Tuesday, 20 November 2007

transocks - transparently torify all tcp connections on the router

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

transocks from Mike Fisk looks pretty cool.

usage:

#!/bin/sh

# start transocks
/usr/local/sbin/transocks  -p 1211

LOCAL_NET=192.168.0.0/16

# create a new chain 'SOCKSIFY' for it to simplify management
iptables -t nat -X SOCKSIFY
iptables -t nat -N SOCKSIFY

# exceptions that are not to be run through tor
iptables -t nat -A SOCKSIFY -o lo -j RETURN
iptables -t nat -A SOCKSIFY --dst 127.0.0.1 -j RETURN
iptables -t nat -A SOCKSIFY --dst $LOCAL_NET -j RETURN

# avoid feedback loops
iptables -t nat -A SOCKSIFY -m owner --cmd-owner transocks -j RETURN

# log every new connection in the SOCKSIFY-chain
iptables -t nat -A SOCKSIFY -j LOG -p tcp --syn --log-level info \
- --log-prefix "SOCKSify "

# send tcp-connections in the SOCKSIFY-chain to transocks
iptables -t nat -A SOCKSIFY -p tcp -j REDIRECT --to-port 1211

# Socksify traffic leaving this host:
iptables -t nat -A OUTPUT -p tcp --syn -j SOCKSIFY

# Socksify traffic routing through this host:
iptables -t nat -A PREROUTING -p tcp -s $LOCAL_NET --syn -j SOCKSIFY

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6cdLAZ+Vq4hPgARAjDTAKCRkUEB5+nz54xId38XWi2RXKckeQCffJ8i
qKTGU+Fk/w56t+UwiGFd1CQ=
=tq8N
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Sunday, 18 November 2007

Potential Firefox Leak

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As Matt reported in his/her/their blog there are interesting privacy-implications for torbutton-users with the way firefox loads favicons.

Usually I would link but because the article is in torland I repost it here:


Potential Firefox Leak (18 November 2007)
I have discovered a potential leak with any version of firefox (current version as of writing is 2.0.0.9).
The Problem:
Every time you switch tabs, firefox will automatically load the favicon.ico for web sites that did not have one the first time it tried retrieving it (if it's not there the first time, why would it be there later?). If you have multiple tabs open -- some initially loaded with tor enabled (torbutton) and some loaded with tor disabled -- every time you alt+tab or click on a different tab with Tor disabled, firefox is automatically (and without your knowledge) connecting to each site that did NOT have an icon on its initial load. This means that you are revealing your IP address to anyone when you have tor disabled, even when you don't reload any tabs or visit any web sites. Additionally, if you do the inverse (tor enabled with a few non-tor tabs open) you will be revealing that you use tor to any web sites you normally have tor off for.

This problem is not a bug in torbutton, but a bug in firefox that was probably there at one point as a "feature," but is effectively useless.

Workaround:
Close all tabs before toggling torbutton!

Mozilla developers: You can remove that stupid and pointless repeated favicon.ico loading. If it wasn't there 30 seconds ago, why the hell would it be there now? Load it only when the web site is initially loaded and when the tab is refreshed.

- --Matt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD4DBQFHZ6cSLAZ+Vq4hPgARAoRRAKDc9YKJntY2doXyAoMM3O1nmLIpBACVFxXf
OHgxnM3ja9bGS1R0RD5bGg==
=9L31
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels: ,

Sunday, 16 September 2007

Mixminion 0.0.8alpha3 releases

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today version 0.0.8alpha3 of the Mixminion type III remailer was released.

A few bugs that could crash your server where fixed.

- From the announcement:

NEW IN VERSION 0.0.8alpha3:
   - Create .mixminion directory even when we try to lock before accessing
     it: This prevents "update-servers" from crashing when run without
     a .mixminion directory.
   - Don't die when gzip compression on a downloaded directory is corrupt.
   - Don't die when an incoming connection closes before we can get its
     address.
   - Do not believe any path specifier that results in an impossibly short
     path.
   - Bump preferred openssl version to 0.9.8e.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bnLAZ+Vq4hPgARAmmvAKC8XCDGrA3NJGLqCYr4YDew/4DDgQCfalj1
HqloLpkcNSzcXG/3+xXRzd4=
=crc2
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Thursday, 19 July 2007

new Frost-Release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new release of Frost, the anonymous message-board and file-sharing via the Freenet-Project has been released today.

The website states "This release introduces new features and many fixes. You really should update."...so you should do so. ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bbLAZ+Vq4hPgARAs54AJ0Z/6imTJ2zlXKm/77QpHeFWC5glACfe6Pp
/L5+nsKJ+u1kDzeim5W5c5g=
=oMDZ
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Wednesday, 13 June 2007

Hawala - anonymous money transmission

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We/I would like to draw your attention to the following articles
as they address the often discussed topic of anonymous money-transmission.
Advantages:
usually anonymous
better exchange-rates
lower fees
sometimes faster
sometimes more reliable
 (compared to traditional banks)

Names to look for:
Hawala

Synonym:
Hundi
havala

Alternatives:
Asia: chop
 Asia: chit
 Asia: flying money
Kolumbia: The columbian system

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bPLAZ+Vq4hPgARAnDwAKCu4n2uHn7IrX4yRAcp6Ne69OdZ1QCfTY52
Od1eGUAeXoEpL9exuGBq3I0=
=lO0P
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Monday, 11 June 2007

eyeOS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A few days ago we found a very nice service allowing us to use
desktop-like application in a browser anonymously.
It works a bit faster then google and you don't have to have
a google-account with cookies and everything.

You can use it on your own php-webspace if you find
one of the many small free-hosters or use the hosted
eyeOS on the developers page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6atLAZ+Vq4hPgARAquMAKCdj2/Q2EyTbLB4hxo9jG2jVhfEvQCg3ru5
aHkd90igEl6OolhGjDdEvCI=
=KMyq
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

trying for php+mysql-hosting

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To see if we/I can offer anonymous php- and database-backed services
I/we are currently trying to register at 110mb.com .
Registration is only open at random times to limit the number of registrations.
Same with uttx.net.
Thus we will have to wait....


..stay tuned.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6acLAZ+Vq4hPgARAgt4AJ9VG7FVO3cGFxFkLSIUVljnqTaB6QCfRays
6ubZA7hsFGNid8t4uhFaFGY=
=n26D
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)