| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Jul 2013 10:21:02 +0300 From: Georgi Guninski <guninski@...inski.com> To: coderman <coderman@...il.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: tor vulnerabilities? I am not an expert on tor. Last time I started tor on console and watched stdout/stderr saw so many warnings/errors wondered it worked at all (had dropped connections IIRC)... re: short lived bugs: they are short lived when dead, not while alive ;) On Wed, Jul 03, 2013 at 11:04:45AM -0700, coderman wrote: > On Wed, Jul 3, 2013 at 7:34 AM, Georgi Guninski <guninski@...inski.com> wrote: > > ... > > I see no reason to trust tor. > > > > How do you disprove that at least (say) 42% of the tor network > > is malicious, trying to deanonymize everyone and logging > > everything? > > end to end privacy is orthogonal to anonymity, however, exit nodes > imply risks most users aren't familiar with or accustomed to. does > this mean Tor is useless? > No - but it must be used with care, certainly. > > > > Or maybe some obscure feature deanonymize in O(1) :) > > these bugs are short lived but do happen from time to time... my > favorite will always be CVE-2007-4174 *grin* > > > next generation low latency anonymity networks are a fun area of > research and suited to interesting attacks. you could help build and > break them when you're sufficiently sated with vague criticisms. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists