc. Trac bug report said adding lines below, to userPerf.js in the TBB profile would fix it it did, for me. May now be a later version w/ this fix in it. TBB 3.0a4 - Pref.js (or userPref.js) entries - must be added before it will work. Otherwise, browser opens empty. user_pref(gfx.direct2d.disabled, true); user_pref(layers.acceleration.disabled, true); -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk