https://edwardsnowden.com/wp-content/uploads/2013/10/tor-stinks-presentation...
BY THE WAY, what kind of retard can take the above 'presentation' seriously ?! "use cookies to identify tor users when they are not using tor" what !? the cookie monster? "How does tor handle dns requests? Are dns requests goin through tor? --- current : still investigating". So, that's allegedly a 'top secret' nsa document dated june 2012 showing that the top master hackers don't even know the basics of the protocol? Please. "what do we know about hidden services? current : no effort by nsa" Sure. None. Nada. Nothing. "can we exploit nodes. probably not. legal and technical challenges". ... Well, boys nothing to see here. The government is completly inept AND, of course, they 'respect the law'. Whatever that is. Somebody was talking about moles?
On 10/20/15, Juan <juan.g71@gmail.com> wrote:
... BY THE WAY, what kind of retard can take the above 'presentation' seriously ?!
class time for Juan!
"use cookies to identify tor users when they are not using tor" what !? the cookie monster?
See "Transparent Proxy" mode, un-approved third-party browser configurations using Tor as SOCKS Proxy without Tor Browser protections, etc...
"How does tor handle dns requests? Are dns requests goin through tor? --- current : still investigating".
this is the SOCKS4 vs. SOCKS4a vs. SOCKS5 w/named connect, question. if you are using a non-standard config leaking DNS, you're also vulnerable to DNS poisoning for CNE or de-anon.
"what do we know about hidden services? current : no effort by nsa"
Sure. None. Nada. Nothing.
NSA goes where targets are. bet this is no longer true :P
"can we exploit nodes. probably not. legal and technical challenges".
... Well, boys nothing to see here. The government is completly inept AND, of course, they 'respect the law'. Whatever that is.
relays are the most hardened configuration of Tor. if Tor Browser attack surface is one end of spectrum of vuln, Tor the implementation on a dedicated server is quite the opposite.
Somebody was talking about moles?
just diggin' dirt...
On Tue, 20 Oct 2015 01:58:18 -0700 coderman <coderman@gmail.com> wrote:
On 10/20/15, Juan <juan.g71@gmail.com> wrote:
... BY THE WAY, what kind of retard can take the above 'presentation' seriously ?!
class time for Juan!
Yes. And I'm doing the teaching.
"use cookies to identify tor users when they are not using tor" what !? the cookie monster?
See "Transparent Proxy" mode, un-approved third-party browser configurations using Tor as SOCKS Proxy without Tor Browser protections, etc...
I know. But that's not how the majority of people use tor. So your remark is pretty much irrelevant. Were you trying to teach me something?
"How does tor handle dns requests? Are dns requests goin through tor? --- current : still investigating".
this is the SOCKS4 vs. SOCKS4a vs. SOCKS5 w/named connect, question.
if you are using a non-standard config leaking DNS, you're also vulnerable to DNS poisoning for CNE or de-anon.
Same as above. Your comment is irrelevant and looks like an attempt at obfuscation. So, let me reiterate : whoever wrote that is candidly admitting that he doesn't know what he's talking about. Which doesn't makes sense considering the alleged nature and source of the document.
"what do we know about hidden services? current : no effort by nsa"
Sure. None. Nada. Nothing.
NSA goes where targets are. bet this is no longer true :P
bla bla bla . Oh and it wasn't true in 2012 either.
"can we exploit nodes. probably not. legal and technical challenges".
... Well, boys nothing to see here. The government is completly inept AND, of course, they 'respect the law'. Whatever that is.
relays are the most hardened configuration of Tor. if Tor Browser attack surface is one end of spectrum of vuln, Tor the implementation on a dedicated server is quite the opposite.
So? There are only a handful of relays as opposed to clients so the payoff for attacking them is way bigger. Regardless, your comment is, again, pretty much meaningless. The point is that the claims that they can't exploit relays because of technical and LEGAL reasons is pure undilluted bullshit.
Somebody was talking about moles?
just diggin' dirt...
On 10/20/15, Juan <juan.g71@gmail.com> wrote:
... Yes. And I'm doing the teaching.
citation needed!
I know. But that's not how the majority of people use tor. So your remark is pretty much irrelevant.
if only one target uses an insecure configuration, it is still potentially useful, especially given the ease of proxy bypass techniques. and for watering hole attacks, anything larger than zero hits is a win :) clearly relevant.
Same as above. Your comment is irrelevant and looks like an attempt at obfuscation.
not obfuscation; recognition of the defender's disadvantage. as attacker (NSA) any vulnerability is relevant and potentially actionable.
