Forgive me, but I'd like to ask a question here.
Tor is a tool that is undeniably, directly marketed toward activists in
high-risk environments. Tor's presentations at conferences centre around how
Tor obtains increased usage in Arab Spring countries that matches the timeline
of revolutionary
Maybe because of the difficulty on finding those vulnerabilities to exploit the
system.
Being bulletproof against everything, as we know, is impossible, therefore if
you notice that the government (with a huge amount of resources) have found a
vulnerability in your software you can accept
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an unknown
amount of time that can compromise the Tor Browser Bundle
is that really so? See:
https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/
On 2013-08-05, at 10:46 AM, Georg Koppen g.kop...@jondos.de wrote:
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle
is that really so? See:
On Mon, Aug 05, 2013 at 10:46:35AM +0200, Georg Koppen wrote:
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle
is that really so? See:
BTW (same comment in two pages :P):
The vulnerability being exploited by this attack was fixed in Firefox 22 and
Firefox ESR 17.0.7. The vulnerability used is MFSA 2013-53People who are on the
latest supported versions of Firefox are not at risk.Although the vulnerability
affects users of
On Mon, Aug 5, 2013 at 9:46 AM, Nadim Kobeissi na...@nadim.cc wrote:
Hmm. So it's more of a 38-day. Perhaps there should have been a Tor Browser
security advisory in that case.
I'm not sure how long the Tor bundle goes without actively complaining
to the user about things being out of date.
On 2013-08-05, at 11:04 AM, Michael Owen mich...@theramparts.com wrote:
On Mon, Aug 5, 2013 at 9:46 AM, Nadim Kobeissi na...@nadim.cc wrote:
Hmm. So it's more of a 38-day. Perhaps there should have been a Tor Browser
security advisory in that case.
I'm not sure how long the Tor bundle
The fog of OHM hasn't yet lifted for me, so I'm sorry if I'm not entirely
poetic in thought…
Before people jump in and say the tor network is inherently flawed! I just
want to try to put it in perspective. As I understand it, an .onion got owned,
probably by some poorly written or installed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I'd like to ask advice of people working in human rights, civil rights,
investigative journalism communities.
I am doing my MSc in human-computer interaction, focusing on mobile Privacy
Enhancing Technology tools, a lot of which are discussed
On Mon, 5 Aug 2013 10:15:20 +0200
Nadim Kobeissi na...@nadim.cc wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle,
which is currently the main way to download Tor and the only way to
download Tor for
On Mon, 5 Aug 2013 10:04:02 +0100
Michael Owen mich...@theramparts.com wrote:
I'm not sure how long the Tor bundle goes without actively complaining
to the user about things being out of date.
TBB notifies the user within an hour of releasing the new version. The
hour lag is because our
On Mon, Aug 05, 2013 at 09:19:01AM -0400, liberationt...@lewman.us wrote:
Please cite first person sources on this. It's not clear the FBI did
anything or is involved at all. There is a reddit thread implying this,
but no statement (as of yet) from the FBI or anyone claiming
responsibility for
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an unknown
amount of time that can compromise the Tor Browser Bundle
is that really so? See:
https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/
On 2013-08-05, at 4:19 PM, liberationt...@lewman.us wrote:
On Mon, 5 Aug 2013 10:15:20 +0200
Nadim Kobeissi na...@nadim.cc wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle,
which is currently the
From: mhssuli...@yahoo.com mhssuli...@yahoo.com
Hi everyone! We're having a crisis situation here in Khartoum, heavy rains
that turned into floods, houses falling, areas drawning and the latest
update 3 kids drawned! I made a map for people to put reports about the
situation, trying to plug a
On Mon, Aug 05, 2013 at 04:54:00AM -0400, Roger Dingledine wrote:
Specifically, it would appear that the TBB updates we put out on
June 26 addressed this vulnerability:
https://lists.torproject.org/pipermail/tor-announce/2013-August/89.html
has some more details now.
