On 11/11/2015 09:53 PM, coderman wrote:
On 11/11/15, Mirimir <mirimir@riseup.net> wrote:
... Anyway, CMU's attack did manage to compromise some onion services, most notably SR2.[0] And I'm not impressed with the Tor Project's performance. They apparently ignored the CMU attack for five months.
this was a very subtle attack in circuit behavior!
Yes, it was subtle. But it was also, as I understand it, pointless except as an attack. And it was new behavior, right? But still, it wasn't fair to say "ignored". They just didn't see it.
additional debugging / logging had to be added to be able to track down what was going on, and even then it was a challenge to determine the attack technique.
Right. And they apparently didn't start looking until the Black Hat talk was announced. I did note that they might have been blindsided by a zero day vulnerability.
how would you have spotted it?
I'm not technical enough to answer that. But generally, I think that they ought to put more effort into monitoring. Especially for new relays. Look for anything unusual.