So, let me reiterate : whoever wrote that is candidly admitting that he doesn't know what he's talking about. Which doesn't makes sense considering the alleged nature and source of the document.
it does; competence is not universally high and evenly distributed in intelligence organizations. the most technically accurate and detailed and informed information is also the most sensitive, sadly. thus until ECI compartments get spilled moving beyond the executive summary level presentations difficult.
So? There are only a handful of relays as opposed to clients so the payoff for attacking them is way bigger.
there are techniques for finding bugs in rich attack surface like the whole of Tor Browser, Tor, Tor Launcher, OS integration of same which can grant exploit developers a reasonable confidence of finding exploitable holes. in a minimal, hardened Tor relay configuration these same techniques may never find an exploitable vulnerability. it is another order of magnitude harder, and exploits here require leveling with novel attacks or techniques, typically.
Regardless, your comment is, again, pretty much meaningless. The point is that the claims that they can't exploit relays because of technical and LEGAL reasons is pure undilluted bullshit.
exploiting foreign servers? sure; but highly sensitive. e.g. TAO CNE. legal hacks of domestic servers - FISA court would have to approve? both of these are legitimate restraints, though we may argue about their effectiveness. over to Juan for retort, preferably with more substance to justify opinions this time :)
On Tue, 20 Oct 2015 12:50:28 -0700 coderman <coderman@gmail.com> wrote:
On 10/20/15, Juan <juan.g71@gmail.com> wrote:
... Yes. And I'm doing the teaching.
citation needed!
It's obvious from looking at the whole conversation.
I know. But that's not how the majority of people use tor. So your remark is pretty much irrelevant.
if only one target uses an insecure configuration, it is still potentially useful, especially given the ease of proxy bypass techniques.
and for watering hole attacks, anything larger than zero hits is a win :)
clearly relevant.
Clearly irrelevant. And your irrelevant comments don't change the nature of the slides.
Same as above. Your comment is irrelevant and looks like an attempt at obfuscation.
not obfuscation; recognition of the defender's disadvantage.
as attacker (NSA) any vulnerability is relevant and potentially actionable.
1 + 1 = 2 the sky is blue (depending on time and other conditions) cows give milk any more irrelevant bullshit you'd like to state?
So, let me reiterate : whoever wrote that is candidly admitting that he doesn't know what he's talking about. Which doesn't makes sense considering the alleged nature and source of the document.
it does; competence is not universally high and evenly distributed in intelligence organizations.
It doesn't makes sense. Only retards can believe that such a bunch of 'slides' really reflects what the nsa and co. know about tor. More than likely those slides were made as some kind of exercise by some of the lowest ranking gov't parasite. The slides are nothing but a useless draft. Did I mention codermand dear that the author doesn't even know how tor dns resolution works? 'currently' he was 'still investigating'...
the most technically accurate and detailed and informed information is also the most sensitive, sadly. thus until ECI compartments get spilled moving beyond the executive summary level presentations difficult.
So, can I translate your usual twisted language into "OK I finally admit the slides are bullshit" ?
So? There are only a handful of relays as opposed to clients so the payoff for attacking them is way bigger.
there are techniques for finding bugs in rich attack surface like the whole of Tor Browser, Tor, Tor Launcher, OS integration of same which can grant exploit developers a reasonable confidence of finding exploitable holes.
in a minimal, hardened Tor relay configuration these same techniques may never find an exploitable vulnerability. it is another order of magnitude harder, and exploits here require leveling with novel attacks or techniques, typically.
bla bla bla yes, it's another order of magnitude and so is the magnitude of the payoff. I can keep repeating any point you ignore. But did I mention that technical details are not really the point anyway?
Regardless, your comment is, again, pretty much meaningless. The point is that the claims that they can't exploit relays because of technical and LEGAL reasons is pure undilluted bullshit.
exploiting foreign servers? sure; but highly sensitive. e.g. TAO CNE.
legal hacks of domestic servers - FISA court would have to approve?
lol - and now you admit you are just trolling
both of these are legitimate restraints, though we may argue about their effectiveness.
over to Juan for retort, preferably with more substance to justify opinions this time :)
"FISA court would have to approve?"
On 10/20/2015 12:50 PM, coderman wrote:
e.g. TAO CNE.
legal hacks of domestic servers - FISA court would have to approve? both of these are legitimate restraints, though we may argue about their effectiveness.
ROTF! "Legitimate Restraints" and "FISA court" in the same sentence! Were you able to keep a straight face as you typed that? Just Sayin' Sincerely, The Peanut Gallery
participants (3)
-
coderman -
Juan -
The Peanut Gallery