[Full-disclosure] Compromise of Tor, anonymizing networks/utilities

[coderman]

On Dec 8, 2007 2:32 PM, Fetch, Brandon <bfetch at tpg.com> wrote:
> ...
> It's this lack of "last mile" security that some will suggest using an
> encrypted proxy but that still may not resolve the issue of the
> requested destination not supporting a secure connection.

Public wireless anyone?  None of the big sites are willing to invest
in your privacy.  at least with gmail i can filter http and stay on
https (yes, the cookie is still not secure only, *sigh*).

treat Tor like an anonymizing hot spot.  if you're worried about any
of the content being sent, make sure it is encrypted end to end.


> Hiding behind/through Tor and an encrypted proxy just puts more layers
> of obfuscation into the mix but still doesn't provide any more security.

Tor != transport privacy.  the sooner everyone realizes this the better...

[and the less we have to read about lame ass fame whores like Egerstad
pimping their dsniff stupidity.  the control port hack was much more
interesting...]