[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] tor vulnerabilities?

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] tor vulnerabilities?
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Tue, 1 Oct 2013 17:55:12 +0300

On Wed, Jul 03, 2013 at 01:07:35PM -0400, Valdis.Kletnieks@xxxxxx wrote:
> On Wed, 03 Jul 2013 17:34:52 +0300, Georgi Guninski said:
> > Or maybe some obscure feature deanonymize in O(1) :)
> 
> IT's open source. You're allegedly a security expert.  Start auditing
> the code and let us know what you find. :)
> 
> (And hey - it would be worth it.  The guy who finds an O(1) hole
> in Tor is going to pick up some serious street cred.)


Valdis,

I knew time for trolling would come soon.

FYI attacks on tor are becoming public:
http://www.theregister.co.uk/2013/09/01/tor_correlation_follows_the_breadcrumbs_back_to_the_users/

“An adversary that provides no more bandwidth than some volunteers do today can 
deanonymize any given user within three months of regular Tor use with over 50 
percent probability and within six months with over 80 percent probability."

I continue to suspect O(1) deanonymization is possible.

Your street cred social trick didn't work, sorry :)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Rooted CON 2014 - Call For Papers
Next by Date: [Full-disclosure] CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability
Previous by thread: [Full-disclosure] Rooted CON 2014 - Call For Papers
Next by thread: [Full-disclosure] CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability
Index(es):
- Date
- Thread