Building tracking system to nab Tor pedophiles
Dave Jevans
djevans at ironkey.com
Wed Mar 7 07:54:37 UTC 2007
I've seen a VM that routes all traffic over TOR, invisibly to the
O/S. (Not sure what they do about UDP).
Developed at Georgia Tech.
>On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote:
>> > http://blogs.zdnet.com/security/?p=114
>>
>> The approaches suggested won't work if you use Firefox with NoScript set
>> to disable JavaScript, Java, Flash and any other plugins.
>
>You still have to be careful though -- if you enable them for some
>domains that you trust (say, foo.com), then you can still get nailed
>when you visit foo.com from an evil exit node, it inserts some malicious
>applets, and your noscript says "well yeah, but the user typed in foo.com,
>therefore this applet is from foo.com, so I trust it".
>
>So the moral of the story appears to be turn the plugins off, period.
>The broader moral is: don't run code from strangers on your computer. The
>even broader moral would be to lament that we're still not using SSL on
>most Internet interactions. And maybe the fourth is that we (somebody
>here) should work on easy instructions for locking down common OS network
>interfaces so only Tor communications can get through. Or Tor LiveCDs
>that have that already done. Or VM images that can be run as routers
>between your computer and the Internet.
>
>--Roger
More information about the tor-talk
mailing list