lol
You haven't used JanusVM before, have you? It's a free, non-commercial Tor client that basically VPNizes your whole net connection. Since HD Moore's methods depend on tricking your browser into using your "real" IP for making some requests, it will never work with JanusVM, because all IP traffic, regardless of protocol is intercepted and routed through Tor.
The point here is that Moore is claiming to be defeating Tor, when he's really just exploiting misconfigured Tor clients. None of the attacks that he proposes compromise the Tor network/protocol itself. Considering what an amazing security researcher he is, it'd be nice if he'd put his effort into exposing real exploits in the Tor network instead of scoring cheap media points.
The only exploit I can think of is to use malicious Java/Javascript/ActiveX code (or even a browser buffer overflow) to alter files on the client's local system - for example, altering the default home page - so that in the future if the user uses that browser without JanusVM, they're linked to their real IP. That, however, would require using malicious Java code to exploit the client, and would be illegal and fairly unarguably unethical in itself. Doesn't mean that a government or similarly powerful institution wouldn't be willing to do it though...
The solution to this danger for the super-paranoid is of course to set aside a machine (or virtual machine) which always runs JanusVM and thus is "permanently anonymized".
Discussion on:
Message 10 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
