[tor-talk] TOR bundle on hostile platforms: why?
Ivan Zaigralin
melikamp at melikamp.com
Wed Aug 7 21:18:31 UTC 2013
I don't need to cite references, and I don't need to provide proof.
I am not judging Microsoft here, but pointing out a security risk factor.
TOR Projects spent so much time analyzing detected and imagined
attack patterns and defending against them, DNS resolution being a great
example. And all this work that went into repelling a sophisticated attacker
is really paying off right now.
What I am talking about is a trivial attack, technically trivial. The feds
(at least in US and in Russia) have a complete list of unpatched Windows
vulnerabilities. They also have crackers on staff. It is, therefore,
trivial for them to survey Windows machines. It doesn't matter anymore
whether they are actually doing so (they do). What matters is that they
can do so trivially. And users need to be made secure from this very
plausible attack.
On 08/07/2013 04:53 PM, Antispam 06 wrote:
> On 07.08.2013 21:06, Ivan Zaigralin wrote:
>> It doesn't, since Microsoft can survey all outgoing and incoming
>> traffic in plain text.
>
> References please.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130807/60f12e2c/attachment.sig>
More information about the tor-talk
mailing list