Clock Skew TOR Vulnerability/Exploit

5 09 2006

Light Blue Touchpaper » Hot or Not: Revealing Hidden Services by their Clock Skew

Fuck fuck fuck.  Apparently TOR has some vulnerabilities that can be exploited.


This is a feature of Tor which allows servers to be run without giving away the identity of the operator. These can be attacked by repeatedly connecting to the hidden service, causing its CPU load, hence temperature, to increase and so change the clockskew. Then the attacker requests timestamps from all candidate servers and finds the one demonstrating the expected clockskew pattern. I tested this with a private Tor network and it works surprisingly well.

You have to go to the link to read the whole deally at Light Blue Touchpaper.  Good on them for giving us all the heads up.

Anyone got something better than TOR?



5 responses

6 09 2006
Steven J. Murdoch

I don’t think there is any reason to move away from Tor. I explain why there is no reason to panic on my blog. All anonymity systems have weaknesses because nobody knows how to design a usable, but perfectly secure one and this is an active area of research. So of the laternatives, Tor is well analysed and has comparatively good security, but because it comes from an academic background, is more open about its flaws.

6 09 2006

This is the most interesting and obscure vulnerablities when stacked with the Remote physical device fingerprinting publication this is wird as hell as to how someoen even would have mapped this idea out in their head in the first place adn then actually proved it is just awesome. I am just saying I think this is something only a very small percentage of data analysis or security and hacker people would think of. Awesome although hard for me to follow to be sure. Taking the idea a step further was great. Not quite on topic since I don’t currently use TOR but I guess Yoshi Kohno would have a hard tiem fingerprinting some of my devices since I turned TCP timestamps [off], and NTP and SNTP are disabled for quite a while now, maybe a year I think. Not that this really matters but I thought it was sort of related, although my NAT box may be doing it’s own thing which could be different but since it is a different device adn I can’t remember right now I’ll just say unsure. I never liked default settings on anything. I turn on and off stuff as I need it or disable, uninstall, ect. when it comes to services but I am not sure how far this gets me as far as the actual need to avoid fingerprinting devices since it shouldn’t bare to much weight on my security taking into account the big picture or the likeliness of use to a potential pen-tester of site but I should never rule anything out entirely. I didn’t do these things for fingerprinting avoidance but rather to save resources, overhead, smoe stealth in general, close ports or cripple them from attack and/or confuse attackers sometimes w/ non-functional services (fun adn to much free time) & such. Ok I went a bit offtopic. I need sleep I’m just babbling now I think. l8rz…

6 09 2006

This is the quote I meant before from Steven J. Murdoch | September 5th, 2006 at 19:51 UTC:

This is ususally true yes but it can be turned off in any WinOS I know of through the registry if one wishes, but it is certainly enabled by default in WinALL as far as I know. Is this not correct? I know I shut it off myself as there is a known registry hack for this. Yup just looked my timestamping is definitely off. Again no TOR here, but this is just few extra bytes of packet header info I don’t want or need and anyhow (for a couple of reasons.) Feel free to correct me if I am in error in my statements. Thanks. 🙂

6 09 2006

Damn I screwed up tags lol I was attempting to quote from here:

Sorry I am not a blogger lol 😛

4 10 2008
Two Slashes » Blog Archive » IronKey or LeadWeight?

[…] built in is fitting, it’s also laughable.  Not only has Tor been found to have several vulnerabilities (despite them, it’s still a great service if you want to try to be anonymous in your surfing) […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: