[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Recommendation for DUMB COMPUTING devices for Tor Relays



> In the age of FBI mass hacking, the FBI will attempt to hack all Tor
> relays, and thus, they can trace traffic throughout the entire proxy chain.

You don't think that would be risky for the FBI in terms of being exposed
by security researchers who catch them?
And by proxy chain you mean tor circuit?

> According to NSA documents, all it takes is "one page load" to infect a
> browser, because they re-direct you to a fake website that hosts browser

what do you mean by fake website? Perhaps what you mean is:

If HTTP is used then TCP injection can be used by an attacker to inject content into a server's reply.
That reply could then tell the client's browser to fetch another URL.
That URL could be served from a hacked machine over HTTPS/TLS and only served once.
The content that is served is a browser zero-day. Pwn the client.

> exploits, known as QUANTUM INSERT. The FBI will use this to take over all
> Tor relays that are running web browsers.

Oooh NSA code-words! Heard of my "quantum insert" detector?
Passively sniff traffic on your Tor exit node and find quantum inserts?

https://github.com/david415/HoneyBadger

Are you suggesting that the FBI doesn't have any risk assessment procedure when
deciding to break the law and illegally compromise network infrastructure?

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays