[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
From: coderman <coderman@xxxxxxxxx>
Date: Mon, 10 Sep 2007 11:26:22 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 10 Sep 2007 14:26:30 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=TsANw6FYyAJCP6j/Op0korIjW0KkfyY8i0DOCavptyg=; b=GhXxWKqPF5T1cRRxPpH75mVUSnbOvHM/vVikOUkaCgs+OEyF8VmkjtddiJcCzX4IwLSM6TX8QXerte+I/qI4TMk0LMpeWy3967BgXREv8WcuMBfW/kbYoEnYlmr7KOJm9dilQqH/XVPLwGhsJtTUcbWI2Lpt81u4ol3T93pJZJY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=gF7DPtzabRNR4fuCn/wkdIOE85jkDoJIPruZ8RAQ+7JjxshXiB7QNNVtv64cbgLnOaFRE0P8tFsfH/4ywJ+i4I6pSLxCUO2Jg0POBIZkVR+vwH+UpesdiJRzrbZxG7/jF28MCeBNRxc1v1gGZlZzkYrQIFGH4RlAQZrc3EhNpvg=
In-reply-to: <20070910172155.GA18946@xxxxxxxxxxxxxx>
References: <4ef5fec60709100655v6170121fi5bd144a49128e43a@xxxxxxxxxxxxxx> <1bd71ad80709100915m68a5da6v40a91f15eaa29109@xxxxxxxxxxxxxx> <4ef5fec60709100949n494fe7ccxb216032241607187@xxxxxxxxxxxxxx> <20070910172155.GA18946@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 9/10/07, Gabriel Rocha <gabe@xxxxxxxx> wrote:
> ...
> This argument is flawed insofar as when you are using Tor, it is in
> effect one of your ISPs. The correct comparison here would be that, just
> like your ISP can implement man in the middle attacks against you, so
> too, can a Tor operator.

fair enough; i'll suggest that the vast majority of ISP's don't have
the equipment or skill to implement these kinds of MITM attacks.  (can
you imagine trying to play eve against arbitrary customer traffic on
an OC12+ link?  that cisco switch isn't going to cut it...)

they are out to make a profit, and spending non-trivial amounts of
money for something that can only negatively impact the customer
experience is a total loss.  (note that even CALEA had to sweeten the
deal for carriers just for passive eavesdropping capability which is
trivial compared to complex layer MITM attacks)

i'd love to know more about any such ISP implemented MITM
"investigative techniques" that may have been used; i've never heard
of such, but perhaps they are simply uncommon and rarely publicized.

best regards,

Follow-Ups:
- Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
  - From: BlueStar88
- Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
  - From: coderman

References:
- Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
  - From: coderman
- Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
  - From: Michael_google gmail_Gersten
- Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
  - From: coderman
- Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
  - From: Gabriel Rocha

Prev by Author: Re: How can I know my IP address geted by the website?
Next by Author: Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
Previous by thread: Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
Next by thread: Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
Index(es):
- Author
- Thread