Delivery-Date: Thu, 03 Jul 2014 22:42:21 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 45E6B1E0C1B
	for <archiver@seul.org>; Thu,  3 Jul 2014 22:42:19 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 71F6D28FB6;
	Fri,  4 Jul 2014 02:42:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E09A62BB00
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 02:35:39 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id rZm9JuJ5X_J1 for <tor-talk@lists.torproject.org>;
 Fri,  4 Jul 2014 02:35:39 +0000 (UTC)
X-Greylist: delayed 2020 seconds by postgrey-1.34 at eugeni;
 Fri, 04 Jul 2014 02:35:39 UTC
Received: from shell0.rawbw.com (shell0.rawbw.com [198.144.192.45])
 by eugeni.torproject.org (Postfix) with ESMTP id B20742ABD1
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 02:35:39 +0000 (UTC)
Received: from eagle.yuri.org (stunnel@localhost [127.0.0.1])
 (authenticated bits=0)
 by shell0.rawbw.com (8.14.4/8.14.4) with ESMTP id s6421tdv093055;
 Thu, 3 Jul 2014 19:01:56 -0700 (PDT) (envelope-from yuri@rawbw.com)
Message-ID: <53B60B13.2020004@rawbw.com>
Date: Thu, 03 Jul 2014 19:01:55 -0700
From: Yuri <yuri@rawbw.com>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAD2Ti28UgXbB6wEry3VZjaWg4-8j7Ddi6stAfP7y+DrXWQn-0A@mail.gmail.com>
 <53B5CFE6.8000102@cyblings.on.ca>
 <CACbaT3YTV045R8=TuGUb=uxE0F+3Nay25QHzv512eeCFtJXcJw@mail.gmail.com>
In-Reply-To: <CACbaT3YTV045R8=TuGUb=uxE0F+3Nay25QHzv512eeCFtJXcJw@mail.gmail.com>
Subject: Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 07/03/2014 16:17, Adrian Crenshaw wrote:
> Best guess, many client side and web app attacks Tor can't do much about.
> (My talk at Defcon will cover a bunch of folks that got Deanonymized, but
> in every case it was not Tor that was really broke)

This actually depends on what to mean by "Tor". If just the network 
level part, then yes. But tor project also provides and promotes TBB, 
which attempts to prevent various client side exploits and web app 
attacks, but apparently can't prevent all of them. If tor project went 
one step further, and developed security-by-isolation approach (using 
virtual machines, like Whonix does), this could prevent practically all 
client side exploits. And pretty much the only way user could be 
deanoned is if he himself typed in his personal information, or logged 
into some service shared with other identities.

Yuri

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

