How?
Bob Tarzey, an analyst and director with the Quocirca research house, said that, as the IT industry has seen with Open SSL, the term `free' can mean that rigorous testing is not the same as you would expect with commercial software.
(Again, we are forced to presume that Commercial software are "TESTED RIGOURSLY". Security is based on (Tust but) VERIFY model. The above statement is only talking about "TRUST" so, I would say it is true about free software but I won't take the part related to the Commercial software part).
According to the article:-
he security of the TOR network, he went on to say, can be compromised in a number of ways, including monitoring two of the server streams. At this point, he says, it becomes possible to deduce the origin points – and other information - of the data stream.
This technique was documented in 2012 by a team of researchers from the University of California, who named their approach LAST or, and explained that the compromise - though complex - was entirely achievable.
Wood, meanwhile, said that man-in-the-middle attacks can be spotted by users when they realise the certificate for the session is not valid.
"The problem here is that users on a smartphone or mobile device might not see the certificate owing to the limited real estate on the screen of these devices," he said.
James Lyne, the EMEA director of the SANS Institute, said that there have been a series of challenges with the security of TOR, but - frankly - more broadly crypto underpinning trust and Internet privacy plus security have been through something of a rough patch lately.
The link below has more information:-
No comments:
Post a Comment