Surfing the web using Tor makes you invincible, right?
Wrong! Between the technical deficiencies, web browser idiosyncrasies, Tor vulnerabilities, social engineering, and bone-headed user decisions, there is ample room for attack and exploitation.
This presentation covers past and present application layer attacks against Tor. From practical hacking and ControlPort madness, to the most up-to-date techniques and beyond, this is an in-depth, technical look at active client-side attacks, HTML content injection, browser fingerprinting, network leakage and other relevant anonymity set issues.
So, forget about the over-heated nodes, infinite circuits and magic packets. When anyone with some JavaScript knowledge, a server on the Internet and a little bit of cleverness can launch these attacks, now is the time to start paying attention to how you use Tor.