An exclusive gaming industry community targeted
to, and designed for Professionals, Businesses
and Students in the sectors and industries
of Gaming, New Media and the Web, all closely
related with it's Business and Industry.
A Rich content driven service including articles,
contributed discussion, news, reviews, networking, downloads,
and debate.
We strive to cater for cultural influencers,
technology decision makers, early adopters and business leaders in the gaming industry.
A medium to share your or contribute your ideas,
experiences, questions and point of view or network
with other colleagues here at iVirtua Community.
Wired is carrying a story about a method developed by security researchers to identify computers hiding behind anonymity services. From the article: 'His victim is the Onion Router, or "Tor" — a sophisticated privacy system that lets users surf the web anonymously. Tor encrypts a user's traffic, and bounces it through multiple servers, so the final destination doesn't know where it came from. Murdoch set up a Tor network at Cambridge to test his technique, which works like this: If an attacker wants to learn the IP address of a hidden server on the Tor network, he'll suddenly request something difficult or intensive from that server. The added load will cause it to warm up.
Wired wrote:
A security researcher has a devised a novel attack on online anonymity systems in which he literally takes a computer's temperature over the internet.
The attack uses a phenomenon called "clock skew" -- the tendency for the precise clocks in modern computers to drift off of the correct time at slightly different rates, which can be affected by heat.
"When a crystal is manufactured, it has a clock skew, and it's different for each crystal (throughout its) lifetime," explains Steven J. Murdoch, a Cambridge University researcher who discussed his work at the Chaos Communications Congress on Thursday.
Last year UCLA Ph.D. student Tadayoshi Kohno showed that clock skew can be used to identify computers on the internet, by charting the timestamps in a machine's traffic. But the skew is a fairly weak identifier, providing at best 64 unique fingerprints. A network of a thousand computers would have 16 with an identical clock skew.
The research spawned a variety of theories on how clock skew could be used to attack anonymity online -- from detecting daytime hours at a server located in an unknown country, to counting the number of hosts behind a NAT firewall. Murdoch was the first to make an attack work.
His victim is the Onion Router, or "Tor" -- a sophisticated privacy system that lets users surf the web anonymously. Tor encrypts a user's traffic, and bounces it through multiple servers, so the final destination doesn't know where it came from.
Wired wrote:
Ironically it might be the most extremely hardened computers that would be most vulnerable to this style of attack. Murdoch theorizes that military computers with precise time reporting should be easier than more casual networks like Tor, in the long run.
Digg Topic
Tag topic on On del.icio.us
Technorati Search
Post to Slashdot
