l0gic Posted October 18, 2006 Posted October 18, 2006 Saw an article on the SANS ISC this morning concerning this recently released advisory/paper by Packet Storm: http://www.packetstormsecurity.org/0610-ad...ion_Hacking.pdf In summary, the author proves that it is trivial to uniquely identify end nodes in a Tor network by using embedded content to contact a third-party server outside the Tor network. This could be theoretically performed on any Tor exit node. The article suggests a) disabling embedded content while using Tor for web browsing, and b) using SSL (duh). However, I would recommend people go a few steps further and kill all local routes except the one pointing to your Tor gateway (same concept typically used by VPN clients). This would absolutely prevent any traffic leakage. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.