Delivery-Date: Fri, 13 May 2016 15:44:00 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D32FF1E0674;
	Fri, 13 May 2016 15:43:54 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E03BC3A104;
	Fri, 13 May 2016 19:43:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8906E3A17F
 for <tor-talk@lists.torproject.org>; Fri, 13 May 2016 19:43:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id SduO7EAMpAFO for <tor-talk@lists.torproject.org>;
 Fri, 13 May 2016 19:43:47 +0000 (UTC)
Received: from mail-yw0-x22e.google.com (mail-yw0-x22e.google.com
 [IPv6:2607:f8b0:4002:c05::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 6677335DB6
 for <tor-talk@lists.torproject.org>; Fri, 13 May 2016 19:43:47 +0000 (UTC)
Received: by mail-yw0-x22e.google.com with SMTP id j74so112355729ywg.1
 for <tor-talk@lists.torproject.org>; Fri, 13 May 2016 12:43:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to; bh=6540n8Lyh76V+XcIfE6EcWI5Yy7obZGPU0okWMpxzUc=;
 b=Yt/tKbbEsQgvulvcKDPt8BT8IhYK90VkfDDKpC+ZMaX8a63HMIwYVrDo9FGwngEBmj
 8EmxPVCkmZ2TJZb9FpLrcr1ExOvdRHPa87gCFZk5sWmocZIkJb84Ni4TExZ+XYjIukRG
 08dALssH8xj9U1q6fNVmDIrWODp6flTBKiye7pO2yrXFAr73Fw+cOkPdkJII6ARC/taN
 uh+yZ7JHDt7bOjV4aQLJAmAcps7o78XL+EzYxT+VnYHqVpV7pIhKKtg8cWA8UUrDOtZG
 z0xBjA0Rcm+e9Cyd0S1rX7On21VCvQ0qdh+H/6J4jPKlXZwJ6YQpqtyklI6wHefqXyIJ
 FqIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to;
 bh=6540n8Lyh76V+XcIfE6EcWI5Yy7obZGPU0okWMpxzUc=;
 b=DNS1dR9ve14sTFGqgxDkhorRy7Xoz8ATD2kJFCNVnU01B4RtmaHtD6KAeEA5hOnQwj
 ckRXhBkZwxhu9qd6gYarB84fnOR0bEjy/rMPjJYGd4LRxmf4JwCIKSF6WlKDFS1ugP2S
 qIP9ib671NeFDEtn8zAUjgl+5mVA6Okv3mUQPP3cGBmYUmISgk1EAODZoOFpuqJm0uL/
 YSRFp766pQ/YH00O2D6+U1SkDib0EzoqQVU9SEkwkyOa/nk4yIYLEzDs+goEJdd22cSz
 mZnsg/wMzfvme3yk2wkGnBT/3f3+vJvw2YEHGlwLSsXdRF1+h1M8oxwcdBFnW7ZAq5ML
 uh/w==
X-Gm-Message-State: AOPr4FWho09VKQMn29xTl+jP5yfPnlLpv853kX0JKy+TBMcLucO7HWq+uUW8jWCP37aLZQ==
X-Received: by 10.129.75.215 with SMTP id y206mr9146105ywa.32.1463168624526;
 Fri, 13 May 2016 12:43:44 -0700 (PDT)
Received: from Blakes-MBP.attlocal.net
 ([2602:306:35a9:abe0:9525:3664:7b26:fd39])
 by smtp.gmail.com with ESMTPSA id c62sm11303873ywf.12.2016.05.13.12.43.43
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Fri, 13 May 2016 12:43:43 -0700 (PDT)
To: tor-talk@lists.torproject.org
References: <57333AF1.30203@ut.ee>
 <4771e7c2-18e6-02ba-9750-b141084fa078@beroal.in.ua>
From: Blake Hadley <moosehadley@gmail.com>
Message-ID: <463de822-29c7-5fd6-0118-9875aff403a5@gmail.com>
Date: Fri, 13 May 2016 15:43:25 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <4771e7c2-18e6-02ba-9750-b141084fa078@beroal.in.ua>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8986517037657484088=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8986517037657484088==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="8I9fqO2Slfdui4OIwaPc2Lv6xJVcHVARD"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--8I9fqO2Slfdui4OIwaPc2Lv6xJVcHVARD
From: Blake Hadley <moosehadley@gmail.com>
To: tor-talk@lists.torproject.org
Message-ID: <463de822-29c7-5fd6-0118-9875aff403a5@gmail.com>
Subject: Re: [tor-talk] Security Analysis of Instant Messenger TorChat
References: <57333AF1.30203@ut.ee>
 <4771e7c2-18e6-02ba-9750-b141084fa078@beroal.in.ua>
In-Reply-To: <4771e7c2-18e6-02ba-9750-b141084fa078@beroal.in.ua>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 5/13/16 3:39 PM, me@beroal.in.ua wrote:

> "TorChat  processes  contact  requests  and  updates  the  contact
> list  without asking  the  user's  consent." "An  attacker  can
> exploit  this  to add arbitrary contacts to the victim's contact list.
> . ." OMG, does any IM client allow this?
I think a few did back in the late 1990's
Today, that sort of thing is kinda insane.



--8I9fqO2Slfdui4OIwaPc2Lv6xJVcHVARD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXNi5kAAoJEMV6CBTIYTyTIJMP/ihqduj7AXvGM1ky4s2AvuU4
mH8M3s+MmQGBnIC3hdrhyeUa7HmlN/kU4ek3+LVkSsxGv/I8EoTK/vpWPEgslpG1
YK7fBgKnMmRunGsC6llweFE+kcOyk9pwRS2j+o3pOfTY8WSxBma9j8thVRa8IS5f
L1f+W8vAHakTTfQ3Iry9Z6c2O5GgXAo0YTXfgVy+iCxFXcpmzoUODVDBOmsjO7l3
exfgFQszQ/CFm/tO0PFWey18qxlZE7KWMewvc5qbz54TBA5el9uDzJYp4qOPGY0N
YBV/836PX5aULHv41dTHqmFecKseNS7krc8Njcgsd7FlW2eTlHdAVl/exnWOIBFT
uy16/hyIgt7gkG8zlQ6oifIb4vrQd/U9EQmwWBy3tpJnHyR0LLGh9/XLy8NQu2h4
zhky3s+E/rbZxKh1iH3zvxTCJzfVca9JJUHr2q6XurSudFlqeYhg9tysAvQAvCBY
JEpxyLzGCetjWuV7lJuZrq7sGEWMtV9r7MLUj7tV5FPEZvPM0QFjiM4HnsXoaJ7w
a580Frg1fGCnodWQRInTF410ZLvJkbILe5/o5N8BPjLLuNsgfT86JnWJA9KlR2D2
j7FAeHz45imWqnAAagWae125en7awwrM3sLMyfJcmhBb8PhXKJWb4gCsyumkovbm
1IkiNRkKk8cpsjlcmV3A
=x4xU
-----END PGP SIGNATURE-----

--8I9fqO2Slfdui4OIwaPc2Lv6xJVcHVARD--

--===============8986517037657484088==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============8986517037657484088==--

