log☇︎
1100+ entries in 0.773s
punkman: and the solution is some kind of bulletproof tor blocking https://github.com/blockchain/Checksum/commit/e478bcc03a081c640dfaac36d3c7a8650d2e0b7b
punkman: another tor mitm story http://www.reddit.com/r/Bitcoin/comments/2njz9j/blockchaininfo_wallet_robbed/
BingoBoingo: Sure, but the Tor people hate bringing that up.
asciilifeform: tor project funding wasn't secret, either
BingoBoingo: asciilifeform: One of the tor devs drawing their USG funded paychecks was an operator of one of the "Anonymous" movement twitter accounts
asciilifeform: BingoBoingo: tor drama << i don't get it. what, exactly, was the linked thing about ?
assbot: Why is /puellavulnerata's account all locked up? /hashtag/tor?src=hashcc /yashalevine /paulcarr
BingoBoingo: More Tor Drama: https://twitter.com/Anonyzation/status/537185269011587072 http://dpaste.com/2BRBXP7
mircea_popescu: NAT. We also show that a natural countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the bitcoin network. Our attacks require only a few machines and have been experimentally verified. We propose several countermeasures to mitigate these new attacks.
asciilifeform: 'petertodd jrayhawk: it's interesting how more than one tor dev I've spoken too firmly believes Werner Koch - gnupg maintainer - is a NSA/BND plant with the goal of ensuring gnupg remains unusable (e.g. strong opposition to any attempt to make it into a library)'
gribble: Nick 'adlai', with hostmask 'Adlai!~Adlai@gateway/tor-sasl/adlai', is identified as user 'Adlai', with GPG key id 4D88596A7CDA03F9, key fingerprint FCBC64EFDF1D6C1E4E964AEE4D88596A7CDA03F9, and bitcoin address 13dkw1PtojBW74FN7ERbHqoEvgsTmtARuj
assbot: This Onion, It Smells: Inherent Hazards of the Tor Network | Qntra.net ( http://dpaste.com/28ADNN6.txt )
kakobrekla: demo test: http://qntra.net/2014/11/this-onion-it-smells-inherent-hazards-of-the-tor-network/
assbot: Tor: This Onion Smells - Slashdot
assbot: This Onion, It Smells: Inherent Hazards of the Tor Network | Qntra.net
BingoBoingo: http://qntra.net/2014/11/this-onion-it-smells-inherent-hazards-of-the-tor-network/
mircea_popescu: and which is why as BingoBoingo pointed out earlier, when touched there they react. (the tor people in that case)
assbot: The lulz of today : DDoS attacks, ransom notes, Tor anonimity and other faits d’armes of the retarded generation pe Trilema - Un blog de Mircea Popescu.
mircea_popescu: http://trilema.com/2014/the-lulz-of-today-ddos-attacks-ransom-notes-tor-anonimity-and-other-faits-darmes-of-the-retarded-generation/
assbot: This onion, it smells! http://t.co/OWgxjuDF1F /hashtag/tor?src=hash /ioerror
assbot: How leading Tor developers and advocates tried to smear me after I reported their US Government ties | PandoDaily
BingoBoingo: Smell the onion http://pando.com/2014/11/14/tor-smear/
mircea_popescu: "Recently it was announced that a coalition of government agencies took control of many Tor hidden services. We were as surprised as most of you."
assbot: Thoughts and Concerns about Operation Onymous | The Tor Blog
mircea_popescu: ::later tell sdffsd nobody ever told you tor is not actually safe ? lol.
gribble: Currently authenticated from hostmask Adlai!~Adlai@gateway/tor-sasl/adlai. Trust relationship from user mircea_popescu to user Adlai: Level 1: 1, Level 2: 1 via 1 connections. Graph: http://b-otc.com/stg?source=mircea_popescu&dest=Adlai | WoT data: http://b-otc.com/vrd?nick=Adlai | Rated since: Sat Oct 11 10:15:58 2014
gribble: Nick 'Adlai', with hostmask 'Adlai!~Adlai@gateway/tor-sasl/adlai', is identified as user 'Adlai', with GPG key id 4D88596A7CDA03F9, key fingerprint FCBC64EFDF1D6C1E4E964AEE4D88596A7CDA03F9, and bitcoin address 13dkw1PtojBW74FN7ERbHqoEvgsTmtARuj
asciilifeform: but on the subject of, e.g., tor, they have both words and deeds.
mircea_popescu: asciilifeform something tells me i won't be getting the "mp's blog, first place to announce tor is shit, a year or so ago" all over the "tech" "press". just like i didn't get the "mp forces wikileaks to release unedited cables by publishing the romanian subset" a few years back
asciilifeform found it very surprising that tor survived as a going concern after 'heartbleed'
mircea_popescu: mats_cd03 it didn't take this long, that tor was routinely compromised was an open secret.
mats_cd03: http://thestack.com/chakravarty-tor-traffic-analysis-141114 via /.
dgeats: tor browsers and irc everything
BingoBoingo: Or is that just-Tor
mircea_popescu: is this like the new tor ?
asciilifeform uses tor for non-critical applications
asciilifeform: tor compromise through filled circuit ddos << this is a 'classic', described in academic papers. and i can say for a fact that the 'machine' is still turned on. just last night had a tor client fail to form a circuit, for the first time in many years of semi-regular use.
JorgePasada: Tor sucks though, you almost have to assume either your entrance or exit node (or worse, both) are compromised these days.
dub: i think the learning is (or was since years ago) don't use tor
JorgePasada: Anyone have any good reading on all the stuff that's been happening with tor because of this latest raid thing?
assbot: Silk Road, other Tor “darknet” sites may have been “decloaked” through DDoS | Ars Technica
Naphex: http://arstechnica.com/security/2014/11/silk-road-other-tor-darknet-sites-may-have-been-decloaked-through-ddos/ lmao!
assbot: Darknet Sweep Casts Doubt on Tor Tor Will Be Defeated Again, and Again, and Ag - Pastebin.com
gribble: User 'Adlai', with keyid 4D88596A7CDA03F9, fingerprint FCBC64EFDF1D6C1E4E964AEE4D88596A7CDA03F9, and bitcoin address 13dkw1PtojBW74FN7ERbHqoEvgsTmtARuj, registered on Sat Oct 6 00:55:28 2012, last authed on Sun Nov 9 04:47:12 2014. http://b-otc.com/vg?nick=Adlai . Currently authenticated from hostmask Adlai!~Adlai@gateway/tor-sasl/adlai .
gribble: Nick 'adlai', with hostmask 'Adlai!~Adlai@gateway/tor-sasl/adlai', is identified as user 'Adlai', with GPG key id 4D88596A7CDA03F9, key fingerprint FCBC64EFDF1D6C1E4E964AEE4D88596A7CDA03F9, and bitcoin address 13dkw1PtojBW74FN7ERbHqoEvgsTmtARuj
gribble: Nick 'adlai', with hostmask 'Adlai!~Adlai@gateway/tor-sasl/adlai', is identified as user 'Adlai', with GPG key id None, key fingerprint None, and bitcoin address 13dkw1PtojBW74FN7ERbHqoEvgsTmtARuj
mircea_popescu: dignork: bounce: proposition of CA issued cert for tor hidden service still puzzles me, next stop - yellow pages for black market vendors << nah, it's quite obvious, BingoBoingo has it : us sponsored terrorism.
dignork: bounce: proposition of CA issued cert for tor hidden service still puzzles me, next stop - yellow pages for black market vendors
bounce: ``Andrew Lewman, executive director of the Tor Project, which runs the service, said in an e-mail that it does not condone its use for illegal purposes and that it was unclear how authorities discovered the operators of the illicit sites.'' -- yet even the usg promotes its use to explicitly break the law in other countries. funny how that works.
asciilifeform: '“I am 95 percent certain that they performed a massive de-anonymization attack on Tor hidden servers and were able to shut down all their targeted servers in the U.S., Europe or anywhere else where U.S. law has meaning,” said Nicholas Weaver, a computer science researcher at the University of California, Berkeley.'
asciilifeform shudders, imagining 'tor sex pets'
kakobrekla: arent you all tor sex pets there
asciilifeform: sr1 was, afaik, running heartbleeding tor.
Naphex: hey you gotta figure out as soon as lowlies seen SR1.0 drop, find a dork, put a website on that tor thingie
mircea_popescu: asciilifeform exactly. which is the angle that i stand behind here. usg is using the tor as it was designed to be used, meanwhile lies about how they got the data, and the people accused are too fucking stupid for that not to stick.
Naphex: people just throw shit on tor, and it bunks up
punkman: cazalla, saw an article about some tor search engine that had a big list
TomServo: https://facebookcorewwwi.onion/ <-- el. oh. el. FB on tor.
kakobrekla: tor will patch your binaries.
gribble: Currently authenticated from hostmask Vexual!~amnesia@gateway/tor-sasl/vexual. CAUTION: irc nick differs from otc registered nick. Trust relationship from user assbot to user muxne: Level 1: 0, Level 2: 0 via 2 connections. Graph: http://b-otc.com/stg?source=assbot&dest=muxne | WoT data: http://b-otc.com/vrd?nick=muxne | Rated since: Sun Jun 22 00:11:14 2014
undata: the us govt *made* tor
undata: any more than they can ban tor
undata: mircea_popescu: still I can run tor *here*
undata: I guess tribler's working on a tor fork
assbot: Researchers Finds Malicious Tor Exit Node Adding Malware to Binaries | Threatpost | The first stop for security news
punkman: http://threatpost.com/researcher-finds-tor-exit-node-adding-malware-to-binaries/109008
asciilifeform: set up honeypot, log in (successfully, via various protocols) to it through tor
mircea_popescu: so that after i do that i can write an article about how tor is insecure ?
