Researchers To Demonstrate Tor Network Hijack Method

Discussion in 'privacy problems' started by MrBrian, Oct 25, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://threatpost.com/en_us/blogs/researchers-demonstrate-tor-network-hijack-method-102411:
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    From the article:
    If this description is correct, it's the operating system that's exploited, not Tor itself. If this "attack" uses malware, then that malware has to be able to execute in order for the attack to succeed. Given the potentially sensitive nature of the data carried by Tor and the potential for endangering lives if that data is decrypted, the operating systems of the relays should be secured by well enforced default-deny policies.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Tor response

    -https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated

    possibly related

    -http://www.eweek.com/c/a/Security/Hackers-Release-DoS-Attack-Tool-Targeting-SSL-Servers-868830/
     
    Last edited: Oct 26, 2011
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Use TOR in locked down VM = profit
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Slicing the onion: is Tor vulnerable to takeover or not?.

    -- Tom
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Is the malware required for it to work?
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Last edited: Dec 15, 2011
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Do you have cites for that? I haven't seen anything to that effect on tor-talk. Maybe I missed it.
     
  10. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Hi mirmir,

    The cites are in the linked documents - read the documents and you will know.

    -- Tom
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's not clear to me whether Eric Filiol's team is "working with the TOR Team to enhance TOR's security", or attempting to demonstrate that Tor is irrevocably flawed. I do see that he's being conciliatory and somewhat contrite. But I don't see any response from the Tor Project. See -https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated for buzz.
     
  12. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    What is clear from reading the linked documents is that Eric Filiol's team is doing research on a conceptual level that the TOR team will investigate and determine its veracity. Note: TOR is not foolproof, so I'm sure the effort will be appreciated where it can contribute to the overall effort to secure TOR by the TOR team.

    It is early in the research yet, and Filiol's team have a ways to go yet before there is a significant proof-of-concept in the research they are doing for the TOR team to adopt.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.