Nick Mathewson - Slashdot User

Comment Re:undermining the Tor system (Score 1) 323

by Nick Mathewson on Wednesday May 18, 2016 @05:38PM (#52138073) Attached to: Developer Of Anonymous Tor Software Dodges FBI, Leaves US

Isis mostly works on Python stuff like bridgebd: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fgitweb.torproject.org%2Fbridgedb.git%2F

On the Tor daemon itself, she's got a pretty good patch series on https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Ftrac.torproject.org%2Fprojects%2Ftor%2Fticket%2F7144 that I hope she'll have time to refactor soon. Maybe accusing her of being a total phony is not the best way to help her there?

(omg slashdot still exists)

CCC Create a Rogue CA Certificate 300

Posted by CmdrTaco on Tuesday December 30, 2008 @01:14PM from the they-even-faked-this-dept dept.

t3rmin4t0r writes "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rogue CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, MD5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."

Comment Please help us improve our documentation. (Score 5, Informative) 198

by Nick Mathewson on Wednesday November 21, 2007 @01:06PM (#21436699) Attached to: Spying On Tor

Hi all. I'm one of the Tor authors.

We're trying very hard to get out the message that you should always use encrypted protocols over Tor, if you're doing anything even slightly sensitive.

Right now, we do this in our documentation, and in a list of warnings on our download page. But obviously, this isn't good enough, since some of the commenters here seem to be surprised at finding it out.

Does anybody have good ideas about how to get the word out better?

(As for the SSL MITM thing: we've run into situations like this one before. Usually, it turns out that the exit node isn't doing the MITM itself, but is getting MITMd itself by its upstream. This happens depressingly often in some countries, and in some dormitories. I've dropped a line to the directory authority operators Mike Perry (the guy who maintains the Torbutton firefox plugin) has been working on an automated detection tool for this stuff. It would be great if somebody with programming chops would step up and give him a hand.)

Adventuresome or "Hands On" Careers in Tech? 72

Posted by Cliff on Monday February 26, 2007 @07:59PM from the escape-from-the-cube-farm dept.

omission9 asks: "For about 10 years I have worked mostly behind a desk in a cubicle and am starting to feel that this environment is making me miserable. The cheap fluorescent lights, the stuffy air, and the restless feeling I get from just sitting so long are starting to really annoy me. My background is mainly as a programmer but I started my career as a network engineer/network administrator. I am also a member of the US Naval Reserve and am cleared as high as Top Secret. Are there any jobs out there that match this sort of skill set (more or less programmer but generally excellent tech skills) that don't require being stuck behind a desk? Paying relatively well would be a major plus as would something that provides a solid career (20+ years of work). Is there anyone out there, from anywhere other than a cube farm, that may have some advice?"

Slashdot Top Deals