Podcast
Podcaster
![DEFCON 17 [Video and Slides] Speeches from the Hacker Convention.](https://cdn.podcastcms.de/images/podcasts/100/35100/defcon-17-video-and-slides-speeches-from-the-hacker-convention.png)
DEFCON 17 [Video and Slides] Speeches from the Hacker Convention.
Beschreibung
vor 16 Jahren
Attacking Tor at the Application Layer
Gregory Fleischer Security Researcher
Surfing the web using Tor makes you invincible, right?
Wrong! Between the technical deficiencies, web browser idiosyncrasies, Tor vulnerabilities, social engineering, and bone-headed user decisions, there is ample room for attack and exploitation.
This presentation covers past and present application layer attacks against Tor. From practical hacking and ControlPort madness, to the most up-to-date techniques and beyond, this is an in-depth, technical look at active client-side attacks, HTML content injection, browser fingerprinting, network leakage and other relevant anonymity set issues.
So, forget about the over-heated nodes, infinite circuits and magic packets. When anyone with some JavaScript knowledde, a server on the Internet and a little bit of cleverness can launch these attacks, now is the time to start paying attention to how you use Tor.
Gregory Fleischer has over ten years experience in application development and software security. As an independent security researcher, he has worked with The Tor Project to identify weaknesses in Tor application components such as Torbutton, Vidalia and Privoxy. He has reported vulnerabilities in widely used client-side technologies including Mozilla Firefox, Sun Java and Adobe Flash. Gregory is currently employed as application security engineer with an online brokerage firm.
Gregory Fleischer Security Researcher
Surfing the web using Tor makes you invincible, right?
Wrong! Between the technical deficiencies, web browser idiosyncrasies, Tor vulnerabilities, social engineering, and bone-headed user decisions, there is ample room for attack and exploitation.
This presentation covers past and present application layer attacks against Tor. From practical hacking and ControlPort madness, to the most up-to-date techniques and beyond, this is an in-depth, technical look at active client-side attacks, HTML content injection, browser fingerprinting, network leakage and other relevant anonymity set issues.
So, forget about the over-heated nodes, infinite circuits and magic packets. When anyone with some JavaScript knowledde, a server on the Internet and a little bit of cleverness can launch these attacks, now is the time to start paying attention to how you use Tor.
Gregory Fleischer has over ten years experience in application development and software security. As an independent security researcher, he has worked with The Tor Project to identify weaknesses in Tor application components such as Torbutton, Vidalia and Privoxy. He has reported vulnerabilities in widely used client-side technologies including Mozilla Firefox, Sun Java and Adobe Flash. Gregory is currently employed as application security engineer with an online brokerage firm.
Weitere Episoden
vor 16 Jahren
Kommentare (0)
Melde Dich an, um einen Kommentar zu schreiben.