Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 120 121 [122] 123 124 ... 208
1816
Security / Re: troubles with the last 2 Tor security updates
« on: March 28, 2013, 03:23 pm »
Are you extracting the bundle into the same folder, over top of a previous version? You can't do that with the latest bundles, because the update to Firefox 17 is incompatible with Firefox 10, which is in the previous bundles.

You have to extract to a different folder.

Since you are only experiencing this problem with version 4 and up, which is when they switched to FF17, I'm almost certain this is your problem.

1817
Security / Re: any way to tell if your invloved in a MIM attack?
« on: March 28, 2013, 05:03 am »
I should add that there's a trade off between security and convenience. Tech savvy Tor users have asked for JavaScript to be disabled by default, but that would break 80% of clearnet sites. The unsavvy users would think that TorBrowser doesn't work and abandon it. The Tor devs believe that using Tor with JavaScript is better than not using Tor at all, so they distribute it with JavaScript enabled.

It is safer to disable JavaScript, but I personally don't consider it a threat when doing a Google search or browsing Wikipedia, for example. I'd be more worried about obscure web sites.

1818
Technical support / Re: Downloads via TOR
« on: March 28, 2013, 04:37 am »
Thanks for your tips, especially since the file I was trying to download was from your recommended GPG4USB. You're right in that my download problem has nothing to do with TBB. I tried to download other files via a clearnet browser on the same laptop and I run into the same problem. Downloading then disappearing file. Something must be wrong with this machine.

Have you tried going through all the steps outlined in the link I posted above?

I did however download GPG4USB via clearnet connection successfully. However after I downloaded, I went to unzip the file by clicking start_windows. It unzips GPG4USB to a new folder, but the folder is empty. I am unzipping to my laptop, not a USB. I don't know if this matters.

Would you know what is going wrong here? Thanks for the help as usual!

start_windows.exe is in the zip file, which is called gpg4usb-0.3.2.zip, in the latest version. If you were clicking start_windows, then you already extracted the zip file, so I think you're getting confused somewhere along the way. start_windows should start GPG4USB.

I'm wondering if again the files are being deleted or quarantined because of some security policy on your computer.

1819
It's worth noting that at the same time that the FBI is asking for this surveillance power, legislation has been introduced in Congress to update ECPA and require warrants for access to all email (that protection expires after 6 months under the current outdated law). We'll see how this shakes out, but the cloud providers like Google actually want better legal protection of the data stored on their servers so people have more confidence in giving them that data. In Google's view, Google's ability to spy on everything you do is better than the government's ability to spy on everything you do.

1820
Security / Re: any way to tell if your invloved in a MIM attack?
« on: March 28, 2013, 03:45 am »
Can we agree that with a legitimate version of the TBB, even with a MITM, it's very hard to know the exit node of your Tor circuit ?

If an attacker can decrypt your connection, he can read the data. He doesn't need to know your exit node. That is much harder to do with a Tor circuit than with an HTTPS connection. Like the poster above said, HTTPS connections can be intercepted at the exit nodes with widely available programs like sslstrip. However, this interception is noticeable if you are paying attention, because you lose the lock icon. This is why mixed content is bad, it gets us used to losing the lock icon.

I wonder how strong is the encryption used in Tor. Would it really hold long supercomputers ?

Tor uses the TLS protocol with a 128 bit AES stream cipher and 1024 bit RSA keys for authentication. If you want the nitty gritty details, you can read the protocol spec:

https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt

In terms of encrypting the stream, Tor circuits are basically the same as HTTPS connections (they could be made stronger with AES-256 encryption, but AES-128 would take longer than your lifetime to decrypt with today's technology). The important difference between Tor circuits and HTTPS connections, as I said in a previous post, is that it's much harder to break Tor's authentication mechanism.


Oh and finally, can someone confirm that when you connect to a .onion website, the full path to server is encrypted ?

Since you're connecting Tor client to Tor client, yes, the entire path is encrypted.


Concerning clearnet sites through Tor: Why is there so much warnings about accessing clearnets sites over Tor ? Is the end server of a clearnet website able to know your own IP address ? Or it's just because of the flash/scripts and other stuff that can give this information to the end server.

Yeah, it's mostly the dangers of Flash and Java. I think the dangers of JavaScript are exaggerated. Yes, JavaScript can be dangerous too, but it's much better sandboxed inside the browser. Flash and Java are run by plugins that are separate processes and can more easily bypass the browser's proxy settings. That's why NoScript was added to the browser bundle. It blocks Flash and Java even when it is disabled.


In other words: Would a perfectly configured/UpToDate TBB leave any compromising information on a clearnet site ?

Well, if you post your name on the site, there's nothing Tor can do to save you.

But I get what you're saying, and the answer is that the browser bundle is specially configured to greatly reduce data leaks and fingerprinting attacks that could be used to identify you. Nothing is perfect of course, but browsing clearnet with TBB in its default configuration is considered safe enough by the Tor developers that they distribute it that way.

1821
Security / Re: Anonymous mail
« on: March 28, 2013, 03:05 am »
Hey guys !
 The tormail server seems to be down and I need to get some bitcoin in. Does anybody know any other good anonymous mail ???

