dicksi Posted July 26, 2014 Report Posted July 26, 2014 Today I want to anticipate you that two hackers have announced to be able to de-anonymize Tor users easy, the two experts Alexander Volynkin and Michael McCord will present the results of their study at the next Black Hat 2014.In the presentation they have announced, titled “YOU DON’T HAVE TO BE THE NSA TO BREAK TOR: DEANONYMIZING USERS ON A BUDGET“, the experts will show how to identify Tor users with a very small budget, just $3,000.“There is nothing that prevents you from using your resources to de-anonymize the network’s users instead by exploiting fundamental flaws in Tor design and implementation. And you don’t need the NSA budget to do so. Looking for the IP address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild…” “In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity,” are the statements used by the two researchers to describe their work.Stay tuned … if the discovery is confirmed, millions of Tor network users are at risk.Hackers can break Tor Network Anonimity with USD 3000 | Security AffairsupdateTor Project is working to fix the alleged critical bug discovered by researchers at Carnegie MellonWe were all waiting for the presentation when the organization of the BlackHat had been contacted by the university’s lawyers which informed it that the researchers will not participate in the event.Roger Dingledine, the expert known as one of the creators of Tor, explained that he has no idea on the reason of the decision made by the researchers, but he added that the Tor Project had been “informally” shown some of the materials that would have been presented.Christopher Soghoian, principal technologist with the American Civil Liberties Union, has speculated that the researchers might have feared to be sued by criminal prosecution for illegal monitoring of Tor exit traffic.We will never know why these researchers have cancelled their participation to the BlackHat, but the unique certainty is that government are spending a huge effort to track users on anonymizing network and probably they have exploited and are exploiting zero-day flaws in these systems.http://securityaffairs.co/wordpress/26982/hacking/tor-working-fix-flaw.html Quote
Nest Posted July 26, 2014 Report Posted July 26, 2014 Nu o sa arate nimic concret. Daca exista cineva atat de destept incat sa faca asta, atunci e si destul de destept ca sa se foloseasca de asa ceva.Sent from my UTOK 470 Q using Tapatalk Quote
dicksi Posted July 26, 2014 Author Report Posted July 26, 2014 Based on our current plans, we'll be putting out a fix that relays canapply that should close the particular bug they found. The bug is a nicebug, but it isn't the end of the world. And of course these things arenever as simple as "close that one bug and you're 100% safe".https://lists.torproject.org/pipermail/tor-talk/2014-July/033956.html Quote
Nest Posted July 26, 2014 Report Posted July 26, 2014 Ah, n-am citit tot. Sent from my UTOK 470 Q using Tapatalk Quote
