Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Tor project (plus some other questions)

  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    5

    Tor project (plus some other questions)

    Hello,

    I have quite a few questions, so I'll try not to ramble on for too long...if someone knows the answer to one of my questions but not all, feel free to give me some partial help. I'm fairly new to security, so I've been trying to teach myself a lot of stuff, but these are some questions that I haven't been able to find definitive answers to.

    I'm on Windows 7 Home Premium, running Norton.

    Okay, so my basic situation is: Despite the fact that I'm 19, my dad has decided to monitor everything I do on my laptop (I'm currently in college, but living at home). So I'm trying to set up a general package of security measures that will prevent him from keeping track of what I do (honestly I'm not doing anything that bad, I just have issues with him invading my privacy). He has my laptop password, so he has the ability to install software and stuff on my laptop without me knowing. Here's what I have set up so far: I've used Spybot Search & Destroy, Malwarebytes Anti-Malware, and a little program called kl-detect which claims to detect keyloggers - all came up clean. I access the internet with Google Chrome in Incognito mode, and use the Tor Project for anonymity. Every week or so, I use BleachBit to wipe temporary files, mru lists, etc. and then wipe my free disk space to remove any traces of deleted files. So my first question is: are there any holes in this protection scheme? What else should I be doing to ensure my privacy?

    Now some more specific questions:
    1. I know there are a lot of security problems with the Tor Project, particularly at the exit nodes. Should I be okay as long as I am careful to use SSL for sensitive information?

    And on that subject, when I log into Facebook the default is http, however I read that you can use https just by changing the web address, if the website supports it. The problem is that I have https on the login page, but when I login it takes me to an unsecured page. So are my username and password sent using SSL, or not?

    2. My dad doesn't have them set up yet, but he's planning on putting parental controls on our router (maybe on my computer too, I don't know). People seem to think that the Tor Project or a proxy server will circumvent these, but I'm not sure I understand why. If the parental controls are based on a block list, it seems like it should work. If they scan the content of a page to determine whether to block it, how can a proxy overcome this? Really shouldn't the router be able to see everything that comes through it, even if it doesn't know where it came from? For example, even though the router can't tell I'm getting a page from google.com, can't it see an HTML file that looks like google.com come through? And is it possible for someone to view these pages?

    3. Everyone says that Flash is a major vulnerability in Tor - since I use youtube a lot, this is a bit of a problem. I always assumed that youtube sent me an swf file over the same connection as everything else. But it sounds like Flash establishes its own direct connection between youtube and me? Am I understanding this correctly? Is there any way to overcome this problem?

    In general, I'm primarily concerned with the security of my own computer and the ability to hide my internet traffic within my house - I'm not doing anything illegal, so it doesn't matter if my ISP or people can keep track of what I'm doing. Any advice will be greatly appreciated!

    Thank you very much! I hope I haven't scared you all with the length of this message!

  2. #2
    HYBR|D
    Guest
    The apps your using are pretty decent. i wouldn't waste your time on So called "Keylogger" finding apps, most the time they report false positive's.

    At the end of the day personally i would just download a "LiveCD" burn that to a blank CDR/DVD and use that when you are on the PC.

    It leaves zero info on the computer as it doesn't write to the hard drive/s, it simply loads into the Ram, and upon the system rebooting all info that was written to the Ram is deleted.

    now as far as the router goes, i would assume it is

    Phone Line -> DSL Modem -> Router -> PC/Laptop ???

    if your dad put's a parental control on the Router all you need to do is unplug the PC/Laptop from the router and plug the cable direct into the DSL Modem.

    Or simply do a "Hard Reset" on the router and it will reset back to factory defaults and the parental filter is removed.

    info on LiveCD http://en.wikipedia.org/wiki/Live_CD

    personally the easiest LiveCD to just plug&play would be Ubuntu

    hope i've helped..

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    At the end of the day personally i would just download a "LiveCD" burn that to a blank CDR/DVD and use that when you are on the PC.
    I second this. Even something like DSL [D*mn Small Linux] would work well. If you need a bit more functionality, as HYBR|D said, get Ubuntu. No changes are saved to your PC, but you can save files to a thumbdrive or other external media. This will eliminate the threat of any software keyloggers. It will also [obviously] bypass any client based parental controls.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    HYBR|D
    Guest
    Also if your concerned about having to boot from a CD/DVD, then you can also grab unetbootwin and use that to choose a liveCD distro of choice, and use a usb stick to install & run it from.

    i guess it would be quieter and wouldn't arouse suspicion as you could simply plug it into a usb port and boot directly from the usb stick.

    http://unetbootin.sourceforge.net/

    Just remember to take care when doing the install to device, that you choose the correct drive id, so don't select C:\ were all the windows stuff is located.

    make sure you select the drive id that is assigned to the usb stick when you plug it into the computer while booted in windows. You will need a 2gb usb stick, 4gb will off-course give you more choice.

