tor

关于 Tor 项目的几句话 ——

几天前Tor 项目公布了对另一起关于浏览器用户和整个网络去匿名化安全性事故的回应。简言，执法人员能够对使用旧版Ricochet客户端的用户进行去匿名化，因为该客户端存在一个漏洞，暴露了用户使用的 Tor 节点。

但2022年6月发布的 Ricochet-Refresh 客户端由于采用了Tor项目 3 年前宣布的 Vanguards-lite 保护措施，因此不存在这一漏洞。

您可以在下面阅读更多有关该事件的信息：
https://blog.torproject.org/tor-is-still-safe/
https://habr.com/ru/news/845008/

在这一事件的背景下，Tor昨天发布了另一个 alpha 版本的浏览器，并修复了一些漏洞。它主要适用于 WIndows 和 Android，但不重要。

该版本可在此处下载：https://www.torproject.org/download/alpha/

此外，4 天前Tor 浏览器 13.5.4 版本发布，其中 NoScript 已更新至 11.4.37 版本，OpenSSL 已更新至 3.0.15，因此建议大家进行更新：https://blog.torproject.org/new-release-tor-browser-1354/

#tools #Tor

Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: https://forum.torproject.org/t/tor-relays-tor-relays-source-ips-spoofed-to-mass-scan-port-22/15498/14

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: https://delroth.net/posts/spoofed-mass-scan-abuse/

#tor #infosec #cybersecurity #threatintel #privacy

#QuestionsWelcome

In the spirit of a recent post on making the #Fediverse a more welcoming place, renewing a post I had on my old profile but apparently not here: ask me anything! I can't guarantee I'll have all the answers or be fast to reply but lll try to at least say something. Some things I can talk vaguely usefully about include:

#DNS #Google #InfoSec #SRE #SysAdmin #Internet #Unions #Organizing #Baseball #Web #Tor #Privacy and probably a billion more.

I bet the old Usenet forums could tell some stories here.

#internetarchive #horror #tor #privacy #crime #incognito #chrome #jokes #memes #cyber #usenet

ALT

Funding for the @torproject is cut with the axe to the US Agency for Global Media. Tor helps me keep my children hidden from data brokers and is an essential anti-censorship tool for people living under oppressive regimes in countries worldwide.

https://archive.is/lKFCu

hey #tor , how can we help?