Tor under attack

Started by KC9TNH, August 05, 2013, 04:11:56 PM

Previous topic - Next topic

KC9TNH

Take it as you wish, do what you must.

FBI bids to extradite Eric Marques
Story here.

Tor websites down amidst attack
Story here.

Half of Tor sites (including Tormail) compromised
Story here.

Wouldn't be the first time 'porn' was used as the vehicle (including planted files) to facilitate removal of thorns in the side.

Well, at least don't do any online comparison shopping for pressure cookers and backpacks...

https://medium.com/something-like-falling/2e7d13e54724


cockpitbob

OK, I'll show my ignorance.  Who or what's Tor?

KK0G

Quote from: KC9TNH on August 05, 2013, 04:11:56 PM

Well, at least don't do any online comparison shopping for pressure cookers and backpacks...

https://medium.com/something-like-falling/2e7d13e54724




It simply amazes me the number of people who willingly give up their 4th Amendment rights, never, ever, ever, ever, ever, ever,ever, ever, ever, ever, ever, ever, ever, ever, ever, ever, ever,ever, ever, ever, ever, ever, ever, ever, ever, ever, ever, ever,ever, ever, ever, ever, ever, ever, consent to a search............ ever. Make them present probable cause to a judge who can then sign a search warrant if probable cause even exits in the first place (Hint: they likely don't have enough PC to convince a judge to sign a warrant or they wouldn't be asking for your consent).
"Those who would give up essential liberty to purchase temporary safety, deserve neither liberty nor safety" - Benjamin Franklin

KK0G

RadioRay

TOR is/was a way to browse the internet with tremendous anonymity. It was originally developed for Naval intelligence, but quickly spread to other free users.  Basically, you enter the TOR system using an enciphered link and it randomly bounces your browsing off of three other systems, changing ID and enciphering each time.  If you run HTTPSeverywhere, when you exit the TOR to look at the website you wanted, you are encrypted end to end, ofthen under several layers.  TOR automatically changes your 'apparent' exit IP address several times per hour.

This shows you just how badly the feds hate individual privacy.  There is more to this, and there are technical details left out of the more general coverage, like how this Java Script exploit works, and is avoidable, (from what the tech sites are saying.) 


HINT: When 'cloaked' in TOR, never allow Java scripts, never read .pdf and etc. while on-line.




>RR
"When we cannot do the good we would, we must be ready to do the good we can."  ~ Matthew Henry

KC9TNH

364 = the number of times per week that someone's rights are violated by Tony & Ziva. *
It's also the number of cuts (out of 1,000) that we're up to which, by all appearances, is still not enough for the majority of Americans.


* DISCLAIMER:  82% of all internet statistics are made up right at the moment of typing; I read it on the internet.

whoppo

The problem with TOR is that there's no real reliable vetting of who spins up a entry/exit gateway... the concept is sound but the execution is far from air tight. Using https also fails to insure confidentiality. Transparent proxies can effect "man in the middle" attacks against SSL traffic. It would be incredibly naive to think the various government agencies haven't been doing this for a long time.

Reliable anonymity on the Internet is a myth.


@@ BlackBerry 10 Mobile Messaging @@


WA4STO

Quote from: KC9TNH on August 05, 2013, 05:47:23 PM
364 = the number of times per week that someone's rights are violated by Tony & Ziva. *


99 - The percentage of time that the XYL is glued to the 60 incher when Tony & Ziva are on.

Me, I'm safe, right?  Sending everything by Pactor and WINMOR.  No way they can get that stuff.  No I.P. addresses.  Right?  Right?  Sigh...

73 de LH
Bunkered down, I mean hunkered down, somewhere in the cornfields of Nebraska

RadioRay

Well -


The way I see it: Internet is amazingly handy, as is the cell phone the credit card, On-Star in t car and other self financed methods of government surveillance. It's rather like paying to be a 'guest' in a hotel in the old Soviet Union:

a. The hotel is for foreigners only. 

b. Many of the 'bugs' in the room, bathroom, lobby, bar, dinning area, and all telephones are not insects.

c. You will never find all the surveillance devices.

d. The maids , waiters, porters, cleaning ladies (Babushki), all desk personnel and even that hot 'journalist' from 'Germany' you met in the bar works for foreign intelligence.  (BTW - she's probably not from West Germany.)

e. You ARE being tailed - get used to it. [Dress nicely, shave daily, comb your hair & etc. because your picture is being taken often.]

f. Those tailing you are being tailed.

g. The taxi driver is a government informant.

The internet is like that: it's an older, surplus government system called DARPANET, ARPANET originally to allow independent communication between government, academia & industry. When it became 'old' we were allowed to use it and it's become the greatest thing since the printing press BUT, unlike words on paper, this is so amazingly traceable, taint-able and it can and is used to plant 'evidence' onto computers as well as to 'find' evidence there, to make psych profiles of users and to make matrix maps of ALL of your relationships. Combine this with financial trans actions, license plate scanners, all billing like bridge tools, your cellphone locations and conversations ...  You get the picture.

We now live in a Soviet hotel, so do NOT be surprised that you are never allowed a private conversation as long as you are a 'guest' here.

Massa don' like HIS slaves a whisperin' !
>:( >:( >:( >:( >:( >:( >:(


OTOH - Internet is a wonderful tool and the greatest break from the controlled media since the advent of the news paper.