  5. #5
    Junior Member
    Join Date
    Sep 2010
    Posts
    5
    Thanks for your help! I'll have to experiment with booting from a disc or memory stick and see how it goes. As for the router, I'd rather not mess around with the plugs or reset it...because then it will be obvious that I've been messing around with it. Anyone have any ideas on my other questions?

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    If you can use Tor, or a good proxy, you should be able to get past the router blocks. As I said in another thread, you can set up your own proxy. I run a couple of them on my webserver for times when I am stuck at a conference that insists on filtering my connection. They are also good for testing NAT/firewall rules on webservers in your network. Kind of gives you an outside perspective. I have used Zelune, which works pretty well, and PHProxy, which can be a little shaky, but works for most things.

    People seem to think that the Tor Project or a proxy server will circumvent these, but I'm not sure I understand why.
    The reason it works, is because the router looks at the destination for the traffic. If it sees somesite.com, and that site is on its block list, it will not allow the traffic through. Though if you use a proxy such as h-tunnel.com, the router sees that the traffic is destined for h-tunnel.com, and not somesite.com, so it will let it pass. H-Tunnel then displays somesite.com for you. Hopefully that makes sense.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    Despite the fact that I'm 19, my dad has decided to monitor everything I do on my laptop
    Sounds very like an RIAA/MPAA issue to me? Has your dad received one of "those letters"?

    OK.....utilities:

    1. A-Squared
    2. CCleaner

    Run the cleaner every time you finish on the internet.

    Also..............clear your restore points and create a new one............lots of stuff hides in there

    And don't forget.............no signs of activity is a dead giveaway so be sure to leave something.................

  8. #8
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901

    Wink

    Quote Originally Posted by nihil View Post
    And don't forget.............no signs of activity is a dead giveaway so be sure to leave something.................
    Its those tiny little details that make a real difference, especially if someone is knowingly being 'watched'......
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  9. #9
    Junior Member
    Join Date
    Sep 2010
    Posts
    5
    My dad definitely didn't get one of "those letters"...my total inventory of illegally downloaded things comes to about a dozen songs, and I haven't downloaded anything in a good three years or so.

    Quote Originally Posted by westin View Post
    The reason it works, is because the router looks at the destination for the traffic. If it sees somesite.com, and that site is on its block list, it will not allow the traffic through. Though if you use a proxy such as h-tunnel.com, the router sees that the traffic is destined for h-tunnel.com, and not somesite.com, so it will let it pass. H-Tunnel then displays somesite.com for you. Hopefully that makes sense.
    I understand that the router can't see the true destination of the traffic, but can it see the content? For example, can the router say "oh look, the file "index.html" is being sent from a certain ip address. I'll look inside and see what index.html says." (if routers could talk :P) So, for instance, could the router look at the <TITLE> tag of each html page that comes through, and build a reasonably accurate list of the webpages I've visited that way?

    Thanks everyone for your help!

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I understand that the router can't see the true destination of the traffic, but can it see the content? For example, can the router say "oh look, the file "index.html" is being sent from a certain ip address. I'll look inside and see what index.html says."
    In a word "no". Basically a router is a pretty simple device that just routes traffic.

    What you are describing sounds more like firewall/web browser or network traffic management software to me.

    Having said that, there are some pretty sophisticated bits of kit around these days that could combine functionality. What make/model is it?

Similar Threads

  1. Asking smart questions
    By pwaring in forum Other Tutorials Forum
    Replies: 60
    Last Post: October 22nd, 2004, 09:15 PM
  2. Read Me First
    By Negative in forum The Security Tutorials Forum
    Replies: 12
    Last Post: June 2nd, 2004, 01:09 AM
  3. about mozilla
    By moonstar550 in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: April 10th, 2004, 02:03 AM
  4. Spy Sweeper- OpenSite spyware???
    By al1aprize in forum Spyware / Adware
    Replies: 23
    Last Post: March 15th, 2004, 01:24 AM
  5. Frequent Questions from the Boards
    By valhallen in forum Newbie Security Questions
    Replies: 7
    Last Post: October 6th, 2003, 09:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •