French Researchers Allegedy Compromised Tor
Researchers from a French engineering school called ESIEA claim to have found and exploited some vulnerabilities in Tor's network. They claim to have surveyed the entire network and discovered 6000 machines, about a third of which vulnerable to exploits. Eric Filiol, one of the researches, said, "We now have a complete picture of the topography of Tor".
However, an article from Tor speculates about the claims and provides evidence that it may be bogus. Here is an excerpt summarizing their understanding of the alleged attack:
"They enumerated 6000 IP addresses that they think are Tor relays. There aren't that many Tor relays in the world,” 2500 is a more accurate number. We're not sure what caused them to overcount so much. Perhaps they watched the Tor network over a matter of weeks and collected a bunch of addresses that aren't relays anymore? The set of relays is public information, so there's no reason to collect your own list and certainly no reason to end up with a wrong list.
"One-third of the machines on those IP addresses are vulnerable to operating system or other system level attacks, meaning he can break in. That's quite a few! We wonder if that's true with the real Tor network, or just their simulated one? Even ignoring the question of what these 3500 extra IP addresses are, it's important to remember that one-third by number is not at all the same as one-third by capacity: Tor clients load-balance over relays based on the relay capacity, so any useful statement should be about how much of the capacity of the Tor network is vulnerable. It would indeed be shocking if one-third of the Tor network by capacity is vulnerable to external attacks.
"(There's also an aside about enumerating bridges. They say they found 181 bridges, and then there's a quote saying they "now have a complete picture of the topography of Tor", which is a particularly unfortunate time for that quote since there are currently around 600 bridges running.)"
They have not currently released the details of their exploit, but they say they will speak at the Hackers to Hackers conference in São Paulo on October 29/30 2011. Whether or not there is any truth to these claims will be made evident at the Hackers to Hackers conference.
That is only a small piece of Tor's retort. For further reading about Tor's take on these claims, go here.
And to see the full article about the claims from the researchers, go here.