that unless you have installed a client certificate, there
should be no identifying information in an SSL handshake. If you do
have a client certificate installed (you will know if you do), I think
the client only uses it if the server requests it.
--
Mike Perry
Mad Computer Scientist
fscked.org evil
filter in place.
The problem is that yahoo can custom-generate its links to DoubleClick
so they encode your email address (dunno if they do do this, but I'm
sure some sites and ad parters do). Therefore identifiying information
is sent independent of the cookie.
--
Mike Perry
Mad Computer Scientist
. This is also why an automatic filter is dangerous if it is not
done properly. Just one slip-up, accidental click, etc, and you're
toast.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Eric H. Jung ([EMAIL PROTECTED]):
Hello Michaels,
I apologize for the delayed reply. Please don't interpret the delay as
a lack of interest--it surely isn't.
Quoting Mike Perry:
Just clearing cookies every time there is a switch is not enough if
there is an automatic Tor
).
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
something like an Open Source DVD player or archiver on
your machine will be enough to land you in jail for a while, if it's
not already...
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
.html
One can only hope that the Bill of Rights is enough to keep this
bullshit out of the US, but who knows.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
anymore (except to remove maybe a stray HTTP header here
and there, but since those aren't logged, that may not be needed).
It sucks that we lose browser independence with this mechanism, but
thems the breaks. They should all should be compatible with xpi
anyways ;)
--
Mike Perry
Mad Computer
as
fragile:
{ fragfile }
.
Perhaps the images.google.com declairation should be added to the
Privoxy that is shipped with vidalia/tor. It is likely to be pretty
frustrating to new users.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
in-memory only for a period of time on the order of 10s of
minutes for the purposes of monitoring for malicious/censored exit
nodes.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Mike Perry ([EMAIL PROTECTED]):
to your Privoxy action file, it works again. To declare everything as
fragile:
{ fragfile }
..
Ouch. Two typos, one caused by me, one by mailinglist/MTA.
This should be one period. And { fragile }, just like before.
{ fragile }
.
--
Mike
), but the UI reports the same 'unknown' status as
'openssl ocsp' did:
http://www.openvalidation.org/ValWorks.html
Madness.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
are known, etc.
If I'm not distracted by something shiny in the next couple days I'll
give it a shot. I mean, we've got to get these motherfuckin snakes off
this motherfuckin plane.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
docs exes randomly off google.
P.S. Does anyone know a clean way to do line-buffered select()able
socket IO via perl? From looking at IO::Socket it seems like the
timeout is only used for accept/connect... I may have to restort to
multithreaded perl.. *shudder*.
--
Mike Perry
Mad Computer
is:
- baphomet
- err
- moulticastfrsrv
- ni
- pax
Anyone know what causes this? They don't do it all the time. Just
sometimes.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]):
Permissions for the zip file prevent downloading.
???
Sorry I'm an idiot. Forgot to also set grsec permissions for teh file.
Fixed.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Mike Perry ([EMAIL PROTECTED]):
-- BIG FAT WARNING -
Another possible giveaway is that I do not use uptime information in
the node selection process. Nodes may be able to tell you are a
Metatroller client if one of their neighbors for that circuit
it.
Probably the case with a lot of voice clients, unless you can find a
way to get them to not discover your IP...
I also find it unpossible that actual watermarking was used against
this fellow as opposed to simple IP tracking.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
for world domination. Snakes On A
Tor was just my cover to distract you long enough to become infected
by our neurolinguistic virus, and the Metatroller has hidden code in
its regular expressions that report your wearabouts directly to our
array of orbiting mind control lasers. ;)
--
Mike Perry
Mad
of some orbiting
mind control lasers. Winter is coming, maybe you can save on the
heating bill.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Jay Goodman Tamboli ([EMAIL PROTECTED]):
On 2006.08.27, at 22:44, Mike Perry wrote:
If you run soat.pl, you should be running it on a seperate machine
than you are using normally (or inside a vmware image or simply
another instance of Tor) because of shortened pathlengths
.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
was in a hurry and just deleted the file without
thinking :)
So even so, it's unsettling.. You download some app, iso, video, or
whatever via Privoxy and it kindly tells you there's a temporary
failure mid-binary stream. How nice of it.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
to see
if it has the same property.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
, the metatroller currently does not subscribe to router info or
(non-existent) network status events, so it should be restarted
periodically. When network-status events are available in 0.1.2.x I'll
support them.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Mike Perry ([EMAIL PROTECTED]):
Over the past month or so I've been testing and improving my Tor
network scanner, and it seems to be shaping up pretty nicely.
http://fscked.org/proj/minihax/SnakesOnATor/SnakesOnATor-0.0.3.zip
Found another DNS poisoner/injector/evil upstream ISP
on how many brick walls perl presents. #1 alone is getting
extremely annoying because of limitations on thread-shared structures.
Due to Task 5, other tasks may experience arbitrary delays ;)
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
is
the number of circuits made via this node.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
need logins, just IPs.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Taka Khumbartha ([EMAIL PROTECTED]):
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
Mike Perry @ 2006/10/16 13:25:
Thus spake Taka Khumbartha ([EMAIL PROTECTED]):
today i have had several attempted man in the middle attacks on
my SSH sessions. i am not sure which exit node
if NoScript defaulted to All-Off instead of All-On, and
they used AdBlock Plus with some feeds instead of just AdBlock, but
otherwise excellent for casual only sometimes Tor users who are
likely to be tripped up by this sort of stuff.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
this automated and be right all the time,
especially in the face of changing content and dropped
connections/truncation. Probably will end up having the script email a
human/humans with results that they can verify.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
LIMIT-tor.sh
Description: Bourne shell script
one.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
. Sometimes Tor takes as
long as a minute to build a new circuit...
It would be logical if either 0 or -1 meant infinite.. Did you try
those?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
messages from
firefox, but no leaks.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
into their ExcludeNodes is not
practical. There should be some way for the Tor maintainers to
override supplied exit policies for misbehaving nodes. Or is the plan
going forward just to tell everyone to upgrade to alpha and have it
listen to the BadExit flag? Can this be set manually right now?
--
Mike
Thus spake Roger Dingledine ([EMAIL PROTECTED]):
On Tue, Nov 28, 2006 at 06:52:29PM -0600, Mike Perry wrote:
bach from Germany : 212.42.236.140
Confirmed (I've found an alternate machine to do dev on, so I should
be able to continuously scan now). Bach is self-signing certs still
https to it
is probably the easiest way to deal with this.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
to be the case at
least. Perhaps it has been abandoned due to scaling issues?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
...
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
:), but when it's done it
should be able to help us figure out which servers this is happening
at, as well as a shitload of other interesting info as well.
I'm hoping to make the release next weekend.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Is there any reason why these nodes are doing this? It's been going on
for a while (month or more?), finally got around to recording it.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
to be unreachable from your location? Is it bad if you
try to connect to firewalled nodes?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Nick Mathewson ([EMAIL PROTECTED]):
On Thu, Dec 07, 2006 at 01:46:39AM -0600, Mike Perry wrote:
Several nodes seem to be rapidly rotating keys.. Over the past 24
hours or so the following nodes have changed keys:
Actually, from the look of things, these are actually multiple
://fscked.org/proj/minihax/SnakesOnATor/speedrace.zip
As soon as I finish polishing up my README and change log, I will put
up the new release of SoaT itself up. Should be by sometime today.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
:
- Implemented.
This is the last release that will be written in perl (unless some
huge bug is discovered). I'm going to rewrite it in Python so I can
get some decent OO support to implement some more advanced features.
There might not be another release for a few months.
--
Mike Perry
Mad Computer
provide sanely, unfortunately.
I've gone back to scanning exits in the meantime. If anyone wants to
join me with a different wordlist.txt, set of filetypes and other ssh
hosts, it might be nice.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
of you seen abuse
complaints or problems with SORBS and other vigilante spam crusader
overlords? If these ports are almost always authenticated I will allow
it in my exit policy without bothering with the IP list.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
yet, but I can confirm manually that
tormentor IS in fact regularly changing ssh keys. It should be
delisted as an exit ASAP.
toxischnet is currently hibernating, so its hard to say on that one.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
postfix that dirservers use, independent of
IP. There is an option in 1.2.x/SVN to tunnel this traffic via other
tor nodes (via SSL), but I believe it is prone to exploding at this
point in time.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
!
Oh, and also sometimes bittorrent encrypts traffic. Plus they both
use the Internets to communicate between peers! So really there is no
difference. (Who wrote this garbage? ;)
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
probably die too.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
of exploits involving closed-source systems -
closed-source companies have finite and small IQ compared to the rest
of the world).
Unfortunately, fewer and fewer people in control of systems and law
are sane these days. So the world is about to get mighty interesting ;)
--
Mike Perry
Mad Computer
Thus spake James Muir ([EMAIL PROTECTED]):
Mike Perry wrote:
Thus spake Watson Ladd ([EMAIL PROTECTED]):
Well, one immediate problem is that b/k has to be an integer.. So b=rk
for some random r and b is thus not completely random.. To clarify the
effects of this, you should rewrite your
of curiosity, what is it about your scheme that makes you say it is
insecure?
-James
Mike Perry had an MITM attack. It wasn't due to a problem with my proof
but a problem in that what I proved wasn't sufficient to insure
security. Basically Alice was performing DH with y the generator. So Eve
could
.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
this option would help people
who use apps on ports other than 80 and 443. Roger/Nick,
agree/disagree? Did I just volunteer? ;)
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
that a lot of people are using
these Internets things to transmit child pornography. Perhaps we
should just shut 'er down?
Sure would be easier than actually finding the PRODUCERS of such
content...
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Mike Perry ([EMAIL PROTECTED]):
At any rate, I welcome a good open source implementation of this. If
nothing else, it will be nice to pit it against my scanner on a test
network to make sure this sort of thing can be reliably detected.
Oh, and we can also use this as an opportunity
this will stop the same attack from hitting the blogosphere
every 2 months. Even better, maybe it will stop that attack from
actually working..
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
for ;).
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
paragraphs that covers all the bases.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake light zoo ([EMAIL PROTECTED]):
--- Mike Perry [EMAIL PROTECTED] wrote:
Perhaps he would be amenable to fixing his
extension against moore's on-the-fly HTML
generation. However his email address is not
listed on the author page :(
Well it looks like Mr. Greene prefers
Thus spake Mike Perry ([EMAIL PROTECTED]):
Thus spake light zoo ([EMAIL PROTECTED]):
--- Mike Perry [EMAIL PROTECTED] wrote:
Perhaps he would be amenable to fixing his
extension against moore's on-the-fly HTML
generation. However his email address is not
listed
that
security.enable_java setting or was it just a general evasive thing
you did for filtering? Do you have any information if this is specific
to certain versions/JVMs or if it is a universal hack?
Have you contacted the Firefox people?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Tor users should
probably be ready to take.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Mike Perry ([EMAIL PROTECTED]):
Thus spake Roger Dingledine ([EMAIL PROTECTED]):
On Thu, Mar 08, 2007 at 04:12:10PM -0600, H D Moore wrote:
I am in the process of updating the decloak
demonstration to explain each of the tests and provide source code for
the components
for each (with some expiration time of like 5 min?)
Even with Vidalia it is hard to open the network window while the
stream is still attached to your circuit. Usually by the time you
notice its long closed.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
coding. The Windows
select bug, Polipo port, and the USB drive are all very imporant and
less likely to get done by the main Tor devs who are mostly
Linux-focused.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
. The plugin toggling and events for javascript are in
torbutton.js.
Good luck!
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
are awesome.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
, if you
do not specify FascistFirewall), it prints out a warn, and then
reconnects without using the proxy.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Thus spake Roger Dingledine ([EMAIL PROTECTED]):
On Fri, Apr 20, 2007 at 06:41:43PM -0700, Mike Perry wrote:
Regretably the proxy behavior with Tor is not all that good. For
example, if for some reason the proxy is unreachable, it fails
silently and reverts to non-proxied connections
that global adversary-style mass surveilance is in fact
ocurring passively, out of path. At least the illegal domestic stuff,
anyways. I suppose it's anyone's guess what they do when it's less
blatantly illegal.. Maybe Echelon is the reason my bbc is so slow! :)
--
Mike Perry
Mad Computer Scientist
seizure and presumed innocence. But I am constantly
surprised by the williness of my own country to shred the spirit if
not the letter of its own constitution as soon as technology comes
into consideration.. and even before that point.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
.
If they are doing content-based filtering like this, it is likely they
are also blocking directory connections too..
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpuoQ4kvTzcr.pgp
Description: PGP signature
wrong with the OpenSearch Google search
plugin installations (which are somewhat unrelated, but I figured were
worth putting up there, since a major usability complaint is Why do I
get the damn German/Chinese/etc Google with Tor?).
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
breaks? That is what I was considering implementing for all
sites with Torbutton.
- JavaScript Options
Looks relatively benign.
- CookieSafe
- CustomizeGoogle
- Layerblock
Dunno about these guys. Please report any issues.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
disclosure attacks from regular websites you visit.. So
maybe it should be a seperate option..
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpqVoEFsxUcP.pgp
Description: PGP signature
Thus spake Robert Hogan ([EMAIL PROTECTED]):
On Monday 09 July 2007 10:16:55 Mike Perry wrote:
Feedback, suggestions, and comments are welcome. Especially if someone
could point out what I'm doing wrong with the OpenSearch Google search
plugin installations (which are somewhat unrelated
Thus spake Jens Kubieziel ([EMAIL PROTECTED]):
* Mike Perry schrieb am 2007-07-11 um 10:55 Uhr:
Thus spake Jens Kubieziel ([EMAIL PROTECTED]):
* Mike Perry schrieb am 2007-07-09 um 11:16 Uhr:
* Cache management
IMHO there should be check box for managing the cache by yourself. Like
of Xerobank for the DOM Storage tip.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpbuQNlQHuYL.pgp
Description: PGP signature
Thus spake Roger Dingledine ([EMAIL PROTECTED]):
On Wed, Jul 18, 2007 at 07:52:14PM -0700, Mike Perry wrote:
Thus spake Mike Perry ([EMAIL PROTECTED]):
RELAY_EXTEND is the way this is done. I believe clients can and do
send multiple RELAY_EXTENDs in a row, so it's not like its
to be leaking at about the same rate as
0.1.2.14 did.
Since this problem suddenly showed up, yet 0.1.1.26 has been out for
ages, perhaps it is a client problem? There is that issue where
clients can send too many SENDMEs and fill up server buffers.. Maybe
there is a SENDME leak?
--
Mike Perry
Mad
persist?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpqk7rWHODfS.pgp
Description: PGP signature
an entire link, but still have that link usable
for ssh, web, etc. I don't even feel the impact of Tor traffic on
nodes that use this script.
It is in svn at http://tor.eff.org/svn/trunk/contrib/linux-tor-prio.sh
and soon to be in the various source tarballs.
--
Mike Perry
Mad Computer Scientist
can begin to investigate both
reliability scanning options and Johannes Renner can finish his
Master's Thesis on performance enhanced path selection. :)
http://archives.seul.org/or/announce/Aug-2007/msg1.html
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgp0tjUbSSbJY.pgp
Defaults button added to the preferences window
Please report bugs at
http://bugs.noreply.org/flyspray/index.php?tasks=allproject=5
Enjoy!
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpJURwJPeh78.pgp
Description: PGP signature
it is usable for them, or
they can choose to remain vulnerable.
You may want to read over http://torbutton.torproject.org/dev/ to see
what sort of things you are vulnerable to without torbutton. If that
documentation is unclear, again, please notify me.
--
Mike Perry
Mad Computer Scientist
fscked.org
reveal your IP address when you use vanilla proxy changers. Please
read over http://torbutton.torproject.org/dev/ before you go
recommending insecure solutions to people, or simply hate on Torbutton
without providing any bug reports to the maintainer as to why.
--
Mike Perry
Mad Computer
* new: Added ability to have both Tor and Non-Tor cookie jars
http://torbutton.torproject.org/dev/releases/torbutton-1.1.8-alpha.xpi
MD5: 39ce0dc3f6b20f79042aad2397baafb4
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpcodSU4YtZo.pgp
Description: PGP signature
think so, esp since cookies can be
injected and stolen by exit nodes (even many https ones). But other
people may disagree. Some people really like cookies. I wouldn't
expect those people to also like Tor, but I'm sure they're out there.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
for html mail by
default? Does it allow html mail to run javascript, post forms to
random websites, run java applets, and/or arbitrary plugins (flash,
quicktime, etc)? If it allows any of these things, 1.0.4 may not be
enough.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpRVDwMRplR9.pgp
.
Actually, my iptables manpage only says that pid, sid and command
matching are broken on SMP. Perhaps UID is actually safe?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpFF8zHE79Ui.pgp
Description: PGP signature
Gmail and many other sites are still vulnerable.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpJvHzhfomKk.pgp
Description: PGP signature
? Did you
verify this actually works to block numerical IPv6 links as well?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgp07wuZ1YukV.pgp
Description: PGP signature
unlimited access to XPConnect
Do we know exactly what this does? It seems somewhat vague and
undocumented. Do we know any extensions it breaks?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpyo9q6JlXTK.pgp
Description: PGP signature
routers than consumer ISPs.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpTZL1QyFh0R.pgp
Description: PGP signature
data floating around everywhere?
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgp3BKQrUQ75W.pgp
Description: PGP signature
1 - 100 of 243 matches
Mail list logo
