

Tor anonymizing network Compromised by French researchers - frzn
http://seclists.org/fulldisclosure/2011/Oct/780
Might turn to be false info, or not.
======
dfc
It is not clear to what degree the researchers "compromised" the tor network.
To make matters worse the news story seems to have some translation issues. I
am not arma or nickm but from a quick reading it does not seem like a real
threat.

    
    
      "But there are also hidden nodes, the Tor Bridges, which
      are provided by the system that in some cases. Researchers
      have developed a script that, once again, to identify
      them. They found 181. "We now have a complete picture of
      the topography of Tor," said Eric Filiol."
    

The researchers found 181 of over one thousand bridges[1]? That hardly seems
like a complete topography of the network. In order to get bridges all you
need to do is submit a https request to <https://bridges.torproject.org> or
send an email to bridges@torproject.org from a gmail address. So they scripted
https gets and SMTP? The bridge distribution system is designed in such a way
that an attacker can not easily flood the system with requests and learn all
of the bridge addresses. I imagine this is why they only learned 1/5th of the
bridges.

The majority of the research seems to indicate that if an attacker can control
1/3 of the relays in the tor network he can influence its operation and
decrypt/associate/identify traffic streams. The tor threat model has always
stated that an attacker with control over a significant number of nodes could
successfully compromise the security goals of the network. Furthermore the
attack depends on users not utilizing trusted entry nodes. I do not think the
attack would have any effect on a user who used a trusted entry node that the
attacker did not control.

[1] [https://blog.torproject.org/blog/strategies-getting-more-
bri...](https://blog.torproject.org/blog/strategies-getting-more-bridge-
addresses)

~~~
lallysingh
Looking at the linked article:

    
    
      'The specific attack involves creating a virus and using it to 
      infect such vulnerable systems in a laboratory environment, and 
      thus decrypting traffic passing through them again via an unknown,
      unmentioned mechanism. Finally, traffic is redirected towards 
      infected nodes by essentially performing a denial of service on 
      clean systems.
      
      Researchers showed that one third of the nodes are vulnerable, 
      "sufficient in all cases so that we can easily infect and obtain 
      system privileges," says the director.'
    

While the theory of the network is pretty good, you still have to execute your
normal bread & butter security practices. Sadly, the anonymization depends on
others doing the same.

~~~
dfc
Yeah it was my understanding that the 1/3 of the network was theoretically
owned by their "virus."

------
there
[https://lists.torproject.org/pipermail/tor-
talk/2011-October...](https://lists.torproject.org/pipermail/tor-
talk/2011-October/021730.html)

