[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
From: Geoff Down <geoffdown@xxxxxxxxxxxx>
Date: Tue, 01 Jul 2014 23:42:57 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Jul 2014 18:57:00 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h= message-id:from:to:mime-version:content-transfer-encoding :content-type:in-reply-to:references:subject:date; s=mesmtp; bh= uOI+AxTBgdP9vnVMS3F9bLFAPGY=; b=GJu44wCnwflMvB9OMmPfrpsYrcHKjNkS ZRNpsSibLbg2DjG99taGbhzBIyk1xdHo3Wig3Loqdw2Dwfyi2Zj0hiCn/TWFh1d7 fDSJ0tsq7mbtt/5sgXZ+NiXWgv40FCAyXFNyruuKqS6Gvr3DVJ2p1vYF3aIp8fh+ x4ll7l6xBsc=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=uOI+AxTBgdP9vnVMS3F9bLFAPGY=; b=bwx rtk8quxOTQwo8Bj7syZJPXwdws8zRw23SApQ7DOxgFTgEroDyS6nyEPCJCJCbEX+ ff35AlDz/wbcQEZUTeApH3CyMwroKBo4zvKrDkkNPPmFW2QXwEULiX4/KilhySzO /2laQa/yezYJJRG8Va5OdyxIOC6h+DpmaYEHPHSY=
In-reply-to: <453fa6292a86de226a955dc5a4255b1a@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1404162914.91055.YahooMailBasic@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1404167595.11621.136296125.460A0113@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <453fa6292a86de226a955dc5a4255b1a@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>


On Tue, Jul 1, 2014, at 10:54 PM, williamwinkle@xxxxxxxxxxxxxxx wrote:
> On 2014-06-30 22:33, Geoff Down wrote:

> >  If the code is injected between the target_website.com and the exit
> >  node, the exit node will relay it faithfully back through the Tor
> >  network to the client.
> > It's all just bytes to Tor.
> > 
> 
> This is presumably dependent on the TBB having a vulnerability.

 Or the user being foolish and opening a downloaded file (they trust the
 site, right?), enabling Flash etc.

> So, even 
> if all users of target_website.com were considered evil and should be 
> targeted, this could only happen if a) there was a 0-day for Firefox on 
> which TBB is based or b) there is a known vulnerability for Firefox but 
> certain users did not bother to update.

for websites, that would seem to be right. But don't forget about
Openssl vulnerabilities (Firefox doesn't use Openssl iirc) or other
software that people use over Tor - it's not all Torbrowser. So reasons
for concern, but not all doom and gloom.
GD

-- 
http://www.fastmail.fm - A fast, anti-spam email service.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
  - From: Zenaan Harkness

References:
- Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
  - From: williamwinkle

Prev by Author: Re: [tor-talk] Fw: confirm [whatever]
Next by Author: Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
Previous by thread: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Next by thread: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Index(es):
- Author
- Thread