Yeah, the tor blog is linked elsewhere in this thread. It had been patched for a while when it came out, and there was a push to upgrade any older relays.
If I had to guess what the blackhat talk was, it probably was more about a systemic vulnerability than a specific hack. I'm guessing it got killed over ECPA legal concerns.
Actually, it's the Wiretap Act (See 18 U.S.C.§2511), and the Pen Register and Trap and Trace Act (See 18 U.S.C. §3127) you have to ensure you follow when performing this type of research.
Equally interestingly, the same researchers who assisted with the paper on the legality of network monitoring for research purposes were later accused of wiretapping (although never charged) for monitoring Tor for research: http://www.cnet.com/news/researchers-could-face-legal-risks-...
8 comments
[ 460 ms ] story [ 1183 ms ] threadEDIT: According to someone on reddit, it's been patched, and the Black Hat one sounded like it hadn't been. http://www.reddit.com/r/netsec/comments/2bf9fl/the_sniper_at...
Here's an interesting analysis: http://spot.colorado.edu/~sicker/publications/issues.pdf
Equally interestingly, the same researchers who assisted with the paper on the legality of network monitoring for research purposes were later accused of wiretapping (although never charged) for monitoring Tor for research: http://www.cnet.com/news/researchers-could-face-legal-risks-...
God damn you are a dumb fuck.
cannot educate a nigger.
> 21st Symposium on Network and Distributed System Security (NDSS 2014)
So nothing to do with Black Hat which I thought it was until I saw the comments here. Misupvoted...