Re: The Heartbleed Bug
Posted: Mon Apr 14, 2014 9:33 pm
Joakim Christiansen wrote:tj1010 wrote:and use TOR except doing inter-intranet things..http://arstechnica.com/tech-policy/2012 ... s-servers/However, you should think twice before running an exit relay, which is a place where Tor traffic comes out of the anonymous network and connects to the open Internet. If criminals use Tor for illegal things and the traffic comes out of your exit relay, that traffic will be traceable to your IP address and you may get a knock on your door and your computer equipment confiscated.
I remember hearing that the TOR clients used to allow others (random requests distributed over the network) to reach the internet through your IP address whenever using their client. Meaning that what I linked about above could happen to anyone using TOR then. This has probably changed today, but I still think of that whenever I hear someone mentioning TOR. I must say that I dislike it.
The same goes for tunneled or untunneled SOCKS, HTTP-redirect, VPN(IPSEC etc..), I2C.. Even where it's wrapping TLS 3.0 SSL. That means there is no such thing as a secure network topology, only adequate obfuscation of the data..
TOR is just the lesser evil because of how it authenticates nodes with cryptography and routes through random sets of nodes. There is protocol support for nodes to relocate in chains I think, and each node unwraps data, so there are probably more holes in it somewhere..