Slashdot Mirror
Tor Open To Attack
An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."
...is really what the article is about. Granted, I only read the abstract, but someone here at /. seems too intent on making a dramatic headline out of this.
It has been known for some time that anyone with the resources to do so could launch an end-to-end attack on Tor. That someone with relatively few resources could launch the same attack is newsworthy, perhaps, but far more interesting is the observation that optimizing network traffic flow in order to improve performance is the direct cause of this weakness.
The military and secretive NSA operations do not care about you or your open source proxy software. Stop trying to make yourself feel special by writing convoluted conspiracy theories.
No, but the Chinese equivalent of the FBI probably cares a lot about what its citizens are doing on the net, and the ability of users living under hostile regimes to get unfettered network access is one of the goals of projects like Tor.
There are people with resources besides the NSA.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."