[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cancelled black hat talk



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> Journalists are asking us about the Black Hat talk on attacking
> Tor that got cancelled. We're still working with CERT to do a
> coordinated disclosure of the details (hopefully this week), but I
> figured I should share a few details with you earlier than that.

Thanks for coming forward - very much appreciated.

> 1) We did not ask Black Hat or CERT to cancel the talk. We did (and
> still do) have questions for the presenter and for CERT about some
> aspects of the research

Does that imply that the exploited "weakness" is not yet fully
understood by you (core developers)? (which also would imply that
there is no "fix" yet)

(To some extend this contradicts the anticipated coordinated disclosure?)


> 2) In response to our questions, we were informally shown some 
> materials. We never received slides or any description of what
> would be presented in the talk itself beyond what was available on
> the Black Hat Webpage.

Also this point suggests that the "attack" has not been understood yet(?).


Also (if you can anticipate that ahead of the coordinated disclosures):

Should relay ops get ready to deploy a critical patch?
Should users get ready to update their Tor Browser Bundles soon?
Will there be a "fix" at all?



-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTzY6mAAoJEDcK3SCCSvoe5VEQALN9RuaxaKrfcZXIlKsYboOp
uhlkqQ0iypnr/diX8+5QZMuL0VsTX5e5MdC86UIC0hVTbxlBbdmRDGXoW3/Vfur4
lLAWYrO33JaP7orHd9HuugfH0kCSnhpoPj1tKYaHfgPBDfg+pHMjA7nuQTVikfkR
pkuWhfn0lIQsoX0XRGngAKZoKsmGqZeXX0CgaGdOGsfjVoMAbEh0PmVVtFwQlaeL
q63qFnVufSCjb9baP9QBqzgbYnV7WM5PzGegNA0/ZC9oqDCWXedxTq+1r2C5QMuz
yBBoRLrdznAnjoQIBziXk/EbP2D162Rmz3a8lLQdlX36fqOkHMh8KTk0tpnb6JlM
+VTV2Ak/M+hw//mzHkYg+NMvFJ6jzI/1icgHcjcThwzv8uKDzISouyTmcIz3cXSb
+okY7B7w++Ib37680lgKFH/QIBvjEZ1JoY+GgoeauE9jG2FCxnsVY+l7+YLzYWTe
kHMg9CzFKB/B1jUfpZybuSn6++O17AzoCh7yeneyqoAoGpO4/WY2sEsjFpo+Nzu8
SyGmagDvzCJuA47MdHQpnnClK6AOdrpYCZsKhzHvR04+PhKscHMBDdD0NMuWPLne
JlPLlGF2q6FheKUBZkcappKThC1qt0OYtpBH9R5fjIV2UGO2UuL3/kyZ/RF3Gw7p
jpBcarCPmB5/4DFrx2cq
=W9i7
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk