[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Building tracking system to nab Tor pedophiles

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Building tracking system to nab Tor pedophiles
From: "Michael_google gmail_Gersten" <keybounce@xxxxxxxxx>
Date: Tue, 6 Mar 2007 21:46:43 -0800
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 07 Mar 2007 00:46:53 -0500
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ET/6GxSzd0tMeCN3I/xwzS9r35oLMHOXf+e+pXVy1XoKVyZp3qwJPesOUHE2TPmzX308FOUEaqGAkn0FOvLgZ9yIEVhq+pv1K5/EJlp5cQtNxHttoVE0nX1rAnZbknZjo+03jM2rQ9jEpxlSLv3/5Q9YSCNfTxrGCfxCQtRdnH4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GQFAdUOKj4VLuodLIpyaeQ7f419spdtSuj0LMdOpc4Mgb5XyJK1sMEu9Ew7LipokcqYcZCGrB2KXV2bP5IXPNup7WD50H0P8V5EX6nIjFL0C8B7DxBBu6sKcM/rrFZHRAqhmSfGkXsjkX36J3C15o2kpcdL4nsIOPAxxKr8+GnE=
In-reply-to: <20070306.212839.5614.2379109@webmail02.lax.untd.com>
References: <20070306.212839.5614.2379109@webmail02.lax.untd.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Well, first, this is just the normal exit node exposure of tor.

The exit node in your circuit gets to see the raw communication
between you and your destination. If you are using an SSL channel
(SSH, https, etc) then nothing is a problem. Otherwise, the exit node
can do things like spy on usernames and passwords, etc.

There are already sites that modify the HTML of web pages going
through them -- I've had scripts munged on some sites, for example --
and this is just another case of that.

Now, I believe tor allows you do exclude nodes from ever being used as
exit nodes.

On 3/6/07, Fergie <fergdawg@xxxxxxxxxxx> wrote:

Hmmm.

 http://blogs.zdnet.com/security/?p=114

Comments?


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

Follow-Ups:
- Privoxy and Java Re: Building tracking system to nab Tor
  - From: Dave Jevans
- Re: Building tracking system to nab Tor pedophiles
  - From: Starshadow

References:
- Building tracking system to nab Tor pedophiles
  - From: Fergie

Prev by Author: Re: Noobie Configuration Questions
Next by Author: How would tor defend from this attack?
Previous by thread: Building tracking system to nab Tor pedophiles
Next by thread: Re: Building tracking system to nab Tor pedophiles
Index(es):
- Author
- Thread