The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.
January 22, 2010
The virtual network, Tor, designed to provide private and secure Web browsing to people around the world had a number of servers hacked recently. The Tor anonymous network is helpful to those living in nations that oppress free speech, such as China and Iran, and need unfettered access to information.According to this post in the (Simple End-User Linux) SEUL.org discussion list, three of Tor's severs were compromised earlier this month, two were part of the network's directory structure: "In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers."
The breach appears to have been for CPU capacity, according to the post. And the infiltrators were using the server to launch other attacks.
The post also made it clear that the breach wouldn't make it possible for Tor users' traffic to be monitored, for the source code to have been changed, or to learn anything sensitive about the Tor service. The group says it closed the security gap, among other security measures:
"We've taken steps to fix the weaknesses identified and to harden our systems further. Tor has a track record of openness and transparency, with its source code and specifications and also with its operations. Moreover, we're disclosing breaches such as this so you can monitor our status. You shouldn't assume those who don't disclose security breaches never have any!"
Earlier this fall, the Great Firewall of China blocked about 80% of the publicly known Tor relays, so users in that country have to rely on private bridges to gain access to outside news and information.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024