HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / Tor Working To Fix Security Exploit
Researchers Working To Fix Tor Security Exploit
Researchers Working To Fix Tor Security Exploit
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
24
2014


Developers for the Tor privacy browser are scrambling to fix a bug that researchers say could allow hackers, or government surveillance agencies, to track users online. The vulnerability came to light Monday following the cancellation of a presentation titled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget" that had been scheduled to be given at the Black Hat security conference in Las Vegas.

Developers are close to fixing the breach, said Tor project leader Roger Dingledine.

"Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found," Dingledine said in an e-mail to Tor users. "The bug is a nice bug, but it isn't the end of the world. And of course these things are never as simple as "close that one bug and you're 100% safe."

Hundreds of Thousands Exposed

The de-masking exploit is said to be able to reveal the identities of hundreds of thousands of users, and was discovered by Alexander Volynkin and Michael McCord of Carnegie Mellon University. Attorneys for the university and from the Software Engineering Institute asked that the talk be canceled. The university said the materials that were to have been used in the presentation had not been approved by CMU or SEI for public release.

Dingledine wrote that Tor's developers now believe they understand the nature of the vulnerability the researchers discovered, even though the research team has not completely disclosed the nature of the attack. Tor is working with the U.S. Computer Emergency Readiness Team to coordinate disclosure of the security details of the bug by the end of the week.

"We did not ask Black Hat or CERT to cancel the talk," Dingledine said. "We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made."

Fumbling in the Dark Web

Tor said it has been shown some of the materials that were to have been presented at the conference, but has yet to receive any slides or descriptions of the talk itself, other than what was made publicly available on the Black Hat Web page.

"It sure would have been smoother if they'd opted to tell us everything," Dingledine said.

Tor said it does not want to discourage future researchers from working with them to continue to discover new bugs in the browser.

"We encourage research on the Tor network along with responsible disclosure of all new and interesting attacks. Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues," Tor said.

Previously, it was reported that the National Security Agency had successfully tracked the IP address of any Internet user who had either installed or even just conducted a search for the dark net browser. The U.S. intelligence agency is said to have tracked down the users after infiltrating two of the Tor servers in Germany. It then used that information to build a profile of users based on their online habits.

Read more on: Tor, Privacy, Security, NSA, CERT, Black Hat
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
In late breaking news on Thursday, an unnamed U.S. government official told the press that investigators have solved the vexing question of how Sony’s computer network was hacked.

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.