!!URGENT!! Tor Vulnerability Discovered !!URGENT!! - PGP

This is a discussion on !!URGENT!! Tor Vulnerability Discovered !!URGENT!! - PGP ; upgrade to the latest version (0.1.2.16 or 0.2.0.4-alpha) to avoid this type of attack. READ THREAD: http://minilien.com/?3Y4uiMXyun Roger Dingledine wrote: Tor 0.1.2.16 fixes a critical security vulnerability that allows a remote attacker in certain situations to rewrite the user's torrc ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: !!URGENT!! Tor Vulnerability Discovered !!URGENT!!

  1. !!URGENT!! Tor Vulnerability Discovered !!URGENT!!

    upgrade to the latest version (0.1.2.16 or
    0.2.0.4-alpha) to avoid this type of attack.

    READ THREAD: http://minilien.com/?3Y4uiMXyun

    Roger Dingledine wrote:

    Tor 0.1.2.16 fixes a critical security vulnerability that allows a
    remote attacker in certain situations to rewrite the user's torrc
    configuration file. This can completely compromise anonymity of users
    in most configurations, including those running the Vidalia bundles,
    TorK, etc. Or worse.
    ......

    (Typing on defcon network so will be quite brief)

    The short answer is yes, this is an attack, and no, we're not going
    to tell you exactly how it works yet. That's because several hundred
    thousand people are vulnerable, and we're going to give them several
    weeks to upgrade before we arm random people on the Internet with the
    ability to launch this attack against them.

    You should be one of the people who upgrades.

    --Roger

    READ THREAD: http://minilien.com/?3Y4uiMXyun

  2. Re: !!URGENT!! Tor Vulnerability Discovered !!URGENT!!

    lol gee I could have told them this was going to happen when they first
    started using the thing in vidalia :-/

    I ran the vid-tor package last year when first set it up, watched almost
    immediately back then the mischief that was coming through that control port
    -back then-

    silly tor/vidalia authors, of all peoples you guys should know by now, the
    more ports an app has (for a so-called remote 'control port' in this case!
    lol), the more potential hack entry points you make available to the
    world+dog (luv ya mikey & co., lol) to be used & abused by whoever is nifty
    enuf to discover the magical secret entries to the code within hehe

    hasn't voleware taught us anything by now? ;-) M$, the evul empire, they
    write ports in to everything they code, & look at the swiss cheese software
    95% of the desktops on the planet have to contend with each day & the
    headaches it brings to all the IT peeps who have to keep those leaky ship
    PCs somewhat functional lol

    anyway, lose the remote control notion guys, that's straight out of Vole
    Hill E$tate$, Redmond, WA

    your best bet is to do it to where every server, every node, just connects
    randomly & occasionally to every other node - study ants & mute for a bit,
    they're smart boyos, you could learn sumthin' from 'em hehe

    btw, I knew something was up when I was catching all these 'sniffer' ISPs
    jumping right in to the tor net & maintaining connects for days on end lol

    oh well, we're all human, working off the code in our DNA between our ears,
    which is prone to that thing called human error lol

    tor is still better then the alternative, which is Bu$h & Co. knowing
    everything about whatever political enemy dares tell them their clothes
    don't fit correctly when they visit Iraq ;-) (& don't forget kids, he needs
    all that spyware to keep us safe in the battle on the War On (Democrat)
    Terror(ists) lol http://tinyurl.com/243hyb)

    havefuns, & practice safe secure internet with tor :-)

    -----BEGIN SIGNATURE-----
    tloaeMUTRGdeW6euk8rd6Qj4mOExOz9wd4L0xPNGUI2Nw5mdoY 2z3WJi/IXAB0z1xXr
    +QZQhlVvfJ5BrjAjJPKwVQnH8q9T5+RXO2ZWrfSAzfBoW1l2dL YrNOYqxn2+eZppNT4Y
    vzc3rnuIk0MXDVLQZt8OZ8Fyx/IHyZNB
    -----END SIGNATURE-----

+ Reply to Thread