[tor-talk] Tor compromised?

Brandon Wiley brandon at blanu.net
Thu Oct 13 17:55:33 UTC 2011 

I'm all for security research and finding vulnerabilities, in Tor and
otherwise. Attacks that enumerate bridges are of particular interest.
However, the actual IPs discovered have no publication value. Releasing them
is just irresponsible. In order to receive credit, he just needs to publish
the attack, which would also be more helpful to us because then we could fix
it. I don't really understand this guy's motivation for behaving in this way
if he's an actual security researcher.

On Thu, Oct 13, 2011 at 11:49 AM, Dave Jevans <djevans at ironkey.com> wrote:

> I went to French bilingual school through high school.  its rusty, but
> here's additional info:
>
> He mapped TOR bridges and included them in the attack vector.  These IPs
> will be published in November.   He claims that 30% of entry nodes and
> bridges run Windows and are subject to privilege escalation, hence takeover
> or "reduction in security" of the first 2 layers of encryption (via memory
> inspection and tampering, as has already been discussed).
>
> No claims about exit nodes.
>
>
>
>
>
> On Oct 13, 2011, at 9:28 AM, "Roger Dingledine" <arma at mit.edu> wrote:
>
> > On Thu, Oct 13, 2011 at 08:59:35AM -0400, andrew at torproject.org wrote:
> >> it sounds like they wrote malware to watch the ram
> >> in a MS Windows relay and exploit MS Windows weaknesses to read some
> >> crypto keys.
> >
> > Also, keep an eye out for claims like "25% of the Tor relays runs
> > Windows, so if I can break into all relays on Windows, I'll own 25%
> > of the Tor network."
> >
> > Tor clients load-balance over relays based on the relay capacity,
> > so the statement should really be about how much of the *capacity*
> > of the Tor network is on Windows. That's a bit messier to calculate,
> > but I bet it's nowhere near 25%.
> >
> > I don't mean to say that being able to break into, say, 3% of the Tor
> > network is irrelevant -- but if claims like this do eventually emerge,
> > it would show that either he doesn't understand the Tor design, or he
> > has no interest in letting facts get in the way of his claims.
> >
> > More broadly, this just looks like another case of a guy who wants to
> > get publicity and have everybody think he's amazing, and the best way
> > he knows how to do that is to wait until the last possible moment before
> > anybody can learn what his claims are.
> >
> > --Roger
> >
> > _______________________________________________
> > tor-talk mailing list
> > tor-talk at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111013/2a12b88c/attachment.htm>

More information about the tor-talk mailing list