My post was a prod to get Jacob or, say, you, to reply with this very analysis, to the blogosphere itself (bogosphere?)<br /><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><font size="2" face="Arial"><hr size="1"><b><span style="font-weight:bold;">From:</span></b> Andy Isaacson <adi@hexapodia.org><br><b><span style="font-weight: bold;">To:</span></b> L E <lexein-esc@yahoo.com><br><b><span style="font-weight: bold;">Cc:</span></b> NoiseBridge Discuss <noisebridge-discuss@lists.noisebridge.net><br><b><span style="font-weight: bold;">Sent:</span></b> Monday, October 24, 2011 6:59 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [Noisebridge-discuss] Tor hacked and mapped by the French, or so they
say<br></font><br>
On Mon, Oct 24, 2011 at 06:12:03PM -0700, L E wrote:<BR>> Tor hacked and mapped by the French, or so they say<BR>> http://seclists.org/fulldisclosure/2011/Oct/780<BR>> http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html<BR><BR>This is classic "science by press release", the researchers haven't<BR>published their research but they're happy to talk to the press and brag<BR>about what an awesome attack they've created.<BR><BR>So, we (being the rest of the world) don't have any idea what they're<BR>talking about beyond the poorly translated fragments that have made it<BR>through their media interviews; but their claims appear to be that<BR><BR>0. They don't claim (AFAICS) to have found a new code execution,<BR>privilege escalation, private key disclosure, execution control, or<BR>other significant bug in Tor itself. The most generous reading I've<BR>found is that they may have a new network metadata disclosure, but
even<BR>that is questionable.<BR><BR>1. If you run software (such as Tor) on an insecure operating system,<BR>then an attacker can hack the OS and cause the software to malfunction.<BR><sarcasm> Shocking news! </sarcasm><BR><BR>2. They claim that they can find out more information about the Tor<BR>network than they claim is intended to be published by the network.<BR>Since they haven't explained what information, exactly, they can find<BR>out, that's a difficult claim to verify. Since Tor protects various<BR>different pieces of information to differing levels, it's entirely<BR>possible that this might be true in some unimportant way; or it's<BR>possible that they found a new mapping technique that provides<BR>interesting insight; or it's possible that they've found some critical<BR>flaw that completely destroys the security of the network.<BR><BR>Or it might be possible that they simply didn't understand that the<BR>information they
found is intended to be public. Since they didn't ask<BR>anyone in the Tor community to review their results before going to the<BR>press (AFAIK), it's hard to say.<BR><BR>3. (the most far-fetched): They claim that they can decrypt Tor traffic<BR>by compromising a small percentage (<30%) of the network. Since Tor is<BR>designed to be resilient against decryption attacks unless the attacker<BR>controls your entrance, middle, and exit nodes; and since the network<BR>would simply cease to function if you disabled (DDoS or legal DoS) a<BR>significant fraction of the exit node bandwidth; this claim seems<BR>ludicrous based on the existing information.<BR><BR>There's a thread on tor-talk:<BR><BR><a href="https://lists.torproject.org/pipermail/tor-talk/2011-October/021730.html" target=_blank >https://lists.torproject.org/pipermail/tor-talk/2011-October/021730.html</a><BR><BR>Looking forward to any actionable information, and shaking my head
at<BR>the gullibility of the news cycle once again,<BR>-andy<BR><br><br></div></div></blockquote>