Tor Project Fixing Vulnerability that Could Expose Users

[Reefa]

Developers at the Tor Project are working towards releasing a patch to a critical vulnerability researchers planned to disclose at the Black Hat security conference that could de-anonymize Tor users.

Black Hat recently announced their keynote briefing schedule, including one titled: “You Don’t Have to be the NSA to Break Tor: De-anonymizing Users on a Budget” by security researchers Alexander Volynkin & Michael McCord from Carnegie Mellon University’s Computer Emergency Response Team (CERT). Shortly after the conference schedule went live, the talk was canceled at the request of legal counsel of the university’s Software Engineering Institute as it was not approved to be publicly disclosed.

“In our analysis, we’ve discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” the CERT researchers wrote in their preview of the disclosure. “There is nothing that prevents you from using your resources to de-anonymize the network’s users instead by exploiting fundamental flaws in Tor design and implementation. And you don’t need the NSA budget to do so” they continue. “ The total investment cost? Just under $3,000.”

Tor Project leader Roger Dingledine published in the Tor Project email update that the company did not ask Black Hat or CERT to cancel the talk. Instead, Tor Project developers had only been shown information found public on the Black Hat website that researchers has scheduled to disclose, but never received detailed slides or further information. Researchers were going to include “real-world de-anonymization case studies.”

Regardless that Dingledine and his researchers were not briefed on the vulnerability, he believes his team has found the same issue CERT was scheduled to disclose and is working towards fixing it. “We’ve been trying to find delicate ways to explain that we think we know what they did, but also it sure would have been smoother if they’d opted to tell us everything,” Dingledine continues in his mailing list.

In another email Dingledine suggests the discovered issue affects Tor relays, which are Tor network nodes that route users connections through various relays to help anonymize traffic and thwart off potential threats.

“Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn’t the end of the world. And of course these things are never as simple as ‘close that one bug and you’re 100% safe’.”

Tor project is highly popular among researchers and users who desire privacy, ex-NSA whistle blower Edward Snowden even stated his favorite operating system was ‘Tails’, an operating system based off of the Tor project.

As previous Snowden disclosures show that the NSA put Tor users under extra surveillance, we are eager to see if any research that the NSA abused this bug surfaces.

Source

[Blackchildcx]

No 100% privacy ....no where...!

[Matsuda]

Some relays in TOR anonymization network are believed to have attempted to reveal the identity of the individuals either operating or using TOR hidden services, by modifying TOR protocol headers to carry out traffic confirmation attacks.

A security advisory posted today on TOR (The Onion Router) project website informs that some relays have been discovered and removed on July 4, this year, and that they joined the network on January 30. 2014.

The administrators of the network cannot tell with certainty the impact these attacks had on the users, but they found clear evidence that the attacks targeted users that retrieved hidden service descriptors.

Details like accessed pages and if the hidden service was visited by the user may not have been compromised by the attackers.

Since there was no evidence that the intruders managed exit relays, the network administrators believe that the intruders did not use the attack to find the destination of the user on normal TOR circuits.

The most important question is whether this sort of attack is actually what would have been presented at the Black Hat USA conference this year by researchers Alexander Volynkin and Michael McCord from the Carnegie Mellon University in Pittsburgh.

Even if the presentation was suddenly cancelled by the legal counsel of the of the University, the team managing TOR were offered some information, which hinted at “relay early” cells that could be leveraged for traffic confirmation attacks.

The team hopes that this was the vulnerability discovered by the two researchers since it would be the safest alternative for the impacted users.

“We spent several months trying to extract information from the researchers who were going to give the Black Hat talk, and eventually we did get some hints from them about how "relay early" cells could be used for traffic confirmation attacks, which is how we started looking for the attacks in the wild." said a member of the TOR team, who made a great technical presentation on how the attack was possible.

"In fact, we hope they *were* the ones doing the attacks, since otherwise it means somebody else was," he added.

However, other questions are still to receive an answer, as the admins do not know if all the malicious relays have been identified and have no details on the type of information the attackers have.

In order to mitigate the risk, all relays should be updated to a more recent release of TOR (0.2.4.23 or even the alpha 0.2.5.6), which removes the protocol vulnerability. Also, operators of hidden services should take into consideration moving them to a different location.



Source

[Mr Orus]

Threads merged.