[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
From: williamwinkle@xxxxxxxxxxxxxxx
Date: Tue, 01 Jul 2014 21:54:01 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Jul 2014 18:12:19 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org; h=user-agent:message-id:references:in-reply-to:subject:subject :from:from:date:date:content-transfer-encoding:content-type :content-type:mime-version:received:received; s=openmailbox; t= 1404251641; bh=oreqpeOYi2Loxct99u8aGWHIvI1OagaOOLfN0ZTH5Ds=; b=t ilPOlMBhDanaUnHQb8xGP9nhOfEilCq77kyYrijyuZXu6zFQVLm1nVjNDBglB0JC QunlftH2E9w/NdxuJTqRsE21E3kfzfHeSKpnZRfAvxyKMqlJR4flVzt6Bi0S6Erb hcRatWQNnYGYty4OF3gZDRAIhYIWzSD3SqLZ9C64yc=
In-reply-to: <1404167595.11621.136296125.460A0113@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1404162914.91055.YahooMailBasic@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1404167595.11621.136296125.460A0113@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.0.1

On 2014-06-30 22:33, Geoff Down wrote:

On Mon, Jun 30, 2014, at 10:15 PM, Bobby Brewster wrote:

But how can the person's computer be identified since all that is seenis
the connection between the exit node and the destination
target_website.com

The point, surely, is that real time code injection should not be
possible since no-one can trace the connection from the exit node backto
the user.


 If the code is injected between the target_website.com and the exit
 node, the exit node will relay it faithfully back through the Tor
 network to the client.
It's all just bytes to Tor.

This is presumably dependent on the TBB having a vulnerability. So, evenif all users of target_website.com were considered evil and should betargeted, this could only happen if a) there was a 0-day for Firefox onwhich TBB is based or b) there is a known vulnerability for Firefox butcertain users did not bother to update.

The injected code would only be able to discern the client's real IP ifthe malware was successfully deployed and that would require the TBB tobe compromised.


Right?

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
  - From: Geoff Down

Prev by Author: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Next by Author: [tor-talk] How to identify owners of .onion services?
Previous by thread: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Next by thread: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Index(es):
- Author
- Thread