Once again: Tor timing attacks and a Tor confession
Georgi Guninski
guninski at guninski.com
Tue Mar 1 01:43:45 PST 2016
On Tue, Mar 01, 2016 at 03:15:44AM -0500, grarpamp wrote:
> On 3/1/16, Georgi Guninski <guninski at guninski.com> wrote:
> > Is jitter/fill traffic full solution?
>
> Again, to what threat model?
>
>
The threat model is the entire world --
in real life do you care much what accident
will "own" your life?
If this is too broad for you, the threat
model are state sponsored actors including
NSA.
> You mean like rooting a bunch of Linux nodes, 6+:1 ratio ...
>
>
...
> Or compromising the repo or developers or 3rd party libraries...
>
> Or asking your friends AT&T et al to help...
>
> What's the threat?
>
Combination of many threats -- owning, timing, crypto, etc
> > This is consistent with the fate of Lulzsec.
> > According to the official story (which I don't believe),
> > the first of them got caught because "he forgot to use
> > tor when on irc..."
>
> Do they and their court docs officially say that?
> Or just some blogger reading 4chan?
Don't know about courts, here is a reference from thereg:
http://www.theregister.co.uk/2012/03/07/lulzsec_takedown_analysis/
> Police locked onto Hector Xavier Monsegur, an unemployed 28-year-old
> from New York – allegedly LulzSec hacktivist supremo Sabu – after he
> apparently made the mistake of logging into an IRC chat server without
> using the Tor anonymisation service (^1)
More information about the Testlist
mailing list