[tor-relays] Quantum Insert detection for everyone

[David Stainton]

Yes and no. HTTPS/Onion services prevents successful TCP injection
attacks when the attacker doesn't know the key material... therefore
to make this claim about HTTPS in general seems rather sketchy given
that many CA's have been pwn'ed (and subpoena'ed?) in the past.

TCP injection attacks are not the same as man-in-the-middle attacks...
but rather are categorized as man-on-the-side. The difference is
important because MoS is *much* cheaper for these various (not just
NSA) entities to execute. MoS means you do not have to pwn a route
endpoint at the site of your TCP injections... you can inject from
almost anywhere as long as you can win the race.

I will discuss this point in my write up... and I will write a section
specifically for Tor exit relay operators who are interested in using
HoneyBadger.


On Wed, Apr 22, 2015 at 10:16 PM, janulrich <andi at michlaustderaffe.de> wrote:
> hi,
>
> Am 22.04.2015 um 20:41 schrieb David Stainton:
>> Did you all see this Wired article about Quantum Insert detection?
>>
>> https://www.wired.com/2015/04/researchers-uncover-method-detect-nsa-quantum-insert-hacks
>
> proof me wrong but wouldn't the use of a HTTPS/OnionAddress render this
> attack usesless?
>
> Whats up with the title "researchers uncover method"? Like this would be
> anything new?
> Basically it's the concept of a MITM attack which is a serious threat[1]
> as old as telecommunication itself.
> The only working solution is end to end encrypted communication.
> So why use inefficient and vulnerable "detection tools" to spy on tor users?
>
> humble opinion of a barely frightened tor user.
>
> [1]: Remark: There are sufficient opportunities for MITM attacks. (There
> are still guys out there surfing the web via GSM -broken crypto- on
> their mobiles.)
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays