Comments on: Hacking Tor - A Flaw Appears?

By: ethernode

ethernode — Tue, 05 Dec 2006 16:50:04 +0000

I was talking about the packetstormsecurity.org implications, not about the flaw itself. Following what i understood from the article, that would mean that tor’s anonymity features are fake (because of the “sent back via DNS tunnel to an external host to confirm the real identity of the host”) ? I’m beginning to guess i’m saying shit, but doesn’t this back-tunnel outpass the 1-hop only feature?

By: Darknet

Darknet — Tue, 05 Dec 2006 16:41:48 +0000

Brian: Yah I guess it would, anything as such can circumvent the anonymity of a proxy, that’s why using something like AnonymOS is preferable.

gerg: Thanks I’ll check that out.

ethernode: I don’t think so this a flaw in any proxy based system, it’s just showing how its relevant to Tor aswell. It’s still the best system there is ATM.

By: ethernode

ethernode — Tue, 05 Dec 2006 12:09:00 +0000

So, if the SANS is serious about this, is tor a giant honeypot? Corporate or occult?

By: gerg

gerg — Fri, 01 Dec 2006 00:17:56 +0000

This so called paper only describe methods that are known for more than 10 years and that work with every proxy…
There’s no Tor specific flaws in this document.

The paper title is just a way to make lamers talk and provide “instant celebrity” to his author… nothing new here

If you want some real technical paper on Tor search a pdf document on how to discover the location of an hidden service using statistics based on rendez-vous nodes.

By: Brian

Brian — Thu, 30 Nov 2006 19:40:47 +0000

Thanks for this post, I use tor pretty extensively myself and I have to say this is troubleing. The only thing is wouldn’t this “vulnerability” fall into the same category as the already known ActiveX and Flash vulnerabilities for these plugin’s requiring a direct connection with the client and thus circumventing the proxy network?