Two new attacks on Tor

Tor webpage Two new attacks on Tor were recently announced.

The first involves using an exit node to automatically modify software patches to include malware. This one is being seen in the wild already.

The second uses Tor and some quirks in the security model of Bitcoin to allow attackers to create double spending and even create an alternative shadow hash chain visible only to the victims.

Update: Roger Dingledine of Tor writes that the relay detected modifying binary updates has been marked as a "BadExit" so it will no longer be used. Of course, there may be others.


Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on FacebookTwitter, and Google+.