| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJVRA1Qdq_90QNyo4We-+PVDunJGNkT8xBuhgNK99MyJf1Oqxg@mail.gmail.com> Date: Wed, 3 Jul 2013 11:04:45 -0700 From: coderman <coderman@...il.com> To: Georgi Guninski <guninski@...inski.com> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: tor vulnerabilities? On Wed, Jul 3, 2013 at 7:34 AM, Georgi Guninski <guninski@...inski.com> wrote: > ... > I see no reason to trust tor. > > How do you disprove that at least (say) 42% of the tor network > is malicious, trying to deanonymize everyone and logging > everything? end to end privacy is orthogonal to anonymity, however, exit nodes imply risks most users aren't familiar with or accustomed to. does this mean Tor is useless? No - but it must be used with care, certainly. > Or maybe some obscure feature deanonymize in O(1) :) these bugs are short lived but do happen from time to time... my favorite will always be CVE-2007-4174 *grin* next generation low latency anonymity networks are a fun area of research and suited to interesting attacks. you could help build and break them when you're sufficiently sated with vague criticisms. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists