On Dec 20, 2011, at 2:54 PM, Chris tmail...@errtech.com wrote:
Security trough obscurity doesn't scale, so what' the problem?
The problem is that I don't know you, I don't know your intentions,
and I haven't given you permission to do a security audit, free or
otherwise, on my machine. You
On Wed, Dec 21, 2011 at 04:43:54AM -0500, h...@safe-mail.net wrote:
http://janusvm.com/ last release from Jan-2010, almost got Jan-2012, new tor
version just been released...
Is janusvm still safe?
No, not safe.
Probably has been unsafe to use for years.
--Roger
On Tue, Dec 20, 2011 at 03:04:10PM +0100, tor wrote:
Q1: Can the relay on the same node as the enclaved server also act as
a normal TOR exit node?
Yes.
Q2: How is it ensured that requests to an enclaved server are always
routed through the TOR relay on the same machine?
The
On 21/12/11 11:17, Roger Dingledine wrote:
http://janusvm.com/ last release from Jan-2010, almost got Jan-2012, new tor
version just been released...
Is janusvm still safe?
No, not safe.
Probably has been unsafe to use for years.
In that case, maybe somebody should contact them and
Something come up to my mind... Vulnerabilitys could be,
- the user forgets to start the VPN, or
- the VPN connection breaks down for some reason (Windows bug or crash),
traffic continues without Tor
I like the basic idea of JanusVM. I can say nothing about the concept of the
deployed virtual
Okay, I mailed both people under http://janusvm.com/contact.html.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On 12/21/11 1:59 PM, Steven J. Murdoch wrote:
On Tue, Dec 20, 2011 at 07:35:50PM +0100, Fabio Pietrosanti (naif) wrote:
Please, get an public IP address, don't announce it, don't do anything.
Now please have a look, without even being a Tor Server, how many mass
scan your receive.
So please,
Couldn't one simply use Tails in a VM the way JanusVM was designed to run and
get the benefits of tails without having to reboot constantly from a general
purpose use OS to a task-specific OS (Tails)? It would be nice to run Tails in
a VM and have your main OS up and running for virtually
As of late last night 20 Dec (GMT-5) our website hosting provider is
experiencing a sustained attack. The attack is not directed at Tor, but
someone else on the same network. The effect is that parts of our
website infrastructure are intermittently unreachable. This includes
the following domains
Is there anything that speaks against multiple check servers to avoid
this in the future?
On 21.12.2011 17:45, Andrew Lewman wrote:
As of late last night 20 Dec (GMT-5) our website hosting provider is
experiencing a sustained attack. The attack is not directed at Tor, but
someone else on the
Andrew Lewman and...@torproject.org wrote on 21.12.2011:
As of late last night 20 Dec (GMT-5) our website hosting provider is
experiencing a sustained attack. The attack is not directed at Tor, but
someone else on the same network. The effect is that parts of our
website infrastructure are
Hello,
I was having some problems so reinstalled Tor. Now I am having new
issues. I am using Tor 0.2.2.35, Torbutton 1.4.4.1, and Vidalia 0.2.15
under Ubuntu 10.04.
I want to use a specific torrc file.
When I boot-up, Tor runs. I kill it then run tor -f torrc. I can then use
Firefox with my
So please, don't bother with that justification, a scan like that would
probably just be one scan of 1 you receive every week.
The scan which happened yesterday was enough to get the attention of both
the
university network security team, and the sys-admins of the department
which
What I liked about JanusVM is that it's very easy to install and use.
I always thought JanusVM had a good central idea although wasn't
implemented right. It is too easy to make a mistake. The same thing
applies with TBB though.
___
tor-talk mailing
I am quite convinced of the transparent proxy approach. The concepts sound
very convincing. [1] [2]
A few old projects do still popup on Google. [3] [4] [5] But all of them
are outdated and insecure or the guest operating system is Linux [5]. Even
worse, for the Tor Windows transparent proxy
Thank you very much for the very helpful answers to my questions. I do
now much better understand the problems I am facing and how to tackle them.
Thanks again, Y
___
tor-talk mailing list
tor-talk@lists.torproject.org
On Saturday 17 December 2011 10:42:19 Phillip wrote:
Hi,
I'm trying to set up tor on two separate computers using one net
connection.
I have a spare computer, which I want to set up as a relay, permanently
using about 1/3 of my bandwidth. On my main computer, I'd like to run a
bridge, or
On 12/21/11, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote:
A lot more than I'm willing to critique. My suggestions are
Add a PHASE-0.5: Email out requests for permission to scan
permission to publish the scan results to all tor node contact
addresses
PHASE-1: b) Portscan all Tor
On Wed, Dec 21, 2011 at 02:14:50PM +0100, Fabio Pietrosanti (naif) wrote:
If we would send 1 packet every minute, it would take about 22hours to
complete the scan, bypassing almost any portscan detection system.
That way it would still be possible to map the opened ports / service
version,
All of these ideas about removing allegedly âinsecureâ or
âvulnerableâ
relays from the network ignore the fact that someone who wants to
compromise Tor relays and use them to attack Tor users will just make
the relays appear to not be vulnerable, so that they can stay in the
I think the best approach is to send off an email with the new proposal to
all node operators.
Please do not send a mass-email to all relay operators, especially
while you're still in a planning phase. This seems pretty obvious, but
I wanted to make sure that it was clear - relay operators
On 2011-12-21, Chris tmail...@errtech.com wrote:
I think the best approach is to send off an email with the new proposal to
all node operators. See what the response is from the node operators. Let
node operators know if they do not explicitly opt out they may be included
by default in the
On Thu, Dec 22, 2011 at 12:37:11AM +, g...@xerobank.net wrote 0.3K bytes in
6 lines about:
: I trust that all with strong opinions on this issue are at least
: somewhat familiar with recent work by Eric Filiol's group.
That's good news.
So, naif, what got you stirred up about this, if I may ask?
On 22/12/11 01:09, and...@torproject.org wrote:
On Thu, Dec 22, 2011 at 12:37:11AM +, g...@xerobank.net wrote 0.3K bytes
in 6 lines about:
: I trust that all with strong opinions on this issue are at least
:
On Dec 21, 2011, at 1:48 PM, Matthew R wrote:
Hello,
I was having some problems so reinstalled Tor. Now I am having new
issues. I am using Tor 0.2.2.35, Torbutton 1.4.4.1, and Vidalia 0.2.15
under Ubuntu 10.04.
I want to use a specific torrc file.
When I boot-up, Tor runs. I kill
On Dec 20, 2011, at 6:52 PM, Mike Damm wrote:
On Dec 20, 2011, at 2:54 PM, Chris tmail...@errtech.com wrote:
Security trough obscurity doesn't scale, so what' the problem?
The problem is that I don't know you, I don't know your intentions,
and I haven't given you permission to do a
On 12/21/11, Justin Aplin jap...@gmail.com wrote:
On Dec 20, 2011, at 6:52 PM, Mike Damm wrote:
On Dec 20, 2011, at 2:54 PM, Chris tmail...@errtech.com wrote:
Security trough obscurity doesn't scale, so what' the problem?
The problem is that I don't know you, I don't know your intentions,
Nope. The probes were annoying, but the killer was my all-in-one
consumer grade router/nat/dhcp server/firewall leaking packets into
what was supposed to be the secure part of my home network.
Maybe you should fix the router? This blaming other people for your own
mistakes is getting
28 matches
Mail list logo