Delivery-Date: Tue, 01 Jul 2014 17:57:03 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A161C1E0C14
	for <archiver@seul.org>; Tue,  1 Jul 2014 17:57:01 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 7DE0F2F011;
	Tue,  1 Jul 2014 21:57:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1D3382BC2C
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 21:47:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 7aH9VoStT0Ia for <tor-talk@lists.torproject.org>;
 Tue,  1 Jul 2014 21:47:44 +0000 (UTC)
Received: from mail.openmailbox.org (mail.openmailbox.org [212.129.10.237])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id D41432BBF1
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 21:47:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mail.openmailbox.org (Postfix) with ESMTP id 86EF72E02E9
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 23:47:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org;
 h=user-agent:message-id:references:in-reply-to:subject:subject
 :from:from:date:date:content-transfer-encoding:content-type
 :content-type:mime-version:received:received; s=openmailbox; t=
 1404251258; bh=vGTFVOu+XXefoqwvTtTTX4nCT0rmd8XGEInoo4y2zTQ=; b=H
 +nIX3M8odFa7ZwxL/mmlw16D1Cwnv0Mm1mVXMbilHsMRCIHseanpo3p6YEtCo9Iy
 CWjTRXoGUKrEXMq+3AH9TPrHwHzrMjDS9cAw5BWBREITZRcaoqZJt+p5SU6TkGRD
 KX5+kvoIYRRQ+gG48poIwciLrF/bhrUL9UH9w0bF8o=
X-Virus-Scanned: at openmailbox.org
Received: from mail.openmailbox.org ([212.129.10.237])
 by localhost (mail.openmailbox.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Kk2lyeyUmNH8 for <tor-talk@lists.torproject.org>;
 Tue,  1 Jul 2014 23:47:38 +0200 (CEST)
Received: from www.openmailbox.org (localhost [127.0.0.1])
 by mail.openmailbox.org (Postfix) with ESMTP id DC8952E02C1
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 23:47:38 +0200 (CEST)
MIME-Version: 1.0
Date: Tue, 01 Jul 2014 21:47:38 +0000
From: williamwinkle@openmailbox.org
To: tor-talk@lists.torproject.org
In-Reply-To: <20140629062247.GD7408@moria.seul.org>
References: <cead7373f87c023abecd06b62ebfc474@openmailbox.org>
 <20140629062247.GD7408@moria.seul.org>
Message-ID: <7950889329eb18189734ea7bd741717a@openmailbox.org>
X-Sender: williamwinkle@openmailbox.org
User-Agent: Roundcube Webmail/1.0.1
Subject: Re: [tor-talk]
 =?utf-8?q?Bruce_Schneier=27s_Guardian_Article_about_N?=
 =?utf-8?q?=5FS=5FA_and_Tor=2E?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2014-06-29 06:22, Roger Dingledine wrote:
> On Sat, Jun 28, 2014 at 09:38:05PM +0000, williamwinkle@openmailbox.org 
> wrote:
>> I don't understand what Schneier means by this:
>> 
>> "After identifying an individual Tor user on the internet, the NSA
>> uses its network of secret internet servers to redirect those users
>> to another set of secret internet servers, with the codename
>> FoxAcid, to infect the user's computer."
> 
> Right. This is why Bruce's choice of phrase "identifying an individual
> Tor user" is a poor one. Probably the better phrase would be "seeing a
> flow on the Internet that they decide they'd like to attack".
> 
> Jake and I talk about the issue more in our 30c3 talk:
> http://media.ccc.de/browse/congress/2013/30C3_-_5423_-_en_-_saal_1_-_201312272030_-_the_tor_network_-_jacob_-_arma.html
> 
Thanks for the video link - most illuminating. I suggest that everyone 
watches it.

The Freedom Hosting issue was mentioned at 24 minutes in. AIUI, in the 
Freedom Hosting case, the host owner was arrested in Ireland which 
allowed the FBI to control the sites that he hosted as they had access 
to his computer. The FBI used an exploit that fed the IP of vistors to 
some or all of the FH sites back to the FBI. The exploit was based on a 
patched Firefox vulnerability and required the client to be using 
JavaScript. In other words - users that had updated the TBB or those 
that did not but did not use JS were uncompromised when they visited any 
of the FH sites.

In other words, the weak link (if there ever is one) is not Tor per se 
but the Firefox component of the TBB.

Is that correct?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

