On Sun, 16 Jun 2013 15:18:47 -0700 Mike Perry mikeperry@torproject.org wrote:
Roger Dingledine:
Tor 0.2.4.13-alpha fixes a variety of potential remote crash vulnerabilities, makes socks5 username/password circuit isolation actually actually work (this time for sure!), and cleans up a bunch of other issues in preparation for a release candidate.
As a heads up, a bug was introduced in this release that allows malicious websites to discover a client's Guard nodes in a very short amount of time (on the order an hour), if those Guard nodes upgrade to this release.
So a random clearnet end-destination website can trace the client all the way through Tor network and discover information not about its exit, not about the middle, but even about the entry node? And nodeS, i.e. all of them?* Wow; can you explain in more detail how that works?
* (then a Three Letter Agency (TLA) can obtain lists of connecting clients from all three Guards, and pretty much "triangulate" the actual source IP of that user either to a bulls-eye hit or a very short list of IPs simultaneously on all three.)
Unfortunately, the bug was introduced by fixing another issue that allows Guard nodes to be selectively DoSed with an OOM condition, so Guard node (and Guard+Exit node) operators are kind of in a jam.
One more reason to abandon the Guard system altogether.