07-30-2014 12:17 PM
by Dan Goodin - July 30
Officials with the Tor privacy service have uncovered an attack that may have revealed identifying information or other clues of people operating or accessing anonymous websites and other services over a five-month span beginning in February.
The campaign exploited a previously unknown vulnerability in the Tor protocol to carry out two classes of attack that together may have been enough to uncloak people using Tor Hidden Services, an advisory published Wednesday warned. Tor officials said the characteristics of the attack resembled those discussed by a team of Carnegie Mellon University researchers who recently canceled a presentation at next week's Black Hat security conference on a low-cost way to deanonymize Tor users. But the officials also speculated that an intelligence agency from a global adversary might have been able to capitalize on the exploit.
07-31-2014 05:38 AM
By Graeme Burton 31 Jul 2014
The developers behind the open-source anonymous web-browsing tool Tor are rushing to patch a critical security hole after discovering a group of relays that appeared to be trying to de-anonymise users.
Tor is widely used around the world to enable people to browse the web anonymously - to get round blocks installed by repressive governments, for example - and to access sites operating in similar anonymity that would otherwise be difficult to locate.