Full Disclosure mailing list archives
Re: Compromise of Tor, anonymizing networks/utilities
From: jf <jf () danglingpointers net>
Date: Sun, 9 Dec 2007 08:02:41 +0000 (UTC)
In any case, it is a certainty than that some law enforcement agencies are running tor nodes; it has been spotted in actual use at many such locales. Tor might a great idea but it is sadly lacking in many aspects of its implementation.It would help if you were more specific here. Especially, could youflesh outwhat you mean by, "it is sadly lacking in many aspects of its implementation."
It's really quite simple. If you or I can setup a tor node and use it to mitm/pop people/etc, or use it and the various tracking methods previously shown (wasnt it hd who did the js/flash callhome stuff?), then any inclined entity with the resources, can employ the same tactics at a much larger scale over as diversified and distributed as a region as their resources will allow. If you consider who has those types of resources you're basically stuck with mega-corporations, governments, telcos and potentially some spammers/botnets. While I think it's doubtful we'll see a mega-corporation involved in something like that, you never know though a few 'eccentric' board members can take you to some weird places.. Governments however, are quite obviously one entity that both has proper motivation and typically proper resources to employ it and the mega-telco's in places like the US have pretty much shown their colors already; don't fret though, i bet your countries telco's aren't any better. The spammers/phishers/botnets/etc, well it's irrelevant to this point. That all considered, it becomes obvious that, if you presume that its goal was anonymity to everyone, which is dubious at best if you consider some of its .mil background, that this is a deep design flaw. Or at least that's my opinion. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 09)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 08)