client bug in 0.2.2.7-alpha and a new bad exit: exoassist
Scott Bennett
bennett at cs.niu.edu
Mon Feb 1 04:36:11 UTC 2010
On Sun, 31 Jan 2010 23:10:42 -0500 Flamsmark <flamsmark at gmail.com>
wrote:
>On 31 January 2010 21:58, Scott Bennett <bennett at cs.niu.edu> wrote:
>
>> So it appears that a) there is a new tor client bug in 0.2.2.7-alpha
>> that
>> leaves the "exoassist.exit" in the name passed along from its SOCKS
>> listener
>> to the destination port.
>>
>
>Isn't .exit deprecated because it's a potential vector for attack?
>
Sure. However, I don't see it as being useful for attack if the user
only uses it to test for bad exits. IIRC, no simple replacement for that
purpose has yet appeared, so I have it allowed in my torrc for precisely
that purpose. As long as the code exists and can be enabled via a torrc
option, then it should continue to work correctly.
Nevertheless, "exoassist" is a bad exit and should be flagged as such.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list