[tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

Geoff Down geoffdown at fastmail.net
Tue Jul 1 22:42:57 UTC 2014



On Tue, Jul 1, 2014, at 10:54 PM, williamwinkle at openmailbox.org wrote:
> On 2014-06-30 22:33, Geoff Down wrote:

> >  If the code is injected between the target_website.com and the exit
> >  node, the exit node will relay it faithfully back through the Tor
> >  network to the client.
> > It's all just bytes to Tor.
> > 
> 
> This is presumably dependent on the TBB having a vulnerability.

 Or the user being foolish and opening a downloaded file (they trust the
 site, right?), enabling Flash etc.

> So, even 
> if all users of target_website.com were considered evil and should be 
> targeted, this could only happen if a) there was a 0-day for Firefox on 
> which TBB is based or b) there is a known vulnerability for Firefox but 
> certain users did not bother to update.

for websites, that would seem to be right. But don't forget about
Openssl vulnerabilities (Firefox doesn't use Openssl iirc) or other
software that people use over Tor - it's not all Torbrowser. So reasons
for concern, but not all doom and gloom.
GD

-- 
http://www.fastmail.fm - A fast, anti-spam email service.



More information about the tor-talk mailing list