Adrelanos, Would the exploit have worked with Whonix? On 08/05/2013 10:30 PM, adrelanos wrote: > Crypto: >> On 8/5/2013 1:29 PM, Andrew F wrote: >>> Is Tor still Valid now that we know the nsa is actively >>> exploiting holes in technology anonymity tools? We know that Tor >>> and hidden services has issues, not to mention the whole >>> fingerprinting problems. >>> >>> Is Tor too vulnerable to trust? Watch the video below. >>> >>> XKeyscore http://www.youtube.com/watch?v=TSEbshxgUas >>> >> I'm curious as to why everyone is so intent on blaming Tor itself? >> Tor was not exploited. It was a hole in FF 17 in conjunction with >> the application running behind the hidden service. It's like saying >> "My car got a flat tire! Should I ever drive again?" I agree that >> the exploit was a bad one and in turn it's a big security issue. >> But if we're going to point fingers let's not point at Tor. Let's >> focus on the underlying issue(s) that caused this to happen. FF 17 >> was the target, not Tor. Mozilla has addressed the issue. > Because The Tor Project (TPO) ships the Tor Browser Bundle, which > includes Firefox. > > TPO is being blamed for leaving javascript enabled by default. And for > not shipping a hardened text-only browser. And for not shipping the > most secure operating system (yet to be implemented). > > On the other hand, if TPO focused on security in past at cost of > usability, the people complaining know maybe wouldn't even know that > Tor existed. > > See this attack as an reminder and reality check. Tor is not as safe > as many people kept preaching. We need safer anonymity networks, safer > operating systems, more educated users and probably a lot more stuff. > To make it happen, it needs your contribution and/or your money.
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
