On Tue, 20 Oct 2015 12:50:28 -0700 coderman <coderman@gmail.com> wrote:
On 10/20/15, Juan <juan.g71@gmail.com> wrote:
... Yes. And I'm doing the teaching.
citation needed!
It's obvious from looking at the whole conversation.
I know. But that's not how the majority of people use tor. So your remark is pretty much irrelevant.
if only one target uses an insecure configuration, it is still potentially useful, especially given the ease of proxy bypass techniques.
and for watering hole attacks, anything larger than zero hits is a win :)
clearly relevant.
Clearly irrelevant. And your irrelevant comments don't change the nature of the slides.
Same as above. Your comment is irrelevant and looks like an attempt at obfuscation.
not obfuscation; recognition of the defender's disadvantage.
as attacker (NSA) any vulnerability is relevant and potentially actionable.
1 + 1 = 2 the sky is blue (depending on time and other conditions) cows give milk any more irrelevant bullshit you'd like to state?
So, let me reiterate : whoever wrote that is candidly admitting that he doesn't know what he's talking about. Which doesn't makes sense considering the alleged nature and source of the document.
it does; competence is not universally high and evenly distributed in intelligence organizations.
It doesn't makes sense. Only retards can believe that such a bunch of 'slides' really reflects what the nsa and co. know about tor. More than likely those slides were made as some kind of exercise by some of the lowest ranking gov't parasite. The slides are nothing but a useless draft. Did I mention codermand dear that the author doesn't even know how tor dns resolution works? 'currently' he was 'still investigating'...
the most technically accurate and detailed and informed information is also the most sensitive, sadly. thus until ECI compartments get spilled moving beyond the executive summary level presentations difficult.
So, can I translate your usual twisted language into "OK I finally admit the slides are bullshit" ?
So? There are only a handful of relays as opposed to clients so the payoff for attacking them is way bigger.
there are techniques for finding bugs in rich attack surface like the whole of Tor Browser, Tor, Tor Launcher, OS integration of same which can grant exploit developers a reasonable confidence of finding exploitable holes.
in a minimal, hardened Tor relay configuration these same techniques may never find an exploitable vulnerability. it is another order of magnitude harder, and exploits here require leveling with novel attacks or techniques, typically.
bla bla bla yes, it's another order of magnitude and so is the magnitude of the payoff. I can keep repeating any point you ignore. But did I mention that technical details are not really the point anyway?
Regardless, your comment is, again, pretty much meaningless. The point is that the claims that they can't exploit relays because of technical and LEGAL reasons is pure undilluted bullshit.
exploiting foreign servers? sure; but highly sensitive. e.g. TAO CNE.
legal hacks of domestic servers - FISA court would have to approve?
lol - and now you admit you are just trolling
both of these are legitimate restraints, though we may argue about their effectiveness.
over to Juan for retort, preferably with more substance to justify opinions this time :)
"FISA court would have to approve?"