If you still want an answer to this question, there are no other hidden service email providers. TorMail provides a great service for the community.

However, you can create email accounts over Tor on some clearnet webmail providers. I know that Yahoo Mail, Safe Mail, and Yandex work over Tor. Safe Mail is the best option, because it uses SSL by default and has a simple interface which you can use with JavaScript disabled. You'll want to turn off IP checking, otherwise it will log you out when you switch exit nodes after 10 minutes.

1822
Security / Re: Tormail down?
« on: March 27, 2013, 03:08 pm »
I'm surprised anyone would use a TorMail address with a legitimate business like Green Dot. That just screams "I'm doing illegal shit."

1823
Silk Road discussion / Re: Guy claims to know public IP of SR.
« on: March 27, 2013, 02:55 pm »
OP was trolling that subreddit before. Looks like the people calling him out for it were right.

http://www.reddit.com/r/SilkRoad/comments/1b416m/update_on_the_public_ip_leak_an_object_lesson/

Congratulations for being gullible. My post managed to stay at the top of this subreddit for 24 hours, and it was complete horseshit.

I hope you've learned your lesson to not believe everything you read on the Internet.

I nearly didn't come back to post this, but I actually like the Bitcoin / Silk Road community and don't want to create any significant lack of trust where it's not warranted.

Flame away, I'll never use this account again.

===========


Keep in mind folks, that you should evacuate a building for every bomb threat, even though 90% of them are fake.

You can afford to waste time worrying about many false positives, but in this game (hidden services, network security, illegal shit), you can't afford one false negative.

1824
Security / Re: Tormail down?
« on: March 27, 2013, 02:40 pm »
Yeah, still getting Database Error: Connection Failed.

And of course the only way to get a hold of the admins is to... email admin@tormail.org.

1825
Off topic / Re: Words of Wisdom
« on: March 27, 2013, 03:51 am »
I'm tempted to post the lyrics to Everybody's Free to Wear Sunscreen.

1826
Security / Re: Tormail down?
« on: March 27, 2013, 03:23 am »
Past performance is not always indicative of future results, but yeah, when this happened before, it came back after a few hours.

1827
Security / Re: Tormail down?
« on: March 27, 2013, 03:17 am »
It says the database is down. This has happened before. Usually the admins become aware of it and fix it within a few hours.

1828
Security / Re: Whonix vs Liberte vs Tails
« on: March 27, 2013, 03:03 am »
This is a broad topic and there have been dozens of threads written about Tails and Liberte, so I invite you to search the forum for more detailed info, but here's my opinion.

Whonix is the most secure of the three. In fact, the only thing more secure would be an anonymizing middle box (equivalent to the Whonix Gateway) on a separate physical device from your main computer. However, Whonix is overkill for your purposes. It also consumes the most resources, because you're running 2 VMs simultaneously. Unless you download potentially dangerous files a lot, you don't need it.

Between Tails and Liberte, I've seen a lot of people post about both on the forum, and my general impression is that Liberte is more hardened and advanced in *some* of its security features, while Tails is less buggy and more user friendly. For one thing, Tails uses the standard TorBrowser for web browsing, while Liberte uses a patched and torified version of Epiphany, which is the default browser in the Gnome desktop environment. Unfortunately, I've never heard of Liberte's Epiphany undergoing a thorough security review, and multiple people have complained on the forum of not being able to connect to sites over Tor. I consider it very experimental and potentially unsafe.

TorBrowser is more than just Firefox with Torbutton. It is a heavily patched version of Firefox that disables potentially deanonymizing features (which is why you should only use the TorBrowser for Tor activities, not vanilla Firefox with Torbutton). TorBrowser is the default way of using Tor. Officially built and released by the Tor Project, it has undergone the most security auditing and it the safest (not to mention the most reliable) way to browser web sites over Tor.

Tails also gets regular updates, which fix bugs and security issues, and implement new features. The latest version of Tails came out 3 days ago. The last version of Liberte came out 7 months ago. Liberte almost looks abandoned, while Tails has an active developer community behind it, and it is officially supported by the Tor Project.

If your main use case is browsing SR, I recommend Tails out of those options.

1829
Silk Road discussion / Re: Guy claims to know public IP of SR.
« on: March 27, 2013, 01:58 am »
It wouldn't suprise me if the real servers were safely on a pirate ship anchored out at sea of the coast of UK in international waters.

So you're saying it's hosted on Sealand

https://en.wikipedia.org/wiki/Principality_of_Sealand

which actually did offer "offshore" internet hosting in international waters, but at the time the bandwidth was too low and unreliable.

1830
Ralf Heim is becoming the heir apparent in the line of succession of psychedelic chemistry gods. Shulgin, Nichols, now Heim.

Sure there were others, like William Leonard Pickard and Nick Sand, who innovated on production methods, but these guys created whole new classes of drugs.

This is one reason why the War on Drugs can't be won. We haven't sampled a fraction of the space of possible organic molecules.

Pages: 1 ... 120 121 [122] 123 124 ... 208