| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DCED2FC3-E125-45DE-8FA6-923DCFD65134@gmail.com> Date: Fri, 18 Jul 2014 09:48:59 -0400 From: Liz Gossell <elizabethgossell@...il.com> To: "Ivan .Heca" <ivanhec@...il.com> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Peeling the onion: Almost everyone involved in developing Tor was (or is) funded by the US government | PandoDaily The weak point of Tor has always been exit nodes. Anyone who operates one is going to have access to the comms passing through the node. I’m sure if someone really wanted to eavesdrop Tor traffic they’d just DoS other exit nodes and run a significant number of alternative ones so that users don’t notice. https://www.torproject.org/docs/faq.html.en#CanExitNodesEavesdrop Lesson: If someone wants your traffic badly enough, they’re going to get it. — Liz On Jul 17, 2014, at 7:40 PM, Ivan .Heca <ivanhec@...il.com> wrote: >> Tor was originally sponsored by the US Naval Research Lab. > > That would be a logical assumption if you read the article and associated > references > >> Does this automatically mean it's backdoored then? > > is it? I think what the author was alluding to is their trying. Perry > thinks they can > > Extremely well funded adversaries that are able to observe large portions > of the Internet can probably break aspects of Tor and may be able to > deanonymize users. This is why the core tor program currently has a version > number of 0.2.x and comes with a warning that it is not to be used for > “strong anonymity”. (Though I personally don’t believe any adversary can > reliably deanonymize *all* tor users . . . but attacks on anonymity are > subtle and cumulative in nature). > On 18/07/2014 9:27 AM, "Stephen Crane" <culda.rinon@...il.com> wrote: > >> Tor was originally sponsored by the US Naval Research Lab. Does this >> automatically mean it's backdoored then? Could someone insert a backdoor >> into open-source software? Yes. Funding sources do little to change this. >> Now, who is controlling exit nodes is a different story, but that's another >> can of worms. >> >> >> On Wed, Jul 16, 2014 at 5:10 PM, Ivan .Heca <ivanhec@...il.com> wrote: >> >>> Funding doubled, so engineering some back doors? >>> >>> In 2012, Tor nearly doubled its budget, taking in $2.2 million from >>> Pentagon and intel-connected grants: $876,099 came from the DoD, $353,000 >>> from the State Department, $387,800 from IBB. >>> >>> That same year, Tor lined up an unknown amount funding from the >>> Broadcasting Board of Governors to finance fast exit nodes. >>> >>> http://pando.com/2014/07/16/tor-spooks/ >>> >>> _______________________________________________ >>> Sent through the Full Disclosure mailing list >>> http://nmap.org/mailman/listinfo/fulldisclosure >>> Web Archives & RSS: http://seclists.org/fulldisclosure/ >>> >> >> > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists