[tor-talk] TOR bundle on hostile platforms: why?
Ivan Zaigralin
melikamp at melikamp.com
Thu Aug 8 13:14:21 UTC 2013
On 08/07/2013 07:36 PM, Martijn Grooten wrote:
> On Wed, 7 Aug 2013, Ivan Zaigralin wrote:
> It is also likely that they have vulnerabilities in any other operating system.
> And in Tor implementations. And it is good to assume they have enough 'crackers'
> on staff that will be able to exploit such vulnerabilities.
True enough, but I think the risk is much higher for proprietary software.
The law enforcement tends to know about vulnerabilities before anyone else, and
the holes may stay unpatched for weeks, months, or years, simply because of
incompetence or ill will on behalf of the vendor. And then there is the
monoculture factor.
OTOH, to get a Linux remote going, one needs to get lucky first and discover
a zero-day before kernel devs do, and after that it's still a crapshoot, with
all the different kernel versions and configs out there.
In conclusion, thanks for listening to my rants everyone. I enjoyed this
discussion way more than the one on Slashdot, where my argument got steamrolled
by fanboy mods, or may be even NSA drones.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130808/bf5c3b64/attachment.sig>
More information about the tor-talk
mailing list