Usr6 Posted July 31, 2014 Report Posted July 31, 2014 (edited) Users of the online privacy service Tor – designed to allow users to access hidden sites anonymously – may have been unmasked after an attack lasting as long as five months, crafted to de-anonymize traffic on the service, according to the BBC’s report. Tor is a browser which allows users to access “hidden” sites, with the .onion suffix, which cannot be accessed via other browsers. It’s used by political activists – but also said to host child pornography, and illegal markets in everything from drugs to weaponry.The Tor Project said that it had halted the attack on 4 July, but it may have been ongoing as long as five months. Business Insider said that it was not clear what data on users, or hidden services, the attackers had obtained.V3 reported that Tor warned users to “assume” they had been affected.Online privacy – ‘assume’ you are affected, users toldUsually, Tor users are extremely hard to track – the browser “bounces” information between 5,000 volunteer PCs to hide its tracks. Even America’s National Security Agency (NSA) described it as, “the King of high secure, low latency Internet anonymity.”The service is used by whistleblowers, political activists and news organizations, but The Telegraph claims it is also “widely used” by criminals.The Tor Project said it believed the attack had been carried out by two researchers due to give a talk at the Black Hat conference in Las Vegas next week. The presentation was cancelled by lawyers from Cornell University for unspecified reasons.The talk, entitled “You Don’t Have to be the NSA to Break Tor” aimed to showcase a technique which could “uncloak” users of the anonymizing web service for less than $3,000.Tor warns intelligence agencies may followTor has since pushed out software updates to deal with the problem, but warned, “Hidden service operators should consider changing the location of their hidden service.” The Tor Project also warned that the attack could pave the way for future attempts by other adversaries such as “large intelligence agencies.”“So if the attack was a research project (i.e. not intentionally malicious), it was deployed in an irresponsible way because it puts users at risk indefinitely into the future.“On July 4 2014 we found a group of relays that we assume were trying to de-anonymize users,” the Tor Project said via its blogs. They appear to have been targeting people who operate or access Tor hidden services. While we don’t know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.Unfortunately, it’s still unclear what “affected” includes.”The Tor Project said, “So if the attack was a research project (i.e. not intentionally malicious), it was deployed in an irresponsible way because it puts users at risk indefinitely into the future.”Sursa: Tor 'unmasked' - but who is at risk?Pe acelasi subiect:https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attackhttp://hackread.com/tor-network-attacked-and-compromised/http://thehackernews.com/2014/07/attackers-compromise-tor-network-to-de.htmlhttp://news.hitb.org/content/hackers-have-compromised-once-anonymous-tor-networkhttp://arstechnica.com/security/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/L.E:The vulnerability could be related (but not for sure) to the research done by Alexander Volynkin and Michael McCord from Carnegie Mellon University i.e “Attacking Tor and de-anonymizing users”, which was originally scheduled to be delivered at Black Hat USA Conference this year. But unfortunately their talk was cancelled two weeks before, because their material had not been approved by the SEI for public release. Edited July 31, 2014 by Usr6 Quote
Graphik Posted August 1, 2014 Report Posted August 1, 2014 TOR admite c? poate fi spart. Nimic nu mai este sigur pe internet Quote