On 6/09/2013 7:39 PM, Trent W. Buck wrote:
Yes, part of the problem, as posed by that article, was clearly the use of Firefox and the vulnerability in javascript. The TBB (TOR Browser Bundle) fixed this issue, but because javascript is, unfortunately, a heavy requirement for many bloatware websites, turning it completely off can effectively render many sites completely unusable. So, TBB turns on js by default these days :( But I think the problem is greater than just this exploit, it sure helps if people patch, but some, if not a huge number of, exploits are in the wild long before they are patched, if even they are found in the first place. Patching helps, not using Windows helps, lots of things help, but don't be too sure that even TOR with the best environment setup isn't going to give you everything you are told to expect by using TOR ... although even the TOR project doesn't give you any guarantees themselves, simply because they can't. But they do try to keep users informed [1].
Re your Subject field, this property has been well understood since [Thompson 1984], at least: https://en.wikipedia.org/wiki/Reflections_on_Trusting_Trust#cite_note-5
Yes, absolutely true, thanks for the reference. [1] https://research.torproject.org/ - which has this link (amongst others) http://freehaven.net/anonbib/ Cheers A.