[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."

Think on the EFF ./. AT&T/NSA issue,

after google'ing i found a firm in cologne/germany who presents NARUS
products like cool-nice-to-have cars:

"...Diese Lösung analysiert große Datenmengen bei hohen
Übertragungsgeschwindigkeiten bis zu OC192 in Echtzeit und schafft so
mehr Transparenz..."


(Translation: "...This solution analyses large data/traffic amounts at
high speed rates up to OC192 in realtime and puts more transparency...")


I really do not know, if it can do MITM stuff and if my ISP has such a
box already...

And what is meant by "...Business Intelligence..." on that page?


Am Montag, den 10.09.2007, 11:26 -0700 schrieb coderman:
> On 9/10/07, Gabriel Rocha <gabe@xxxxxxxx> wrote:
> > ...
> > This argument is flawed insofar as when you are using Tor, it is in
> > effect one of your ISPs. The correct comparison here would be that, just
> > like your ISP can implement man in the middle attacks against you, so
> > too, can a Tor operator.
> fair enough; i'll suggest that the vast majority of ISP's don't have
> the equipment or skill to implement these kinds of MITM attacks.  (can
> you imagine trying to play eve against arbitrary customer traffic on
> an OC12+ link?  that cisco switch isn't going to cut it...)
> they are out to make a profit, and spending non-trivial amounts of
> money for something that can only negatively impact the customer
> experience is a total loss.  (note that even CALEA had to sweeten the
> deal for carriers just for passive eavesdropping capability which is
> trivial compared to complex layer MITM attacks)
> i'd love to know more about any such ISP implemented MITM
> "investigative techniques" that may have been used; i've never heard
> of such, but perhaps they are simply uncommon and rarely publicized.
> best regards,
BlueStar88 <BlueStar88@xxxxxxxxxxx>

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil