!!URGENT!! Tor Vulnerability Discovered !!URGENT!!

Discussion in 'Computer Security' started by Security Advisory, Aug 6, 2007.

  1. upgrade to the latest version ( or to avoid this type of attack.

    READ THREAD: http://minilien.com/?3Y4uiMXyun

    Roger Dingledine wrote:

    Tor fixes a critical security vulnerability that allows a
    remote attacker in certain situations to rewrite the user's torrc
    configuration file. This can completely compromise anonymity of users
    in most configurations, including those running the Vidalia bundles,
    TorK, etc. Or worse.

    (Typing on defcon network so will be quite brief)

    The short answer is yes, this is an attack, and no, we're not going
    to tell you exactly how it works yet. That's because several hundred
    thousand people are vulnerable, and we're going to give them several
    weeks to upgrade before we arm random people on the Internet with the
    ability to launch this attack against them.

    You should be one of the people who upgrades. :)


    READ THREAD: http://minilien.com/?3Y4uiMXyun
    Security Advisory, Aug 6, 2007
    1. Advertisements

  2. lol gee I could have told them this was going to happen when they first
    started using the thing in vidalia :-/

    I ran the vid-tor package last year when first set it up, watched almost
    immediately back then the mischief that was coming through that control port
    -back then-

    silly tor/vidalia authors, of all peoples you guys should know by now, the
    more ports an app has (for a so-called remote 'control port' in this case!
    lol), the more potential hack entry points you make available to the
    world+dog (luv ya mikey & co., lol) to be used & abused by whoever is nifty
    enuf to discover the magical secret entries to the code within hehe

    hasn't voleware taught us anything by now? ;-) M$, the evul empire, they
    write ports in to everything they code, & look at the swiss cheese software
    95% of the desktops on the planet have to contend with each day & the
    headaches it brings to all the IT peeps who have to keep those leaky ship
    PCs somewhat functional lol

    anyway, lose the remote control notion guys, that's straight out of Vole
    Hill E$tate$, Redmond, WA

    your best bet is to do it to where every server, every node, just connects
    randomly & occasionally to every other node - study ants & mute for a bit,
    they're smart boyos, you could learn sumthin' from 'em hehe

    btw, I knew something was up when I was catching all these 'sniffer' ISPs
    jumping right in to the tor net & maintaining connects for days on end lol

    oh well, we're all human, working off the code in our DNA between our ears,
    which is prone to that thing called human error lol

    tor is still better then the alternative, which is Bu$h & Co. knowing
    everything about whatever political enemy dares tell them their clothes
    don't fit correctly when they visit Iraq ;-) (& don't forget kids, he needs
    all that spyware to keep us safe in the battle on the War On (Democrat)
    Terror(ists) lol http://tinyurl.com/243hyb)

    havefuns, & practice safe secure internet with tor :)

    -----BEGIN SIGNATURE-----
    -----END SIGNATURE-----
    http://tinyurl.com/23k3dt, Aug 11, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.