[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: critical security vulnaribility fixed in Tor 0.1.2.16

To: or-talk@xxxxxxxxxxxxx
Subject: Re: critical security vulnaribility fixed in Tor 0.1.2.16
From: "vikingserver@xxxxxxxxx" <vikingserver@xxxxxxxxx>
Date: Sat, 04 Aug 2007 16:40:04 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 04 Aug 2007 10:40:33 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=evbyp6YrlkyIuWlcu16/fouhNWLhzgfPGpm980MOysOexdUOmn6z0e+W15xwbUVhH7bLrnK7EUZhr4ZhI/gkbPksUy/9alNQ3zcdKxRBp1AZzMQpOH6OfqXkEqi1aFTdLBDXby7E2baev6vW7YJCDQurYRImaIac4K/y/jo3sH4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=GYlRrhb5hjzpwIt2yFh12l5lrRbL+fUVSuD37IGgD/gg/8FELIf6v4qAaD3Cr3s6ywYrGm6zFQZ/l4Lr4kiqy70oiuuYkDI/3X4IdKNVxk57S6+HMW96qHvhj0qHZXMfEUYYibvSLyHLABAOx260/hBnw526LlrNEtj9pyZh0Kk=
In-reply-to: <4ef5fec60708040548u28846a3agc155044a90486d6c@xxxxxxxxxxxxxx>
References: <20070802221918.GF20786@xxxxxxxxxxxxxx> <46B44F87.7000902@xxxxxxxxx> <4ef5fec60708040425q51472a84m9e7be3255df9d99d@xxxxxxxxxxxxxx> <46B468DF.9030100@xxxxxxxxx> <4ef5fec60708040504x40df49deh418fa5a103261da1@xxxxxxxxxxxxxx> <46B473F6.4010604@xxxxxxxxx> <4ef5fec60708040548u28846a3agc155044a90486d6c@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Perhaps someone else has an answer for this.
Nothing in coderman's short answers have made this clear to me. The answers look rather confusing to me, sorry.
How could someone remotely access port 9051 on my computer protected by a physical firewall, when the firewall is blocking access to that port?

Someone else that knows more about this, please answer and explain.
What are the risks running a version pre 0.1.2.16 or pre .0.2.0.4alpha if a server/client is protected by a physical firewall?

Thanks,
Viking

coderman skrev:

On 8/4/07, vikingserver@xxxxxxxxx <vikingserver@xxxxxxxxx> wrote:

 So in order to get attacked and get the torrc file modified, you first have
to get infected by a worm, virus, malware or trojan horse that communicates
with localhost:9051?

no.

 There is no way that someone could directly attack me through port 9051
behind a physical firewall? Is this correct?


what do you mean directly?  your firewall protects against remote
connections, but direct connections can be made from localhost.

 If this is correct, then the chance of getting attacked behind a physical
firewall is very low, right?


no.

best regards,

Follow-Ups:
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: Roger Dingledine

References:
- critical security vulnaribility fixed in Tor 0.1.2.16
  - From: vikingserver@xxxxxxxxx
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: vikingserver@xxxxxxxxx
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: vikingserver@xxxxxxxxx
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman

Prev by Author: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Next by Author: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Previous by thread: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Next by thread: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Index(es):
- Author
- Thread