Hi Josh, I tried to write this comment at the bottom of http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/ but your comment system wouldn't let me write into the name and email address boxes. So I've written it here.
""" Thanks for the detailed analysis! We've now set the BadExit flag on this relay, so others won't accidentally run across it. We certainly do need more people thinking about more modules for the exitmap scanner. In general, it seems like a tough arms race to play: https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html and as you say, the better approach is to have applications not blindly trust unauthenticated bits they get from the Internet. This discussion also reminds me of the very first misbehaving exit relay we found: https://lists.torproject.org/pipermail/tor-talk/2006-August/001766.html It turned out to be a Tor relay in China that was getting attacking by its ISP, and all the Tor users were just collateral damage from the ISP attacking all its users. I think it is alas also hard to tell if this case was a malicious Tor relay or an innocent Tor relay's malicious upstream. """ Thanks again for your help, and please let us know if we can be useful to you in the future. --Roger -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
