Active attack on Tor network tried to decloak users for five months

  • 30 July 2014
  • 2 replies
  • 355 views

Userlevel 7
Badge +54

Attack targeted "Tor hidden services" used to protect IDs of website operators.

by Dan Goodin - July 30
 


 
Officials with the Tor privacy service have uncovered an attack that may have revealed identifying information or other clues of people operating or accessing anonymous websites and other services over a five-month span beginning in February.
The campaign exploited a previously unknown vulnerability in the Tor protocol to carry out two classes of attack that together may have been enough to uncloak people using Tor Hidden Services, an advisory published Wednesday warned. Tor officials said the characteristics of the attack resembled those discussed by a team of Carnegie Mellon University researchers who recently canceled a presentation at next week's Black Hat security conference on a low-cost way to deanonymize Tor users. But the officials also speculated that an intelligence agency from a global adversary might have been able to capitalize on the exploit.
 
Full Article

2 replies

Userlevel 7
Just when you thought it was safe to use Tor this comes up................. so can we trust any proxy or cloaking service
???
Userlevel 7
Badge +54
By Graeme Burton  31 Jul 2014
 
                                                                                                http://www.computing.co.uk/IMG/902/269902/eye-spy-370x229.png?1378900556
 
The developers behind the open-source anonymous web-browsing tool Tor are rushing to patch a critical security hole after discovering a group of relays that appeared to be trying to de-anonymise users.
Tor is widely used around the world to enable people to browse the web anonymously - to get round blocks installed by repressive governments, for example - and to access sites operating in similar anonymity that would otherwise be difficult to locate.
 
Full Article

Reply