asciilifeform: mats_cd03, mircea_popescu, et. al: here's a little project i've procrastinated for, ~1 year now, that perhaps someone would like to pick up: read gpg pubkeys (from wherever - wot, keyservs, etc) through tor.
mats_cd03: remember kids, examine the checksum before install. esp with tor involved.
asciilifeform: tor exe diddler finally caught in the wild
mircea_popescu: also, at least at some point there was explicit tor support in the code
assbot: New Paper: Bitcoin over Tor a Bad Idea, Especially bad for SPV | Qntra.net
BingoBoingo: http://qntra.net/2014/10/new-paper-bitcoin-over-tor-a-bad-idea-especially-bad-for-spv/
asciilifeform: at one point, chumpnet miners often went through tor
mircea_popescu: yeah, but tor miner is not sufficientl large.
asciilifeform: mats_cd03: how one would even arrive at the idea of miner connected through tor?
asciilifeform: mats_cd03: the best idiots are the tor-miners.
mats_cd03: http://cryptome.org/2014/10/bitcoin-tor-nope.pdf << heh heh. i once ran an exit node off AWS for a week, scooped 0.2 btc from a shmuck
asciilifeform: http://cryptome.org/2014/10/bitcoin-tor-nope.pdf << sorry no clean version of this
asciilifeform: 'A visitor received this implanted, false message today, promoting the market of certificates of authority and encryption. HTTPS fetishists are trying to coerce us into using the crappy security gambit. Ignore HTTPS monotheists. Online security promises are hokum. This is admitted on sec discussion fora. Pushers of HTTPS, Tor, crypto, secure drops are David Blaines.' (cryptome.)
gribble: WASP - Lone Wolf (122 pages) - White Aryan Resistance: <http://www.resist.com/WASP.pdf>; Wasp (novel) - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Wasp_(novel)>; One man against a whole planet: Eric Frank Russell's Wasp | Tor.com: <http://www.tor.com/blogs/2011/03/one-man-against-a-whole-planet-eric-frank-russells-wasp>
mircea_popescu: thestringpuller you had been ipbanned. i fixt it now. check tor too, if it works now then well... it's not all that tor-y
thestringpuller: yea I can get through to trilema and qntra with tor
thestringpuller: i'm going to retry with tor
gribble: Currently authenticated from hostmask undata!~undata@gateway/tor-sasl/undata. CAUTION: irc nick differs from otc registered nick. Trust relationship from user mats_cd03 to user trinque: Level 1: 0, Level 2: 1 via 1 connections. Graph: http://b-otc.com/stg?source=mats_cd03&dest=trinque | WoT data: http://b-otc.com/vrd?nick=trinque | Rated since: Mon Jun 16 17:53:48 2014
bounce: $site will just 403 anyone coming in on tor because the spamblocking system on the commenting system doesn't take half measures
gribble: Nick 'vexual', with hostmask 'Vexual!~amnesia@gateway/tor-sasl/vexual', is not identified.
assbot: Anonabox - Tor router box is false representation, possibly even scam! : privacy
asciilifeform: https://www.reddit.com/r/privacy/comments/2j9caq/anonabox_tor_router_box_is_false_representation << scamdal
mircea_popescu: BigBitz dat tor node.
mircea_popescu: BigBitz lol. "o no, tor is anon" lol
BigBitz: dat Tor node.
mircea_popescu: ascii_on_tour> and the tor gizmo scam being exposed, will 'wired' et al. make the sc4mz0r give the free publicity back? << "free publicity" only worth something on soem chains
bounce: did you force dns over tor too then?
Adlai: qntra.net works perfectly over tor
ascii_on_tour: and the tor gizmo scam being exposed, will 'wired' et al. make the sc4mz0r give the free publicity back?
assbot: anonabox : a Tor hardware router by August Germar — Kickstarter
diametric: https://www.kickstarter.com/projects/augustgermar/anonabox-a-tor-hardware-router vs http://www.aliexpress.com/item/New-2014-300Mbps-WT3020A-Multiprotocol-Portable-Mini-WIFI-Router-with-USB-data-line-Wireless-Router-wi/1691403728.html
mircea_popescu: devthedev: Bitcointalk: "Due to a recently-discovered flaw in the TLS and SSL protocols, you may want to change your password, especially if you accessed the forum using Tor." <<< what, tor isn't safe ? incredibru.