TOR needs a fix - New vulnerability can help attacker to ID the website and servers the user is accessing

I hope they fix it soon.


From the Article:

An attacker can figure out which dark web site a user is trying to access by passively monitoring Tor traffic, and even reveal the identity of servers hosting sites on the Tor network.

The attack doesn’t require the decryption of any traffic—only that it be monitored —and the exploit only requires control of a node where users enter the Tor network. 


When you use Tor, your connection gets encrypted and routed through three hops which form a path called a “circuit.” A circuit starts with an entry point called a “guard,” before going back into the regular internet via what are called “exit nodes.” The guard sees your IP address, and the exit node sees where the traffic’s going.

Without controlling an exit node. 88 percent of the time, the researchers were also able to identify which hidden service the user was trying to access.


For More info:
http://motherboard.vice.com/en_uk/read/researchers-unveiled-a-new-serious-vulnerability-in-tor