[liberationtech] Update Tor Now - Tor security advisory: "relay early" traffic confirmation attack
Cooper Quintin
lists at cooperq.com
Wed Jul 30 11:36:28 PDT 2014
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
<snip>
SUMMARY:
On July 4 2014 we found a group of relays that we assume were trying to
deanonymize users. They appear to have been targeting people who operate
or access Tor hidden services. The attack involved modifying Tor
protocol headers to do traffic confirmation attacks.
The attacking relays joined the network on January 30 2014, and we
removed them from the network on July 4. While we don't know when they
started doing the attack, users who operated or accessed hidden services
from early February through July 4 should assume they were affected.
Unfortunately, it's still unclear what "affected" includes. We know the
attack looked for users who fetched hidden service descriptors, but the
attackers likely were not able to see any application-level traffic
(e.g. what pages were loaded or even whether users visited the hidden
service they looked up). The attack probably also tried to learn who
published hidden service descriptors, which would allow the attackers to
learn the location of that hidden service. In theory the attack could
also be used to link users to their destinations on normal Tor circuits
too, but we found no evidence that the attackers operated any exit
relays, making this attack less likely. And finally, we don't know how
much data the attackers kept, and due to the way the attack was deployed
(more details below), their protocol header modifications might have
aided other attackers in deanonymizing users too.
Relays should upgrade to a recent Tor release (0.2.4.23 or
0.2.5.6-alpha), to close the particular protocol vulnerability the
attackers used — but remember that preventing traffic confirmation in
general remains an open research problem. Clients that upgrade (once new
Tor Browser releases are ready) will take another step towards limiting
the number of entry guards that are in a position to see their traffic,
thus reducing the damage from future attacks like this one. Hidden
service operators should consider changing the location of their hidden
service.
</snip>
More information about the liberationtech
mailing list