Securing The Tor Network presented at Blackhat USA 2007

by Mike Perry,

Tags: Security Wireless Anonymity Privacy Risk

Summary : Imagine your only connection to the
Internet was through a potentially hostile environment such as the
Defcon wireless network. Worse, imagine all someone had to do to own you
was to inject some html that runs a plugin or some clever javascript to
bypass your proxy settings. Unfortunately, this is the risk faced by
many users of the Tor anonymity network who use the default
configurations of many popular browsers and other network software. Tor
is designed to make it difficult even for adversaries that control
several points in the network to determine where you're coming from or
where you're going, yet these "data anonymity" attacks and attacks to
bypass Tor can be performed effectively by a malicious website, or just
one guy with a Ruby interpreter! To add insult to injury, software
vendors seldom consider such exploits and other privacy leaks as real
vulnerabilities.