!!URGENT!! Tor Vulnerability Discovered !!URGENT!!

Discussion in 'Computer Security' started by Security Advisory, Aug 6, 2007.

  1. upgrade to the latest version (0.1.2.16 or
    0.2.0.4-alpha) to avoid this type of attack.

    READ THREAD: http://minilien.com/?3Y4uiMXyun

    Roger Dingledine wrote:

    Tor 0.1.2.16 fixes a critical security vulnerability that allows a
    remote attacker in certain situations to rewrite the user's torrc
    configuration file. This can completely compromise anonymity of users
    in most configurations, including those running the Vidalia bundles,
    TorK, etc. Or worse.
    ......

    (Typing on defcon network so will be quite brief)

    The short answer is yes, this is an attack, and no, we're not going
    to tell you exactly how it works yet. That's because several hundred
    thousand people are vulnerable, and we're going to give them several
    weeks to upgrade before we arm random people on the Internet with the
    ability to launch this attack against them.

    You should be one of the people who upgrades. :)

    --Roger

    READ THREAD: http://minilien.com/?3Y4uiMXyun
    Security Advisory, Aug 6, 2007
    #1
    1. Advertising

  2. lol gee I could have told them this was going to happen when they first
    started using the thing in vidalia :-/

    I ran the vid-tor package last year when first set it up, watched almost
    immediately back then the mischief that was coming through that control port
    -back then-

    silly tor/vidalia authors, of all peoples you guys should know by now, the
    more ports an app has (for a so-called remote 'control port' in this case!
    lol), the more potential hack entry points you make available to the
    world+dog (luv ya mikey & co., lol) to be used & abused by whoever is nifty
    enuf to discover the magical secret entries to the code within hehe

    hasn't voleware taught us anything by now? ;-) M$, the evul empire, they
    write ports in to everything they code, & look at the swiss cheese software
    95% of the desktops on the planet have to contend with each day & the
    headaches it brings to all the IT peeps who have to keep those leaky ship
    PCs somewhat functional lol

    anyway, lose the remote control notion guys, that's straight out of Vole
    Hill E$tate$, Redmond, WA

    your best bet is to do it to where every server, every node, just connects
    randomly & occasionally to every other node - study ants & mute for a bit,
    they're smart boyos, you could learn sumthin' from 'em hehe

    btw, I knew something was up when I was catching all these 'sniffer' ISPs
    jumping right in to the tor net & maintaining connects for days on end lol

    oh well, we're all human, working off the code in our DNA between our ears,
    which is prone to that thing called human error lol

    tor is still better then the alternative, which is Bu$h & Co. knowing
    everything about whatever political enemy dares tell them their clothes
    don't fit correctly when they visit Iraq ;-) (& don't forget kids, he needs
    all that spyware to keep us safe in the battle on the War On (Democrat)
    Terror(ists) lol http://tinyurl.com/243hyb)

    havefuns, & practice safe secure internet with tor :)

    -----BEGIN SIGNATURE-----
    tloaeMUTRGdeW6euk8rd6Qj4mOExOz9wd4L0xPNGUI2Nw5mdoY2z3WJi/IXAB0z1xXr
    +QZQhlVvfJ5BrjAjJPKwVQnH8q9T5+RXO2ZWrfSAzfBoW1l2dLYrNOYqxn2+eZppNT4Y
    vzc3rnuIk0MXDVLQZt8OZ8Fyx/IHyZNB
    -----END SIGNATURE-----
    http://tinyurl.com/23k3dt@$NIFF-deeply.ahh, Aug 11, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NIST.org
    Replies:
    1
    Views:
    422
  2. Labiodental Fricative

    Heads UP! Possible Huge TOR Bug Discovered

    Labiodental Fricative, Aug 16, 2006, in forum: Computer Security
    Replies:
    4
    Views:
    3,373
    fatal.serpent
    Aug 17, 2006
  3. George Orwell

    Heads UP! Possible Huge TOR Bug Discovered

    George Orwell, Aug 18, 2006, in forum: Computer Security
    Replies:
    1
    Views:
    391
    Borked Pseudo Mailed
    Aug 19, 2006
  4. George Orwell

    Heads UP! Possible Huge TOR Bug Discovered

    George Orwell, Aug 19, 2006, in forum: Computer Security
    Replies:
    6
    Views:
    689
    zatoichi
    Aug 20, 2006
  5. Au79

    First IE7 Vulnerability Discovered

    Au79, Oct 20, 2006, in forum: Computer Support
    Replies:
    9
    Views:
    362
    Fuzzy Logic
    Oct 24, 2006
Loading...

Share This Page