[tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Zenaan Harkness
zen at freedbms.net
Wed Jul 2 00:30:44 UTC 2014
On 7/2/14, Geoff Down <geoffdown at fastmail.net> wrote:
> On Tue, Jul 1, 2014, at 10:54 PM, williamwinkle at openmailbox.org wrote:
>> On 2014-06-30 22:33, Geoff Down wrote:
>> > If the code is injected between the target_website.com and the exit
>> > node, the exit node will relay it faithfully back through the Tor
>> > network to the client.
>> > It's all just bytes to Tor.
>>
>> This is presumably dependent on the TBB having a vulnerability.
>
> Or the user being foolish and opening a downloaded file (they trust the
> site, right?), enabling Flash etc.
>
>> So, even
>> if all users of target_website.com were considered evil and should be
>> targeted, this could only happen if a) there was a 0-day for Firefox on
>> which TBB is based or b) there is a known vulnerability for Firefox but
>> certain users did not bother to update.
>
> for websites, that would seem to be right. But don't forget about
> Openssl vulnerabilities (Firefox doesn't use Openssl iirc) or other
> software that people use over Tor - it's not all Torbrowser. So reasons
> for concern, but not all doom and gloom.
> GD
More and more reasons to run TBB or Tor in a sandbox (Whonix or Tails).
More information about the tor-talk
mailing list