Silk Road forums

Discussion => Security => Topic started by: windmillz on May 19, 2013, 12:19 am

Title: Security Tails
Post by: windmillz on May 19, 2013, 12:19 am
Today I upgraded my usb stick to the current version Tails .18 After my install/update Iceweasel started giving me this message about being in an unencryped area/site. I am connected to Tor so I am not sure what this means. If anyone can enlighten me I would greatly appreciate it. It happens when I try to connect to SR onion and forums.

This is one message:

The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

-windmillz
Title: Re: Security Tails
Post by: p3nd8s on May 19, 2013, 12:30 am
Run a packet sniffer (i.e. wireshark) between the computer and router and check to see if it is unencrypted.
Title: Re: Security Tails
Post by: windmillz on May 19, 2013, 02:19 am
I found out that the wireless router was on a WEP 128bit encryption, I reset it and configured a WPA 2 Personal, major change... I still get the message that I am unencrytped pages and third party somethings could potentialy see etc.

Also is there a way to install wireshark onto Linux, or a different way to find this information out, besides a sniffer? or is that the most accurate?

Thanks for all the help just want to be secure!!
Title: Re: Security Tails
Post by: astor on May 19, 2013, 02:43 am
Is this the message:

You are about to leave an encrypted page. Information you send or receive from now on could easily be read by a third party.

[Check Box] Alert me whenever I leave an encrypted page for one that isn't encrypted.

Yeah, don't worry about that. Just uncheck the box to get rid of the warning. It's just reminding dumb people not to enter username/password over an HTTP connection. You should only do that over an HTTPS (encrypted) connection, except that's irrelevant on hidden services, because the connection is fully encrypt from the Tor client on your computer to the Tor client on the hidden service server.

You *should* use only HTTPS to enter sensitive info on clearnet sites though.
Title: Re: Security Tails
Post by: windmillz on May 19, 2013, 06:15 am
So 110% don't worry about it especially if im on a service through tor like the SR??

This is the message I get when I try to log into the forums:

The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

with the text box saying to remind me or not....

If you say its to be ignored Ill trust ya
Title: Re: Security Tails
Post by: SelfSovereignty on May 19, 2013, 06:29 am
Your WiFi encryption has nothing to do with that; I'm not familiar with Tails, but if astor's right (which he very nearly always is), then yes.  Totally ignore it AS LONG AS you are on a .onion site.

You MUST NOT ignore it if you aren't though.  If you're on a non-".onion" site, the warning fully applies.  That's very important, hence the caps, heh :)  I take it you only get that message when you try to log in?  Because otherwise something is very fishy, as you aren't actually transmitting anything except the request for a page when you just surf to the forums.  I mean you shouldn't be, anyway, which is why it'd be fishy...
Title: Re: Security Tails
Post by: astor on May 19, 2013, 06:40 am
Yeah, I booted the latest tails in a VM. When TorBrowser / Iceweasel starts, it takes you to https://tails.boum.org, some page on that site., which is using SSL. Immediately I entered my favorite web IP checking site, wtfismyip.com, and got that pop up message. It's just warning you you're going from an encrypted to an unencrypted connection.

The part that Firefox / Iceweasel / TorBrowser / the Tails devs haven't fixed is if you enter an onion address, it IS encrypted the whole way. It's equivalent to an https connection, even though it says http. That's why I said don't worry about it, just disable it and keep in mind that when visiting clearnet sites, the exit node can potentially read anything you send over http, so don't send username/password.
Title: Re: Security Tails
Post by: windmillz on May 19, 2013, 07:18 am
Thanks for the clearification there!! I just am very paraniod in general I just don't want to get caught for something silly that I could have prevented.  So Im safe on ONION sites, even login pages but not through clearnet (I rarley uses it ever anyways, only for joining/connecting (accepting the agreement for connection) a network like at barns and noble for the free WIFI)

Yes, SelfSovereignty It happens every time I log on and its tripping me out man!!! haha

Thanks astor for the advice! As well as every one else feel alot better about the situation!

-windmillz

Title: Re: Security Tails
Post by: astor on May 19, 2013, 07:43 am
Yep, for onion sites, http is safe.

For clearnet sites, you must use https for entering sensitive info.

Now that you know that, disable the warning and don't worry about it. It's a dumb a warning that doesn't understand the complexities of Tor.
Title: Re: Security Tails
Post by: chewpaper on May 23, 2013, 01:23 pm
Today I upgraded my usb stick to the current version Tails .18 After my install/update Iceweasel started giving me this message about being in an unencryped area/site. I am connected to Tor so I am not sure what this means. If anyone can enlighten me I would greatly appreciate it. It happens when I try to connect to SR onion and forums.

This is one message:

The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

-windmillz

Windmillz, I get the same thing after upgrading to 0.18
Unchecking the message doesn't seem to matter as the Iceweasel preferences are not persistent.....so it will happen every time you fire the browser.

If you make   /home/amnesia/.mozilla   persistent, it should go away permanently  :)