Tor dziurawy?

Bimi

Naukowcy z francuskiej uczelni ESIEA odkryli i wykorzystali kilka poważnych luk w sieci TOR. Pokazali, że możliwe jest przejęcie kontroli nad siecią i odczytywanie krążących w niej informacji. Zidentyfikowali również 181 tzw. ukrytych węzłów. “Mamy teraz pełny obraz topografii Tora” - powiedział Eric Filol z ESIEA.

Szczegóły odkrycia mają zostać zaprezentowane podczas konferencji Hackers to Hackers, która odbędzie się w dniach od 29 do 30 października w Săo Paulo.

źródło: http://hacking.pl/pl/news-16604-TOR_dziurawy.html

The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.

Researchers showed that one third of the nodes are vulnerable, "sufficient in all cases so that we can easily infect and obtain system privileges," says the director. Researchers clone then a part of the network in order not to touch the real network, and they make a virus with which they will be able to take control of the machine."This allows us to set the encryption keys and readers initialization of cryptographic algorithms and thus cancel two layers of encryption on all three," says Eric Filiol. The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.

To guide communication to nodes infected, researchers make unavailable all other nodes. To do this, they apply a double attack: localized congestion, which involves sending a large number of requests Tor on uninfected machines, and spinning the packet, which will enclose Tor servers in a loop circuit to fill them. The Tor protocol will then, naturally, to route calls to infected machines, and that's it.

całość: http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html