-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJVl4deAAoJEMkUf8 VoejgP77MP/1PaxsQiyb1dEp+rW0ioBN5R pu1x19j6wDSHgBToS/WRIGULhiFXmDomAqfqIou6B6FGrCNVNH3gtFL6mcEBPCBU p6BOONMKczbT6ogV6yUirQpQubJTBKgCr/S2ZZMK7IQ1tfKUUoDED2DkLfd7F2vK LJt9Xg5kCWnPdggLQlpFYaEzHmzQHvE+T8N/rcl9HJM4QdwK31CVKST0Ic4kTUW0 pmd53ozLsSmcDqaQp9nRKDnW0chjAVq4vlmGJLEqAMzw9siklXgBx1dSZuRG/c1P ue/ICHfnY7m3StzyUUT6u83zv1OjTj9m5KMl7Fkwo3TFIs7BNKTHPI3TwCm3AUCQ q9Xn6ENgUONC+BRToKPgTfa+RnW1kwIObQ5hvx5XVmLuj+o4xbxMLUnNMXiyeVsd 6FvJd8MLydBqfiGhc3qQBEQh0d1duz3WzQykbdgSywhERjx4NCOEhDUCQ9sbMMQc LBSN+WL2eKQ2YsYvYgEenFP2bUPI6ikyDiyd2ED/ne/f8ub8owFGrTbwpCITucp5 LGHj0lmoSm0pjE64WbLbaDlGA/94g7zv4ThdOgTt0WefYnDCqONBjY9M9MrdADRp yrhJj5jYuDp8GG7bEUBjEVxr+O3sKKkR+FYg3n3yZemCU8gZ5O49txNoZwtmfSx2 q/LwxfFX9Qv8LvqNydh4 =e7gh -----END PGP SIGNATURE-----
2015-07-05 3:24 GMT+03:00 QaTaR Attack <[email protected]>: > Send tor-talk mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-talk digest..." > > > Today's Topics: > > 1. Re: pdf with tor (Mirimir) > 2. Re: pdf with tor (Lars Luthman) > 3. Fwd: Re: Fwd: CALL FOR TESTING: new port scanning subsystem > (allows scanning behind proxies, including Tor!) (Jacek Wielemborek) > 4. Re: pdf with tor (Mirimir) > 5. Re: Fwd: Re: Fwd: CALL FOR TESTING: new port scanning > subsystem (allows scanning behind proxies, including Tor!) (spriver) > > > ------------------------------ > ---------------------------------------- > > Message: 1 > Date: Fri, 03 Jul 2015 14:30:29 -0600 > From: Mirimir <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] pdf with tor > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252 > > On 07/03/2015 02:16 PM, mtsio wrote: > > Hello everyone, > > > > Is it safe to open pdf documents inside Tor Browser? > > As other have said, it is NOT safe to do that, because PDFs can bypass > Tor. However, it IS safe to open PDFs in Whonix, because all > Internet-bound traffic either uses Tor, or is black-holed. > > > ------------------------------ > > Message: 2 > Date: Fri, 03 Jul 2015 22:36:24 +0200 > From: Lars Luthman <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] pdf with tor > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote: > > On 07/03/2015 02:16 PM, mtsio wrote: > > > Hello everyone, > > > > > > Is it safe to open pdf documents inside Tor Browser? > > > > As other have said, it is NOT safe to do that, because PDFs can bypass > > Tor. However, it IS safe to open PDFs in Whonix, because all > > Internet-bound traffic either uses Tor, or is black-holed. > > Can PDF.js bypass Tor? How? I thought it used the same networking code > and proxy settings as the rest of Firefox. > > > --ll > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 801 bytes > Desc: This is a digitally signed message part > URL: < > http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/86d0a5b5/attachment-0001.sig > > > > ------------------------------ > > Message: 3 > Date: Fri, 03 Jul 2015 23:27:59 +0200 > From: Jacek Wielemborek <[email protected]> > To: [email protected], [email protected] > Subject: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port scanning > subsystem (allows scanning behind proxies, including Tor!) > Message-ID: <[email protected]> > Content-Type: text/plain; charset="windows-1252" > > (reposting again because I still wasn't subscribed to tor-talk) > > W dniu 03.07.2015 o 22:01, grarpamp pisze: > >> One of the features that my modifications enable is performing port > >> scanning behind proxies. I only scanned it using SOCKS4 server built > >> into Tor > >> > >> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org > >> > >> Please do note that even though port scanning within Tor is possible, > >> you cannot scan .onion names due to lack of SOCKS4A support. > > > > SOCKS4 and SOCKS4A are old and deprecated and should not > > be implemented (unless you're also implementing the current SOCKS5 > > and adding in 4/4A as a bonus). > > > > Tor supports SOCKS5 (and the deprecated 4/4A but it will complain). > > So scanning onions and anything else by name should be possible. > > > > SOCKS5 also supports IPv6 which is becoming the way of things. > > Therefore, implement SOCKS5 :) > > I think that SOCKS5 support within Nsock library (on which my > modification depends) is planned. SOCKS5 also supports UDP, so it could > bring even more benefits. For now, SOCKS4 has to do though. > > > > > > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 819 bytes > Desc: OpenPGP digital signature > URL: < > http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/25871d04/attachment-0001.sig > > > > ------------------------------ > > Message: 4 > Date: Fri, 03 Jul 2015 17:45:17 -0600 > From: Mirimir <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] pdf with tor > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252 > > On 07/03/2015 02:36 PM, Lars Luthman wrote: > > On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote: > >> On 07/03/2015 02:16 PM, mtsio wrote: > >>> Hello everyone, > >>> > >>> Is it safe to open pdf documents inside Tor Browser? > >> > >> As other have said, it is NOT safe to do that, because PDFs can bypass > >> Tor. However, it IS safe to open PDFs in Whonix, because all > >> Internet-bound traffic either uses Tor, or is black-holed. > > > > Can PDF.js bypass Tor? How? I thought it used the same networking code > > and proxy settings as the rest of Firefox. > > Maybe so. But without firewall rules, there's risk. There's also risk of > downloading the PDF, and opening it with another app. > > > ------------------------------ > > Message: 5 > Date: Sat, 04 Jul 2015 09:12:30 +0200 > From: spriver <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port > scanning subsystem (allows scanning behind proxies, including Tor!) > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > thanks for the info! I will try it out these days. > > Cheers, > spriver > > On 07/03/2015 23:27, Jacek Wielemborek wrote: > > (reposting again because I still wasn't subscribed to tor-talk) > > > > W dniu 03.07.2015 o 22:01, grarpamp pisze: > >>> One of the features that my modifications enable is performing > >>> port scanning behind proxies. I only scanned it using SOCKS4 > >>> server built into Tor > >>> > >>> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org > >>> > >>> Please do note that even though port scanning within Tor is > >>> possible, you cannot scan .onion names due to lack of SOCKS4A > >>> support. > >> > >> SOCKS4 and SOCKS4A are old and deprecated and should not be > >> implemented (unless you're also implementing the current SOCKS5 > >> and adding in 4/4A as a bonus). > >> > >> Tor supports SOCKS5 (and the deprecated 4/4A but it will > >> complain). So scanning onions and anything else by name should be > >> possible. > >> > >> SOCKS5 also supports IPv6 which is becoming the way of things. > >> Therefore, implement SOCKS5 :) > > > > I think that SOCKS5 support within Nsock library (on which my > > modification depends) is planned. SOCKS5 also supports UDP, so it > > could bring even more benefits. For now, SOCKS4 has to do though. > > > > > > > > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBAgAGBQJVl4deAAoJEMkUf8VoejgP77MP/1PaxsQiyb1dEp+rW0ioBN5R > pu1x19j6wDSHgBToS/WRIGULhiFXmDomAqfqIou6B6FGrCNVNH3gtFL6mcEBPCBU > p6BOONMKczbT6ogV6yUirQpQubJTBKgCr/S2ZZMK7IQ1tfKUUoDED2DkLfd7F2vK > LJt9Xg5kCWnPdggLQlpFYaEzHmzQHvE+T8N/rcl9HJM4QdwK31CVKST0Ic4kTUW0 > pmd53ozLsSmcDqaQp9nRKDnW0chjAVq4vlmGJLEqAMzw9siklXgBx1dSZuRG/c1P > ue/ICHfnY7m3StzyUUT6u83zv1OjTj9m5KMl7Fkwo3TFIs7BNKTHPI3TwCm3AUCQ > q9Xn6ENgUONC+BRToKPgTfa+RnW1kwIObQ5hvx5XVmLuj+o4xbxMLUnNMXiyeVsd > 6FvJd8MLydBqfiGhc3qQBEQh0d1duz3WzQykbdgSywhERjx4NCOEhDUCQ9sbMMQc > LBSN+WL2eKQ2YsYvYgEenFP2bUPI6ikyDiyd2ED/ne/f8ub8owFGrTbwpCITucp5 > LGHj0lmoSm0pjE64WbLbaDlGA/94g7zv4ThdOgTt0WefYnDCqONBjY9M9MrdADRp > yrhJj5jYuDp8GG7bEUBjEVxr+O3sKKkR+FYg3n3yZemCU8gZ5O49txNoZwtmfSx2 > q/LwxfFX9Qv8LvqNydh4 > =e7gh > -----END PGP SIGNATURE----- > > > ------------------------------ > > Subject: Digest Footer > > 2015-07-04 15:00 GMT+03:00 <[email protected]>: > >> Send tor-talk mailing list submissions to >> [email protected] >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> or, via email, send a message with subject or body 'help' to >> [email protected] >> >> You can reach the person managing the list at >> [email protected] >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of tor-talk digest..." >> >> >> Today's Topics: >> >> 1. Re: pdf with tor (Mirimir) >> 2. Re: pdf with tor (Lars Luthman) >> 3. Fwd: Re: Fwd: CALL FOR TESTING: new port scanning subsystem >> (allows scanning behind proxies, including Tor!) (Jacek Wielemborek) >> 4. Re: pdf with tor (Mirimir) >> 5. Re: Fwd: Re: Fwd: CALL FOR TESTING: new port scanning >> subsystem (allows scanning behind proxies, including Tor!) (spriver) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Fri, 03 Jul 2015 14:30:29 -0600 >> From: Mirimir <[email protected]> >> To: [email protected] >> Subject: Re: [tor-talk] pdf with tor >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=windows-1252 >> >> On 07/03/2015 02:16 PM, mtsio wrote: >> > Hello everyone, >> > >> > Is it safe to open pdf documents inside Tor Browser? >> >> As other have said, it is NOT safe to do that, because PDFs can bypass >> Tor. However, it IS safe to open PDFs in Whonix, because all >> Internet-bound traffic either uses Tor, or is black-holed. >> >> >> ------------------------------ >> >> Message: 2 >> Date: Fri, 03 Jul 2015 22:36:24 +0200 >> From: Lars Luthman <[email protected]> >> To: [email protected] >> Subject: Re: [tor-talk] pdf with tor >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset="utf-8" >> >> On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote: >> > On 07/03/2015 02:16 PM, mtsio wrote: >> > > Hello everyone, >> > > >> > > Is it safe to open pdf documents inside Tor Browser? >> > >> > As other have said, it is NOT safe to do that, because PDFs can bypass >> > Tor. However, it IS safe to open PDFs in Whonix, because all >> > Internet-bound traffic either uses Tor, or is black-holed. >> >> Can PDF.js bypass Tor? How? I thought it used the same networking code >> and proxy settings as the rest of Firefox. >> >> >> --ll >> -------------- next part -------------- >> A non-text attachment was scrubbed... >> Name: signature.asc >> Type: application/pgp-signature >> Size: 801 bytes >> Desc: This is a digitally signed message part >> URL: < >> http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/86d0a5b5/attachment-0001.sig >> > >> >> ------------------------------ >> >> Message: 3 >> Date: Fri, 03 Jul 2015 23:27:59 +0200 >> From: Jacek Wielemborek <[email protected]> >> To: [email protected], [email protected] >> Subject: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port scanning >> subsystem (allows scanning behind proxies, including Tor!) >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset="windows-1252" >> >> (reposting again because I still wasn't subscribed to tor-talk) >> >> W dniu 03.07.2015 o 22:01, grarpamp pisze: >> >> One of the features that my modifications enable is performing port >> >> scanning behind proxies. I only scanned it using SOCKS4 server built >> >> into Tor >> >> >> >> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org >> >> >> >> Please do note that even though port scanning within Tor is possible, >> >> you cannot scan .onion names due to lack of SOCKS4A support. >> > >> > SOCKS4 and SOCKS4A are old and deprecated and should not >> > be implemented (unless you're also implementing the current SOCKS5 >> > and adding in 4/4A as a bonus). >> > >> > Tor supports SOCKS5 (and the deprecated 4/4A but it will complain). >> > So scanning onions and anything else by name should be possible. >> > >> > SOCKS5 also supports IPv6 which is becoming the way of things. >> > Therefore, implement SOCKS5 :) >> >> I think that SOCKS5 support within Nsock library (on which my >> modification depends) is planned. SOCKS5 also supports UDP, so it could >> bring even more benefits. For now, SOCKS4 has to do though. >> >> >> >> >> >> >> >> -------------- next part -------------- >> A non-text attachment was scrubbed... >> Name: signature.asc >> Type: application/pgp-signature >> Size: 819 bytes >> Desc: OpenPGP digital signature >> URL: < >> http://lists.torproject.org/pipermail/tor-talk/attachments/20150703/25871d04/attachment-0001.sig >> > >> >> ------------------------------ >> >> Message: 4 >> Date: Fri, 03 Jul 2015 17:45:17 -0600 >> From: Mirimir <[email protected]> >> To: [email protected] >> Subject: Re: [tor-talk] pdf with tor >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=windows-1252 >> >> On 07/03/2015 02:36 PM, Lars Luthman wrote: >> > On Fri, 2015-07-03 at 14:30 -0600, Mirimir wrote: >> >> On 07/03/2015 02:16 PM, mtsio wrote: >> >>> Hello everyone, >> >>> >> >>> Is it safe to open pdf documents inside Tor Browser? >> >> >> >> As other have said, it is NOT safe to do that, because PDFs can bypass >> >> Tor. However, it IS safe to open PDFs in Whonix, because all >> >> Internet-bound traffic either uses Tor, or is black-holed. >> > >> > Can PDF.js bypass Tor? How? I thought it used the same networking code >> > and proxy settings as the rest of Firefox. >> >> Maybe so. But without firewall rules, there's risk. There's also risk of >> downloading the PDF, and opening it with another app. >> >> >> ------------------------------ >> >> Message: 5 >> Date: Sat, 04 Jul 2015 09:12:30 +0200 >> From: spriver <[email protected]> >> To: [email protected] >> Subject: Re: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port >> scanning subsystem (allows scanning behind proxies, including >> Tor!) >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=windows-1252 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> thanks for the info! I will try it out these days. >> >> Cheers, >> spriver >> >> On 07/03/2015 23:27, Jacek Wielemborek wrote: >> > (reposting again because I still wasn't subscribed to tor-talk) >> > >> > W dniu 03.07.2015 o 22:01, grarpamp pisze: >> >>> One of the features that my modifications enable is performing >> >>> port scanning behind proxies. I only scanned it using SOCKS4 >> >>> server built into Tor >> >>> >> >>> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org >> >>> >> >>> Please do note that even though port scanning within Tor is >> >>> possible, you cannot scan .onion names due to lack of SOCKS4A >> >>> support. >> >> >> >> SOCKS4 and SOCKS4A are old and deprecated and should not be >> >> implemented (unless you're also implementing the current SOCKS5 >> >> and adding in 4/4A as a bonus). >> >> >> >> Tor supports SOCKS5 (and the deprecated 4/4A but it will >> >> complain). So scanning onions and anything else by name should be >> >> possible. >> >> >> >> SOCKS5 also supports IPv6 which is becoming the way of things. >> >> Therefore, implement SOCKS5 :) >> > >> > I think that SOCKS5 support within Nsock library (on which my >> > modification depends) is planned. SOCKS5 also supports UDP, so it >> > could bring even more benefits. For now, SOCKS4 has to do though. >> > >> > >> > >> > >> > >> > >> > >> > >> > >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.12 (GNU/Linux) >> >> iQIcBAEBAgAGBQJVl4deAAoJEMkUf8VoejgP77MP/1PaxsQiyb1dEp+rW0ioBN5R >> pu1x19j6wDSHgBToS/WRIGULhiFXmDomAqfqIou6B6FGrCNVNH3gtFL6mcEBPCBU >> p6BOONMKczbT6ogV6yUirQpQubJTBKgCr/S2ZZMK7IQ1tfKUUoDED2DkLfd7F2vK >> LJt9Xg5kCWnPdggLQlpFYaEzHmzQHvE+T8N/rcl9HJM4QdwK31CVKST0Ic4kTUW0 >> pmd53ozLsSmcDqaQp9nRKDnW0chjAVq4vlmGJLEqAMzw9siklXgBx1dSZuRG/c1P >> ue/ICHfnY7m3StzyUUT6u83zv1OjTj9m5KMl7Fkwo3TFIs7BNKTHPI3TwCm3AUCQ >> q9Xn6ENgUONC+BRToKPgTfa+RnW1kwIObQ5hvx5XVmLuj+o4xbxMLUnNMXiyeVsd >> 6FvJd8MLydBqfiGhc3qQBEQh0d1duz3WzQykbdgSywhERjx4NCOEhDUCQ9sbMMQc >> LBSN+WL2eKQ2YsYvYgEenFP2bUPI6ikyDiyd2ED/ne/f8ub8owFGrTbwpCITucp5 >> LGHj0lmoSm0pjE64WbLbaDlGA/94g7zv4ThdOgTt0WefYnDCqONBjY9M9MrdADRp >> yrhJj5jYuDp8GG7bEUBjEVxr+O3sKKkR+FYg3n3yZemCU8gZ5O49txNoZwtmfSx2 >> q/LwxfFX9Qv8LvqNydh4 >> =e7gh >> -----END PGP SIGNATURE----- >> >> >> ------------------------------ >> >> Subject: Digest Footer >> >> _______________________________________________ >> tor-talk mailing list >> [email protected] >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> >> >> ------------------------------ >> >> End of tor-talk Digest, Vol 54, Issue 8 >> *************************************** >> > > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