Or see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/05/2013 05:00 PM, Nadim Kobeissi wrote:
On 2013-08-05, at 4:19 PM, liberationt...@lewman.us wrote:
On Mon, 5 Aug 2013 10:15:20 +0200 Nadim Kobeissi na...@nadim.cc
wrote:
Now, we find out that the FBI has been sitting on an exploit
Il 8/4/13 10:31 PM, liberationt...@lewman.us ha scritto:
Tor's official response is here,
https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
After a quick check at a random Tor2web server, it seems that there's no
specific pattern of traffic-drop.
Who knows,
On 2013-08-05, at 6:38 PM, Roger Dingledine a...@mit.edu wrote:
On Mon, Aug 05, 2013 at 04:54:00AM -0400, Roger Dingledine wrote:
Specifically, it would appear that the TBB updates we put out on
June 26 addressed this vulnerability:
Fabio Pietrosanti (naif) li...@infosecurity.ch wrote:
After a quick check at a random Tor2web server, it seems that there's no
specific pattern of traffic-drop.
Who knows, maybe the amount of TorHS that has been takendown are just a
few.
Yeah, it seems like people are vastly
From: Paige veeforvolunt...@gmail.com
Hey y'all!
Just a quick intro: I'm the Community Manager at Open Garden, a company
making a mesh networking app for Android based in SF. I'm also a
decentralization enthusiast and liberty activist.
I'm interested in discussing potential collaborations
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Caleb,
On 03/08/13 01:33, Caleb James DeLisle wrote:
We could spend a long time discussing locally effective attacks on
social networks and not be any closer to agreement.
Instead I think it's worth asking who your attacker is... I find
that
Mozilla posted the advisory on June 25th.
https://www.mozilla.org/security/announce/2013/mfsa2013-53.html and a
TBB update was provided 5 days later:
https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released
- and uses a version of FF that the advisory says fixes the issue.
So
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
On 08/05/2013 01:26 PM, Michael Rogers wrote:
Hi Caleb,
On 03/08/13 01:33, Caleb James DeLisle wrote:
We could spend a long time discussing locally effective attacks on social
networks and not be any closer to agreement.
Instead I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Firstly: this is not a anti-Tor/pro-anything/anti-developer comment. If
anything it's pro-have_some_understanding_for_people point-of-view. I
contribute to Tor as I believe it can do a lot of good.
As I understand it, the issue was: a compromise
Nadim certainly has a point about the disparity between how his efforts
were received and the overall level of respect/support Tor receives.
Hopefully, he will continue on and when his software accumulates the track
record that Tor has he will be suitably rewarded. He certainly writes
recently
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is this true?
http://arstechnica.com/tech-policy/2013/08/researchers-say-tor-targeted-malware-phoned-home-to-nsa/
Initial investigations traced the address to defense contractor SAIC, which
provides a wide range of information technology and C4ISR
Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote:
By what Roger Dingledine from Tor has stated in a previous mail, The Tor
Project provided the you need to upgrade message promptly. I don't know
if that is enough. (But it is certainly a lot more that other providers of
software would do.)
I
Il 8/5/13 1:15 PM, Andrea St ha scritto:
Hello Liberationtech friends,
after the last research on Twitter
(bits.blogs.nytimes.com/2013/04/05/fake-twitter-followers-becomes-multimillion-dollar-business/),
i'm doing a new about Facebook. What is your definition of social spam
on Facebook?
If
You realize Tor didn't know this vuln was an issue until two days ago?
The Tor Browser Bundle is based off of Firefox ESR releases. All the high
profile security issues fixed are listed on the Firefox ESR known
vulnerabilities web page. You want them to copy that page for you?
Al
--
Al
In these times of strife and mass insecurity in Nigeria, worsened by gross
mismanagement of our resources and arrant neglect of the Nigerian youths by
the powers that be, the best thing that can ever happen to us is a place
where we can “hang out” together and decide our own destiny by ourselves.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5 Aug 2013, at 21:08, Al Billings wrote:
You realize Tor didn't know this vuln was an issue until two days ago?
I presume thats directed at Griffin.
The Tor Browser Bundle is based off of Firefox ESR releases. All the high
profile security
Why should they? Just make sure you're running the most recently released
version.
