[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: critical security vulnaribility fixed in Tor 0.1.2.16

To: or-talk@xxxxxxxxxxxxx
Subject: Re: critical security vulnaribility fixed in Tor 0.1.2.16
From: "vikingserver@xxxxxxxxx" <vikingserver@xxxxxxxxx>
Date: Sat, 04 Aug 2007 13:54:07 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 04 Aug 2007 07:54:37 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=r7MfqGs+elu4ioHAM6HqBP9vvBpgMz2ruI65zJUIUeIuT5q0hYZH649/Z8uQ8KwEB3KZCAqiMCT8i0QH14cFPi62Dy00ejFucrznB02k0Gxh6zRe0hb/c5Y/rnr3AXHJZEH8aPYMTit9IwJZLiZy/v8FQSrE6V1HJMPU/teIAyE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=j844KDcZhnU4W5MYVwjyKBy89c8JjTQIqmrPuyuyI473lHBvVZKn4THkE5oOoasmAeyJWiirTC7ftQC8MGeFEAx0LgpPUpZPsPgEwWIrFaAy6M7/8n7FV3bQwfydD0mkOfXnkWRoEbPSXdQkcguXY8+PRzcdW1lfi3PsNEtF2Vk=
In-reply-to: <4ef5fec60708040425q51472a84m9e7be3255df9d99d@xxxxxxxxxxxxxx>
References: <20070802221918.GF20786@xxxxxxxxxxxxxx> <46B44F87.7000902@xxxxxxxxx> <4ef5fec60708040425q51472a84m9e7be3255df9d99d@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Please describe a little bit. "You're wrong" is not a good answer.
Please describe how someone can reach port 9051 behind a firewall. Or is the attack not done by connecting to the control port 9051? Is it done by connecting to the advertised port? (in my case 995)

/Viking

coderman skrev:

On 8/4/07, vikingserver@xxxxxxxxx <vikingserver@xxxxxxxxx> wrote:

 ...
 To my understanding any Tor client or server behind a well-configured
physical firewall aren't vulnerable to this type of attack.
...
 (Please tell me if I'm wrong.


you're wrong.  upgrade to the latest version (0.1.2.16 or
0.2.0.4-alpha) to avoid this type of attack.

best regards,

Follow-Ups:
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman

References:
- critical security vulnaribility fixed in Tor 0.1.2.16
  - From: vikingserver@xxxxxxxxx
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman

Prev by Author: tor servers communicating to wrong ports
Next by Author: Re: tor servers communicating to wrong ports
Previous by thread: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Next by thread: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Index(es):
- Author
- Thread