Thursday, October 19, 2006

Holes Found in Tor Privacy System?

John E. Dunn writes on TechWorld (UK):

A research team has published techniques it claims could be used to unmask the IP addresses of people using the The Onion Router (Tor) privacy system.

The report’s lead author, Andrew Christensen of Danish security consultancy FortConsult, uses Practical Onion Hacking [.pdf] to detail how the anonymity of the system could be undermined by tampering with traffic going through the server through which traffic exits Tor, the so-called "exit node".

Although the vulnerabilities are in browser-based applications using Tor, Javascript and Shockwave, and not in the peer-to-peer routing protocols of the system itself, the effect could be to render the IP addresses of users accessible to anyone with the motivation to use the exploits.

More here.

0 Comments:

Post a Comment

<< Home