Two Tor zero-days disclosed, more to come
-First zero-day can identify direct connections to Tor
-Second zero-day can identify indirect connections (users connecting through Tor guards)
-Both issues can be used to completely shut out users from Tor
https://www.zdnet.com/article/two-tor-zero-days-disclosed-more-to-come/
-First zero-day can identify direct connections to Tor
-Second zero-day can identify indirect connections (users connecting through Tor guards)
-Both issues can be used to completely shut out users from Tor
https://www.zdnet.com/article/two-tor-zero-days-disclosed-more-to-come/
The two zero-days are part of a five-part blog series from @hackerfactor, who intends to publish three more zero-days, including one that deanonymizes Tor services by revealing the server's real IP address
Dr. Krawetz says all of this stems from the Tor Project ignoring security issues that have been reported over the past few years, promising patches but not actually delivering.
See here: https://twitter.com/hackerfactor/status/1268522494211678208
The Tor Project did not respond to a request for comment.
See here: https://twitter.com/hackerfactor/status/1268522494211678208
The Tor Project did not respond to a request for comment.