On Wed, 15 Aug 2012 13:09:38 -0700, full-disclosure@xxxxxxxxxx said: > Read an interesting article on "intercepting TOR users via proxies > Any ideas on how this could be mitigated? Well... using TOR the way it was intended would help mitigate a lot of it. TORButton, NoScript, SSL-Everywhere.. all the usual stuff. The TOR people are *very* up front about the fact that it does *not* protect you after it leaves the exit node so you should https: from there if possible. Also, the suggestion in the paper to hit a page directly and via TOR and comparing the two results is probably a *bad* idea, because it allows fingerprinting. You really need to hit the page both times with the same User-Agent string and all that, in case the page you test acts differently for different values (it sucks to false-positive a mismatch just because the site saw a spoofed IE8 header one time and FIreFox the other and sent different HTML for teh two cases). And if you hit it twice with the same setup, then it becomes easier to equate the two hits unless you work *real* hard to minimize the amount of leaked info, and hit a *really* high activity site like CNN's homepage. Go check these links out: https://panopticlick.eff.org/index.php https://www.eff.org/press/archives/2010/05/13 and then ask yourself if you want to hit anything twice...
Attachment:
pgpiwiuMckd7d.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/