Delivery-Date: Thu, 03 Jul 2014 22:27:14 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 160BD1E0C1B
	for <archiver@seul.org>; Thu,  3 Jul 2014 22:27:13 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A91302FAF5;
	Fri,  4 Jul 2014 02:27:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 490BE2BAC0
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 02:14:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id y3baWM6kZO4i for <tor-talk@lists.torproject.org>;
 Fri,  4 Jul 2014 02:14:25 +0000 (UTC)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com
 [IPv6:2607:f8b0:400e:c03::22a])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 0CE4F201A4
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 02:14:21 +0000 (UTC)
Received: by mail-pa0-f42.google.com with SMTP id lj1so1164408pab.15
 for <tor-talk@lists.torproject.org>; Thu, 03 Jul 2014 19:14:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=KobN75R8GhFRl3pPaqX+civG9v6Jh0cIhXhPVZpO4O0=;
 b=VhJZiP6smpZTE7tbnMpWC0bl6kxh2C+Nl3atRVrF8SqAo24hJ7ytRFKc8ih+/cq9eV
 r2mkbpeY9QI4RdlMt1S5cUc6LhwapPhlxSnR0qX5tOWCig1TUtbG8ONV7Qg0YsiQR8Yu
 uXF3Se3CB2SkZSa8lAJNkCOpj12c0taIcsfSbnaDXvImnecSePXQOmavqgomGRHGMdUt
 vWJP3kBtTkh8T8WWQiaBRKTzGWw9dSkrYsAy6hTp+6fZY+eUWWAWGSwkeaKVUmoElS4v
 Ho8d9SyMEVoaRcXLf+7YFrWf9NTjB38d2wlI5G26ydLQQNTuAk5+5a8A/lgAkEE/EWhV
 XB4w==
MIME-Version: 1.0
X-Received: by 10.66.147.99 with SMTP id tj3mr8186239pab.47.1404440059445;
 Thu, 03 Jul 2014 19:14:19 -0700 (PDT)
Received: by 10.70.128.75 with HTTP; Thu, 3 Jul 2014 19:14:19 -0700 (PDT)
In-Reply-To: <53b5ee43.28288c0a.5162.1552SMTPIN_ADDED_BROKEN@mx.google.com>
References: <CAD2Ti28UgXbB6wEry3VZjaWg4-8j7Ddi6stAfP7y+DrXWQn-0A@mail.gmail.com>
 <53B5CFE6.8000102@cyblings.on.ca>
 <CACbaT3YTV045R8=TuGUb=uxE0F+3Nay25QHzv512eeCFtJXcJw@mail.gmail.com>
 <53b5ee43.28288c0a.5162.1552SMTPIN_ADDED_BROKEN@mx.google.com>
Date: Thu, 3 Jul 2014 22:14:19 -0400
Message-ID: <CAMCPh3y8K8UGhFMZBQHA6Z68BrnUMNSkvDYwa8pw1GH_fYJnkA@mail.gmail.com>
From: AntiTree <antitree@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Can anyone from the Tor Project jump in to say whether these guys have
reached out or not?

We should be concerned about another CCC-style "0-day" presentation where
they find a legitimate vulnerability that could have been patched prior,
but are using it as a PR stunt to boost book sales as opposed to
responsible disclosure. Alexander Volynkin [1] and the grad student Michael
McCord, [2] both stand to benefit professionally/financially from
disclosing a vulnerability in as dramatic form as possible.. and of course
picked up and misinterpreted by the media.

I'm raising this concern based solely on the negative phrasing in the
description.
> ...It has also been used for distribution of child pornography, illegal
drugs, and malware. Anyone
> with minimal skills and resources can participate on the Tor network.
Anyone can become a
> part of the network. As a participant of the Tor network, you can choose
to use it to
> communicate anonymously or contribute your resources for others to use.
There is very little to
> limit your actions on the Tor network. There is nothing that prevents you
from using your
> resources to de-anonymize the network's users instead by exploiting
fundamental flaws in Tor
> design and implementation. And you don't need the NSA budget to do so.
Looking for the IP
> address of a Tor user? Not a problem. Trying to uncover the location of a
Hidden Service? Done.
> We know because we tested it, in the wild...

Worst case stated, I don't want to hate on researchers -- the two should be
praised for their research if they have something new and they've already
been working with the Tor Project team to get it resolved.

If I were a betting person, a beer says that they will be summarizing the
current issues with hidden services, and as Adrian said, doing a client
side disbanding attack (e.g. Java + DNS)

[1] https://www.blackhat.com/us-14/speakers/Alexander-Volynkin.html
[2] https://www.blackhat.com/us-14/speakers/Michael-McCord.html


On Thu, Jul 3, 2014 at 7:58 PM, Seth David Schoen <schoen@eff.org> wrote:

> Adrian Crenshaw writes:
>
> > Best guess, many client side and web app attacks Tor can't do much about.
> > (My talk at Defcon will cover a bunch of folks that got Deanonymized, but
> > in every case it was not Tor that was really broke)
>
> The description on the Black Hat site refers "a handful of powerful
> servers and a couple gigabit links" that are operated for "a couple
> of months", which sounds like this involves actually running nodes and
> getting the attack targets to build circuits through them.
>
> --
> Seth Schoen  <schoen@eff.org>
> Senior Staff Technologist                       https://www.eff.org/
> Electronic Frontier Foundation                  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

