!!URGENT!! Tor Vulnerability Discovered !!URGENT!! - PGP
This is a discussion on !!URGENT!! Tor Vulnerability Discovered !!URGENT!! - PGP ; upgrade to the latest version (0.1.2.16 or
0.2.0.4-alpha) to avoid this type of attack.
READ THREAD: http://minilien.com/?3Y4uiMXyun
Roger Dingledine wrote:
Tor 0.1.2.16 fixes a critical security vulnerability that allows a
remote attacker in certain situations to rewrite the user's torrc
...
-
!!URGENT!! Tor Vulnerability Discovered !!URGENT!!
upgrade to the latest version (0.1.2.16 or
0.2.0.4-alpha) to avoid this type of attack.
READ THREAD: http://minilien.com/?3Y4uiMXyun
Roger Dingledine wrote:
Tor 0.1.2.16 fixes a critical security vulnerability that allows a
remote attacker in certain situations to rewrite the user's torrc
configuration file. This can completely compromise anonymity of users
in most configurations, including those running the Vidalia bundles,
TorK, etc. Or worse.
......
(Typing on defcon network so will be quite brief)
The short answer is yes, this is an attack, and no, we're not going
to tell you exactly how it works yet. That's because several hundred
thousand people are vulnerable, and we're going to give them several
weeks to upgrade before we arm random people on the Internet with the
ability to launch this attack against them.
You should be one of the people who upgrades. 
--Roger
READ THREAD: http://minilien.com/?3Y4uiMXyun
-
Re: !!URGENT!! Tor Vulnerability Discovered !!URGENT!!
lol gee I could have told them this was going to happen when they first
started using the thing in vidalia :-/
I ran the vid-tor package last year when first set it up, watched almost
immediately back then the mischief that was coming through that control port
-back then-
silly tor/vidalia authors, of all peoples you guys should know by now, the
more ports an app has (for a so-called remote 'control port' in this case!
lol), the more potential hack entry points you make available to the
world+dog (luv ya mikey & co., lol) to be used & abused by whoever is nifty
enuf to discover the magical secret entries to the code within hehe
hasn't voleware taught us anything by now? ;-) M$, the evul empire, they
write ports in to everything they code, & look at the swiss cheese software
95% of the desktops on the planet have to contend with each day & the
headaches it brings to all the IT peeps who have to keep those leaky ship
PCs somewhat functional lol
anyway, lose the remote control notion guys, that's straight out of Vole
Hill E$tate$, Redmond, WA
your best bet is to do it to where every server, every node, just connects
randomly & occasionally to every other node - study ants & mute for a bit,
they're smart boyos, you could learn sumthin' from 'em hehe
btw, I knew something was up when I was catching all these 'sniffer' ISPs
jumping right in to the tor net & maintaining connects for days on end lol
oh well, we're all human, working off the code in our DNA between our ears,
which is prone to that thing called human error lol
tor is still better then the alternative, which is Bu$h & Co. knowing
everything about whatever political enemy dares tell them their clothes
don't fit correctly when they visit Iraq ;-) (& don't forget kids, he needs
all that spyware to keep us safe in the battle on the War On (Democrat)
Terror(ists) lol http://tinyurl.com/243hyb)
havefuns, & practice safe secure internet with tor :-)
-----BEGIN SIGNATURE-----
tloaeMUTRGdeW6euk8rd6Qj4mOExOz9wd4L0xPNGUI2Nw5mdoY 2z3WJi/IXAB0z1xXr
+QZQhlVvfJ5BrjAjJPKwVQnH8q9T5+RXO2ZWrfSAzfBoW1l2dL YrNOYqxn2+eZppNT4Y
vzc3rnuIk0MXDVLQZt8OZ8Fyx/IHyZNB
-----END SIGNATURE-----