--
Al Billings
http://makehacklearn.org
On Monday, August 5, 2013 at 1:18 PM, Bernard Tyers - ei8fdb wrote:
The Tor Browser Bundle is based off of Firefox ESR releases. All the high
profile security
Hi folks,
Following up on Kirby Plessas's email, we're hosting FreedomHack this
weekend at DC's 1776 incubator. We're connecting hackers, activists, and
journalists to build tools to help folks in Mexico safely get their stories
out to the world. But we're not stopping there - Dlshad Othman,
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog. Two days ago I presented a talk which
emphasized how useful Tor is -- and I stand by that. Tor is still the
best option for maintaining
I'm not sure what you're trying to say here exactly.
Tor doesn't apply a patch to TBB, AFAIK. They build on top of Firefox ESR.
The current Firefox ESR17 (and the current TBB) have the bug fixed that
everyone is talking about. If you're current, you're safe.
So, then the problem becomes: why
Does anybody have any indication on how the alleged operator of Freedom
Hosting was identified. Everybody seems to be focusing on the javascript
exploit but from what I've read, it appears that was placed on the
server after the alleged operator was taken down and the operation
compromised, or
Well, we have a quick peek at that surveillance state now for a
while: it's called Big Data. So, what else is new?
Best Regards | Cordiales Saludos | Grato,
Andrés L. Pacheco Sanfuentes
a...@acm.org
+1 (817) 271-9619
On Mon, Aug 5, 2013 at 3:59 PM, Peter Lindener lindener.pe...@gmail.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
yeah, right!
You are citing the democracia real movement, do u? Or is your email
subject the seoptimized catchphrase.
Peter Lindener schrieb:
By now, most people on top of our Society's Transmutation into
surveillance state are beginning to
If my understanding of Mozilla's description of the vulnerability is
correct:
https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/
Users who are on the latest version of Firefox (version 22) or Firefox ESR
(version 17.0.7) are not at risk. If a user is
No, Mozilla (I assume you mean Firefox) wasn't used to insert anything into
any servers. It is the other way around. Someone had an exploit on the servers
that could be used to exploit older versions of the ESR17 branch of Firefox,
which the Tor Browser Bundle uses. (ESR is the Extended Support
ah, ok, thanks! Got it backwards...
So the server was hacked by some unknown method, by a state level opponent,
and this was then used to identify user activity using the Firefox 17
vulnerability announced by Mozilla, presumably, which allowed them to
monitor significant traffic and
On Tue, Aug 06, 2013 at 12:09:48AM +0200, Griffin Boyce wrote:
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog.
I'm still not clear on what you want Tor to have done. Should they do a
Griffin Boyce:
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog. Two days ago I presented a talk which
emphasized how useful Tor is -- and I stand by that. Tor is still the
best
Hackathons offer an opportunity to achieve innovation-oriented goals with
limited resources, but require careful planning and organizational
commitment to sustain engagement over the long term. This brief provides an
overview of hackathons and offers strategies from previous successful
events.
On Mon, Aug 05, 2013 at 06:18:02PM -0400, r...@privacymaverick.com wrote 0.6K
bytes in 0 lines about:
: Does anybody have any indication on how the alleged operator of
: Freedom Hosting was identified. Everybody seems to be focusing on
: the javascript exploit but from what I've read, it appears
Was that formatted so my 86-year-old grandfather could read it?
On Mon, Aug 5, 2013 at 6:11 PM, Lea Shanley lashan...@gmail.com wrote:
Hackathons offer an opportunity to achieve innovation-oriented goals with
limited resources, but require careful planning and organizational
commitment to
Yes.
--
Al Billings
http://makehacklearn.org
On Monday, August 5, 2013 at 6:28 PM, Kyle Maxwell wrote:
Was that formatted so my 86-year-old grandfather could read it?
--
Liberationtech list is public and archives are searchable on Google. Too many
emails? Unsubscribe, change to digest,
According to THN[0] and several linked supporting sites from there
(particularly notable are analyses from Kenneth Buckler[1] and Vlad
Tsyrklevich[2]), the payload delivered the MAC address and Windows
hostname to 65.222.202.54[3]. I've read in public sources that that
address is assigned to SAIC
hans christian voigt-
From your response to this thread, I sense that you must be a very
friendly, constructive person, who seeks greater levels of harmony..
Let me know if there is something else that from you perspective might feel
constructive... I understand that many may feel there is
51 matches
Mail list logo
