[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
On 7/2/14, Geoff Down <geoffdown@xxxxxxxxxxxx> wrote:
> On Tue, Jul 1, 2014, at 10:54 PM, williamwinkle@xxxxxxxxxxxxxxx wrote:
>> On 2014-06-30 22:33, Geoff Down wrote:
>> > If the code is injected between the target_website.com and the exit
>> > node, the exit node will relay it faithfully back through the Tor
>> > network to the client.
>> > It's all just bytes to Tor.
>>
>> This is presumably dependent on the TBB having a vulnerability.
>
> Or the user being foolish and opening a downloaded file (they trust the
> site, right?), enabling Flash etc.
>
>> So, even
>> if all users of target_website.com were considered evil and should be
>> targeted, this could only happen if a) there was a 0-day for Firefox on
>> which TBB is based or b) there is a known vulnerability for Firefox but
>> certain users did not bother to update.
>
> for websites, that would seem to be right. But don't forget about
> Openssl vulnerabilities (Firefox doesn't use Openssl iirc) or other
> software that people use over Tor - it's not all Torbrowser. So reasons
> for concern, but not all doom and gloom.
> GD
More and more reasons to run TBB or Tor in a sandbox (Whonix or Tails).
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk