-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > Journalists are asking us about the Black Hat talk on attacking > Tor that got cancelled. We're still working with CERT to do a > coordinated disclosure of the details (hopefully this week), but I > figured I should share a few details with you earlier than that.
Thanks for coming forward - very much appreciated. > 1) We did not ask Black Hat or CERT to cancel the talk. We did (and > still do) have questions for the presenter and for CERT about some > aspects of the research Does that imply that the exploited "weakness" is not yet fully understood by you (core developers)? (which also would imply that there is no "fix" yet) (To some extend this contradicts the anticipated coordinated disclosure?) > 2) In response to our questions, we were informally shown some > materials. We never received slides or any description of what > would be presented in the talk itself beyond what was available on > the Black Hat Webpage. Also this point suggests that the "attack" has not been understood yet(?). Also (if you can anticipate that ahead of the coordinated disclosures): Should relay ops get ready to deploy a critical patch? Should users get ready to update their Tor Browser Bundles soon? Will there be a "fix" at all? -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTzY6mAAoJEDcK3SCCSvoe5VEQALN9RuaxaKrfcZXIlKsYboOp uhlkqQ0iypnr/diX8+5QZMuL0VsTX5e5MdC86UIC0hVTbxlBbdmRDGXoW3/Vfur4 lLAWYrO33JaP7orHd9HuugfH0kCSnhpoPj1tKYaHfgPBDfg+pHMjA7nuQTVikfkR pkuWhfn0lIQsoX0XRGngAKZoKsmGqZeXX0CgaGdOGsfjVoMAbEh0PmVVtFwQlaeL q63qFnVufSCjb9baP9QBqzgbYnV7WM5PzGegNA0/ZC9oqDCWXedxTq+1r2C5QMuz yBBoRLrdznAnjoQIBziXk/EbP2D162Rmz3a8lLQdlX36fqOkHMh8KTk0tpnb6JlM +VTV2Ak/M+hw//mzHkYg+NMvFJ6jzI/1icgHcjcThwzv8uKDzISouyTmcIz3cXSb +okY7B7w++Ib37680lgKFH/QIBvjEZ1JoY+GgoeauE9jG2FCxnsVY+l7+YLzYWTe kHMg9CzFKB/B1jUfpZybuSn6++O17AzoCh7yeneyqoAoGpO4/WY2sEsjFpo+Nzu8 SyGmagDvzCJuA47MdHQpnnClK6AOdrpYCZsKhzHvR04+PhKscHMBDdD0NMuWPLne JlPLlGF2q6FheKUBZkcappKThC1qt0OYtpBH9R5fjIV2UGO2UuL3/kyZ/RF3Gw7p jpBcarCPmB5/4DFrx2cq =W9i7 -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
