Tor Team works for patching a bug causing DDoS attacks

A security researcher named Dr. Neal Krawetz has today published a second of two zero-day bugs in the Tor browser and network. These can be exploited by the oppressive regime for blocking users in using Tor. He also said three more zero-day bugs will be disclosed soon!

Tor Zero-day Bugs Exposed!

Dr Neal Krawetz is a security researcher and himself operating few Tor nodes in the network. He has a long history of reporting hugs to the Tor project, and he’s now up with two zero-day bugs in the Tor network and its browser. He revealed to be disclosing these bugs now as Tor failed to patch them even after reporting repeatedly for a long time.

The Tor project was considered one of the best practices of the internet since it provides private browsing and secure communications over the internet without being snooped. While this is true to an extent, exploiting any loopholes in this system can land offensive users in trouble. And this is set to happen if the bugs in question are exploited.

As per Neal Krawetz’s posts, Tor connections can be tracked and blocked by ISPs and companies easily, by scanning the network connections for a “Distinct Packet Signature“. This is unique to Tor traffic and can be tracked whenever a user connects to the Tor network! While this can detect direct connections, the second bug can detect connections indirectly.

Here, the oppressors can check for TCP packets generated whenever a user connects to the Tor Bridge, which is like a proxy like connection used for connecting to the Tor network if the user is blocked by ISPs when connecting directly to the network.

Both these issues were reported to the Tor project by Neal Krawetz for so long, as he claims. And he fears these can be exploited to block connections by authorities in oppressed regimes. Thus, after losing trust in Tor’s team for solving these issues even after knowing, Neal has finally published them and promises to come with three more soon!

LEAVE A REPLY

Please enter your comment!
Please enter your name here