Notices


Reply
Thread Tools
wicket's Avatar
Posts: 634 | Thanked: 3,266 times | Joined on May 2010 @ Colombia
#31
Originally Posted by nieldk View Post
Well, well, here is a reason not to use tor browser bundle (and to update my tor if you didnt yet)

http://www.wired.com/2014/08/operation_torpedo/
I remember reading about that vulnerability last year, it was actually a vulnerability in Firefox. The problem was that the version of Firefox bundled with the Tor Browser Bundle was out of date leaving the vulnerability unpatched. This was quite embarrassing for the Tor Project so I'd be surprised if they haven't addressed the issue by now. That being said, personally I don't use the Tor Browser Bundle either, it is possible to route DNS lookups through Tor.

Originally Posted by coderus View Post
lol, again windows compromised. i like linux safety
Originally Posted by coderus View Post
this one is impossible in linux
It's not impossible. I may wrong but IIRC the vulnerability was not platform specific but they targeted Windows as it has the largest user base. There's nothing to stop injection of Linux shellcode in the magneto variable.

I like Linux too but it would by naive to think that you are safe just because you use Linux.
__________________
DebiaN900 - Native Debian on the N900. Deprecated in favour of Maemo Leste.

Maemo Leste for N950 and N9 (currently broken).
Devuan for N950 and N9.

Mobile devices with mainline Linux support - Help needed with documentation.

"Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer
 

The Following User Says Thank You to wicket For This Useful Post:
Guest | Posts: n/a | Thanked: 0 times | Joined on
#32
@wicket You are absolutely correct

1 It was a vulnerability in Firefox
2 It is (was) not platform specific
3 Yes, Windows was the target in the specific case
4 but unpatched Linux was indeed vulnerable
5 Tor did indeed patch
6 Users didnt (all) upgrade, leaving them vulnerable
 

The Following 3 Users Say Thank You to For This Useful Post:
Posts: 96 | Thanked: 80 times | Joined on May 2010
#33
About the DNS, is there some reason why you haven't simply routed DNS requests through the tor proxy as described here: http://superuser.com/questions/10359...oxy-in-firefox I just tried it and it seems to work.

Despite the comments about vulnerabilities in tor-browser I would still like a dedicated tor browser on my Jolla. Long story short, for real security I use whonix and I certainly would't trust anything important to a hand-held device that holds my data unencrypted.
 

The Following User Says Thank You to avidscavenger For This Useful Post:
Posts: 1,293 | Thanked: 4,319 times | Joined on Oct 2014
#34
Originally Posted by avidscavenger View Post
About the DNS, is there some reason why you haven't simply routed DNS requests through the tor proxy as described here: http://superuser.com/questions/10359...oxy-in-firefox I just tried it and it seems to work.

Despite the comments about vulnerabilities in tor-browser I would still like a dedicated tor browser on my Jolla. Long story short, for real security I use whonix and I certainly would't trust anything important to a hand-held device that holds my data unencrypted.
Thank you for this link. This I will update todsy in tor-switch paclage
Also. I will try to update so the icon refreshes. That will take a lipstick refresh, which will have the effect that screen will blank for a few seconds. But that is bearable.

To create a full torbrowser is a bit more difficult. So, no promises ither than I will look into that.
 

The Following 2 Users Say Thank You to nieldk For This Useful Post:
Posts: 1,293 | Thanked: 4,319 times | Joined on Oct 2014
#35
UPDATE

I have updated versions of tor and tor-switch to handle DNS queries (You can lookup .onion adresses).
Also, the icon is now changed as supposed (restarts lipstick service, so screen goes blank and a green light for a few seconds)

Enjoy
https://openrepos.net/content/nieldk/tor-switch
https://openrepos.net/content/nieldk/tor
 

The Following 5 Users Say Thank You to nieldk For This Useful Post:
Posts: 96 | Thanked: 80 times | Joined on May 2010
#36
Could I make another feature request?

Rather than overwriting the pref.js file, could the tor-switch script leave unchanged all settings other than the ones that it needs to modify? Shouldn't be too hard using scripting tools grep/awk/sed, or even as a starting point, it could save the file when starting tor and restore it when stopping tor.
 

The Following 2 Users Say Thank You to avidscavenger For This Useful Post:
Posts: 1,293 | Thanked: 4,319 times | Joined on Oct 2014
#37
Originally Posted by avidscavenger View Post
Could I make another feature request?

Rather than overwriting the pref.js file, could the tor-switch script leave unchanged all settings other than the ones that it needs to modify? Shouldn't be too hard using scripting tools grep/awk/sed, or even as a starting point, it could save the file when starting tor and restore it when stopping tor.
I will make that.
Thanks, a good, and sensible suggestion
 

The Following 2 Users Say Thank You to nieldk For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 01:18.