IBM says Block Tor

odinn odinn.cyberguerrilla at riseup.net
Wed Aug 26 22:48:01 PDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can understand a cautionary approach to Tor at a time when attacks
are evident - see some of my past humming and hawing about this sort
of subject (where I am posting as ABISprotocol) in an OB thread here:
https://github.com/OpenBazaar/OpenBazaar/issues/866
But in the end despite the (vulnerabilities relating to Tor / I2P use)
at that time I didn't conclude people should stop using it, just that
they should be careful about it and be aware of the limitations of the
software.

This particular e-mail ('IBM Advises Businesses To Block Tor') caught
my eye and seemed rather odd, because in the not-so-distant past, IBM
and Microsoft were actually studying (and even promoting) certain
types of anonymity solutions. To wit:

Direct Anonymous Attestation
http://www.zurich.ibm.com/security/daa/
"As...profiling is privacy invasive, we have proposed a way to use
direct anonymous attestation such that the detection of rogue TPMs and
actually granting/requesting the access are performed in two different
unlinkable transactions..."
(Gee, IBM, isn't that, like, the evil anonymity stuff?)

Idemix / Identity Mixer
http://www.zurich.ibm.com/idemix/

These above two links were mentioned / highlighted last year by
Microsoft staff at the W3C 'Web Cryptography Next Steps' event which I
attended and had a position paper accepted at:
http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/report.html

While I've never trusted Microsoft Windows (much) - having left that
platform long ago for the comfort of Linux - it does seem rather odd
that they would state (as they did in their recent article) that
"Corporate networks really have little choice but to block
communications to these stealthy networks."  You have to wonder who is
the desperate fail person who authored that conclusion to their recent
article.*

- - O

*Reference:
http://public.dhe.ibm.com/common/ssi/ecm/wg/en/wgl03086usen/WGL03086USEN
.PDF

On 08/26/2015 03:51 PM, grarpamp wrote:
> http://public.dhe.ibm.com/common/ssi/ecm/wg/en/wgl03086usen/WGL03086US
EN.PDF
>
>  IBM Advises Businesses To Block Tor
> 
> With Tor-based attacks on the rise, IBM says it's time to stop Tor
> in the enterprise.
> 
> New data from IBM's X-Force research team shows steady increase in
> SQL injection and distributed denial-of-service attacks as well as 
> vulnerability reconnaissance activity via the Tor anonymizing
> service.
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJV3qSRAAoJEGxwq/inSG8CzdwH/2LUl88VDcE7D6zOLwO6h4+1
4LKkIeRTrM2uOdXgmcrEAbixPbvRcdI3Tz3g2tARIPJcGwY4M8diRFH0Xekq8dE9
E5qmMN7QIOgCH0RdCEmGYUaX3oA2RJfaq3G8WN+8lOP1dpywCjKKUM57PCJ4GZqq
PCsrlVO8AY2+QrxdCLbokAypPAPlBONcVXsOh4kdM1KwPW1DefR+MuZcUfLcTkFs
SScIqQ6u7L3XDAXl4WRGrRvheKpNU59tmHfYRGAhA7aWFT//PImuXUmatXIbEZIi
n6H8WkGqUXkT1d0yZYrDNIQALxgrqizSNDhD7g7CPdsdaX/AdYkLQXUU/3+prb8=
=0R6t
-----END PGP SIGNATURE-----



More information about the cypherpunks mailing list