Full Disclosure mailing list archives
Re: Compromise of Tor, anonymizing networks/utilities
From: Peter Besenbruch <prb () lava net>
Date: Sat, 8 Dec 2007 22:24:19 -1000
On Saturday 08 December 2007 14:01:28 coderman wrote:
http://www.freehaven.net/anonbib/ http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ
Thanks for the links.
Having seen good crypto ruined by lousy implementations, I thought it timely to remind ourselves of the lesson that implementation is at least as important as the underlying theory.this is actually a significant aspect for Tor, given that so many applications and services which were never intended to be anonymized are now getting sent over the network. the implementation / side channel issue is huge, and one reason i am such a proponent of the transparent Tor proxy model where all network traffic is either sent through Tor or dropped.
My goals are a little more modest. I browse using TOR, except for SSL links. Essentially, I want everything I do encrypted, and it wouldn't hurt to anonymize my IP address. I try not to abuse the TOR network with Bittorrent downloads. Given the NSA monitoring of the Internet in real time, I would just as soon make them work for my browsing habits.
it is simply too difficult for most people and/or most applications to be configured to properly communicate through Tor as a proxy, compared to simply routing traffic through a transparent Tor proxy. there are some caveats with this approach, and using multiple VM's is stronger than host / anon router vm. however, the drawbacks are minor compared to the risks of vulnerable side channels with an explicit SOCKS or application protocol layer proxy...
My only concern would be with the sturdiness of the TOR network itself. I hope it expands to the point where all traffic could flow through it, but right now, it get pretty bogged down from time to time.
(i should pimp JanusVM here, but you can also configure for *nix easily) see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy
The Linux instructions are suitably geeky, but straightforward. I tend to use FoxyProxy on Firefox. Right now, I am checking out TorK. I hear its the latest and greatest for configuring things easily on Linux. Unfortunately, I have to compile it, and the list of requirements is a mile long. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 09)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 08)