Submission + - UK Banks Attempt to Censor Academic Publication (lightbluetouchpaper.org)
Comment I survived 3 weeks of Farmville... (Score 2, Interesting) 33
Comment Re:Tor is hopeless (Score 1) 122
um. If you care about anonymity, you can disable most of that in the browser. I recommend Firefox for the best nuanced control of these parameters.
There's a good guide here:
http://advocacy.globalvoicesonline.org/projects/guide/
yrs,
Shava Nerad
former Tor staff, current volunteer
Comment Re:Global "Lawful Interception" break Tor anyway (Score 1) 122
Actually, if you look at how Tor works, the links are encrypted and tunneled together such that it is nearly impossible to trace a well formed route -- of course, assuming flash or a torrent client aren't giving up your IP within the data packets before it enters or after it exits the cloud.
You should think about learning more about how Tor works at http://torproject.org -- it's a lot more than a simple 3-hop proxy.
yrs,
Shava Nerad
former Tor staff, current volunteer
Comment Re:Pardon my ignorance... but tor for P2P? (Score 1) 122
Sorry, didn't log in on the above comment -- but I'm not really anonymous or cowardly, just slack...:)
Shava
Submission + - New Credit Card Fraud Risk Found by Researchers
Feed The Register: Chip & PIN skewered by paper clip attack (theregister.com)
Academic from Cambridge University have documented possible shortcomings of Chip and PIN machines used to authenticate debit and credit card transactions.
Nokia Unveils Shape Changing Nano-phone Concept 89
Submission + - Using Google to crack MD5 passwords. (lightbluetouchpaper.org) 2
Comment Re:A little perspective for everyone thinking that (Score 1) 428
We deplore the treatment of our German volunteer at the hands of his law enforcement authorities. No one should be subject to such unjustified treatment.
The irony of all of this is that the actual Tor server involved in their putative investigation was 500 miles away in a colocation facility. Did they consult a network security forensics expert at all?
Tor is used by journalists, bloggers, human rights groups and many others for good ends. It acts as a "caller-ID block" mechanism for your Internet address. This is a basic element of Internet privacy, and is used by many individuals around the globe -- including military personnel and law enforcement.
But again and again we have seen Tor server operator volunteers harassed by law enforcement officials who are not adequately trained in Internet security.
We encourage law enforcement to contact us to better understand how Tor can help law enforcement, and how law enforcement can distinguish a Tor server -- which is no more liable, as far as we know, for the traffic that crosses it than any ISP, router, or switch that passes traffic without taking responsibility for the content of the traffic.
Shava Nerad
Development Director
The Tor Project
Comment You don't have to download the file to be infected (Score 3, Interesting) 182
Actually, if you're using an unpatched browser, you might not even have to download the file they offer to be infected. The web page includes Javascript exploits for half a dozen security vulnerabilities, which will install the trojan without user interaction. I've posted an analysis of the malware code on my blog.
Despite what the article says, Storm isn't using Tor (other than trying to exploit it's reputation) and the download isn't a trojaned version of Tor – it's much too small to be that. What's more, the botnet operators appear to have dropped this strategy. While on Thursday the links in the spam went to a fake Tor download page, on Friday they showed a fake YouTube video, and now they show a fake NFL game tracker.