[liberationtech] Major Security Flaws in Tor Components
Nadim Kobeissi
nadim at nadim.cc
Thu May 23 19:26:18 PDT 2013
I found this to be a really interesting (and really well-done paper):
http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
ABSTRACT:
Tor is the most popular volunteer-based
anonymity network consisting of over 3000 volunteer-operated
relays. Apart from making connections to servers hard to
trace to their origin it can also provide receiver privacy for
Internet services through a feature called “hidden services”.
In this paper we expose flaws both in the design and
implementation of Tor’s hidden services that allow an attacker
to measure the popularity of arbitrary hidden services, take
down hidden services and deanonymize hidden services. We
give a practical evaluation of our techniques by studying: (1) a
recent case of a botnet using Tor hidden services for command
and control channels; (2) Silk Road, a hidden service used to
sell drugs and other contraband; (3) the hidden service of the
DuckDuckGo search engine.
NK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130523/a1c29eb8/attachment.html>
More information about the liberationtech
mailing list