Re: Vatlator 1.1. released

[Andrew Lewman <andrew@xxxxxxxxxxxxxx>]

On Tue, 21 Sep 2010 11:32:13 +0200
emanuele incremona <emanuele.incremona@xxxxxxxxx> wrote:

> I write to present the new release of "Vatlator", a live cd for
> anonymous browsing.

Hi,

I tried this out today and have some feedback.  It looks like a stock
ubuntu mini mix with tor, polipo, and firefox w/torbutton installed. As
a result, it leaks traffic and information on the network.  This is
bad.  

For example, the iptables config is wide open and set to accept all both
outbound and inbound.  At a minimum, vatlator should transparently
proxy everything through Tor, and otherwise deny any traffic that isn't
going through Tor, like udp, icmp, etc.  iptables should deny or drop
all inbound traffic from outside the OS.

You may want to look at what the TAILS people have been doing do harden
their livecd, https://amnesia.boum.org/.  

Someone started to write this as a guide to help others,
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/LiveCDBestPractices.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B
+1-781-352-0568

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
Skype: lewmanator
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/