[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18513 [Tor Browser]: New Identity bypass

Subject: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 10 Mar 2016 04:10:06 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Mar 2016 23:10:17 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18513: New Identity bypass
-----------------------------+----------------------
     Reporter:  tahuttun     |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Major        |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
-----------------------------+----------------------
 The "new identity" bypass requires no JS and works with highest private
 and security level that Tor Browser has! The attack works because favicon
 cache is not truncated. An attacker may spread unique tokens as part of
 the favicon addressess.

 The new identity may be traced to the old one, since we know which token
 is given to which user and have ability to test if the user has the exact
 token (use token once, mark it as used and generate more if required).
 Furthermore, because the favicon connection is not closed when the "new
 identity" is ran we have also the knowledge that the tor browser is still
 open. Favicons are flushed when browser is closed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18513>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18505 [Tor Check]: Tor Check false negative
Next by Author: Re: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
Previous by thread: Re: [tor-bugs] #18351 [Tor]: Relay directory failures and logging are too aggressive
Next by thread: Re: [tor-bugs] #18513 [Tor Browser]: New Identity bypass
Index(es):
- Author
- Thread