[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #25929 [Applications/Tor Browser]: Critical breach in first-party isolation allowing users deanonimization and profiling

To: undisclosed-recipients: ;
Subject: [tor-bugs] #25929 [Applications/Tor Browser]: Critical breach in first-party isolation allowing users deanonimization and profiling
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 26 Apr 2018 14:49:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Apr 2018 10:50:14 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25929: Critical breach in first-party isolation allowing users deanonimization and
profiling
------------------------------------------+----------------------
     Reporter:  cypherpunks               |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Immediate                 |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Critical                  |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 1 An adversary crawls the web creating a database storing the info about
 which website uses which certificates in the chain of trust, including
 resources.
 2 The adversary setups a malicious website evil.com having large amount of
 subdomains each one using different certificates in the chain of trust,
 but NOT SENDING ALL OF THEM, each domain skips sending a single
 intermediate certificate.
 1 A user opens a website stupid.com
 2 The website stupid.com uses different resources from different sites
 using different CAs. All the certs are cached.
 3 User closes stupid.com and visits evil.com. The website includes single
 pixel transparent images (or other resources) from all its crafted
 subdomains.  If an intermediate cert is cached the connection succeeds. If
 it isn't it fails. This way the adversary knows which intermediate certs
 are cached and can reduce its uncertainty about the websites visited by a
 user. the attack doesn't require any JavaScript or CSS, only images.
 4 If an adversary controls some of resources of stupid.com it can craft an
 unique set of intermediate certificates for every its user.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25929>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #25929 [Applications/Tor Browser]: Critical breach in first-party isolation allowing users deanonimization and profiling
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #25929 [Applications/Tor Browser]: Critical breach in first-party isolation allowing users deanonimization and profiling
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #24309 [Applications/Tor Browser]: Activity 4.1: Improve how circuits are displayed to the user
Next by Author: Re: [tor-bugs] #25705 [Core Tor/Tor]: Refactor circuit_build_failed to separate build vs path failures
Previous by thread: Re: [tor-bugs] #25267 [Internal Services/Service - git]: Create user/brade/tor-browser-build repo
Next by thread: Re: [tor-bugs] #25929 [Applications/Tor Browser]: Critical breach in first-party isolation allowing users deanonimization and profiling
Index(es):
- Author
- Thread