[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] FBI cracked Tor security



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2016 01:38 AM, Jon Tullett wrote:
> On 14 July 2016 at 08:37, Mirimir <mirimir@riseup.net> wrote:
> 
>> On 07/14/2016 12:23 AM, Jon Tullett wrote:
> 
>>> Having pwned the server, a malware component is then injected
>>> to visiting computers. Ie: when the criminal visits the
>>> infected site, his PC is infected (over that encrypted, secure,
>>> etc) connection. Now infected, his PC will be under the control
>>> of the FBI, and the investigation will proceed from there. As
>>> soon as it's connected to the regular internet, that connection
>>> will be traced, but that connection is not necessary - data on
>>> the PC can be exfiltrated by the feds over Tor and used to
>>> identify the user.
>> 
>> Tor Project ought to inform users about this risk, and recommend 
>> countermeasures. It's not like this is new. I see nothing at 
>> <https://www.torproject.org/download/download.html.en#warning>.
> 
> I agree - a warning of the dangers of visiting infected onion
> sites could be useful (even though the problem is not specifically
> a Tor one). There's the risk of feature creep - security is a big
> space and it isn't really Tor's job to educate people on every risk
> online. Perhaps a clarification that just as TBB is not all you
> need to maintain privacy, it's also not all you need to stay
> secure, with a pointer to some external tips?

There is an aspect of visiting hostile onion sites that's especially
problematic: forcing direct clearnet connections that reveal users'
ISP-assigned IP addresses. It's irresponsible to continue recommending
only vulnerable setups, especially Tor browser in Windows.

<SNIP>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXh1AuAAoJEGINZVEXwuQ+JxsIAK7NCDwsjp3LuP25p2V0CHpZ
ceXd7yN7BFzFfsxgbErT68dWLYWSIGxm6ZBg4ZQBb3BzvPOoRU50LldmyXjf5+FS
KC34TcqYnewyLTLe9g2vtcrttPoxbgcBoHuywe7Do5+hlPM/+I7Y4xjm8scIpNEf
X7vOGh5BfzbWQ4umMXP7YKEDNaktnN5xTITcqDrDZF15ugyUNslmaZRqfBeOv+GA
sfEhqa/puowXfJ0cOjuoPPGp/QApGKevYqL67/8XP8xhWbj3GK+ICk0i28dZK/ks
f+KOVouFXa50gJvSlvRzZouUbkvc5o5mAwoC25WZ3/30C2eiTYHRMXSk+8H6MnE=
=P3OR
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk