maemo.org - Talk
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Nokia N800 (https://talk.maemo.org/forumdisplay.php?f=25)
-   -   Tor (https://talk.maemo.org/showthread.php?t=14741)

Ricky-Lee 2008-01-10 14:30
Re: Tor
 
A live example for people. I would first like to state this cookie has had the first 3 charetors replaced with X's and the last three charectors replaced with X's to make sure no harm comes to the inaccent.

GET /mail/ru/images/logon.gif HTTP/1.1
Host: img.mail.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: image/png,*/*;q=0.5
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Referer: http://mail.ru/
If-Modified-Since: Wed, 02 May 2007 17:31:16 GMT
Cookie: p=XXXDAFj0BXXX; c8=XXXGRwAAAADQEgIAAAAAAd6WAQAAAAAB3wABAXXX; Mpop=XXX9953936:020340704341777119050219091d031b0b 044f6c5150445e000e03091b02007c1f5c484d585b445b105a 545e591f4XXX:XXX@mail.ru:; mrcu=XXX8478471E25D8BC4EE59DBDXXX; t=XXXD1AAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAkGwXXX; c56=XXXPRwAAAAHe/QEAAXXX; Mpopl=XXX760XXX
Connection: close

But this is just a example of how easy the data can be obtained, this was done through a unmodifyed Tor endnode.

BOFH 2008-01-10 14:54
Re: Tor
 
Quote:
Originally Posted by Ricky-Lee (Post 124780)
A live example for people. I would first like to state this cookie has had the first 3 charetors replaced with X's and the last three charectors replaced with X's to make sure no harm comes to the inaccent.

GET /mail/ru/images/logon.gif HTTP/1.1
Host: img.mail.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: image/png,*/*;q=0.5
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Referer: http://mail.ru/
If-Modified-Since: Wed, 02 May 2007 17:31:16 GMT
Cookie: p=XXXDAFj0BXXX; c8=XXXGRwAAAADQEgIAAAAAAd6WAQAAAAAB3wABAXXX; Mpop=XXX9953936:020340704341777119050219091d031b0b 044f6c5150445e000e03091b02007c1f5c484d585b445b105a 545e591f4XXX:XXX@mail.ru:; mrcu=XXX8478471E25D8BC4EE59DBDXXX; t=XXXD1AAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAkGwXXX; c56=XXXPRwAAAAHe/QEAAXXX; Mpopl=XXX760XXX
Connection: close

But this is just a example of how easy the data can be obtained, this was done through a unmodifyed Tor endnode.
And for anybody reading this thinking " I don't use Tor so I'm safe," you can do the same thing VERY easily via either a rouge wireless AP or a rouge client connected to a secure AP.

andyfromtucson 2008-01-12 12:52
Re: Tor
 
Maybe I need to have my tinfoil hat adjusted, but I have always just assumed that Tor was a NSA project to get people with something to hide to funnel all their traffic through NSA sponsored servers. I would be kind of disapointed in the NSA if they didn't do something like this.

free 2008-01-12 15:24
Re: Tor
 
As I said from the start
Quote:
Originally Posted by free
Tor set you a better anonymity, not privacy. Keep this in mind!!
Read TOR manpage. This is stated in clear that TOR brings NO PRIVACY. If people think it does, it's their problem.
Use HTTPS and watch out for popup about wrong certificate.



I don't see the point of dumping packets..
Just launch tcpdump and that's it.. The same can be achieved for the people in an ISP or on a core router.

There's no exploit here, nothing new

brendan 2008-01-12 15:46
Re: Tor
 
Quote:
Originally Posted by andyfromtucson (Post 126096)
Maybe I need to have my tinfoil hat adjusted, but I have always just assumed that Tor was a NSA project to get people with something to hide to funnel all their traffic through NSA sponsored servers. I would be kind of disapointed in the NSA if they didn't do something like this.
i believe the navy started the project and its currently maintained by folks in MIT. many authority groups use it along the lines of pedophile stings and the like.

AFAIK, the NSA and FBI are currently trying to "hack" tor, so that the features of anonymity are rendered useless. from what i get, they haven't been successful.

if you use privoxy effectively, and disable many of the browser add-ons like java and flash, you can mitigate the amount of information available to the sites you connect to.

i run two versions of privoxy on my box. one is forwarded to from squid on the loopback only. the other forwards traffic through tor from the ip.

for the most part the filtering is the same for both instances, but the big difference is that the logging for the second (that routes through tor) is sent to /dev/null. the point is anonymity, so why would i log what gets requested, right?

i have also found a utility called torK from sourceforge.net that allows you to manipulate the tor configuration via GUI. it also manages bandwidth and shows the route through the tor network that your requests make. kinda neat, but one of the issues i keep running into is the cookie based auth that it uses to attach to the instance of tor that is running.

dan 2008-01-12 17:41
Re: Tor
 
Guys,

I have gotten these popups about wrong certificates(maybe one or two), but I get them on my Mac too. I'm new to this so bear with my newbie question. Do I disconnect the browser immediately or do I answer no and continue? lol, Dan

TA-t3 2008-01-14 14:01
Re: Tor
 
As for the original question: I started to port tor for OS2007 a while back, just to see if it could be done out of the box. As it turned out there are a couple of libs it'll need that are not directly available, so I stopped at that point. However, I intend to revisit this later when I get some more time, unless someone beats me to it.

Ricky-Lee 2008-01-17 12:58
Re: Tor
 
It don't seem like any one has done it yet so you will have to keep us up to date on how it goes

free 2008-01-17 20:55
Re: Tor
 
I've recompiled it for our devices, fetch it from the repo below. In case of installation problems, please paste the log. I had to change a few stuffs in the user handling/ removal scripts so that it can install. It will create a user debian-tor for more security.
The default service conf file is in /etc/default/tor. If RUN_DAEMON is set to yes, tor will start when the device starts. Otherwise you'll have to do it manually (/etc/init.d/tor start as root)
We have to make a special configuration with privoxy support.

free 2008-02-14 12:24
Re: Tor
 
http://www.smh.com.au/news/security/...766589522.html

"The hack of the year"
Dumb journalists..


All times are GMT. The time now is 13:32.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8