[tor-dev] "Sniper attack" paper by Rob Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann

Nick Mathewson nickm at freehaven.net
Thu Jan 9 05:07:11 UTC 2014


Hi, all!

I see that the NDSS programme is now online:
http://www.internetsociety.org/ndss2014/programme

One of the papers describes a neat set of attacks described in this
paper where an adversary can try to track users by DoSing nodes by
running those nodes out of memory.  The memory DoS attack from this
paper are fixed, thanks to advice from the paper's authors, in Tor
0.2.4.x and later, and we're working on improvements to the rest of
our memory management as well. Rob Jansen tells me he's working on a
blog post to explain the paper and its results in more detail.

You can read it online at:
http://www-users.cs.umn.edu/~jansen/papers/sniper-ndss2014.pdf

And since there's always somebody too hasty to read past the title,
I'll quote the footnote on the first page:

"We disclosed our attack to The Tor Project [6] in February 2013. We
have worked with them to develop and deploy a short term defense [17],
and continue to work with them in developing long term solutions [32].
As a result, Tor is no longer vulnerable since version
0.2.4.14-alpha."

best wishes,
-- 
Nick


More information about the tor-dev mailing list