On 10/20/15, Juan <juan.g71@gmail.com> wrote:
... BY THE WAY, what kind of retard can take the above 'presentation' seriously ?!
class time for Juan!
"use cookies to identify tor users when they are not using tor" what !? the cookie monster?
See "Transparent Proxy" mode, un-approved third-party browser configurations using Tor as SOCKS Proxy without Tor Browser protections, etc...
"How does tor handle dns requests? Are dns requests goin through tor? --- current : still investigating".
this is the SOCKS4 vs. SOCKS4a vs. SOCKS5 w/named connect, question. if you are using a non-standard config leaking DNS, you're also vulnerable to DNS poisoning for CNE or de-anon.
"what do we know about hidden services? current : no effort by nsa"
Sure. None. Nada. Nothing.
NSA goes where targets are. bet this is no longer true :P
"can we exploit nodes. probably not. legal and technical challenges".
... Well, boys nothing to see here. The government is completly inept AND, of course, they 'respect the law'. Whatever that is.
relays are the most hardened configuration of Tor. if Tor Browser attack surface is one end of spectrum of vuln, Tor the implementation on a dedicated server is quite the opposite.
Somebody was talking about moles?
just diggin' dirt...