Technology content trusted in North America and globally since 1999
8,225 Reviews & Articles | 62,330 News Posts

Researchers: Identifying Tor users isn't as hard as many think

Another confirmation that Tor isn't as secure as we'd like
By: Michael Hatamoto | Hacking & Security News | Posted: May 31, 2015 6:44 pm

Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.




Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.


A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.


"If you run a hidden service that does not need location hiding, you are unnecessarily exposing your users to this risk," according to the researchers. "It would probably be better to let them use Tor on your TLS-enabled clearnet site."


Related Tags

Got an opinion on this news? Post a comment below!