Delivery-Date: Tue, 01 Jul 2014 18:57:00 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 53E4E1E0C18
	for <archiver@seul.org>; Tue,  1 Jul 2014 18:56:58 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 39DAD2ED73;
	Tue,  1 Jul 2014 22:56:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E03152EC4A
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 22:42:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id NqlbxRsfaNyq for <tor-talk@lists.torproject.org>;
 Tue,  1 Jul 2014 22:42:59 +0000 (UTC)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
 [66.111.4.25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id B9C912E540
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 22:42:59 +0000 (UTC)
Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45])
 by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 294C420A65
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 18:42:57 -0400 (EDT)
Received: from web6 ([10.202.2.216])
 by compute5.internal (MEProxy); Tue, 01 Jul 2014 18:42:57 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h=
 message-id:from:to:mime-version:content-transfer-encoding
 :content-type:in-reply-to:references:subject:date; s=mesmtp; bh=
 uOI+AxTBgdP9vnVMS3F9bLFAPGY=; b=GJu44wCnwflMvB9OMmPfrpsYrcHKjNkS
 ZRNpsSibLbg2DjG99taGbhzBIyk1xdHo3Wig3Loqdw2Dwfyi2Zj0hiCn/TWFh1d7
 fDSJ0tsq7mbtt/5sgXZ+NiXWgv40FCAyXFNyruuKqS6Gvr3DVJ2p1vYF3aIp8fh+
 x4ll7l6xBsc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=message-id:from:to:mime-version
 :content-transfer-encoding:content-type:in-reply-to:references
 :subject:date; s=smtpout; bh=uOI+AxTBgdP9vnVMS3F9bLFAPGY=; b=bwx
 rtk8quxOTQwo8Bj7syZJPXwdws8zRw23SApQ7DOxgFTgEroDyS6nyEPCJCJCbEX+
 ff35AlDz/wbcQEZUTeApH3CyMwroKBo4zvKrDkkNPPmFW2QXwEULiX4/KilhySzO
 /2laQa/yezYJJRG8Va5OdyxIOC6h+DpmaYEHPHSY=
Received: by web6.nyi.mail.srv.osa (Postfix, from userid 99)
 id 117E6284244; Tue,  1 Jul 2014 18:42:57 -0400 (EDT)
Message-Id: <1404254577.26159.136732157.710458DF@webmail.messagingengine.com>
X-Sasl-Enc: gz9lv8uZZduroAD1TT36G+ovkbEyxIMekiZV1r7+zBnp 1404254577
From: Geoff Down <geoffdown@fastmail.net>
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
X-Mailer: MessagingEngine.com Webmail Interface - html
In-Reply-To: <453fa6292a86de226a955dc5a4255b1a@openmailbox.org>
References: <1404162914.91055.YahooMailBasic@web122401.mail.ne1.yahoo.com>
 <1404167595.11621.136296125.460A0113@webmail.messagingengine.com>
 <453fa6292a86de226a955dc5a4255b1a@openmailbox.org>
Date: Tue, 01 Jul 2014 23:42:57 +0100
Subject: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and
	Tor.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>



On Tue, Jul 1, 2014, at 10:54 PM, williamwinkle@openmailbox.org wrote:
> On 2014-06-30 22:33, Geoff Down wrote:

> >  If the code is injected between the target_website.com and the exit
> >  node, the exit node will relay it faithfully back through the Tor
> >  network to the client.
> > It's all just bytes to Tor.
> > 
> 
> This is presumably dependent on the TBB having a vulnerability.

 Or the user being foolish and opening a downloaded file (they trust the
 site, right?), enabling Flash etc.

> So, even 
> if all users of target_website.com were considered evil and should be 
> targeted, this could only happen if a) there was a 0-day for Firefox on 
> which TBB is based or b) there is a known vulnerability for Firefox but 
> certain users did not bother to update.

for websites, that would seem to be right. But don't forget about
Openssl vulnerabilities (Firefox doesn't use Openssl iirc) or other
software that people use over Tor - it's not all Torbrowser. So reasons
for concern, but not all doom and gloom.
GD

-- 
http://www.fastmail.fm - A fast, anti-spam email service.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

