The Onion Router (TOR) is alive and kicking, feeling secure and very healthy despite other plaices saying the contrary. Cryptome.org recently linked to two posts on PGPBoard in the last few days, where claims were made TOR was unsecure. Eviloids such as non-hacker Adrian Lamo, famous for ratting out Wikileaks informer and whistleblower Bradley Manning to the FBI, were purported to be able to sniff data flowing in and out and about TOR exit nodes operated by them.
Some guy without a name also went on to state TOR had a big stonking hole in its SSL layer and thus were as safe as secrets are with Adrian Lamo. On Friday, press agency UPI also reported the benevolent state of Iran, herold of freedom across the globe, had obtained deep packet inspection sniffing abilities, quoting TOR’s Andrew Lewman.
According to UPI, Iran is apparently now better equipped than China to supress its students and warn them not to listen to horrid corrupters of youth like Michael Jackson and The Ramones and get silly ideas of freedom and democracy.
However, stories claiming TOR is as unsecure as conveying state secrets by postcard are wrong, claimed Andrew Lewman when asked by TechEye. UPI apparently churned out its piece based on an article wiritten by England’s The Telegraph newspaper, yet overlooked paragraph nine, which states ” […] developers have redesigned the software so that its traffic looks just like any other when it sets up an encrypted connection, and Iranian user numbers are now back to normal.”
“We fixed the problem back in January 2011. It’s clear the journalists are two months behind the technology. Tor is working well in Iran and continues to be the safest choice,” Lewman told TechEye.
Lewman also dismissed the claims made on PGPBoard as “some paranoid wanting attention. We addressed this concern over a year ago when Wired tried to create a controversy togenerate more page views”. TOR’s take on a story published by The New Yorker and rehashed by Slashdot and Wired’s Threat Level bog can be found here.
The New Yorker originally wrote about Wikileaks noticing a glut of Chinese hacking activity in the TOR network. Wired than claimed Wikileaks was founded on materials it had intercepted within TOR. Wikileaks later on stated Wired’s claim was bogus.
It seems users and other places still have to figure out they also need encryption on the outside.