[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: More Secure Tor Browsing Through A Virtual Machine in Ubuntu
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: More Secure Tor Browsing Through A Virtual Machine in Ubuntu
- From: 7v5w7go9ub0o <7v5w7go9ub0o@xxxxxxxxx>
- Date: Mon, 24 Aug 2009 09:18:50 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 24 Aug 2009 09:28:26 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:references:in-reply-to; bh=n6kvB+cvvmrS9bgdQZC9uhlzvv8g9Qz4BrIhikV0LUQ=; b=e/6ColZW+ZZ7fDqP9Wbc3iQ89Qn6ckjxs4qU4wvcPOnNbo9K3vESrrSRf7vm2lKRlo kQ/S58Y75obSTz/A8yPVFVuHsV1KNWAg1M5pY6Zih1e1aMgNCIPwfX2zuHnlg/2VT4yM JRoBr1r1YoF4cATxr1HvnWj+GvZizpPdcOhrc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:references:in-reply-to; b=HWo6PZ5UF9Y1fFqjF09jQxmSjFjiMSJaGqeN5b4MiLL4Sfw0f9q3gFK1jU//PhZbNN VEIZ+pDf5liR+vheLWEFx9OG69w1egTy/PP7l8HV6gGWRx5Qzqia9Oxfejgd2dk6W8gE McYtcm4urajaX2wK4udby4OJuBxHM6xJZ48yc=
- In-reply-to: <4A8B97D7.8010502@xxxxxxxxx>
- References: <4A8B97D7.8010502@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
> I would appreciate any feedback people have on this. This is just an
> idea and it's kind of beta, so don't use this unless you know what
> you're doing. PGP key at bottom of message
> More Secure Tor Browsing Through A Virtual Machine in Ubuntu
IMHO, you're on the right track.
Due to limited resources on my laptop, I've used (hardened) chroot jails
to contain tor, my browser, mail client, dhcpd client, etc. - primarily
to contain any successful intruder. Hotspot laptop users are constantly
being probed and subjected to the latest attack scripts.
But ISTM that small, optimized, hardened little VMs would be ideal -
additionally protecting anonymity; perhaps reasonably allowing the use
of JS on your browser within your browser VM.
Your post begs the questions:
1. Which VM software are the most breakout proof, should an attacker
gain access with a root shell?
2. Which VMs' guest software are the most opaque - i.e. have NO
information available to a roving root?
3. Which VMs require the least overhead?
4. IIUC, one can attach a VM to his existing OS, or one can first
install some sort of hypervisor followed by a primary OS, and a series
of secondary OS's? If this is true, what are the pros and cons of either
approach. (I presume that you want a number of VMs - each containing
sensitive or vulnerable applications)