Update your Tors - Tor security advisory: "relay early" traffic confirmation attack

coderman coderman at gmail.com
Wed Jul 30 05:12:17 PDT 2014


https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
 [see also release notes per below]
'''
On July 4 2014 we found a group of relays that we assume were trying
to deanonymize users. They appear to have been targeting people who
operate or access Tor hidden services. The attack involved modifying
Tor protocol headers to do traffic confirmation attacks.

The attacking relays joined the network on January 30 2014, and we
removed them from the network on July 4. While we don't know when they
started doing the attack, users who operated or accessed hidden
services from early February through July 4 should assume they were
affected.
.
.
.
Relays should upgrade to a recent Tor release (0.2.4.23 or
0.2.5.6-alpha), to close the particular protocol vulnerability the
attackers used — but remember that preventing traffic confirmation in
general remains an open research problem. Clients that upgrade (once
new Tor Browser releases are ready) will take another step towards
limiting the number of entry guards that are in a position to see
their traffic, thus reducing the damage from future attacks like this
one. Hidden service operators should consider changing the location of
their hidden service.




More information about the cypherpunks mailing list