On Wed, Dec 21, 2011 at 3:03 AM, Roger Dingledine wrote:
> On Tue, Dec 20, 2011 at 09:12:25PM +, Runa A. Sandvik wrote:
>> [1]: https://fa-blog.torproject.org/
>
> Neat. I'm happy to see this moving forward!
>
> It looks like it pulls an image from a third-party site though:
> "https://fa-blog
> For my own part, I am perfectly fine with the idea of working *with*
> server operators to help them secure their systems, and with making
> sure that only secure systems are on the network. But efforts in this
> area need to work with the foreknowledge and consent of node
> operators, and not a
>> Which is why I stopped running a relay - wy too many people poking
>> at my machine. In retrospect I was probably just incredibly naive,
>> but when I put up a tor relay I was expecting to just relay tor
>> traffic. I did not sign up to be the target of any wannabe pen
>> tester.
>
> For m
On Tue, Dec 20, 2011 at 09:12:25PM +, Runa A. Sandvik wrote:
> [1]: https://fa-blog.torproject.org/
Neat. I'm happy to see this moving forward!
It looks like it pulls an image from a third-party site though:
"https://fa-blog.torproject.org/";>https://s3.amazonaws.com/fa-blog.torproject.org/to
On Dec 20, 2011, at 2:54 PM, "Chris" wrote:
>>> Security trough obscurity doesn't scale, so what' the problem?
>>
>> The problem is that I don't know you, I don't know your intentions,
>> and I haven't given you permission to do a security audit, free or
>> otherwise, on my machine. You need to
On 12/20/11, Chris wrote:
>>> Security trough obscurity doesn't scale, so what' the problem?
>>
>> The problem is that I don't know you, I don't know your intentions,
>> and I haven't given you permission to do a security audit, free or
>> otherwise, on my machine. You need to GET PERMISSION FIRS
On 12/20/11, Fabio Pietrosanti (naif) wrote:
> On 12/20/11 8:06 PM, Nick Mathewson wrote:
>> On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
>> wrote:
>>
Absolutely brilliant. Someone donates to your cause and, if they
don't come up to your standards, you do your best to ensu
Lee wrote on 20.12.2011:
> Which is why I stopped running a relay - wy too many people poking
> at my machine. In retrospect I was probably just incredibly naive,
> but when I put up a tor relay I was expecting to just relay tor
> traffic. I did not sign up to be the target of any wannabe pe
>
> Up to that point I hadn't thought of pranks as unethical behavior or
> an abuse of trust.. but I realized that he was right.
>
> I guess that's my answer to "but everyone else is doing it." It's not
> your server, you do not have permission to scan their machine. The
> people that deserve r
On 12/20/11 8:06 PM, Nick Mathewson wrote:
> On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
> wrote:
>
>>> Absolutely brilliant. Someone donates to your cause and, if they
>>> don't come up to your standards, you do your best to ensure they get
>>> pwned instead of just dropping them
>> Security trough obscurity doesn't scale, so what' the problem?
>
> The problem is that I don't know you, I don't know your intentions,
> and I haven't given you permission to do a security audit, free or
> otherwise, on my machine. You need to GET PERMISSION FIRST or you're
> behaving exactly l
On 12/20/11, Nick Mathewson wrote:
> On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
> wrote:
>
>>> Absolutely brilliant. Someone donates to your cause and, if they
>>> don't come up to your standards, you do your best to ensure they get
>>> pwned instead of just dropping them from the
Hi everyone,
>From https://blog.torproject.org/blog/announcing-tor-farsi-blog:
We are happy to announce the launch of the Tor Farsi blog [1]. The
site is created in response to the great reception of Tor and
circumvention tools amongst Iranian users. The goal of this site is to
be a one-stop plac
Hi everyone,
We have received a lot of good naming suggestions for the Excito B3
Torouter, thank you to everyone who emailed us! We have decided that
the new name for the Excito B3 Torouter is onionbox. An email has gone
out to the lucky winner of a B3, a t-shirt and some stickers, as well
as five
On 12/20/11, Fabio Pietrosanti (naif) wrote:
> On 12/20/11 7:05 PM, Lee wrote:
>>> It would be interesting to analyze it to understand "what's running" on
>>> Tor Exit and Tor Relays, eventually make up some kind of network
>>> monitoring systems like it's done for Enterprise Security Monitoring
>
On Tue, Dec 20, 2011 at 3:37 PM, Nick Mathewson wrote:
>
> I've added this as #4572 at
> https://trac.torproject.org/projects/tor/ticket/4752 ; more thinking
> is needed about the best solution.
Oops; both of those numbers should be "4752".
sorry there,
--
Nick
_
On Fri, Dec 9, 2011 at 5:36 PM, Jim wrote:
> Roger Dingledine wrote:
>
>> o Minor features (new/different config options):
>
> [snip]
>
>> - Slightly change behavior of "list" options (that is, config
>> options that can appear more than once) when they appear both in
>> torrc an
Hi there,
you know, I'm definitely not someone deeply involved in the Tor project, its
development, maintenance and all that. However, from my experience, I've always
thought that everyone donating a relay or exit node to the network is seen as
"potentially helpful" and not as a "potential secur
Hi, all!
Please take this message as a friendly reminder that we would really
prefer that bugs be reported on the bugtracker at trac.torproject.org.
The main advantage of doing this is that once a bug is on the
bugtracker, it can't go away until somebody closes it; and if it gets
closed in error,
On 12/20/11 7:05 PM, Lee wrote:
>> It would be interesting to analyze it to understand "what's running" on
>> Tor Exit and Tor Relays, eventually make up some kind of network
>> monitoring systems like it's done for Enterprise Security Monitoring
>> Systems.
>
> The difference being that enterpris
On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
wrote:
>> Absolutely brilliant. Someone donates to your cause and, if they
>> don't come up to your standards, you do your best to ensure they get
>> pwned instead of just dropping them from the donor list.
>
> If you want to participate
On 12/20/11, Fabio Pietrosanti (naif) wrote:
> I made a big portscan+app fingerprinting of all Tor exit and Relay:
> [.. snip ..]
Which is why I stopped running a relay - wy too many people poking
at my machine. In retrospect I was probably just incredibly naive,
but when I put up a tor rel
Hi,
I have some questions regarding enclaved servers and hope you can help
me finding the answer to these questions. I have tried to find those
answers on this mailing list and also in the TOR documentation and the
wiki, but to no avail. If my questions have been answered over and over
again somew
On Tue, 20 Dec 2011 09:11:29 +0100
"Fabio Pietrosanti (naif)" wrote:
> Or a process like that to always know that the "System/Network"
> security of computers running Tor it's ok, and if not ok "do
> something".
Perhaps you are interested in the exit authority code,
https://gitweb.torproject.org/
On 20/12/11 14:47, Chris wrote:
> Would any of these attacks work with HTML off? I ask mostly because the
> default in GNU/Linux is for these things to be off. Even my web mail
> GNU/Linux interface I write from has HTML off by default.
If you're using a standalone client, you're pretty safe if y
Would any of these attacks work with HTML off? I ask mostly because the
default in GNU/Linux is for these things to be off. Even my web mail
GNU/Linux interface I write from has HTML off by default.
> Thank you for that.
>
> Kmail (Kontact) appears perfectly safe. I also tested vs gmail in my
> f
Thank you for that.
Kmail (Kontact) appears perfectly safe. I also tested vs gmail in my firefox
browser with noscript. No leaks there either.
praedor
On Tuesday, December 20, 2011 07:01:39 AM t...@lists.grepular.com wrote:
> On 20/12/11 04:44, Andrew Lewman wrote:
>
> > This also requires t
On 20/12/11 04:44, Andrew Lewman wrote:
> This also requires the user not being very sophisticated. If you load
> up html emails full of web-bugs, javascript, and your normal browser
> pointed at Tor, then I believe most of what 'SR' says is correct. I
> don't believe this is true for Tor Browser
I made a big portscan+app fingerprinting of all Tor exit and Relay:
wget -q -O /tmp/Tor_ip_list_ALL.csv \
http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
nmap -iL /tmp/Tor_ip_list_ALL.csv -F -sS -sV -PI -T Insane \
-oM Tor-Scan-20-12-2011_00_30.out
You can find the result her
29 matches
Mail list logo
