[tor-dev] "Sniper attack" paper by Rob Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann
Nick Mathewson
nickm at freehaven.net
Thu Jan 9 05:07:11 UTC 2014
Hi, all!
I see that the NDSS programme is now online:
http://www.internetsociety.org/ndss2014/programme
One of the papers describes a neat set of attacks described in this
paper where an adversary can try to track users by DoSing nodes by
running those nodes out of memory. The memory DoS attack from this
paper are fixed, thanks to advice from the paper's authors, in Tor
0.2.4.x and later, and we're working on improvements to the rest of
our memory management as well. Rob Jansen tells me he's working on a
blog post to explain the paper and its results in more detail.
You can read it online at:
http://www-users.cs.umn.edu/~jansen/papers/sniper-ndss2014.pdf
And since there's always somebody too hasty to read past the title,
I'll quote the footnote on the first page:
"We disclosed our attack to The Tor Project [6] in February 2013. We
have worked with them to develop and deploy a short term defense [17],
and continue to work with them in developing long term solutions [32].
As a result, Tor is no longer vulnerable since version
0.2.4.14-alpha."
best wishes,
--
Nick
More information about the tor-dev
mailing list