[liberationtech] Has LinkedIn launched a borderline Denial of Service attack against Tor?
Mustafa Al-Bassam
mus at musalbas.com
Tue Jul 1 04:15:26 PDT 2014
It appears to be caused by a known DoS bug in the Tor Browser Bundle
that was patched 4 months ago:
https://trac.torproject.org/projects/tor/ticket/10905
https://trac.torproject.org/projects/tor/ticket/9901
Given the method of triggering the bug - when no Content-Type header is
specified and more than 512 bytes of content are sent - it seems
unlikely that LinkedIn was intentionally DoSing the Tor Browser Bundle
users; that's simply how they chose to configure their web server - for
all clients, not just those using the Tor Browser Bundle.
Mustafa
On 30/06/14 14:04, S.G.Davies at lse.ac.uk wrote:
> Hello all,
> For some time now I've been concerned about the inability of many Tor users to access LinkedIn - and more importantly, the fact that attempting to use LinkedIn results in a fatal freeze. It seems to me that something isn't right here, so I've written a short piece on it. I'd be grateful for any thoughts you have.
> http://www.privacysurgeon.org/blog/incision/has-linkedin-launched-a-borderline-denial-of-service-attack-against-tor/
>
> Best wishes
>
> Simon
>
> _________________________
>
> Simon Davies
> Associate Director
> LSE Enterprise
> The London School of Economics
>
> Founder,
> Privacy International
>
> privacysurgeon.org
>
> s.g.davies at lse.ac.uk
>
> Please access the attached hyperlink for an important electronic communications disclaimer: http://lse.ac.uk/emailDisclaimer
>
More information about the liberationtech
mailing list