[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor security on EC2

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor security on EC2
From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
Date: Sat, 4 Feb 2012 21:35:04 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 04 Feb 2012 21:35:18 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=DsbNWBc8xjeO/WXYfhNjpVsy3XJOV1+X/0G32s3R/Y8=; b=MgLVrfVfpW92YcqdOO7NUarcMIhW+l+S0z5LR5qAgriuaqud5kUfwduRJd0nvb6TLP RO/NV6ko5lw+tPf4Cosz0ZdIKjAvT7HkOFFcPGBuPS8PLk7YSSRX1fsKQIlAjkKsLNsl Qyr+8NdBr+MUELwPOX6NWW9jBVJNegDl2SXIU=
In-reply-to: <bb782eba85e44f1dc096c8a090073f64@xxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <bb782eba85e44f1dc096c8a090073f64@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Sat, Feb 4, 2012 at 8:09 PM, Marco GruÃ <kork@xxxxxxxxxxxxxxx> wrote:
> with https://cloud.torproject.org/ actively promoting it,
> I have been thinking about Tor vs. EC2 for a while.

I'm unqualified to say anything about the specific questions wrt VM
system security... but I thought it might be worthwhile to offer a bit
of caution related to risk saliency.

Whatever risks you decide exist in EC2 here probably also exist in
many other services (certainly ones that are similar to EC2, but
probably also in ones that look less like it). Arguably they exist in
all cases where the operators don't have physical control over the
machines.

If these risks are discussed as risks of EC2, rather than more general
risks of virtualization, or systems owned by third parties then people
may avoid EC2 in favour of alternatives which are less secure in
practice.

If I were a hostile force which was able to compromise some hosting
providers but not EC2, raising public concerns about the security of
EC2 specifically would be a smart tactic on my part. :)

Food for thought.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor security on EC2
  - From: Marco GruÃ

References:
- [tor-talk] Tor security on EC2
  - From: Marco GruÃ

Prev by Author: Re: [tor-talk] Scroogle is No More?
Next by Author: Re: [tor-talk] Help users in Iran reach the internet
Previous by thread: Re: [tor-talk] Tor security on EC2
Next by thread: Re: [tor-talk] Tor security on EC2
Index(es):
- Author
- Thread