[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
From: Aymeric Vitte <vitteaymeric@xxxxxxxxx>
Date: Fri, 15 Aug 2014 00:48:08 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 14 Aug 2014 18:48:17 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=ZZ2g+LQrF/DEbefCvXh/QGSyoOI1antgoVyalY3iRF8=; b=RP3hQRx4qEGu8fxPdqw4reBSLnQ+s0kTgtxY6lluIpnsgRkVaBdqcg/pWb+a4j4nkb zTcUutS0EHxNVb9qIQF/ZSxIrI9nrk73vAjpfFdgOyq+tlRmBbwck8Mad3oabo7TomUV 8orrWz5hkqFV+T9OFioOHY3WmlYBjc8AFoBooHIlMMmqtxeIO69NYRu0LjoFb0ZkBGlm Pq6ANCuRQUWhUjMBTUx/jb8lt7ljxNQvyjYW4TrqlfVIrygAs2S/x9apkug+QyuOgxq9 VUdxoXd1EE0wlGQV1jZI90xozC8K4bM9YuwcVVZjHAPquDR8Q5n8prWta5HNQT4Lbz2R jytQ==
In-reply-to: <CAKkunMYRO-R_bs3MtOydCkZ9dJ0SmgSMT8-xVt-wCeuu22oniQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@xxxxxxxxxxxxxxx> <CAKkunMats8JoVc8wqYrMtWE4f0gTA7RVVWirhuJz6t9sA5dDQQ@xxxxxxxxxxxxxx> <53EBDEF5.7040804@xxxxxxxxx> <CAKkunMYRO-R_bs3MtOydCkZ9dJ0SmgSMT8-xVt-wCeuu22oniQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

I am "defensive" because you seem to make a general case of somethingthat can only happen in case of browser's/OS bug, and conveying to Torusers that they should not use js is a non sense, you make believe themthat intrinsically js can easily leak their ip and/or mac addresses,which is wrong, this can happen under extraordinary circumstances thathave nothing to do with js, here a windows/ff bug, which could have beena css attack or whatever.


Regards,

Le 14/08/2014 11:06, Anders Andersson a écrit :

On Wed, Aug 13, 2014 at 11:56 PM, Aymeric Vitte <vitteaymeric@xxxxxxxxx> wrote:

   As
someone who argues against using javascript in any context, I can only
say "told you so", but that doesn't really help anyone. :)

No and you are wrong

 From https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
"An attack that exploits a Firefox vulnerability in JavaScript has
been observed in the wild."
People who didn't allow javascript were safe.

Because they managed to get in to the client browser, they could learn
the real IP address and MAC address

and the color of your shirt

Why are you so defensive? Is it your code they broke? They could learn
the color of my shirt if the browser user has access to a webcam,
which is not uncommon. This is however highly irrelevant.

, they didn't learn this through
Tor.

Are you serious in your answer?

Very much so. If you don't believe me, then maybe you'll believe these sources:

https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
https://www.mozilla.org/security/announce/2013/mfsa2013-53.html

Nothing was exploited through Tor. In fact, they couldn't find out who
was using the server *because* people used Tor. So they had to resort
to javascript exploits.


--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Mirimir

References:
- [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: blobby
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Anders Andersson
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Aymeric Vitte
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Anders Andersson

Prev by Author: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Next by Author: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Previous by thread: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Next by thread: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Index(es):
- Author
- Thread