Hi, Jurre van Bergen wrote (30 Jul 2014 22:06:08 GMT) : > Scope and severity > ===========
> The attack is targeted at people who visit Tor hidden services and > expose the ip-adress of the user. An attacker could run a number of Tor > relays to modify traffic and learn the identity that way. It's not clear > at this point in time how much attackers have learned and what they have > learned. The attackers likely couldn't see full-application traffic like > which websites were visited. > There is a possibility that attackers have learned the ip-address of > Tails users who visited Tor hidden services between January 30 and July > 4, when the bad relays have been taken out of the Tor network, should > assume affected. > We recommend you read the full advisory[2] by Tor for the technical > story behind the attack. Thanks a lot! I think it would be worth balancing this with something like (Roger on tor-talk's): "The particular traffic confirmation channel they used wasn't a big deal. (Or said another way, fixing it doesn't make a big impact on whether this sort of attack is possible.)" _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
