jm + tor   21

Cloudflare on Tor
quite a reasonable position, I think
tor  cloudflare  abuse  anonymity  captchas 
march 2016 by jm
Privacy Security Talk in TOG – 22nd April @ 7pm – FREE
Dublin is lucky enough to have great speakers pass through town on occasion and on Wednesday the 22nd April 2015, Runa A. Sandvik (@runasand) and Per Thorsheim (@thorsheim) have kindly offered to speak in TOG from 7pm. The format for the evening is a general meet and greet, but both speakers have offered to give a presentation on a topic of their choice. Anyone one interested in privacy, security, journalism, Tor and/or has previously attended a CryptoParty would be wise to attend. Doors are from 7pm and bring any projects with you you would like to share with other attendees. This is a free event, open to the public and no need to book. See you Wednesday.

Runa A. Sandvik is an independent privacy and security researcher, working at the intersection of technology, law and policy. She contributes to The Tor Project, writes for Forbes, and is a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit project.

Per Thorsheim as founder/organizer of PasswordsCon.org, his topic of choice is of course passwords, but in a much bigger context than most people imagine. Passwords, pins, biometrics, 2-factor authentication, security/usability and all the way into surveillance and protecting your health, kids and life itself.
privacy  security  runa-sandvik  per-thorsheim  passwords  tor  truecrypt  tog  via:oisin  events  dublin 
april 2015 by jm
Silk Road Mastermind Ross Ulbricht Convicted of All 7 Charges
The case’s decision will no doubt be seen by many as U.S. law enforcement striking a significant blow against the dark web’s burgeoning drug trade. More broadly, the case represents the limits of cryptographic anonymity tools like Tor and bitcoin against the surveillance powers of the U.S. government. In spite of his use of those crypto tools and others, Ulbricht couldn’t prevent the combined efforts of the FBI, DHS, and IRS from linking his pseudonym to his real-world identity.

But Ulbricht will nonetheless be remembered not just for his conviction, but also for ushering in a new age of online black markets. Today’s leading dark web drug sites like Agora and Evolution offer more narcotics listings than the Silk Road ever did, and have outlived law enforcement’s crackdown on their competitors. Tracking down and prosecuting those new sites’ operators, like prosecuting Ulbricht, will likely require the same intense, multi-year investigations by three-letter agencies.

If the feds do find the administrators of the next generation of dark web drug sites, as they found Ulbricht, don’t expect those online drug lords to let their unencrypted laptops be snatched in a public library, or to have kept assiduous journals of their criminal conspiracies. The Dread Pirate Roberts’ successors have no doubt been watching his trial unfold and learning from his mistakes. And the next guilty verdict may not be so easy.
ross-ulbricht  silk-road  drugs  tor  dark-web  law  convictions 
february 2015 by jm
Warning: Do NOT use my mirrors services until I have reviewed the situation
Things hotting up in TOR-land.
Until I have had the time and information available to review the
situation, I am strongly recommending my mirrors are not used under
any circumstances. If they come back online without a PGP signed
message from myself to further explain the situation, exercise extreme
caution and treat even any items delivered over TLS to be potentially
hostile.
tor  privacy  crackdown  anonymity  seizures  crypto  via:hn 
december 2014 by jm
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED
Since Operation Torpedo [use of a Metasploit side project], there’s evidence the FBI’s anti-Tor capabilities have been rapidly advancing. Torpedo was in November 2012. In late July 2013, computer security experts detected a similar attack through Dark Net websites hosted by a shady ISP called Freedom Hosting—court records have since confirmed it was another FBI operation. For this one, the bureau used custom attack code that exploited a relatively fresh Firefox vulnerability—the hacking equivalent of moving from a bow-and-arrow to a 9-mm pistol. In addition to the IP address, which identifies a household, this code collected the MAC address of the particular computer that infected by the malware.

“In the course of nine months they went from off the shelf Flash techniques that simply took advantage of the lack of proxy protection, to custom-built browser exploits,” says Soghoian. “That’s a pretty amazing growth … The arms race is going to get really nasty, really fast.”
fbi  tor  police  flash  security  privacy  anonymity  darknet  wired  via:bruces 
december 2014 by jm
The FBI Finally Says How It ‘Legally’ Pinpointed Silk Road’s Server
The answer, according to a new filing by the case’s prosecution, is far more mundane: The FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location.
fbi  nsa  silk-road  tor  opsec  dread-pirate-roberts  wired 
september 2014 by jm
NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
DasErste.de has published the relevant XKEYSCORE source code, and if you look closely at the rule definitions, you will see linuxjournal.com/content/linux* listed alongside Tails and Tor. According to an article on DasErste.de, the NSA considers Linux Journal an "extremist forum". This means that merely looking for any Linux content on Linux Journal, not just content about anonymizing software or encryption, is considered suspicious and means your Internet traffic may be stored indefinitely.


This is, sadly, entirely predictable -- that's what happens when you optimize the system for over-sampling, with poor oversight.
false-positives  linuxjournal  linux  terrorism  tor  tails  nsa  surveillance  snooping  xkeyscore  selectors  oversight 
july 2014 by jm
Tor exit node operator prosecuted in Austria
'The operator of an exit node is guilty of complicity, because he enabled others to transmit content of an illegal nature through the service.'

Via Tony Finch.
austria  tor  security  law  liability  internet  tunnelling  eu  via:fanf 
july 2014 by jm
Facebook introduce “Wedge” and “FBOSS"
a new top-of-rack network switch, code-named “Wedge,” and a new Linux-based operating system for that switch, code-named “FBOSS.” These projects break down the hardware and software components of the network stack even further, to provide a new level of visibility, automation, and control in the operation of the network. By combining the hardware and software modules together in new ways, “Wedge” and “FBOSS” depart from current networking design paradigms to leverage our experience in operating hundreds of thousands of servers in our data centers. In other words, our goal with these projects was to make our network look, feel, and operate more like the OCP servers we've already deployed, both in terms of hardware and software.


Sayonara, Cisco, and good riddance.
cisco  juniper  wedge  fboss  facebook  tor  switches  racks  networking  datacenter  routers 
june 2014 by jm
Tor Bridge Relays
The next step in the Turkish twitter-block arms race.
Bridge relays (or "bridges" for short) are Tor relays that aren't listed in the main Tor directory. Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges. If you suspect your access to the Tor network is being blocked, you may want to use the bridge feature of Tor. The addition of bridges to Tor is a step forward in the blocking resistance race. It is perfectly possible that even if your ISP filters the Internet, you do not require a bridge to use Tor. So you should try to use Tor without bridges first, since it might work.
tor  privacy  turkey  bridging  networking  tor-bridges  twitter  filtering  blocking  censorship 
march 2014 by jm
If You Used This Secure Webmail Site, the FBI Has Your Inbox
TorMail was a Tor-based webmail system, and apparently its drives have been imaged and seized by the FBI. More info on the Freedom Hosting seizure:
The connection, if any, between the FBI obtaining Freedom Hosting’s data and apparently launching the malware campaign through TorMail and the other sites isn’t spelled out in the new document. The bureau could have had the cooperation of the French hosting company that Marques leased his servers from. Or it might have set up its own Tor hidden services using the private keys obtained from the seizure, which would allow it to adopt the same .onion addresses used by the original sites.

The French company also hasn’t been identified. But France’s largest hosting company, OVH, announced on July 29, in the middle of the FBI’s then-secret Freedom Hosting seizure, that it would no longer allow Tor software on its servers. A spokesman for the company says he can’t comment on specific cases, and declined to say whether Freedom Hosting was a customer. “Wherever the data center is located, we conduct our activities in conformity with applicable laws, and as a hosting company, we obey search warrants or disclosure orders,” OVH spokesman Benjamin Bongoat told WIRED. “This is all we can say as we usually don’t make any comments on hot topics.”
fbi  freedom-hosting  hosting  tor  tormail  seizures  ovh  colo  servers 
january 2014 by jm
ISPAI responds to TD Patrick O'Donovan's bizarre comments regarding "open source browsers"
ISPAI is rather dismayed and somewhat confused by the recent press release issued by Deputy Patrick O’Donovan (FG). He appears to be asking the Oireachtas Communications Committee (of which he is a member) to investigate: “the matter of tougher controls on the use of open source internet browsers and payment systems”  which he claims “allow users to remain anonymous for illegal trade of drugs weapons and pornography.”

Deputy O’Donovan would do well to ask the advice of industry experts on these matters given that legislating to curtail the use of such legitimate software or services, which may be misused by some, is neither practical nor logical. Whether or not a browser is open source bears no relevance to its ability to be the subject of anonymous use. Indeed, Deputy O’Donovan must surely be confusing and conflating different technical concepts? In tracing illegal activities, Law Enforcement Agencies and co-operating parties will use IP addresses – users’ choice of browser has little relevance to an investigation of criminal activity.

Equally, it may be that the Deputy is uncomfortable with the concept of electronic payment systems but these underpin the digital economy which is bringing enormous benefit to Ireland. Yes, these may be misused by criminals but so are cash and traditional banking services. Restricting the growth of innovative financial services is not the solution to tackling cyber criminals who might be operating what he describes as “online supermarkets for illegal goods.”

Tackling international cybercrime requires more specialist Law Enforcement resources at national level and improved international police cooperation supported by revision of EU legislation relating to obtaining server log evidence existing in other jurisdictions.
ispai  open-source  patrick-o-donovan  fine-gael  press-releases  tor  darknet  crime 
january 2014 by jm
Irish politician calls for ban on "open source browsers"
'Fine Gael TD for Limerick, Patrick O'Donovan has called for tougher controls on the use of open source internet browsers and payment systems which allow users to remain anonymous in the illegal trade of drugs, weapons and pornography.'

Amazing. Yes, this is real.
open-source  clueless  omgwtfbbq  fine-gael  ireland  fail  funny  tor  inept 
january 2014 by jm
Ponies by Kij Johnson | Tor.com
A rather dark short story about little girls, peer pressure, and childhood. no fun for this dad of 3 girls :(

(via Tatu Saloranta)
via:cowtowncoder  writing  fiction  sf  childhood  peer-pressure  tor  ponies 
october 2013 by jm
How the feds took down the Dread Pirate Roberts | Ars Technica
Well-written, comprehensive writeup of the Silk Road takedown, and the libertarian craziness of Ross William Ulbricht, it's alleged owner and operator
silk-road  drugs  crazy  ross-william-ulbricht  fbi  libertarian  murder  tor 
october 2013 by jm
Silk Road busted
This is a pretty good summary of the salient points from the criminal complaint against Ross William Ulbricht -- I'd say it's pretty bad news for any users of the dodgy site, particularly given this:
"During the 60-day period from May 24, 2013 to July 23, 2013, there were approximately 1,217,218 communications sent between Silk Road users through Silk Road's private-message system."


According to the complaint, those are now in the FBI's hands -- likely unencrypted.
crime  silk-road  drugs  busts  tor  ross-william-ulbricht  fbi 
october 2013 by jm
Former NSA and CIA director says terrorists love using Gmail
At one point, Hayden expressed a distaste for online anonymity, saying "The problem I have with the Internet is that it's anonymous." But he noted, there is a struggle over that issue even inside government. The issue came to a head during the Arab Spring movement when the State Department was funding technology [presumably Tor?] to protect the anonymity of activists so governments could not track down or repress their voices.

"We have a very difficult time with this," Hayden said. He then asked, "is our vision of the World Wide Web the global digital commons -- at this point you should see butterflies flying here and soft background meadow-like music -- or a global free fire zone?" Given that Hayden also compared the Internet to the wild west and Somalia, Hayden clearly leans toward the "global free fire zone" vision of the Internet.


well, that's a good analogy for where we're going -- a global free-fire zone.
gmail  cia  nsa  surveillance  michael-hayden  security  snooping  law  tor  arab-spring 
september 2013 by jm
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.
cipav  fbi  tor  malware  spyware  security  wired 
september 2013 by jm
One Year Later, the Results of Tor Books UK Going DRM-Free
As it is, we’ve seen no discernible increase in piracy on any of our titles, despite them being DRM-free for nearly a year.
tor  ebooks  drm  piracy  copy-protection  books 
may 2013 by jm
Detecting Certificate Authority compromises and web browser collusion | The Tor Blog
'If I had to make a bet, I'd wager that an attacker was able to issue high value [SSL] certificates, probably by compromising [the USERTRUST SSL certificate authority] in some manner, this was discovered sometime before the revocation date, each certificate was revoked, the vendors notified, the patches were written, and binary builds kicked off - end users are probably still updating and thus many people are vulnerable to the failure that is the CRL and OCSP method for revocation.' It seems addons.mozilla.org was one of the bogus certs acquired. Major ouch. Thanks to EFF/Tor et al for investigating this -- SSL cert revocation is a shambles
security  ssl  tls  certificates  ca  revocation  crypto  exploits  eff  tor  comodo  usertrust  from delicious
march 2011 by jm
Draft Functional Spec of Hadopi "securisation" software
Crazy suggestions leaked from the French anti-piracy authority. Mandatory host-based and router-based anti-piracy software and firmware with blocklists of suspect keywords, suspicious applications, TCP ports, protocols; detect suspicious apps installed; detect use of open wifi; detect use of anti-filtering/anti-blocking "workarounds" (ie. VPNs and Tor). Log all this to a dual journal, one of which will be encrypted using key escrow (presumably for use in prosecutions), retaining data for a year. Basically, a mandatory snooping infrastructure. Where would this leave Macs and Linux for French users?
hadopi  piracy  filtering  snooping  big-brother  1984  via:adulau  vpn  tor  blocklists  from delicious
july 2010 by jm

related tags

abuse  anonymity  arab-spring  austria  big-brother  blocking  blocklists  books  bridging  busts  ca  captchas  censorship  certificates  childhood  cia  cipav  cisco  cloudflare  clueless  colo  comodo  convictions  copy-protection  crackdown  crazy  crime  crypto  dark-web  darknet  datacenter  dread-pirate-roberts  drm  drugs  dublin  ebooks  eff  eu  events  exploits  facebook  fail  false-positives  fbi  fboss  fiction  filtering  fine-gael  flash  freedom-hosting  funny  gmail  hadopi  hosting  inept  internet  ireland  ispai  juniper  law  liability  libertarian  linux  linuxjournal  malware  michael-hayden  murder  networking  nsa  omgwtfbbq  open-source  opsec  oversight  ovh  passwords  patrick-o-donovan  peer-pressure  per-thorsheim  piracy  police  ponies  press-releases  privacy  racks  revocation  ross-ulbricht  ross-william-ulbricht  routers  runa-sandvik  security  seizures  selectors  servers  sf  silk-road  snooping  spyware  ssl  surveillance  switches  tails  terrorism  tls  tog  tor  tor-bridges  tormail  truecrypt  tunnelling  turkey  twitter  usertrust  via:adulau  via:bruces  via:cowtowncoder  via:fanf  via:hn  via:oisin  vpn  wedge  wired  writing  xkeyscore 

Copy this bookmark:



description:


tags: