lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <475ABF3B.7090800@rogers.com>
Date: Sat, 08 Dec 2007 10:58:51 -0500
From: gmaggro <gmaggro@...ers.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Compromise of Tor, anonymizing networks/utilities

So I guess CIA -> CSIS, FBI -> RCMP, and NSA -> CSE/GCHQ/DSD/GCSB. The
last bit being the standard bunch of Echelon sons-of-bitches. Those lads
must have some fat pipes. Now are they hidden, or hidden in plain sight?

In any case, it is a certainty than that some law enforcement agencies
are running tor nodes; it has been spotted in actual use at many such
locales. Tor might a great idea but it is sadly lacking in many aspects
of its implementation. Let us consider it a good first step, but now
it's time to move on.

>>From now on we should all operate under the assumption that every
anonymizing network is rife with law enforcement infiltration. In fact,
future designs should incorporate this infiltration into their
development; there has got to be a way to use this against them.

Tactically, do folks think it would be better to withdraw from Tor use
slowly whilst replacing the resulting traffic with filler to keep up
appearances? Or ditch it wholesale in the hopes that larger and abrupt
changes in usage will disrupt or confuse our friends with badges?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