Developers of the Tor privacy service say they're close to fixing a weakness that researchers for an abruptly canceled conference presentation said provides a low-cost way for adversaries to deanonymize hundreds of thousands of users.
The talk previously scheduled for next month's Black Hat security conference in Las Vegas was titled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget." The abstract said that the hack cost less than $3,000 and could uncloak hundreds of thousands of users. On Monday, Black Hat organizers said the presentation was canceled at the request of attorneys from Carnegie Mellon University (CMU), where the researchers were employed, as well as the Software Engineering Institute (SEI). The attorneys said only that the materials to be presented "have not yet been approved by CMU/SEI for public release." Researchers Alexander Volynkin and Michael McCord have yet to explain why their talk was pulled.
Tor officials responded by saying that they're working on an update for individual Tor relay nodes that will close the unspecified security hole.