HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / Tor Working To Fix Security Exploit
Researchers Working To Fix Tor Security Exploit
Researchers Working To Fix Tor Security Exploit
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
24
2014



Developers for the Tor privacy browser are scrambling to fix a bug that researchers say could allow hackers, or government surveillance agencies, to track users online. The vulnerability came to light Monday following the cancellation of a presentation titled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget" that had been scheduled to be given at the Black Hat security conference in Las Vegas.

Developers are close to fixing the breach, said Tor project leader Roger Dingledine.

"Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found," Dingledine said in an e-mail to Tor users. "The bug is a nice bug, but it isn't the end of the world. And of course these things are never as simple as "close that one bug and you're 100% safe."

Hundreds of Thousands Exposed

The de-masking exploit is said to be able to reveal the identities of hundreds of thousands of users, and was discovered by Alexander Volynkin and Michael McCord of Carnegie Mellon University. Attorneys for the university and from the Software Engineering Institute asked that the talk be canceled. The university said the materials that were to have been used in the presentation had not been approved by CMU or SEI for public release.

Dingledine wrote that Tor's developers now believe they understand the nature of the vulnerability the researchers discovered, even though the research team has not completely disclosed the nature of the attack. Tor is working with the U.S. Computer Emergency Readiness Team to coordinate disclosure of the security details of the bug by the end of the week.

"We did not ask Black Hat or CERT to cancel the talk," Dingledine said. "We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made."

Fumbling in the Dark Web

Tor said it has been shown some of the materials that were to have been presented at the conference, but has yet to receive any slides or descriptions of the talk itself, other than what was made publicly available on the Black Hat Web page.

"It sure would have been smoother if they'd opted to tell us everything," Dingledine said.

Tor said it does not want to discourage future researchers from working with them to continue to discover new bugs in the browser.

"We encourage research on the Tor network along with responsible disclosure of all new and interesting attacks. Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues," Tor said.

Previously, it was reported that the National Security Agency had successfully tracked the IP address of any Internet user who had either installed or even just conducted a search for the dark net browser. The U.S. intelligence agency is said to have tracked down the users after infiltrating two of the Tor servers in Germany. It then used that information to build a profile of users based on their online habits.

Read more on: Tor, Privacy, Security, NSA, CERT, Black Hat
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
BMC's shared success is built on 6 fundamental principles: 1) An Intuitive User Experience 2) Agile Application 3) Actionable Intelligence 4) Adaptive Automation 5) Compliance & Risk Mitigation 6) Optimized Infrastructure & Cost. Contact BMC to learn more.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Using Internet-connected devices without strong passwords is inherently risky, as illustrated by reports that a Russian Web site is showing live footage from thousands of people's webcams.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

MOBILE TECHNOLOGY SPOTLIGHT
To better its customer service, Comcast is pulling out at least some of the stops. The cable giant has launched an app so you can track the cable guy in real time. It's designed to ease customer frustration.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.