[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] janusvm still safe?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] janusvm still safe?
From: hmoh@xxxxxxxxxxxxx
Date: Wed, 21 Dec 2011 08:19:58 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Dec 2011 08:20:13 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=N1-0105; d=Safe-mail.net; b=kFM0i8fHXULzHW4l6BtVhJNIpmrlwt/LoHFF1Bqnr/EfY/vhnYCJ4WDi3m+fDzFc 37NxadWFDkVZ5Y1v7M6biNN/jfd4YqM7Hf8/axVsksQwuiJx328KqaYHn6Ypu+b5 gaytygSojGjar3PdsrrTxcXA75shPgNRh3itPTBdNhg=;
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Something come up to my mind... Vulnerabilitys could be,
- the user forgets to start the VPN, or
- the VPN connection breaks down for some reason (Windows bug or crash), traffic continues without Tor

I like the basic idea of JanusVM. I can say nothing about the concept of the deployed virtual machine but those vulnerabilitys I posted here could be fixed using a software firewall in whitelisting mode. Everything incoming and outgoing blocked expect the VPN connection.

Furthermore the VPN connection and the firewall should be forced enabled by an administrator and all applications should run as user. Not sure if that's best possible. Probable the Tor transparent proxy approach [1] is even better.

What I liked about JanusVM is that it's very easy to install and use.

[1] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] janusvm still safe?
  - From: Chris
- Re: [tor-talk] janusvm still safe?
  - From: Praedor

Prev by Author: Re: [tor-talk] janusvm still safe?
Next by Author: Re: [tor-talk] Tor transparent proxy implementation on Windows
Previous by thread: Re: [tor-talk] janusvm still safe?
Next by thread: Re: [tor-talk] janusvm still safe?
Index(es):
- Author
- Thread