[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Building tracking system to nab Tor pedophiles
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Building tracking system to nab Tor pedophiles
- From: Starshadow <starshadow10101@xxxxxxxxx>
- Date: Wed, 07 Mar 2007 00:55:45 -0500
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Wed, 07 Mar 2007 00:55:31 -0500
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=etKngj5edLJKryz/AS5Q9xKCxVIBGxt/FKH7syO1+ynYdcCxuPFR44Gi6OMikaK2V3T7OaUoT5mySE1rb0RoawCcZFJ5LYv+HVwjlQ0Qf2RKDbLVBhteEXn69d/SAbVtnGMYCHa0BvKCBAyUesSw6kz4KJOEbWkngWUjHhzgl44=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=A1c7SZyd2fWCN/c0KOhFVMyPjrF/JOzJmP1+Sb3dufIz7zpKCtqaZGMoEC+Nw2gw7HflGA4aHQPINb/g5rBMVy3BgajgaLdcGiRGB2J1cs+uiGEgp8L1Gwfr3XXG+dweqTZ1aGeXDd8Or4Wsdq4op1K7xcCd8FaWDL0rMHJ/Bi4=
- In-reply-to: <1bd71ad80703062146k6251ff2r851bf5d27a43a31f@mail.gmail.com>
- References: <20070306.212839.5614.2379109@webmail02.lax.untd.com> <1bd71ad80703062146k6251ff2r851bf5d27a43a31f@mail.gmail.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 1.5.0.10 (Windows/20070221)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Also note that browsing with Firefox using the NoScript
http://noscript.net/ extension renders this attack and most others
useless, since that java applet never gets executed.
Michael_google gmail_Gersten wrote:
> Well, first, this is just the normal exit node exposure of tor.
>
> The exit node in your circuit gets to see the raw communication
> between you and your destination. If you are using an SSL channel
> (SSH, https, etc) then nothing is a problem. Otherwise, the exit node
> can do things like spy on usernames and passwords, etc.
>
> There are already sites that modify the HTML of web pages going
> through them -- I've had scripts munged on some sites, for example --
> and this is just another case of that.
>
> Now, I believe tor allows you do exclude nodes from ever being used as
> exit nodes.
>
> On 3/6/07, Fergie <fergdawg@xxxxxxxxxxx> wrote:
>> Hmmm.
>>
>> http://blogs.zdnet.com/security/?p=114
>>
>> Comments?
>>
>>
>> --
>> "Fergie", a.k.a. Paul Ferguson
>> Engineering Architecture for the Internet
>> fergdawg(at)netzero.net
>> ferg's tech blog: http://fergdawg.blogspot.com/
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iQIVAwUBRe5T4KYAM/AiUno8AQKfoA//ZCEtnh7VsfiuaZFXCbQ89u0Jyqqo2WKy
JXp2xt2PVYDSFnVuMdu7fIPjtlujG1nVNZOlGo/rffXmJDYU0+enwARNtkif9aKr
cspnqRKVToL8hvPLOgGjeTnxFNcXXAXJGzKwQyP4I0x2S8fsKGpE0dRUeFSKwcz4
78e44jd9K6gq6wFGDR7mtZf9xTvwb2O5k4ltass0D3qzQBIm/+tvkGyLDTkZ9gBo
/3VN56iax6xD+/lFK7uRL5BaJ5UriX4RwvsHB+CZYLv+hYo2VRdNTV3Y6gAj2E6i
Fs1sPwRFprHqJhBpb7ggLvdNGCeaFmzDUI7Zwg6OVjxpPfCW1kd/mdulMIoTwAvx
pPdbyuTfQ9uBAuqLLh4sV2GyXFmIyLDSEaTpCyCGJEiZ8J40d5AdoffPL7PK4FXe
Edg0OLHmG3qnKS/DrmE/R9KrqAynb+IUb3f3IcEe/fBT72Y36Ugbw0hMhc5YUcYY
u/gTeAYgLQpveWGof7w8DA8Y3er5j/rNJ0CKMb5JPfaj7eArxbN5YWQDZabYP2T8
rtbTo9kml2g8LltbzmH5wlrpVqt7n3+u49aq+2/Y5X1nc3D/JZEQ0S40aNTotr+V
XWE0mBHORC9JF8ugcJiejI9p8x7sSryY3fNk9Ub6cpbvRaKDL0GCD1o5glIGliML
y/Z5eYky5aU=
=Pei3
-----END PGP SIGNATURE-----