TOR got compromised !!! Finally Onion got pealed off..

Tor anonymizing network Compromised by French researchers

French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system’s source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate.

But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. "We now have a complete picture of the topography of Tor," said Eric Filiol.

The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.

Researchers showed that one third of the nodes are vulnerable, "sufficient in all cases so that we can easily infect and obtain system privileges," says the director. Researchers clone then a part of the network in order not to touch the real network, and they make a virus with which they will be able to take control of the machine."This allows us to set the encryption keys and readers initialization of cryptographic algorithms and thus cancel two layers of encryption on all three," says Eric Filiol. The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.

To guide communication to nodes infected, researchers make unavailable all other nodes. To do this, they apply a double attack: localized congestion, which involves sending a large number of requests Tor on uninfected machines, and spinning the packet, which will enclose Tor servers in a loop circuit to fill them. The Tor protocol will then, naturally, to route calls to infected machines, and that's it.

However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30-2011. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.

Read more »

Dennis Ritchie co-creator of C and Unix dies at 70

Dennis Ritchie known as the co-creator of C and Unix has died at the age of 70 . Having created arguably the best OS which has spawned better clones like BSD and GNU/Linux and a language truly designed for programming, he will be missed by all who use products of his legacy . RIP Dennis

Read more »

Nokia's gamble with Linux

After failing to capture the hearts or rather the pockets of people with the S40 and facing severe attrition , Nokia is reintroducing Linux(not again) into its line of mobile phones operating systems.

Nokia has announced that it will be developing a new linux based operating system called meltemi which will run on its low end phones that will replace the current crop of S40 based feature phones.

Link

http://www.bgr.com/2011/09/29/nokia-to-turn-mobile-landscape-on-its-head-with-meltemi-smartphone-os/

http://www.itworld.com/hardware/208803/nokia-readies-linux-os-low-end-smartphones

Another key factor in mellemi is the development of applications . Apps will be developed using the Qt Toolkit which was acquired by Nokia from Trolltech and since then made open. Qt allows applications developed in to to be run independent of the platform ( Desktop , phones etc etc ) .

The move is one of the many inconsistent decisions made by Nokia over the years since the rise of Android and iOS, to protect its user base and expansion options . While android bought profits to a sinking Motorola and lead to cheap smartphones , Symbian bore the brunt of a rapidly burgeoning android market share , shedding share like ice cream melting in the heat. Nokia made a few erratic moves by merging its thriving base in maemo with the Mobiln distro from Intel ( another failed attempt in bringing Linux to the desktop masses through netbooks ) . Meego was abandoned by Nokia once again after its partnership with Windows through which it received 1.2 billion USD . Even now it is still doubtful if Nokia can get back its market share it enjoyed in the hey days of Symbian.

The future of Meego (doubtful) was been buried completely following the announcement of Tizen, yet another Linux based OS ( so far no. 3 ) that will developed along with Intel, the LiMo foundation and the linux foundation .

However with cheap feature phones and basic phones providing most of its income in third world countries , Nokia cannot choose to ignore its cash cow. With the arrival of Windows 7 based Nokia phones , Nokia can mount a serious challenge to the bastions of Android and iOS . However licensing costs that would come with win 7 means that low end market simply cannot be cheap enough and Nokia would still end up losing market share.

Enter Meltemi . Named after favorable winds in the Aegian Basin , meltemi would provide a Linux based OS for the low end phones using the Qt toolkit to develop apps and the OS itself . This also is sweet news to developers who hate writing apps in Java .

While S40 made for a cheap platform , it is seriously behind the competition in terms of polish and features. A dated UI , and a lack of modern features has left s40 panting in the middle of the track .Though history proves otherwise with Nokia's record of inconsistency and bad decisions regarding Linux, Meltemi just might change the equation for Nokia if it can bring in a better UI , app development persuading people in the third worlds looking for better phones to stick with the Nokia camp.

Read more »