http subversion URLs should be discontinued in favor of https URLs
Matthew Finkel
matthew.finkel at gmail.com
Mon Dec 11 18:20:35 UTC 2017
On Sun, Dec 10, 2017 at 07:57:14PM +0000, Poul-Henning Kamp wrote:
> --------
> In message <898df78d-c0b1-9e9f-0630-2665c3939960 at rawbw.com>, Yuri writes:
>
> >3. The user updated the sources through Tor and got hacked.
> >
> >Where did this user go wrong, or where has he been irresponsible?
>
> He trusted Tor?
>
> In 2006 Steven Murdochs "Hot or Not" work in TCP timers revealed
> that a LOT of the Tor network is on a longitude compatible with a
> "Bandit of The Beltway" location.
Are you really referencing a paper from 11 years ago specifically about
a hidden service confirmation attack? This is not within Tor's threat
model. Yes, it is a real attack, and yes, this could and should be
prevented, but this says absolutely nothing about the security or
"trustworthiness" of the Tor network or the protection it provides 99%
of all users.
>
> If you still, elleven years later, seriously belive that Tor is
> trustworthy, you shouldn't be allowed near any kind of security
> decision.
*head scratch*
Most of the relays are in Europe now, just FYI. Tor is not perfect, but
it offers by-far a better method of connecting two machines than using
the Internet alone.
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk at FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list