[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: The dh small subgroup confinement attack and Tor
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: The dh small subgroup confinement attack and Tor
- From: Freemor <freemor@xxxxxxxxx>
- Date: Sun, 9 Aug 2009 10:02:42 -0300
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 09 Aug 2009 09:03:00 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:face:mime-version :content-type; bh=qH5fKe/ubvlvAFPF7aTlSHQ0GVhvM2y8oJK6cb9fGBQ=; b=x7bRffdEUwsoyzyTKsZ/ak2Z4m3PjvzeEXvbGZKbgy4H6/BmYsYZ0aJ2RJhQ4w1K4K ilQy0wgKe3hJ8XZvr5KYZxXUfgs+zqS/vkn36bZ8liDTdduKkLI+uxAhWVsmamsTcAxe 0GvWmpg6ZBjvMOGm3aDGfNsq0AFL1bGcrXw0g=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :face:mime-version:content-type; b=DiEFfTM5kzk9/vIvEmzGSJcIx0bLuIZXKz/EjiIE9cSIQL27RWJRVYGUUbtUoYVCIy rPDEd8G/jTkBXuGRgp+vqpL8qa1UV3ZWYej6PXAPo93Zsh0L1fDnO2oo7Kq4KP8K2jFG 4UIjYzHaVTr3kDF8jddxmOH/W3n7UHdA+3E/U=
- Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXn2K356bi4xY5EMR+GuGqSkWzK+eFKflhGAAABqElEQVQ4jY3SzW7bMAwAYEqbexZToGdXiXseyvg+LG7Pjg32nGSr3v8RSlLyT4NmKAEDBr+QtKjA6ymlhp5SSlFehlTiHzx9DQnS/+Cd0i24WfGqr3epmgEKvKV0AkQfp7QDqTGozygRLB9WcMEcXvIIAFigdwWCVq4BJwB9ZhgfF3BaUODCeAWuwLACWMNxBV7xK4Bwo8JAQiHNHwU1TGHgtqTzw0jUL/CQTu7oSc5+37sQJzgLnDGddIdhEwFDyO1QdzCM9AzgWVrxUMYobIbLD2Lmu7RtmeNSgfxOkmne/gr3PoOts2F65hwDQD/DBmLkx4eGo+YlfIwZXGyiO1dNjDWC93HXdQbVMUgGsRlq2YmmZ5Csm5ZleYNgUG43+G4GqDRZRbuuUtDZkiu7WrBmYOlDZ1/XLHeOudNhX8AF+XQ5MYaYO5EepmY+5j+TzN5NUEst86/PnXT4n58KrZMmjUyvrkD/o9oq8Ay/M7S5U9VeV5AdYjPSArsMNl6udg0vCjIet7SCTqAVIPm1xDJDHquY4lvQrYH2stoJRvocGQ57uo69wAeDBdMp0Qij8AAAAABJRU5ErkJggg==
- In-reply-to: <308266.12670.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <4A7CB6AD.60604@xxxxxxxxx> <308266.12670.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Sun, 9 Aug 2009 04:53:15 -0700 (PDT)
Curious Kid <letsshareinformation@xxxxxxxxx> wrote:
>
> Maybe not a good week.
>
> Browser flaws expose users to man-in-the-middle attacks
> http://blogs.zdnet.com/security/?p=3950
>
> Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS
> Deployments
> http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
>
>
>
>
Interesting paper thanks for posting the link to it. I've given it a
quick once over and from what I can see all variations of this attack
require scripting of one sort or another. Since the recommended way to
run a Browser on Tor is with ALL scripting disabled, this shouldn't
effect people that are configured correctly. Of greater concern for me
is if NoScript which I use for my non Tor browsing would catch this or
not. Does anyone know if NoScript relies on the browser for the context
of a frame or does it check the origin it self?
--
freemor@xxxxxxxxx
This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
Attachment:
signature.asc
Description: PGP signature