| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4ef5fec60712081814s58c36b58t5b12752642325c1d@mail.gmail.com> Date: Sat, 8 Dec 2007 18:14:31 -0800 From: coderman <coderman@...il.com> To: jf <jf@...glingpointers.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Compromise of Tor, anonymizing networks/utilities On Dec 9, 2007 1:29 AM, jf <jf@...glingpointers.net> wrote: > > ... scanning of > > the Tor network and rapid flagging of "bad exit"... > > lemme know if you need ointment with that band-aid. Tor, like wireless, is susceptible to denial of service with little effort. the goal of exit scanning is not to protect clients from MITM at malicious exits (that can and will always happen) but merely to reduce the scope of denial of service introduced when a rogue exit is performing active attacks. (that is, if your implementation is vulnerable, you will be fucked. the only question is when will you be fucked, yes proper fucked, tommy. however, a proper implementation and quick flagging at the DA's lowers the frequency with which you would chose this rogue node as your exit (which fails, causing a denial of service for all paths exiting there, but does not lead to exploitation and is remedied once a new circuit is built...) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists