[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor spying

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Tor spying
From: Indie Intel <d577ac28@xxxxxxxxx>
Date: Wed, 7 Sep 2011 19:21:21 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 07 Sep 2011 22:21:43 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1315448481; bh=ZHnxkgo+JBwP/JJFm6eHAWHqTnLqxYQ/ymFunEd0Yew=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=KsiZbJRVlvaY4KXOoZFGQUFzHsd5V/3hhk4kI4CUxzvD4dRbXULXsDwE9A82gMAXa0OQ20fWhaQFEVqxTYVnHhJuKa6/oYmpqVdU1EXSicfpiHwF0WH2n2IGbv2XOL38Cs+XuGy5SpVrsywqRZgZ5zXZgD3TdXWTprc5nEES8/E=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=GBNqU4THy0A/zPNRGgE/Q6NrLuePEkZeCuqVQjhaspWVtbLLya9mWE50IxYbno7BUAU3ch5j/xGNuP3EVAuRrlZMq2lQCgGz7l9FALUuV/mJaYO448ekeXI6zX31cKABaJtCr9BwyBKtw09ttGT1IzN2/STmJLC6oBy1M13x6qQ=;
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Hello tor-talk mailing list,

Today I was reading Dan Kaminsky's blog and I noticed a mention of Tor:

``Moxie Marlinspike, probably the smartest guy in the world right now on SSL issues, did a study a few years ago on how many Tor users â not even regular users, but Tor users, clearly concerned about their privacy and possessed with some advanced level of expertise -- would notice SSL being disabled and refuse to browse their desired content.

Moxie didnât find a single user who resisted disabled security. His tool, sslsniff, worked against 100% of the sample set.''

http://dankaminsky.com/2011/08/31/notnotar/

I did a Google search and found two articles mentioning this:

http://www.forbes.com/2009/02/18/black-hat-hackers-technology-security_0218_blackhat.html
http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/page2.html

Apparently people are spying on Tor users by setting up their own exit nodes and sniffing traffic?!

This Moxie Marlinspike is even a well-respected researcher, apparently. He gives talks at Blackhat to government hacker wannabes. But stealing email passwords and credit card information? How is this legal in the US?

The more I research this, the more it seems this sort of ``research'' is more common than not. Wikileaks, Jacob Appelbaum, Adrian Lamo, Moxie Marlinspike... who else? Iran?!

The Tor Project needs to shed some light on this or it will have a serious problem with people wanting to use Tor at all...

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor spying
  - From: Andrew Lewman
- Re: [tor-talk] Tor spying
  - From: Gregory Maxwell
- Re: [tor-talk] Tor spying
  - From: Jacob Appelbaum
- Re: [tor-talk] Tor spying
  - From: Julian Yon
- Re: [tor-talk] Tor spying
  - From: Marsh Ray
- Re: [tor-talk] Tor spying
  - From: Roger Dingledine

Prev by Author: [tor-talk] What is a guard node?
Next by Author: [tor-talk] Dutch CA actually issued a lot more than *.torproject.org
Previous by thread: Re: [tor-talk] Where are the older Tor bundles?
Next by thread: Re: [tor-talk] Tor spying
Index(es):
- Author
- Thread