[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wget - secure?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] wget - secure?
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Fri, 20 Apr 2012 14:15:54 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 20 Apr 2012 10:16:07 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=uT+5Tjk9oCXqaBHwu0M0gDWQ8lh16FgaszxDpRG4GT0=; b=Soag0AMAt7AgmCYPcly7jqVa2PHTmPUDRxbPeC601xYTH5MTO3mbSnu4Ey1gtPPTQG TWTaxoeCqLxT5xCZz5/lQhP3ZtA6lOw/WWdQkGZJcVpHO6ceRTpkRUd8yyGRP8SlKOrM c9Ke6lyHON9YI57xAvDdEVbSLKvvytD2wa4HwuA6cuy3H65rFPG/SYEe9ceoLlcTCif6 M7bCaRJM0p5myqSrOXbWlJoJNqTB9EqKte6/Vbk1HyvqoRPSZQW88zuLttIdYzHzLdMr NJ5cqoochLmloiSq0eNzMuneP5vlqLI+SCZEbHCRHCdlpgi2mk7pDABQM3Ev4+drRKwG 1sjg==
In-reply-to: <CACDmtYajXMMPM3MoRo+SSFZ+r8Yk01KnzLUU0w6ULQzDjKErCw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1SKD7H-000A52-7x@xxxxxxxxxxxxxxxxxxxx> <CAMtFrUF8qb8HzSmRucq+bF17zx0MQWdUqeKLebYGhfYwwWRnUA@xxxxxxxxxxxxxx> <CAHsXYDDv16KBGA3_n+BfiyYXCjjr+BpMs9x1Gnb+H4kyVeNpGg@xxxxxxxxxxxxxx> <CABqy+spN7+HYM9da-CRDH7yUwW0YBgDBLdC0Gm23j8BQVy8SLA@xxxxxxxxxxxxxx> <CAHsXYDBkJVGg7ybkkaqX2DhhNXUUbC96JS5tBvo=fKEnVDFYbA@xxxxxxxxxxxxxx> <CACDmtYajXMMPM3MoRo+SSFZ+r8Yk01KnzLUU0w6ULQzDjKErCw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 2012-04-18, Joseph Lorenzo Hall <joehall@xxxxxxxxx> wrote:

> The underlying point is that it would be neat if
> you've done a comprehensive analysis of a specific version of Tor,
> etc., etc.

No, the underlying point is that I have personally seen wget send my
computer's IP address over Tor in an FTP PORT command.  wget is not
â100% safeâ.

The code to send a PORT command is still present in wget 1.13.4.  wget
1.13.4 is not â100% safeâ; anyone who wants to recommend it needs to
specify a particular configuration of wget which is safe.  (Don't
count on a âdefault configurationâ; Linux distributors might have
messed with it, or failed to update it to the version shipped in
recent wget source distributions.)

And that's not even the potential information leak that folks who are
familiar with âanonymous FTPâ would check for first.

Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] wget - secure?
  - From: Maxim Kammerer

References:
- [tor-talk] wget - secure?
  - From: torsiris
- Re: [tor-talk] wget - secure?
  - From: Runa A. Sandvik
- Re: [tor-talk] wget - secure?
  - From: Maxim Kammerer
- Re: [tor-talk] wget - secure?
  - From: Robert Ransom
- Re: [tor-talk] wget - secure?
  - From: Maxim Kammerer
- Re: [tor-talk] wget - secure?
  - From: Joseph Lorenzo Hall

Prev by Author: Re: [tor-talk] wget - secure?
Next by Author: Re: [tor-talk] Problem with ttdnsd-665a534 on Ubuntu 12.04 server
Previous by thread: Re: [tor-talk] wget - secure?
Next by thread: Re: [tor-talk] wget - secure?
Index(es):
- Author
- Thread