Tor IP anonymitity compromised

Posted Oct 18th 2006 10:45AM by Jordan Running
Filed under: Internet, Security

A group called Packet Storm has published a paper detailing how the true IP addresses of Tor users can be discovered by the party that controls their traffic's exit node. In case all of that was Greek to you, let's back up: Tor is system that anonymizes internet traffic by routing it through a network of Tor nodes. The aim is to make it impossible to know where traffic originated, and Tor has become popular lately among the privacy minded, especially with the debut of Torpark, a version of Firefox with Tor's anonymizing features built in. Unfortunately, Packet Storm's paper shows that if you control the last node in the chain, it's possible to determine the traffic's originating IP using a combination Flash and cookie attack. The paper's author recommends turning off Flash, ActiveX, Java, and JavaScript if you use Tor and don't want your IP sniffed out. Tor's developers have yet to make an official statement about the exploit.

[Via Netscape]

Tags: anonymizer, anonymous, exploit, packet storm, PacketStorm, privacy, proxy, security, tor

• Read
• Permalink
• Email this
• Share
• Comments [2]

Related Headlines

• Truecrypt Updates to v6, Hides Your Subversive Plots Even Better! (55 days ago - 2 Comments)
• Nawras PC Supervisor Configures Local Security Controls (17 days ago - 6 Comments)
• Trust No Exe Blocks Application Startups - Windows Only (20 days ago - 6 Comments)
• Operator: Portable Anonymous Opera Browsing (20 days ago - 3 Comments)
• XForce report on computer threats and vulnerabilities (30 days ago - 1 Comment)

Reader Comments (Page 1 of 1)

1

10-18-2006 @ 11:12AM

Bill said...

Tor for Opera - http://letwist.net/operator

Reply

2

10-18-2006 @ 1:54PM

Ron Scott said...

"The paper's author recommends turning off Flash, ActiveX, Java, and JavaScript if you use Tor and don't want your IP sniffed out."

Thankfully, this is TorPark's default configuration.

Alternatively, use the standalone Tor distro with Firefox + FlashBlock + NoScript extensions.

Reply

Download Squad Features

View Posts By

Categories

Audio (856)

Beta (343)

Blogging (702)

Browsers (48)

Business (1377)

Design (825)

Developer (938)

E-mail (519)

Finance (128)

Fun (1774)

Games (561)

Internet (4888)

Kids (135)

Office (497)

OS Updates (581)

P2P (182)

Photo (471)

Podcasting (167)

Productivity (1343)

Search (270)

Security (548)

Social Software (1133)

Text (440)

Troubleshooting (52)

Utilities (1990)

Video (1032)

VoIP (140)

web 2.0 (797)

Web services (3375)

Companies

Adobe (187)

AOL (51)

Apache Foundation (1)

Apple (476)

Canonical (35)

Google (1317)

IBM (30)

Microsoft (1319)

Mozilla (471)

Novell (20)

OpenOffice.org (43)

PalmSource (12)

Red Hat (17)

Symantec (14)

Yahoo! (356)

License

Commercial (681)

Shareware (194)

Freeware (2040)

Open Source (921)

Misc

Podcasts (13)

Features (392)

Hardware (167)

News (1123)

Holiday Gift Guide (15)

Platforms

Windows (3686)

Windows Mobile (428)

BlackBerry (45)

Macintosh (2098)

iPhone (103)

Linux (1602)

Unix (78)

Palm (177)

Symbian (122)

Columns

Ask DLS (11)

Analysis (31)

Browser Tips (296)

DLS Podcast (5)

Googleholic (202)

How-Tos (102)

DLS Interviews (19)

Design Tips (15)

Mobile Minute (133)

Mods (68)

Time-Wasters (391)

Weekend Review (40)

Imaging Tips (32)

RESOURCES

• Send us news tips
• Contact Us
• Advertise
• Corrections?
• Problems?

RSS NEWSFEEDS

• 
• Feeds by category

Sponsored Links

Advertise with Download Squad

Most Commented On (60 days)

• My Top 6 Download Annoyances (34)
• Forget the iPhone, all you need is an iPod Touch (25)
• Microsoft Drops IE8 Beta 2 - First Impression (23)
• Anti-iPhone day at Download Squad (16)
• eCalc offers new Windows desktop version (13)
• Microsoft updates Windows XP Pro anti-piracy tool (13)
• Top 5 iPhone buzzkills (11)
• Want to Know Everything About a Website? Try Quarkbase. (11)
• Mozilla explores ways to make new Firefox tabs more useful (10)
• Folder Guide Speeds Windows Directory Browsing (9)

Recent Comments

• radon420 on iPhone App Review: Shazam helps you 'Name that tune'
• Bryan Nystrom on Mobile Productivity the Mario Way - With A Nintendo DS!
• Bryan Nystrom on Mobile Productivity the Mario Way - With A Nintendo DS!
• Bryan Nystrom on Mobile Productivity the Mario Way - With A Nintendo DS!
• javadog on Mobile Productivity the Mario Way - With A Nintendo DS!
• kalpak on Pokin' to the oldies: why Palm OS 5 still rocks
• Brian! on Top 5 iPhone buzzkills
• edward on GMDesk: Desktop client for Gmail, Google Docs, Google Reader, etc
• archer on GMDesk: Desktop client for Gmail, Google Docs, Google Reader, etc
• Quikboy on Anti-iPhone day at Download Squad

Urlesque Headlines

• Today's Cry - Monkey and Polar Bear Frolic, Downhill From There
• Those Lazy, Hazy, Cryptid Crazy Days of Summer Are Finally Gone... Or Are They?
• John McCain Seeks Facebook Friends
• Something Was Missing From the 2008 Olympics and That Something Was Paul Hunt
• The 5 Best 'Ghostbusters' Mash-Ups

BloggingStocks Tech Coverage

• AAPL Apple Inc
• ADBE Adobe Systems
• AKAM Akamai Technologies
• AMZN Amazon
• CSCO Cisco Systems
• DELL Dell
• EBAY eBay
• GOOG Google
• INTC Intel
• INTU Intuit Inc
• JAVA Sun Microsystems
• MOT Motorola
• MSFT Microsoft
• NOK Nokia Corp
• ORCL Oracle Corp
• PALM Palm Inc
• RHT Red Hat Inc
• RIMM Research in Motion
• SYMC Symantec Corp
• TWX AOL Time Warner
• YHOO Yahoo!

More Tech Coverage

• Control Shift It's all about the experience
• Somewhat Frank Perspectives on tech as it fuses in everyday life
• Switched Gadgets, web news and commentary
• Urlesque Exposing bits of the web

All contents copyright © 2003-2008, Weblogs, Inc. All rights reserved

Download Squad is a member of the Weblogs, Inc. Network. Privacy Policy, Terms of Service, Notify AOL