[tor-talk] Tor

[coderman]

On 10/20/15, Juan <juan.g71 at gmail.com> wrote:
> ...
> 	BY THE WAY, what kind of retard can take the above
> 	'presentation' seriously ?!

class time for Juan!



> 	"use cookies to identify tor users when they are not using tor"
> 	what !? the cookie monster?

See "Transparent Proxy" mode, un-approved third-party browser
configurations using Tor as SOCKS Proxy without Tor Browser
protections, etc...



> 	"How does tor handle dns requests? Are dns requests goin
> 	through tor? --- current : still investigating".

this is the SOCKS4 vs. SOCKS4a vs. SOCKS5 w/named connect, question.

if you are using a non-standard config leaking DNS, you're also
vulnerable to DNS poisoning for CNE or de-anon.



> 	"what do we know about hidden services? current : no effort by
> 	nsa"
>
> 	Sure. None. Nada. Nothing.

NSA goes where targets are. bet this is no longer true :P



> 	"can we exploit nodes. probably not. legal and technical
> 	challenges".
>
> 	... Well, boys nothing to see here. The government is completly
> 	inept AND, of course, they 'respect the law'. Whatever that is.

relays are the most hardened configuration of Tor. if Tor Browser
attack surface is one end of spectrum of vuln, Tor the implementation
on a dedicated server is quite the opposite.



> 	Somebody was talking about moles?

just diggin' dirt...