Tor Open To Attack 109
An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."
How Many Nodes Do You Need to Own? (Score:5, Insightful)
3 to 6 servers out of 60 is still 5 to 10 percent. That's fine for small networks, but for a network with hundreds or thousands of nodes, controlling 5 to 10 percent may become infeasible. Does this attack require the number of nodes to scale with network size?
Re:WTFITOREH? (Score:3, Insightful)
Re:WTFITOREH? (Score:4, Insightful)
To anyone not in the know, the fact that the TOR protocol has a weakness means absolutely NOTHING regardless of whether they know what TOR stands for or not.
Granted, there is such a thing as TLA-overload...but I don't think this is it. If you don't know that TOR stands for The Onion Router, then why the hell do you care whether it is vulnerable to attack or not? You obviously aren't using it... You don't care about the technology or implementation... You are apparently not even curious enough to Google it... So why bother clicking through to post such a rant?
Re:Could this be avoided? (Score:3, Insightful)
Re:Well, not just that. (Score:3, Insightful)