[tor-relays] 90% of exits vulnerable to TCP off-path attack
Tristan
supersluether at gmail.com
Fri Aug 12 16:13:13 UTC 2016
According to Ark Technica (
http://arstechnica.com/security/2016/08/linux-bug-leaves-usa-today-other-top-sites-vulnerable-to-serious-hijacking-attacks/)
encrypted communications can only be blocked, meaning that exit servers
could still be targeted.
However, the bug only has to affect 1 side in order to work. So even if
every exit node patched it, Tor users (and the regular Internet) would
still be vulnerable until the Web servers patch it as well. Either way,
it'll be a while before everyone is patched.
On Aug 12, 2016 11:01 AM, "Zack Weinberg" <zackw at cmu.edu> wrote:
On Fri, Aug 12, 2016 at 11:27 AM, <starlight.2016q3 at binnacle.cx> wrote:
> RFC-5961
> CVE-2016-5696
> http://www.theregister.co.uk/2016/08/10/linux_tor_users_
open_corrupted_communications/
> FYI all
Tor's use of TLS _should_ mean that the worst an attacker can do here
is denial-of-service. The Register article suggests that they might
also be able to force the use of specific exit relays (by disrupting
connections that don't go through those relays) but weaponizing that
against specific users (rather than everyone trying to use an exit the
attacker doesn't like) strikes me as nontrivial.
Also, if you read the paper, raising the global rate limit (as
suggested by the reg. article) doesn't help; it only slows the
attacker down a little.
Right now I think one should not panic and should wait for the kernel
people to do a proper fix.
zw
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160812/924cc8a8/attachment.html>
More information about the tor-relays
mailing list