-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > On Wed, Jul 30, 2014 at 10:05:20PM +0000, Nusenu wrote: >> Surprised to see the fix of a bug that was worth a tor security >> advisory to be in the "Minor bugfixes" section of the changelog. > > The security advisory was that somebody had attacked real Tor users > and perhaps deanonymized some of them, and here's what we know. > > The particular traffic confirmation channel they used wasn't a big > deal. (Or said another way, fixing it doesn't make a big impact on > whether this sort of attack is possible.)
Thanks for your quick clarification. If I understand you correctly that means we should assume this type of attack to be "easy" and this fix merely closes one of many easy ways to exploit traffic confirmation? So I guess one of the best bets we have is better response to doctor reports? (aka better detection) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT2Xg6AAoJEDcK3SCCSvoeN2sP/0Mnp1gU8YG5gK2pJSV0EySu qrO+kxPlbih7lTEr1NjdMrH5QO/ZGKOZfDTAimPpvrRcDddUskcoD/v8wGi5R+K9 FLK2xKgyBbcpTtCuOJvLqVseobOEKoLFKbd/lO0kj81hcO9P92KQ8c9HUkBJYn3f J6QQrpEj1EVl1XTeToYknZrOyUV8Fc9Z0Ginhc4WAC5r+pWPNHU/i0UZUBraOyQQ D1a0OSHVnuvC13dJYJtDrczCG3wfWj88vpQ6TXLzjWGRfYL0MBv+nOGLSwiYcr4Z 5faqGwPMYhfr6EEe+kdLNZ2cKte5p6PsKUY2RetTTUSdDQMqMMcPAeZZgNYFzbYa JWOUkZYQ9SCV6VAaLP8omN2kSdO7wltoTrhWQVU/HkTIoxL8x+1aasjNQMOywHAl gi/L3sIwsH4q94+bNfTuWcXoiqGTlVyab+/uWfhY4ewEli3lQZk51gGLBle+qigJ QCVBhIjUxITBEAqdD5hlet9lqg2eAyGhg9Z5CpBHwuLXIQXD7GKiNueikmQdfPZW BgfZQZJR7cI7zzvHleK1LX+Pqx8zrKQxRs424bgwfQZxlPPrefVOtTFQP7H8kvJ9 OrSdkLdTJpZsWru9fJxujXYbSHfCQeWNsMnDOPNLVl3KZUUGwdNDlAZq4oKxcnGW aJBpcsDIYHiHfcCh84m4 =ijrM -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
