Is MITM the right term? Not to be picky... but I thought they just pulled the server that was serving up those particular hidden services and dropped in a new server with the "identify all users" exploit [if they were not controlling that server in the first place :-) ].
-- Robert Hailey On 2013/10/04 (Oct), at 3:34 PM, Ian Clarke wrote: > This is very interesting: > > http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity > > Looks like it's not an attack on Tor itself, rather they identify Tor users > (which Tor isn't designed to prevent AFAIK), and then do a MITM on the > connection between Tor and the web to insert some code that exploits a > vulnerability that (until recently) was distributed as part of the Tor > bundle. > > Seem like, even though this Firefox vulnerability has been fixed, that they > probably have a library of other ones to choose from. > > Ian. > > -- > Ian Clarke > Founder, The Freenet Project > Email: i...@freenetproject.org > _______________________________________________ > Devl mailing list > Devl@freenetproject.org > https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > _______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl