[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 26 Apr 2011 16:51:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Apr 2011 12:51:20 -0400
In-reply-to: <046.5e744a9f86df43922582284384d4b15d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.5e744a9f86df43922582284384d4b15d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2988: information disclosure: operating system and platform
-----------------------+----------------------------------------------------
 Reporter:  tagnaq     |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  normal     |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:             |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------

Comment(by arma):

 Replying to [comment:15 Sebastian]:
 > But as soon as we have that info in, relays' versions are again
 detectable (at least in a certain range of versions) because they will
 advertise different capabilities

 The applied security people I talk to make a big deal out of whether the
 identification is exact or almost exact. The distinction is whether your
 exploit has zero chance of being noticed (because you target only and
 exactly the vulnerable versions) or close-to-zero chance of being noticed.
 So I think they would regard "in a certain range of versions" as a huge
 improvement.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2988#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
Next by Author: Re: [tor-bugs] #2475 [Tor Client]: Split SIZE_T_CEILING, SSIZE_T_CEILING
Previous by thread: Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
Next by thread: Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
Index(es):
- Author
- Thread