[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Cancelled black hat talk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> On Wed, Jul 30, 2014 at 10:05:20PM +0000, Nusenu wrote:
>> Surprised to see the fix of a bug that was worth a tor security
>> advisory to be in the "Minor bugfixes" section of the changelog.
>
> The security advisory was that somebody had attacked real Tor users
> and perhaps deanonymized some of them, and here's what we know.
>
> The particular traffic confirmation channel they used wasn't a big
> deal. (Or said another way, fixing it doesn't make a big impact on
> whether this sort of attack is possible.)
Thanks for your quick clarification.
If I understand you correctly that means we should assume this type of
attack to be "easy" and this fix merely closes one of many easy ways
to exploit traffic confirmation?
So I guess one of the best bets we have is better response to doctor
reports? (aka better detection)
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJT2Xg6AAoJEDcK3SCCSvoeN2sP/0Mnp1gU8YG5gK2pJSV0EySu
qrO+kxPlbih7lTEr1NjdMrH5QO/ZGKOZfDTAimPpvrRcDddUskcoD/v8wGi5R+K9
FLK2xKgyBbcpTtCuOJvLqVseobOEKoLFKbd/lO0kj81hcO9P92KQ8c9HUkBJYn3f
J6QQrpEj1EVl1XTeToYknZrOyUV8Fc9Z0Ginhc4WAC5r+pWPNHU/i0UZUBraOyQQ
D1a0OSHVnuvC13dJYJtDrczCG3wfWj88vpQ6TXLzjWGRfYL0MBv+nOGLSwiYcr4Z
5faqGwPMYhfr6EEe+kdLNZ2cKte5p6PsKUY2RetTTUSdDQMqMMcPAeZZgNYFzbYa
JWOUkZYQ9SCV6VAaLP8omN2kSdO7wltoTrhWQVU/HkTIoxL8x+1aasjNQMOywHAl
gi/L3sIwsH4q94+bNfTuWcXoiqGTlVyab+/uWfhY4ewEli3lQZk51gGLBle+qigJ
QCVBhIjUxITBEAqdD5hlet9lqg2eAyGhg9Z5CpBHwuLXIQXD7GKiNueikmQdfPZW
BgfZQZJR7cI7zzvHleK1LX+Pqx8zrKQxRs424bgwfQZxlPPrefVOtTFQP7H8kvJ9
OrSdkLdTJpZsWru9fJxujXYbSHfCQeWNsMnDOPNLVl3KZUUGwdNDlAZq4oKxcnGW
aJBpcsDIYHiHfcCh84m4
=ijrM
-----END PGP SIGNATURE-----
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk