[tor-talk] FBI cracked Tor security
Mirimir
mirimir at riseup.net
Thu Jul 14 08:41:22 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/14/2016 01:38 AM, Jon Tullett wrote:
> On 14 July 2016 at 08:37, Mirimir <mirimir at riseup.net> wrote:
>
>> On 07/14/2016 12:23 AM, Jon Tullett wrote:
>
>>> Having pwned the server, a malware component is then injected
>>> to visiting computers. Ie: when the criminal visits the
>>> infected site, his PC is infected (over that encrypted, secure,
>>> etc) connection. Now infected, his PC will be under the control
>>> of the FBI, and the investigation will proceed from there. As
>>> soon as it's connected to the regular internet, that connection
>>> will be traced, but that connection is not necessary - data on
>>> the PC can be exfiltrated by the feds over Tor and used to
>>> identify the user.
>>
>> Tor Project ought to inform users about this risk, and recommend
>> countermeasures. It's not like this is new. I see nothing at
>> <https://www.torproject.org/download/download.html.en#warning>.
>
> I agree - a warning of the dangers of visiting infected onion
> sites could be useful (even though the problem is not specifically
> a Tor one). There's the risk of feature creep - security is a big
> space and it isn't really Tor's job to educate people on every risk
> online. Perhaps a clarification that just as TBB is not all you
> need to maintain privacy, it's also not all you need to stay
> secure, with a pointer to some external tips?
There is an aspect of visiting hostile onion sites that's especially
problematic: forcing direct clearnet connections that reveal users'
ISP-assigned IP addresses. It's irresponsible to continue recommending
only vulnerable setups, especially Tor browser in Windows.
<SNIP>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXh1AuAAoJEGINZVEXwuQ+JxsIAK7NCDwsjp3LuP25p2V0CHpZ
ceXd7yN7BFzFfsxgbErT68dWLYWSIGxm6ZBg4ZQBb3BzvPOoRU50LldmyXjf5+FS
KC34TcqYnewyLTLe9g2vtcrttPoxbgcBoHuywe7Do5+hlPM/+I7Y4xjm8scIpNEf
X7vOGh5BfzbWQ4umMXP7YKEDNaktnN5xTITcqDrDZF15ugyUNslmaZRqfBeOv+GA
sfEhqa/puowXfJ0cOjuoPPGp/QApGKevYqL67/8XP8xhWbj3GK+ICk0i28dZK/ks
f+KOVouFXa50gJvSlvRzZouUbkvc5o5mAwoC25WZ3/30C2eiTYHRMXSk+8H6MnE=
=P3OR
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list