| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Dec 2007 22:24:19 -1000 From: Peter Besenbruch <prb@...a.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: Compromise of Tor, anonymizing networks/utilities On Saturday 08 December 2007 14:01:28 coderman wrote: > http://www.freehaven.net/anonbib/ > http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ Thanks for the links. > > Having seen good crypto ruined by lousy implementations, I thought it > > timely to remind ourselves of the lesson that implementation is at least > > as important as the underlying theory. > > this is actually a significant aspect for Tor, given that so many > applications and services which were never intended to be anonymized > are now getting sent over the network. the implementation / side > channel issue is huge, and one reason i am such a proponent of the > transparent Tor proxy model where all network traffic is either sent > through Tor or dropped. My goals are a little more modest. I browse using TOR, except for SSL links. Essentially, I want everything I do encrypted, and it wouldn't hurt to anonymize my IP address. I try not to abuse the TOR network with Bittorrent downloads. Given the NSA monitoring of the Internet in real time, I would just as soon make them work for my browsing habits. > it is simply too difficult for most people and/or most applications to > be configured to properly communicate through Tor as a proxy, compared > to simply routing traffic through a transparent Tor proxy. there are > some caveats with this approach, and using multiple VM's is stronger > than host / anon router vm. however, the drawbacks are minor compared > to the risks of vulnerable side channels with an explicit SOCKS or > application protocol layer proxy... My only concern would be with the sturdiness of the TOR network itself. I hope it expands to the point where all traffic could flow through it, but right now, it get pretty bogged down from time to time. > (i should pimp JanusVM here, but you can also configure for *nix easily) > > see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy The Linux instructions are suitably geeky, but straightforward. I tend to use FoxyProxy on Firefox. Right now, I am checking out TorK. I hear its the latest and greatest for configuring things easily on Linux. Unfortunately, I have to compile it, and the list of requirements is a mile long. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists