[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
On Tue, Jul 1, 2014, at 10:54 PM, williamwinkle@xxxxxxxxxxxxxxx wrote:
> On 2014-06-30 22:33, Geoff Down wrote:
> > If the code is injected between the target_website.com and the exit
> > node, the exit node will relay it faithfully back through the Tor
> > network to the client.
> > It's all just bytes to Tor.
> >
>
> This is presumably dependent on the TBB having a vulnerability.
Or the user being foolish and opening a downloaded file (they trust the
site, right?), enabling Flash etc.
> So, even
> if all users of target_website.com were considered evil and should be
> targeted, this could only happen if a) there was a 0-day for Firefox on
> which TBB is based or b) there is a known vulnerability for Firefox but
> certain users did not bother to update.
for websites, that would seem to be right. But don't forget about
Openssl vulnerabilities (Firefox doesn't use Openssl iirc) or other
software that people use over Tor - it's not all Torbrowser. So reasons
for concern, but not all doom and gloom.
GD
--
http://www.fastmail.fm - A fast, anti-spam email service.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk