Tor Project patches critical flaw in its anonymizing network
One of the vulnerabilities that makes these attacks possible has been well-known for years. In 2005, Steven Murdoch and George Danezis of Cambridge University’s Computer Laboratory demonstrated a traffic analysis method that could allow attackers to figure out which nodes in the Tor network were being used to relay traffic from a specific site. Since Tor clients randomly select three relay sites at connection as their “guards” for privacy, the guards selected by a client could be used as a fingerprint for the user. That vulnerability, which would allow a malicious website to discover the Tor relays for a specific user, had not yet been addressed, and Clark wrote that traffic analysis attacks “remain as open research problems.
(Source: addtoany.com)
