lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue Jun  6 13:18:46 2006
From: sol at haveyoubeentested.org (Sol Invictus)
Subject: Re: blocking tor is not the right way forward.
	It	may just be the right way backward.

There is one simple (from management's point of view) way to solve this 
issue.

DEFAULT DENY and monitor everything else.

That way whenever someone uses a legitimate path for something not 
legit, it will be caught.

Why do you think they posted guards at the gates of old castles?  Create 
the chokepoint and search everyone.

Sol.

Joel Jose wrote:

> see, its pitty how we dont understand that we are trying to defend
> using the wrong principles.
>
> just like the other poster pointed out.. protect your data == plug
> holes + preserve + restore data.. != go for a witch hunt.
>
> moreover.. we when "blocking" tor and denying access are assuming 3 
> things :
> 1) tor cannot be recreated(dont bet on that.. imagine a tor-2 network
> which corrects(takes different policy measures) the blacklisting
> facility, if we hold the rope so tight as to choke.. the privacy
> people and the community will come up with a better and more effective
> tool.. )
> 2) scarce resources is the way forward. Cmon public open proxies, tor
> like public projects..etc are not "scarce" resource for the attacker..
> but it is a scarce resource for the users... dont get fooled..
> ofcourse all it takes for a determined(and well funded) attacker is
> "shift" his cables to get onto a different network to attack you ;)
> 3)TOR is not the problem.. its a solution for privacy... it would be
> much better if you try to find time to code for better webserver
> protections against a dos.. or even write a patch for that new
> full-disclosure vulnerability.. did i say proof-of-concept.. yikes..
> ;)
>
> PS : ofcourse right now discussions are on on how to "label" / "mark"
> tor users so that CIA triad is maintained for resources accessed by
> tor users having different access privileges. psuedonyms are a serious
> model thats being considered and researched...
>
> joel.


Powered by blists - more mailing lists