[Noisebridge-discuss] Tor hacked and mapped by the French, or so they say

[Danny O'Brien]

There's a blog post up now from Tor (this attack was discussed on the
mailing lists a couple of weeks ago -- since the speaker hasn't
contacted Tor with what he's learned, it's a little hard to work out
exactly what the attack is. Right now, it seems to be a mix of known
stuff, magical mystery decryption, and extrapolation. But we'll see!

https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated

d.


On Mon, Oct 24, 2011 at 7:21 PM, L E <lexein-esc at yahoo.com> wrote:
> My post was a prod to get Jacob or,  say, you, to reply with this very
> analysis, to the blogosphere itself (bogosphere?)
>
> ________________________________
> From: Andy Isaacson <adi at hexapodia.org>
> To: L E <lexein-esc at yahoo.com>
> Cc: NoiseBridge Discuss <noisebridge-discuss at lists.noisebridge.net>
> Sent: Monday, October 24, 2011 6:59 PM
> Subject: Re: [Noisebridge-discuss] Tor hacked and mapped by the French, or
> so they say
>
> On Mon, Oct 24, 2011 at 06:12:03PM -0700, L E wrote:
>> Tor hacked and mapped by the French, or so they say
>> http://seclists.org/fulldisclosure/2011/Oct/780
>>
>> http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html
>
> This is classic "science by press release", the researchers haven't
> published their research but they're happy to talk to the press and brag
> about what an awesome attack they've created.
>
> So, we (being the rest of the world) don't have any idea what they're
> talking about beyond the poorly translated fragments that have made it
> through their media interviews; but their claims appear to be that
>
> 0. They don't claim (AFAICS) to have found a new code execution,
> privilege escalation, private key disclosure, execution control, or
> other significant bug in Tor itself.  The most generous reading I've
> found is that they may have a new network metadata disclosure, but even
> that is questionable.
>
> 1. If you run software (such as Tor) on an insecure operating system,
> then an attacker can hack the OS and cause the software to malfunction.
> <sarcasm> Shocking news! </sarcasm>
>
> 2. They claim that they can find out more information about the Tor
> network than they claim is intended to be published by the network.
> Since they haven't explained what information, exactly, they can find
> out, that's a difficult claim to verify.  Since Tor protects various
> different pieces of information to differing levels, it's entirely
> possible that this might be true in some unimportant way; or it's
> possible that they found a new mapping technique that provides
> interesting insight; or it's possible that they've found some critical
> flaw that completely destroys the security of the network.
>
> Or it might be possible that they simply didn't understand that the
> information they found is intended to be public.  Since they didn't ask
> anyone in the Tor community to review their results before going to the
> press (AFAIK), it's hard to say.
>
> 3. (the most far-fetched): They claim that they can decrypt Tor traffic
> by compromising a small percentage (<30%) of the network.  Since Tor is
> designed to be resilient against decryption attacks unless the attacker
> controls your entrance, middle, and exit nodes; and since the network
> would simply cease to function if you disabled (DDoS or legal DoS) a
> significant fraction of the exit node bandwidth; this claim seems
> ludicrous based on the existing information.
>
> There's a thread on tor-talk:
>
> https://lists.torproject.org/pipermail/tor-talk/2011-October/021730.html
>
> Looking forward to any actionable information, and shaking my head at
> the gullibility of the news cycle once again,
> -andy
>
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>