Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is right

2020-07-30 22:08

Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "Zero-day exploits"... which the Tor Project insists are nothing of the sort.

Typically, users slide into the Tor network through a publicly listed entry relay, though they may choose to join via a bridge relay, or bridge for short, to avoid IP-based detection and censorship.

"Even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges," the Tor documentation noted.

The Tor Project conceded censors have developed ways to detect and block Tor traffic even when people are using bridges, usually by inspecting packets in transit for telltale signs.

"We're happy to get bug reports in whatever way the reporter is willing to provide them," a Tor Project spokesperson said in an emailed statement to The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/30/tor_bugs_obfs4/

#defense #infosec #TOR #zeroday

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
TOR		1	2	46	3	4	55