http://forums.remote-exploit.org/showthread.php?t=12166Originally Posted by Thorn
Many people also don't understand the differences between anonymity, privacy, and security.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
http://forums.remote-exploit.org/showthread.php?t=12166
[FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
[/FONT][/SIZE][/FONT]
Thanks.
That "security problem" is between the chair and keyboard, not with Tor itself. It's one of those things that should be immediately obvious to people if they look at how Tor (or any anonymizer) works. If the traffic itself isn't encrypted, all you've done is move where the traffic is originating.
And many more just don't RTFM!
Thorn
Stop the TSA now! Boycott the airlines.
That's true
Using HTTPS protocol, enabling encryption and re-keying and using true SSL with HTTPS would be advisable.
Your Freedom performs all functions quite well, I'm not sure about Tor to be honest.
[FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
[/FONT][/SIZE][/FONT]
Not to rehash an old post but this may provide a hint,
"Eavesdropping by exit nodes
In September 2007, Dan Egerstad, a Swedish security consultant, revealed that he had intercepted usernames and passwords for a large number of email accounts, by operating and monitoring Tor exit nodes.[6] On November 15, 2007, he was arrested on charges stemming from discovering and publishing this information. As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic which is not encrypted at the application layer, e.g. by SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security.[7]"
Now it may be that he operated the exit node that he could do this. But if one could feed off an exit node and/or MiM/sniff, then it would work.
Source = http://en.wikipedia.org/wiki/Tor_(anonymity_network)
Another old paper = http://www.packetstormsecurity.org/0...on_Hacking.pdf
TOR = Tracking O-Round the world. Most of the time. And sniffable it would seem.
You didn't really think we would let you be invisible did you?
<EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>
Correct me if I'm wrong but I remember(quite a few years ago) as being able to manually do this using wingates.
================================================== ===
Dr. Walter - Depraved linguist, Benevolent troublemaker extraordinaire
================================================== ===
Well if he was looking for a way to protect himself, i would suggest going through
hacked machines. (if he's a blackhat and has access to those). Else he could try
make his own routes through russian anonymous proxies. (good ones hard to find).
Also, to the thread poster, i suggest you read what you can about the Tor network,
and also its security flaws, thus some of the links the other member posted, that's
just my 2 cents of today basicly.
Last note is anyone can function as a bad relay within the Tor network, that's what
makes it potentially "dangerous" to use.
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]
One possible answer at my question could be:
Use TorK as a TOR front end and there you have the following possibilities:
- Always User Server As An Exit
- Try To Use Server As an Exit
- Never Use Server at All
- Never use Country At All
John
oh and a possible reason he may want to do this?
quite a few web sites, come up in whatever language or interract differently depending on what language is spoken from the ip address you are on...
eg: tor's exit node is from china?
google is in chineese...
Personally, I'd do this if I wanted to access websites which blocked a certain country's traffic. Again though you must take what you're accessing and sending through into account ala John's insight, but it is useful nonetheless.
================================================== ===
Dr. Walter - Depraved linguist, Benevolent troublemaker extraordinaire
================================================== ===
Posting Permissions