-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13.10.2011 23:51, katmagic wrote:
> On Thu, 2011-10-13 at 17:05 +0200, Andreas Bader wrote:
> On 13.10.2011 14:02, Karsten N. wrote:
Am 13.10.2011 08:39, schrieb William Wrightman:
> Is moving to Linux one solution?
I agree with A
On 13/10/11 20:49, sigi wrote:
> Now it is possible to launch TBB as user debian-tor with the command:
> xhost + & sudo -u debian-tor /tor-browser_en-US/start-tor-browser
Eek. "xhost +" pretty much leaves you wide open. Anything that can
connect to your X server is a threat. Unless you don't mind
On Tue, 2011-10-11 at 13:37 -0700, Mike Perry wrote:
> Thus spake Moritz Bartl (mor...@torservers.net):
>
> > On 11.10.2011 04:07, Mike Perry wrote:
> > >> At the moment, I cannot think of any attack vectors once you combine it
> > >> with enabled Torbutton (or a stripped down Tor Browser) where a
On Thu, 2011-10-13 at 17:05 +0200, Andreas Bader wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 13.10.2011 14:02, Karsten N. wrote:
> > Am 13.10.2011 08:39, schrieb William Wrightman:
> >> Is moving to Linux one solution?
> >
> > I agree with Adrew, there is no 100% solution.
> >
On Thu, 13 Oct 2011 20:28:52 +0100
Julian Yon wrote:
> OOI, what's your rationale for believing that your globally configured
> tor is more secure than the one in TBB?
1. Globally configured tor provided specially for Debian-Linux from
http://deb.torproject.org .
Signigicant part of Tor-netwo
On 13/10/11 21:32, unknown wrote:
> In Linux system daemons more secure than user-running programms by design.
I'm not going to respond to all your points. Some are reasonable enough.
But this statement worries me. If we were talking about OpenBSD I'd
still raise an eyebrow, and Linux has a far b
Hi,
since the dropping of Torbutton and suggesting Tor Browser Bundle to use
now, I was a little unhappy to start all Tor-processes as a normal user
in Debian...
Today I've changed the user of the directory tor-browser_en-US and all
it's files to debian-tor with: chown -R debian-tor tor-brow
On 13/10/11 20:19, unknown wrote:
> May be developers just give TBB-Linux users non-default config options: "Use
> system Tor".
> Please, don't enforce to use TBB with local Tor for advanced users!
> Don't ruin a flexibility of transparency tor-firewalling and
> security of using /etc/init.d/tor
>
> > : Hope that Debian packages with separated tor-daemon itself, Tor-browser
> > and
> > : Tor-browser-plugins will be created sometime
> >
> > This is unlikely unless someone else does the work.
>
Dirty workaround recipe:
1. Leave your transparency torifying iptables-firewall rules as is
Using addons, plugins, etc. of ALL sorts is a touchy subject regarding
Tor & anonymity. I'm wondering about use of Firefox themes & addons
like Tab Mix Plus? Any thoughts on the topic?
I give the native theme in Aurora / Firefox (7) low marks for usability,
including overall tabs functions /
Thus spake Marco Bonetti (si...@slackware.it):
> I did some quick tests with TBB on Linux, versions 0.2.33-2 and 0.2.33-3.
> In both cases I get these results:
> 1) https://check.torproject.org/ - no warning
> 2) https://check.torproject.org/?lang=en-US&small=1 - warning
Yes, we made this page wa
I'm all for security research and finding vulnerabilities, in Tor and
otherwise. Attacks that enumerate bridges are of particular interest.
However, the actual IPs discovered have no publication value. Releasing them
is just irresponsible. In order to receive credit, he just needs to publish
the at
I went to French bilingual school through high school. its rusty, but here's
additional info:
He mapped TOR bridges and included them in the attack vector. These IPs will
be published in November. He claims that 30% of entry nodes and bridges run
Windows and are subject to privilege escalat
On Thu, Oct 13, 2011 at 08:59:35AM -0400, and...@torproject.org wrote:
> it sounds like they wrote malware to watch the ram
> in a MS Windows relay and exploit MS Windows weaknesses to read some
> crypto keys.
Also, keep an eye out for claims like "25% of the Tor relays runs
Windows, so if I can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13.10.2011 14:02, Karsten N. wrote:
> Am 13.10.2011 08:39, schrieb William Wrightman:
>> Is moving to Linux one solution?
>
> I agree with Adrew, there is no 100% solution.
>
> But you can do as much as possible to increase your security.
>
> Mov
On 13/10/11 13:30, Achter Lieber wrote:
> "In such a model, making the server too secure can itself be a
> risk."
> Sorry, is it just me? I am amazed at what this sentence is acquiesing
> to. Eventually one cannot run faster, find another place or way to
> hide nor dodge any longer. Just had to get
On 10/13/2011 3:48 AM, Mike Perry wrote:
Thus spake Koh Choon Lin (2choon...@gmail.com):
Hi
the same think happened for me...
after downloading the nwe version and running TBB
aurora come out with the same message of update...
Second that.
What URL are you guys being sent to on check.torpr
Am 13.10.2011 08:39, schrieb William Wrightman:
> Is moving to Linux one solution?
I agree with Adrew, there is no 100% solution.
But you can do as much as possible to increase your security.
Moving to Linux (or OpenBSD ;-) ) is one step.
Full disk encryption is possible. For Debian or Ubuntu y
- Original Message -
From: Jeroen Massar
Sent: 10/11/11 07:34 PM
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
On 2011-10-11 13:48 , Julian Yon wrote: > On 11/10/11 09:07, Eugen Leitl
wrote: >>> At one point or another they just apply rubberho
On Thu, Oct 13, 2011 at 11:30:15AM +0200, g.lo.sub...@gmail.com wrote 0.4K
bytes in 7 lines about:
: French students were able to exploit a vulnerability in Tor network
: Details here (french):
:
http://www.itespresso.fr/securite-it-la-confiance-dans-le-reseau-d-anonymisation-tor-est-ebranlee-472
On 2011-10-13 13:40 , and...@torproject.org wrote:
> On Wed, Oct 12, 2011 at 11:39:12PM -0700, williamwright...@yahoo.com
> wrote 1.1K bytes in 24 lines about: : Keyloggers would, I assume,
> defeat the whole purpose of Tor since the URL would be recorded and
> sent to the fedz.
>
> If you lose co
On Wed, Oct 12, 2011 at 11:39:12PM -0700, williamwright...@yahoo.com wrote 1.1K
bytes in 24 lines about:
: Keyloggers would, I assume, defeat the whole purpose of Tor since the URL
would be recorded and sent to the fedz.
If you lose control over your local computer, tor cannot help you. If
the a
Hi
On Thu, Oct 13, 2011 at 2:42 PM, Koh Choon Lin <2choon...@gmail.com> wrote:
> Hi
>
>> the same think happened for me...
>> after downloading the nwe version and running TBB
>>
>> aurora come out with the same message of update...
>
> Second that.
>
I did a check again and its fixed now. Thanks
10/05/2011 07:02 AM, coderman:
> Relevant to a few threads lately:
>
> "Today, I would like to showcase some of the cool things that one can
> do with the Qubes networking infrastructure, ... the use of multiple
> Net VMs for creating isolated networks, the use of a Proxy VM for
> creating a trans
it is fixed now.
> Date: Thu, 13 Oct 2011 14:42:56 +0800
> From: 2choon...@gmail.com
> To: tor-talk@lists.torproject.org
> Subject: Re: [tor-talk] notice - newer ver available just after install
> latest TBB
>
> Hi
>
> > the same think happened for me...
> > after downloading the nwe
This was discussed before, though in a random thread.
See: http://archives.seul.org/tor/talk/Sep-2011/msg00088.html
Thus spake Roc Admin (onionrou...@gmail.com):
> bump
>
> On Tue, Oct 11, 2011 at 12:15 PM, Roc Admin wrote:
> > Hey, it's been a while so I'm sorry if this has already been
> > d
I did some quick tests with TBB on Linux, versions 0.2.33-2 and 0.2.33-3.
In both cases I get these results:
1) https://check.torproject.org/ - no warning
2) https://check.torproject.org/?lang=en-US&small=1 - warning
3) https://check.torproject.org/?lang=en-US&small=1&uptodate=1 - no warning
2 was
Thus spake Koh Choon Lin (2choon...@gmail.com):
> Hi
>
> > the same think happened for me...
> > after downloading the nwe version and running TBB
> >
> > aurora come out with the same message of update...
>
> Second that.
What URL are you guys being sent to on check.torproject.org? Have you
tr
French students were able to exploit a vulnerability in Tor network
Details here (french):
http://www.itespresso.fr/securite-it-la-confiance-dans-le-reseau-d-anonymisation-tor-est-ebranlee-47287.html/2
___
tor-talk mailing list
tor-talk@lists.torproject.o
29 matches
Mail list logo