>de RadioRay ..._ ._



"When we cannot do the good we would, we must be ready to do the good we can."  ~ Matthew Henry

RadioRay

We all know that media is a tool for manipulating the 'masses'. As such, there is an agenda.  Here is more actual information about the attack on TOR hidden sites... which appears to be rather more informative than what I have read in the corporate media. It seems that the attack was at least so far, focuses on FireFox17 browser to get it to ID even in TOR, if/when that browser was used on specific websites.

https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting


>de RadioRay ..._ ._
"When we cannot do the good we would, we must be ready to do the good we can."  ~ Matthew Henry

Quietguy

Ray's link led to another link, which led to
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html

QuoteWHO IS AFFECTED:
  In principle, all users of all Tor Browser Bundles earlier than
  the above versions are vulnerable. But in practice, it appears that   only Windows users with vulnerable Firefox versions were actually   exploitable by this attack.

  (If you're not sure what version you have, click on "Help -> About   Torbrowser" and make sure it says Firefox 17.0.7. Here's a video: [7])

  To be clear, while the Firefox vulnerability is cross-platform, the
  attack code is Windows-specific. It appears that TBB users on Linux   and OS X, as well as users of LiveCD systems like Tails, were not   exploited by this attack.

I often thought the anti-trust settlement between Microsoft and DOJ was a sham; the true remedy was to split the applications section from the operating systems section by creating two separate companies.  Or at least implement a firewall between them so the applications people couldn't have access to secret APIs and such.  I have long wondered what DOJ got in return for ignoring industry calls to do just that, and focusing instead on web browser dominance as the main issue.

One of the things that was made more clear by Ray's link was that the attack apparently was aimed at users of hidden services that most of us don't know exist.  That indicates it is unlikely anyone got tagged by clicking the wrong link from a Google search, for example.  You had to know the hidden link was there before you could attempt to reach it.

Wally

gil

The sad truth is that Internet privacy is a thing of the past. It took a long time for governments to catch up, but they have. Next will come regulation and enforcement. I hope I will have found a new low-tech carreer by then.. The worst offenders are the sites we use most, like Google or Facebook. We are all accomplices. I am longing for days without a phone or a computer, good old letters.. At least we have seen the dawn of computers and the Internet; interesting times.. Unfortunately I think they will be more interesting in the future, and not in a good way..

Gil.

RadioRay

#11
Truthfully, when I lived aboard the sailboat as a single man, I had very, very little in the way of an electronic signature, other than at work. Unfortunately got a cell phone because of WORK and a woman... I would surf the web - yes - on breaks and after work at work. It was not my intention to go deep black, but rather just that I ENJOY the simple lifestyle and saving money.  To me, paying high dollar for the latest tech gizmos is like the slave using his own money to buy diamond encrusted chains.

Now - I am all over the web, & using all kinds of things, from phones to etc.  I miss the simplicity of living aboard my boat, news from the shortwave radio and skeds with friends.  E-mail over WINLINK HF as desired.

For me , and our home set-up, the main reason for the anon and other security/privacy shields I have in place is for protection from those who want to steal money, my ID and from nosy people who are not 3 letter types. When I surf the web, I do not want targeted ads, in fact, I set-up my computers to block advertising, most sidebars, cookies, web statistics gathering sites and etc. I came to SEE that literally hundreds of companies are data-mining my computer,  my webbrowsing , my interests, tastes, purchases and etc.  Not three letter, but just corporate domestic espionage.  The fact that they make money from it, either directly or selling their information makes it no less 'domestic espionage' than if anyone else is doing it. Most of this data-mining is invisible, unless you run programs to detect/defeat it.

Like Gil said, total anonymity is a thing of the past - at least if you're living in a 'developed country'. However, there is a certain amount of 'Cyber-Hygiene' that can help tremendously.



>de RadioRay ..._ ._
"When we cannot do the good we would, we must be ready to do the good we can."  ~ Matthew Henry

gil

QuoteI miss the simplicity of living aboard my boat, news from the shortwave radio and skeds with friends.  E-mail over WINLINK HF as desired.

My next objective exactly!

For which I bought a set of plans for: http://www.duckworksmagazine.com/08/designs/fafnir/index.htm

Gil.

Quietguy

#13
Quote from: RadioRay on August 06, 2013, 10:12:42 PMthe main reason for the anon and other security/privacy shields I have in place is for protection from those who want to steal money, my ID and from nosy people who are not 3 letter types.
Ditto.  I am well aware that if any TLAs want something from me there is nothing I can do about it.  However, that doesn't mean I have to expose myself to all the others out there in Internet-land.  I switch off between Mac browsers - Safari, Firefox and Opera depending on what I am doing.  A few years ago I subscribed to a VPN service (Witopia) so I could use motel wifi without worrying about script kiddies sniffing my connection.  I kept the service but for quite awhile I only used it occasionally.  Now I use it all the time - I change my location based on what I am doing or sometimes on a whim.  There's no bandwidth cap, so why not?

A while back I remembered a passage from a book series I read years ago, and I really wish I could remember which book it was in.  It was from the old John D. MacDonald "Travis McGee" series  but there were 21 books in the series and I have no clue which one it was.  The first book was written in 1964 and the last one in 1984, so it was well before Internet tracking/surveillance became an issue.  McGee was annoyed at everybody's attempts to pigeon hole and categorize him, so he got on all the mailing lists he could.  He filled out every coupon and signed up for all the freebies - his comment went something along the lines of "there is such a thing as too much data - if you flood them with too much data they don't know any more about you than if they have no data".  I really wish I could find that, because I would like to be able to quote it correctly.  Of course computing power has grown somewhat since that book was written.

Nostalgic off-topic comment:  I liked the Travis McGee books so much because they describe the Florida I grew up in.  Today's Florida bears no resemblance to my Florida, and it hasn't in years. 

Wally

KC9TNH

Quote from: RadioRay on August 06, 2013, 01:33:14 PMIt's rather like paying to be a 'guest' in a hotel in the old Soviet Union:...
Nice summary of the Moscow Rules.