Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / World Wide Web / Tor Working To Fix Security Exploit
Researchers Working To Fix Tor Security Exploit
Researchers Working To Fix Tor Security Exploit
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Developers for the Tor privacy browser are scrambling to fix a bug that researchers say could allow hackers, or government surveillance agencies, to track users online. The vulnerability came to light Monday following the cancellation of a presentation titled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget" that had been scheduled to be given at the Black Hat security conference in Las Vegas.

Developers are close to fixing the breach, said Tor project leader Roger Dingledine.

"Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found," Dingledine said in an e-mail to Tor users. "The bug is a nice bug, but it isn't the end of the world. And of course these things are never as simple as "close that one bug and you're 100% safe."

Hundreds of Thousands Exposed

The de-masking exploit is said to be able to reveal the identities of hundreds of thousands of users, and was discovered by Alexander Volynkin and Michael McCord of Carnegie Mellon University. Attorneys for the university and from the Software Engineering Institute asked that the talk be canceled. The university said the materials that were to have been used in the presentation had not been approved by CMU or SEI for public release.

Dingledine wrote that Tor's developers now believe they understand the nature of the vulnerability the researchers discovered, even though the research team has not completely disclosed the nature of the attack. Tor is working with the U.S. Computer Emergency Readiness Team to coordinate disclosure of the security details of the bug by the end of the week.

"We did not ask Black Hat or CERT to cancel the talk," Dingledine said. "We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made."

Fumbling in the Dark Web

Tor said it has been shown some of the materials that were to have been presented at the conference, but has yet to receive any slides or descriptions of the talk itself, other than what was made publicly available on the Black Hat Web page.

"It sure would have been smoother if they'd opted to tell us everything," Dingledine said.

Tor said it does not want to discourage future researchers from working with them to continue to discover new bugs in the browser.

"We encourage research on the Tor network along with responsible disclosure of all new and interesting attacks. Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues," Tor said.

Previously, it was reported that the National Security Agency had successfully tracked the IP address of any Internet user who had either installed or even just conducted a search for the dark net browser. The U.S. intelligence agency is said to have tracked down the users after infiltrating two of the Tor servers in Germany. It then used that information to build a profile of users based on their online habits.

Image credit: iStock .

Read more on: Tor, Privacy, Security, NSA, CERT, Black Hat
Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.