[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cancelled black hat talk



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> On Wed, Jul 30, 2014 at 10:05:20PM +0000, Nusenu wrote:
>> Surprised to see the fix of a bug that was worth a tor security 
>> advisory to be in the "Minor bugfixes" section of the changelog.
> 
> The security advisory was that somebody had attacked real Tor users
> and perhaps deanonymized some of them, and here's what we know.
> 
> The particular traffic confirmation channel they used wasn't a big
> deal. (Or said another way, fixing it doesn't make a big impact on
> whether this sort of attack is possible.)

Thanks for your quick clarification.

If I understand you correctly that means we should assume this type of
attack to be "easy" and this fix merely closes one of many easy ways
to exploit traffic confirmation?

So I guess one of the best bets we have is better response to doctor
reports?  (aka better detection)

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT2Xg6AAoJEDcK3SCCSvoeN2sP/0Mnp1gU8YG5gK2pJSV0EySu
qrO+kxPlbih7lTEr1NjdMrH5QO/ZGKOZfDTAimPpvrRcDddUskcoD/v8wGi5R+K9
FLK2xKgyBbcpTtCuOJvLqVseobOEKoLFKbd/lO0kj81hcO9P92KQ8c9HUkBJYn3f
J6QQrpEj1EVl1XTeToYknZrOyUV8Fc9Z0Ginhc4WAC5r+pWPNHU/i0UZUBraOyQQ
D1a0OSHVnuvC13dJYJtDrczCG3wfWj88vpQ6TXLzjWGRfYL0MBv+nOGLSwiYcr4Z
5faqGwPMYhfr6EEe+kdLNZ2cKte5p6PsKUY2RetTTUSdDQMqMMcPAeZZgNYFzbYa
JWOUkZYQ9SCV6VAaLP8omN2kSdO7wltoTrhWQVU/HkTIoxL8x+1aasjNQMOywHAl
gi/L3sIwsH4q94+bNfTuWcXoiqGTlVyab+/uWfhY4ewEli3lQZk51gGLBle+qigJ
QCVBhIjUxITBEAqdD5hlet9lqg2eAyGhg9Z5CpBHwuLXIQXD7GKiNueikmQdfPZW
BgfZQZJR7cI7zzvHleK1LX+Pqx8zrKQxRs424bgwfQZxlPPrefVOtTFQP7H8kvJ9
OrSdkLdTJpZsWru9fJxujXYbSHfCQeWNsMnDOPNLVl3KZUUGwdNDlAZq4oKxcnGW
aJBpcsDIYHiHfcCh84m4
=ijrM
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk