Update your Tors - Tor security advisory: "relay early" traffic confirmation attack
Georgi Guninski
guninski at guninski.com
Wed Jul 30 08:22:41 PDT 2014
Someone here ranted against Tor and he
was called a troll IIRC...
Ironically they discovered it on 4.7 :)
On Wed, Jul 30, 2014 at 05:12:17AM -0700, coderman wrote:
> https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
> [see also release notes per below]
> '''
> On July 4 2014 we found a group of relays that we assume were trying
> to deanonymize users. They appear to have been targeting people who
> operate or access Tor hidden services. The attack involved modifying
> Tor protocol headers to do traffic confirmation attacks.
>
> The attacking relays joined the network on January 30 2014, and we
> removed them from the network on July 4. While we don't know when they
> started doing the attack, users who operated or accessed hidden
> services from early February through July 4 should assume they were
> affected.
> .
> .
> .
> Relays should upgrade to a recent Tor release (0.2.4.23 or
> 0.2.5.6-alpha), to close the particular protocol vulnerability the
> attackers used — but remember that preventing traffic confirmation in
> general remains an open research problem. Clients that upgrade (once
> new Tor Browser releases are ready) will take another step towards
> limiting the number of entry guards that are in a position to see
> their traffic, thus reducing the damage from future attacks like this
> one. Hidden service operators should consider changing the location of
> their hidden service.
More information about the cypherpunks
mailing list