[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."



On 9/10/07, Gabriel Rocha <gabe@xxxxxxxx> wrote:
> ...
> This argument is flawed insofar as when you are using Tor, it is in
> effect one of your ISPs. The correct comparison here would be that, just
> like your ISP can implement man in the middle attacks against you, so
> too, can a Tor operator.

fair enough; i'll suggest that the vast majority of ISP's don't have
the equipment or skill to implement these kinds of MITM attacks.  (can
you imagine trying to play eve against arbitrary customer traffic on
an OC12+ link?  that cisco switch isn't going to cut it...)

they are out to make a profit, and spending non-trivial amounts of
money for something that can only negatively impact the customer
experience is a total loss.  (note that even CALEA had to sweeten the
deal for carriers just for passive eavesdropping capability which is
trivial compared to complex layer MITM attacks)

i'd love to know more about any such ISP implemented MITM
"investigative techniques" that may have been used; i've never heard
of such, but perhaps they are simply uncommon and rarely publicized.

best regards,