Open information - Open Internet

A talk at the Blackhat conference in the USA about TOR was pulled. A statement on The Blackhat website explains -

TOR onion'For more than 16 years, Black Hat has provided a venue for attendees and the larger community to find the very latest in information security research, developments and trends. We strive to deliver one of the most empirically selected lineups of content in the industry. One of our selected talks, "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget" by CERT/Carnegie Mellon researcher Alexander Volynkin was scheduled for a Briefing at Black Hat USA this August in Las Vegas. Late last week, we were informed by the legal counsel for the Software Engineering Institute (SEI) and Carnegie Mellon University that: "Unfortunately, Mr. Volynkin will not be able to speak at the conference since the materials that he would be speaking about have not yet approved by CMU/SEI for public release."''

Further to that a follow up message from Roger Dingledine, one of Tor's creators, subsequently posted a message to a mailing list confirming that he and his colleagues had "no idea the talk would be pulled".

1) We did not ask Black Hat or CERT to cancel the talk. We did (and > > still do) have questions for the presenter and for CERT about some > > aspects of the research >> Does that imply that the exploited "weakness" is not yet fully > understood by you (core developers)? (which also would imply that > there is no "fix" yet) I think I have a handle on what they did, and how to fix it. We've been trying to find delicate ways to explain that we think we know what they did, but also it sure would have been smoother if they'd opted to tell us everything. The main reason for trying to be delicate is that I don't want to discourage future researchers from telling us about neat things that they find. I'm currently waiting for them to answer their mail so I can proceed. > Also (if you can anticipate that ahead of the coordinated disclosures): >> Should relay ops get ready to deploy a critical patch? > Should users get ready to update their Tor Browser Bundles soon? > Will there be a "fix" at all? Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn't the end of the world. And of course these things are never as simple as "close that one bug and you're 100% safe". Less vague sentences soon I hope, --Roger'

All very strange. My suggestion keep up todate on the TOR bundle software software.

0
0
0
s2sdefault