[tor-talk] Tor

coderman coderman at gmail.com
Tue Oct 20 12:50:28 PDT 2015


On 10/20/15, Juan <juan.g71 at gmail.com> wrote:
> ...
> 	Yes. And I'm doing the teaching.

citation needed!



> 	I know. But that's not how the majority of people use tor. So
> 	your remark is pretty much irrelevant.

if only one target uses an insecure configuration, it is still
potentially useful, especially given the ease of proxy bypass
techniques.

and for watering hole attacks, anything larger than zero hits is a win :)

clearly relevant.



> 	Same as above. Your comment is irrelevant and looks like an
> 	attempt at obfuscation.

not obfuscation; recognition of the defender's disadvantage.

as attacker (NSA) any vulnerability is relevant and potentially actionable.



> 	So, let me reiterate : whoever wrote that is candidly admitting
> 	that he doesn't know what he's talking about. Which doesn't
> 	makes sense considering the alleged nature and source of the
> 	document.

it does; competence is not universally high and evenly distributed in
intelligence organizations.

the most technically accurate and detailed and informed information is
also the most sensitive, sadly. thus until ECI compartments get
spilled moving beyond the executive summary level presentations
difficult.



> 	So? There are only a handful of relays as opposed to clients
> 	so the payoff for attacking them is way bigger.

there are techniques for finding bugs in rich attack surface like the
whole of Tor Browser, Tor, Tor Launcher, OS integration of same which
can grant exploit developers a reasonable confidence of finding
exploitable holes.

in a minimal, hardened Tor relay configuration these same techniques
may never find an exploitable vulnerability. it is another order of
magnitude harder, and exploits here require leveling with novel
attacks or techniques, typically.



> 	Regardless, your comment is, again, pretty much meaningless. The
> 	point is that the claims that they can't exploit relays because
> 	of technical and LEGAL reasons is pure undilluted bullshit.

exploiting foreign servers? sure; but highly sensitive. e.g. TAO CNE.

legal hacks of domestic servers - FISA court would have to approve?

both of these are legitimate restraints, though we may argue about
their effectiveness.


over to Juan for retort,
 preferably with more substance to justify opinions this time :)



More information about the cypherpunks mailing list