Delivery-Date: Wed, 30 Jul 2014 18:57:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 46F101E0B38;
	Wed, 30 Jul 2014 18:57:16 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id C272D30864;
	Wed, 30 Jul 2014 22:57:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B86AF307E5
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 22:57:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dAo2BFlVlwkr for <tor-talk@lists.torproject.org>;
 Wed, 30 Jul 2014 22:57:08 +0000 (UTC)
Received: from mail.bitmessage.ch (mail.bitmessage.ch [146.228.112.252])
 by eugeni.torproject.org (Postfix) with SMTP id 0B38D2B2D7
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 22:57:07 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail;
 c=relaxed/relaxed; q=dns/txt;
 h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:In-Reply-To:References;
 bh=siiglRFycAbsGQMUKgQVlHwDE+OYAgKB7yEb/GEVLhQ=;
 b=l+xbcCcws/frtOiXfTbwwwaBlB5V8VnHJeIUxI5Xh8WY+J8JOVaIMyNJlfxSWjoAjl6bmbN5PbKvfu7M+fEsdGh6B4flIUy+N+oUwn0yUrJy0ST3DppMUq84v3atlhLzq4k8y7WS1I+dNDZlas706UPaRDNZ/E88E8lYTIF0g1M=
Received: from 127.0.0.1 (BITMESSAGE [127.0.0.1]) by mail.bitmessage.ch
 ; Thu, 31 Jul 2014 00:56:28 +0200
Message-ID: <53D9783A.9090009@bitmessage.ch>
Date: Wed, 30 Jul 2014 22:56:58 +0000
From: Nusenu <BM-2D8wMEVgGVY76je1WXNPfo8SrpZt5yGHES@bitmessage.ch>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20140721211130.GN7408@moria.seul.org>
 <53CD8EA6.2050500@bitmessage.ch> <20140721225844.GO7408@moria.seul.org>
 <20140730094950.GA8819@moria.seul.org> <53D96C20.1070507@bitmessage.ch>
 <20140730222221.GC8819@moria.seul.org>
In-Reply-To: <20140730222221.GC8819@moria.seul.org>
Subject: Re: [tor-talk] Cancelled black hat talk
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> On Wed, Jul 30, 2014 at 10:05:20PM +0000, Nusenu wrote:
>> Surprised to see the fix of a bug that was worth a tor security 
>> advisory to be in the "Minor bugfixes" section of the changelog.
> 
> The security advisory was that somebody had attacked real Tor users
> and perhaps deanonymized some of them, and here's what we know.
> 
> The particular traffic confirmation channel they used wasn't a big
> deal. (Or said another way, fixing it doesn't make a big impact on
> whether this sort of attack is possible.)

Thanks for your quick clarification.

If I understand you correctly that means we should assume this type of
attack to be "easy" and this fix merely closes one of many easy ways
to exploit traffic confirmation?

So I guess one of the best bets we have is better response to doctor
reports?  (aka better detection)

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT2Xg6AAoJEDcK3SCCSvoeN2sP/0Mnp1gU8YG5gK2pJSV0EySu
qrO+kxPlbih7lTEr1NjdMrH5QO/ZGKOZfDTAimPpvrRcDddUskcoD/v8wGi5R+K9
FLK2xKgyBbcpTtCuOJvLqVseobOEKoLFKbd/lO0kj81hcO9P92KQ8c9HUkBJYn3f
J6QQrpEj1EVl1XTeToYknZrOyUV8Fc9Z0Ginhc4WAC5r+pWPNHU/i0UZUBraOyQQ
D1a0OSHVnuvC13dJYJtDrczCG3wfWj88vpQ6TXLzjWGRfYL0MBv+nOGLSwiYcr4Z
5faqGwPMYhfr6EEe+kdLNZ2cKte5p6PsKUY2RetTTUSdDQMqMMcPAeZZgNYFzbYa
JWOUkZYQ9SCV6VAaLP8omN2kSdO7wltoTrhWQVU/HkTIoxL8x+1aasjNQMOywHAl
gi/L3sIwsH4q94+bNfTuWcXoiqGTlVyab+/uWfhY4ewEli3lQZk51gGLBle+qigJ
QCVBhIjUxITBEAqdD5hlet9lqg2eAyGhg9Z5CpBHwuLXIQXD7GKiNueikmQdfPZW
BgfZQZJR7cI7zzvHleK1LX+Pqx8zrKQxRs424bgwfQZxlPPrefVOtTFQP7H8kvJ9
OrSdkLdTJpZsWru9fJxujXYbSHfCQeWNsMnDOPNLVl3KZUUGwdNDlAZq4oKxcnGW
aJBpcsDIYHiHfcCh84m4
=ijrM
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

