[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
From: Peter Besenbruch <prb@xxxxxxxx>
Date: Sat, 8 Dec 2007 22:24:19 -1000

On Saturday 08 December 2007 14:01:28 coderman wrote:

> http://www.freehaven.net/anonbib/
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ

Thanks for the links.

> > Having seen good crypto ruined by lousy implementations, I thought it
> > timely to remind ourselves of the lesson that implementation is at least
> > as important as the underlying theory.
>
> this is actually a significant aspect for Tor, given that so many
> applications and services which were never intended to be anonymized
> are now getting sent over the network.  the implementation / side
> channel issue is huge, and one reason i am such a proponent of the
> transparent Tor proxy model where all network traffic is either sent
> through Tor or dropped.

My goals are a little more modest. I browse using TOR, except for SSL links. 
Essentially, I want everything I do encrypted, and it wouldn't hurt to 
anonymize my IP address. I try not to abuse the TOR network with Bittorrent 
downloads. Given the NSA monitoring of the Internet in real time, I would 
just as soon make them work for my browsing habits.

> it is simply too difficult for most people and/or most applications to
> be configured to properly communicate through Tor as a proxy, compared
> to simply routing traffic through a transparent Tor proxy.  there are
> some caveats with this approach, and using multiple VM's is stronger
> than host / anon router vm.  however, the drawbacks are minor compared
> to the risks of vulnerable side channels with an explicit SOCKS or
> application protocol layer proxy...

My only concern would be with the sturdiness of the TOR network itself. I hope 
it expands to the point where all traffic could flow through it, but right 
now, it get pretty bogged down from time to time.

> (i should pimp JanusVM here, but you can also configure for *nix easily)
>
> see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy

The Linux instructions are suitably geeky, but straightforward. I tend to use 
FoxyProxy on Firefox. Right now, I am checking out TorK. I hear its the 
latest and greatest for configuring things easily on Linux. Unfortunately, I 
have to compile it, and the list of requirements is a mile long. ;)

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
  - From: gmaggro
- Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
  - From: gmaggro
- Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
  - From: coderman

Prev by Date: Re: [Full-disclosure] (no subject)
Next by Date: Re: [Full-disclosure] (no subject)
Previous by thread: Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
Next by thread: Re: [Full-disclosure] Compromise of Tor, anonymizing networks/utilities
Index(es):
- Date
- Thread