| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4ef5fec60712081501q50c4af00w1299f71e2cba6601@mail.gmail.com> Date: Sat, 8 Dec 2007 15:01:15 -0800 From: coderman <coderman@...il.com> To: "Fetch, Brandon" <bfetch@....com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Compromise of Tor, anonymizing networks/utilities On Dec 8, 2007 2:32 PM, Fetch, Brandon <bfetch@....com> wrote: > ... > It's this lack of "last mile" security that some will suggest using an > encrypted proxy but that still may not resolve the issue of the > requested destination not supporting a secure connection. Public wireless anyone? None of the big sites are willing to invest in your privacy. at least with gmail i can filter http and stay on https (yes, the cookie is still not secure only, *sigh*). treat Tor like an anonymizing hot spot. if you're worried about any of the content being sent, make sure it is encrypted end to end. > Hiding behind/through Tor and an encrypted proxy just puts more layers > of obfuscation into the mix but still doesn't provide any more security. Tor != transport privacy. the sooner everyone realizes this the better... [and the less we have to read about lame ass fame whores like Egerstad pimping their dsniff stupidity. the control port hack was much more interesting...] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists