On Mon, 9 Sep 2013 00:49:15 -0400
Chris Patti cpa...@gmail.com wrote:
I realize this is release candidate code, and the answer may well be if
you need to ask this question you shouldn't be running it but is there any
way to get the latest RC builds installed via the usual apt-get mechanisms
Chris, actually it is pretty simple.
Here is the guide:
https://www.torproject.org/docs/debian.html.en#development
Cheers,
dope457
On 9.9.2013 6:49, Chris Patti wrote:
I realize this is release candidate code, and the answer may well be if
you need to ask this question you shouldn't be
This
http://blog.trendmicro.com/trendlabs-security-intelligence/the-mysterious-mevade-malware/
explains the Israel anomaly, I think.
The Mysterious Mevade Malware
Published on September 5th, 2013
Written by: Feike Hacquebord (Senior Threat Researcher)
...
Yesterday, Fox-IT published
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I no longer work on this system but I forwarded your mail to
someone who does.
We still get 'Suspicious sign in prevented' emails:
The following relay was used:
https://atlas.torproject.org/#details/EFAAC1D98176AAD94B1D16E868F51DFBD6BC8CB0
In light of the recent revelations of how the NSA has broken commercial
software all over the place, I wonder about the security of Oracle's
VirtualBox VM software used by Whonix (and other?) tor-based anonymity
systems. A large portion of VirtualBox is open source but some
libraries used are of
The only secure thing is Tor Tails booted from USB.
Sent from my Android so do not expect a fast, long, or perfect response...
On Sep 9, 2013 11:37 AM, adrelanos adrela...@riseup.net wrote:
Speaking as a maintainer of Whonix...
Before answering this, there is some prerequisite knowledge.
Nathan Suchy:
The only secure thing is Tor Tails booted from USB.
Not against the threat model the original poster is concerned about.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/09/2013 12:19 PM, Mike Hearn wrote:
For a real fix we need to be able to identify Tor nodes that exit traffic.
The fact that some nodes exit traffic but aren't marked as exits would
appear to be a design issue with Tor itself. I don't think
Yes, but then people who run relays would end up having to deal with the
suddenly changed security model. There were people complaining about
getting blocked by random websites just because they ran relays elsewhere
on this list. I don't think Google wants to actively discourage people from
Actually, re-reading this thread I recall that tagnaq suggested just
disabling the risk analysis entirely once we see a successful Tor login.
I've CCd Daniel Margolis who still works on this system (I moved on to
other things).
Daniel, what do you think?
(note that you may have to sign up to the
On Wed, 4 Sep 2013 00:03:59 +0100
Graham Todd gct7photogra...@gmail.com allegedly wrote:
Of course, if you put a decent HOSTS file in /etc/hosts to start with,
it'll make your endeavours easier. The best I've found is at:
http://winhelp2002.mvps.org/hosts.htmbut that's not really relevent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
I'd like to understand why the exit flag is defined as it is.
The current definition can be found in the directory spec [1]:
Exit -- A router is called an 'Exit' iff it allows exits to at
least two of the ports 80, 443, and 6667 and
Hi,
here:
https://lists.torproject.org/pipermail/tor-consensus-health/2013-September/003506.html
DocTor doesn't say entries.
Thanks Sebastian, fixed...
https://lists.torproject.org/pipermail/tor-commits/2013-September/061598.html
(did not know where to put this)
A trac ticket or
On Mon, Sep 09, 2013 at 07:25:06PM +, tagnaq wrote:
I'd like to understand why the exit flag is defined as it is.
The current definition can be found in the directory spec [1]:
Exit -- A router is called an 'Exit' iff it allows exits to at
least two of the ports 80, 443, and 6667
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
It'd be better to find out why nodes that are exiting traffic don't
get marked as exits. Looking at that relay, it seems it doesn't
allow web traffic, but some ports are allowed. Perhaps the
suspicious sign-in in question wasn't a web signin?
We are not concerned about the price but rather we are concerned about our
freedoms to share change etc the source code to suit our needs. Furthmore
some of us are very paranoid.
Rightly so.
Also why can't u make a open source bios?
Is that sarcasm or do you genuinely not understand the
For a real fix we need to be able to identify Tor nodes that exit traffic.
The fact that some nodes exit traffic but aren't marked as exits would
appear to be a design issue with Tor itself. I don't think we can justify a
whole lot of engineering time to building a complicated system to identify
Well, why don't you write your own bios?
On Mon, Sep 9, 2013 at 5:03 PM, Chris tmail...@errtech.com wrote:
We are not concerned about the price but rather we are concerned about
our
freedoms to share change etc the source code to suit our needs. Furthmore
some of us are very paranoid.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I assume the exit flag was meant to be used by tor clients only
[2] because destination port 80/443 are probably amongst the
most frequently accessed services, but was than (mis)used to
generate (inaccurate) 'Tor exit IP address lists' (?).
On Mon, Sep 09, 2013 at 05:24:31PM -0400, Nathan Suchy wrote:
Well, why don't you write your own bios?
Even coreboot helps you very little, as there is simply too much
proprietary crap in a typical PC platform where you can drop
undetectable (out of band) malware.
You need completely open
20 matches
Mail list logo
