[tor-talk] Cancelled black hat talk
BM-2D8wMEVgGVY76je1WXNPfo8SrpZt5yGHES at bitmessage.ch
Mon Jul 21 22:05:26 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
> Journalists are asking us about the Black Hat talk on attacking
> Tor that got cancelled. We're still working with CERT to do a
> coordinated disclosure of the details (hopefully this week), but I
> figured I should share a few details with you earlier than that.
Thanks for coming forward - very much appreciated.
> 1) We did not ask Black Hat or CERT to cancel the talk. We did (and
> still do) have questions for the presenter and for CERT about some
> aspects of the research
Does that imply that the exploited "weakness" is not yet fully
understood by you (core developers)? (which also would imply that
there is no "fix" yet)
(To some extend this contradicts the anticipated coordinated disclosure?)
> 2) In response to our questions, we were informally shown some
> materials. We never received slides or any description of what
> would be presented in the talk itself beyond what was available on
> the Black Hat Webpage.
Also this point suggests that the "attack" has not been understood yet(?).
Also (if you can anticipate that ahead of the coordinated disclosures):
Should relay ops get ready to deploy a critical patch?
Should users get ready to update their Tor Browser Bundles soon?
Will there be a "fix" at all?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-talk