hilarious 2007 tor security hole

[Zenaan Harkness]

On Wed, Oct 30, 2019 at 01:09:54AM -0300, Punk - Stasi 2.0 wrote:
> 
> 
> 	Low-Resource Routing Attacks Against Tor
> 	https://www.freehaven.net/anonbib/cache/bauer:wpes2007.pdf
> 
> 	you could add "high speed" compromised nodes, simply by lying about them being "high speed".
> 
> 
> 	also, notice this 
> 	
> 	https://www.freehaven.net/anonbib/cache/hs-attack06.pdf	
> 
> 	blatant hole in hidden services design 'found' by scum-master syverson in 2006 - same scum-master who 'designed' tor haha. I'm guessing these scumbags get bonunses by 'paper' written, so they write papers about their shitty 'designs' and then write papers 'attacking' the same garbage they coded. Priceless.

Funny.

Will you give a shot at summarizing the above attacks, and/or if
there is any obvious solution to those attacks in relation to any new
overlay network?

(The overview and summary of a paper may be sufficient - some papers
are long, and can therefore take a long time to read/ absorb, but a
good paper should give a good succinct summary anyway...)

This work we are doing of considering possible designs for (various
layers of) some new overlay network, will hopefully be useful for
whomever ends up on a mad codeathon - there's even the possibility
this could be me, although if the design ends up good "by consensus"
then a Java proof of concept will hopefully be replaced by a C, C++
or Rust (etc) implementation anyway... or, rather than "replaced",
complemented might be a better word - multiple implementations
working well with one another are a decent proof of "spec/ design
conformance".

We may even find that the guts of the network scheduling/ link
monitoring and management, route negotiation and therefore quite
possibly even encryption, end up in user space IP stacks such as
SNABB (and in the case of SNABB, most likely therefore implemented in
Lua), with perhaps a thin management interface (console at least) in
say Java or any language preferred by those interested in coding such
things.