Full Disclosure: Re: tor vulnerabilities?

Re: tor vulnerabilities?

From: Georgi Guninski <guninski () guninski com>
Date: Thu, 4 Jul 2013 10:21:02 +0300

I am not an expert on tor.

Last time I started tor on console and watched stdout/stderr
saw so many warnings/errors wondered it worked at all
(had dropped connections IIRC)...

re: short lived bugs: they are short lived when dead,
not while alive ;)


On Wed, Jul 03, 2013 at 11:04:45AM -0700, coderman wrote:

On Wed, Jul 3, 2013 at 7:34 AM, Georgi Guninski <guninski () guninski com> wrote:

...
I see no reason to trust tor.

How do you disprove that at least (say) 42% of the tor network
is malicious, trying to deanonymize everyone and logging
everything?


end to end privacy is orthogonal to anonymity, however, exit nodes
imply risks most users aren't familiar with or accustomed to.  does
this mean Tor is useless?
  No - but it must be used with care, certainly.

Or maybe some obscure feature deanonymize in O(1) :)


these bugs are short lived but do happen from time to time...  my
favorite will always be CVE-2007-4174  *grin*


next generation low latency anonymity networks are a fun area of
research and suited to interesting attacks. you could help build and
break them when you're sufficiently sated with vague criticisms.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: tor vulnerabilities? Georgi Guninski (Jul 03)
- Re: tor vulnerabilities? Valdis . Kletnieks (Jul 03)
  - Re: tor vulnerabilities? adam (Jul 03)
- Re: tor vulnerabilities? coderman (Jul 03)
  - Re: tor vulnerabilities? Georgi Guninski (Jul 04)
- Re: tor vulnerabilities? Michael T (Jul 04)
  - Re: tor vulnerabilities? Valdis . Kletnieks (Jul 03)
- Re: tor vulnerabilities? Alex (Jul 04)