The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | breaches

Oct/14

25

Two new attacks on Tor

Tor webpage

Two new attacks on Tor were recently announced.

The first involves using an exit node to automatically modify software patches to include malware. This one is being seen in the wild already.

The second uses Tor and some quirks in the security model of Bitcoin to allow attackers to create double spending and even create an alternative shadow hash chain visible only to the victims.

Play

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on FacebookTwitter, and Google+.

· · · · ·

Unknown known

Your Anonymous Posts to Secret Aren’t Anonymous After All | Threat Level | WIRED

This article describes a clever attack against Secret, the “anonymous” secret sharing app.

Their technique allows the attacker to isolate just a single target, so any posts seen are known to be from them. The company is working on detecting and preventing this attack, but it is a hard problem.

In general, any anonymity system needs to blend the activity of a number of users so that any observed activity could have originated from any of them. For effective anonymity the number needs to be large. Just pulling from the friends in my address book who also use Secret is way too small a group.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· · · · ·

Play

Welcome to the December podcast – our last official podcast of 2012. In this episode, I’ll be running down some of the biggest online privacy and security events of the last year. From the Zappos and LinkedIn password breaches, to the epic hacking of reporter Mat Honan, I’ll be providing user tips and suggestions to help you avoid some of the privacy pitfalls of 2012.

Download the transcript

· · · · · · ·