[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.



On 2014-06-29 06:22, Roger Dingledine wrote:
On Sat, Jun 28, 2014 at 09:38:05PM +0000, williamwinkle@xxxxxxxxxxxxxxx wrote:
I don't understand what Schneier means by this:

"After identifying an individual Tor user on the internet, the NSA
uses its network of secret internet servers to redirect those users
to another set of secret internet servers, with the codename
FoxAcid, to infect the user's computer."

Right. This is why Bruce's choice of phrase "identifying an individual
Tor user" is a poor one. Probably the better phrase would be "seeing a
flow on the Internet that they decide they'd like to attack".

Jake and I talk about the issue more in our 30c3 talk:
http://media.ccc.de/browse/congress/2013/30C3_-_5423_-_en_-_saal_1_-_201312272030_-_the_tor_network_-_jacob_-_arma.html

Thanks for the video link - most illuminating. I suggest that everyone watches it.

The Freedom Hosting issue was mentioned at 24 minutes in. AIUI, in the Freedom Hosting case, the host owner was arrested in Ireland which allowed the FBI to control the sites that he hosted as they had access to his computer. The FBI used an exploit that fed the IP of vistors to some or all of the FH sites back to the FBI. The exploit was based on a patched Firefox vulnerability and required the client to be using JavaScript. In other words - users that had updated the TBB or those that did not but did not use JS were uncompromised when they visited any of the FH sites.

In other words, the weak link (if there ever is one) is not Tor per se but the Firefox component of the TBB.

Is that correct?
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk