[tor-talk] Tor

Juan juan.g71 at gmail.com
Tue Oct 20 13:42:10 PDT 2015 

On Tue, 20 Oct 2015 12:50:28 -0700
coderman <coderman at gmail.com> wrote:

> On 10/20/15, Juan <juan.g71 at gmail.com> wrote:
> > ...
> > 	Yes. And I'm doing the teaching.
> 
> citation needed!


	It's obvious from looking at the whole conversation. 



> 
> 
> 
> > 	I know. But that's not how the majority of people use tor.
> > So your remark is pretty much irrelevant.
> 
> if only one target uses an insecure configuration, it is still
> potentially useful, especially given the ease of proxy bypass
> techniques.
> 
> and for watering hole attacks, anything larger than zero hits is a
> win :)
> 
> clearly relevant.


	Clearly irrelevant. And your irrelevant comments don't change
	the nature of the slides. 

	
> 
> 
> 
> > 	Same as above. Your comment is irrelevant and looks like an
> > 	attempt at obfuscation.
> 
> not obfuscation; recognition of the defender's disadvantage.
> 
> as attacker (NSA) any vulnerability is relevant and potentially
> actionable.

	
	 1 + 1 = 2

	the sky is blue (depending on time and other conditions)

	cows give milk
	
	any more irrelevant bullshit you'd like to state? 


 
> 
> 
> > 	So, let me reiterate : whoever wrote that is candidly
> > admitting that he doesn't know what he's talking about. Which
> > doesn't makes sense considering the alleged nature and source of the
> > 	document.
> 
> it does; competence is not universally high and evenly distributed in
> intelligence organizations.


	It doesn't makes sense. Only retards can believe that such a
	bunch of 'slides' really reflects what the nsa and co. know
	about tor. 

	More than likely those slides were made as some kind of exercise
	by some of the lowest ranking gov't parasite. The slides are
	nothing but a useless draft.

	Did I mention codermand dear that the author doesn't even know
	how tor dns resolution works? 'currently' he was
	'still investigating'...


> 
> the most technically accurate and detailed and informed information is
> also the most sensitive, sadly. thus until ECI compartments get
> spilled moving beyond the executive summary level presentations
> difficult.


	So, can I translate your usual twisted language into "OK I
	finally admit the slides are bullshit" ? 


> 
> 
> 
> > 	So? There are only a handful of relays as opposed to clients
> > 	so the payoff for attacking them is way bigger.
> 
> there are techniques for finding bugs in rich attack surface like the
> whole of Tor Browser, Tor, Tor Launcher, OS integration of same which
> can grant exploit developers a reasonable confidence of finding
> exploitable holes.
> 
> in a minimal, hardened Tor relay configuration these same techniques
> may never find an exploitable vulnerability. it is another order of
> magnitude harder, and exploits here require leveling with novel
> attacks or techniques, typically.


	bla bla bla 

	yes, it's another order of magnitude and so is the magnitude of
	the payoff. I can keep repeating any point you ignore.

	But did I mention that technical details are not really the
	point anyway? 


 
> 
> > 	Regardless, your comment is, again, pretty much
> > meaningless. The point is that the claims that they can't exploit
> > relays because of technical and LEGAL reasons is pure undilluted
> > bullshit.
> 
> exploiting foreign servers? sure; but highly sensitive. e.g. TAO CNE.
> 
> legal hacks of domestic servers - FISA court would have to approve?


	lol - and now you admit you are just trolling
 


> 
> both of these are legitimate restraints, though we may argue about
> their effectiveness.
> 
> 
> over to Juan for retort,
>  preferably with more substance to justify opinions this time :)


	"FISA court would have to approve?"

More information about the cypherpunks mailing list