Umbhali wephrojekthi ye-OrNetRadar, ebheka ukuxhumana kwamaqembu amasha ama-node kunethiwekhi engaziwa kaTor, ushicilele umbiko ekukhombeni opharetha wenodi yokuphuma enkulu I-Malicious Tor, ezama ukukhohlisa ithrafikhi yomsebenzisi.
Ngokusho kwalezi zibalo, ngomhla ka-22 kumamNgilungise ukuxhumana nenethiwekhi yeTor yeqembu elikhulu lababungazi abanonya, lapho umhlaseli ukuze athole ukulawula ithrafikhi, amboze u-23,95% wawo wonke amakholi ngezindawo zokuphuma.
NgoDisemba 2019 ngabhala ngenkinga ekhulayo yokudluliselwa okunonya kunethiwekhi yeTor ngenkuthazo yokuqwashisa nokwenza ngcono isimo ngokuhamba kwesikhathi. Ngeshwa, esikhundleni sokuba ngcono, izinto ziye zanda kakhulu, ikakhulukazi uma kukhulunywa ngomsebenzi onobungozi wokudlulisa ophumayo weTor.
Ekuphakameni kwayo, iqembu elinonya lalinamaqhubu angaba ngu-380. Ngokuxhumanisa ama-node ngokususelwa kuma-imeyili wokuxhumana asohlwini kumaseva anomsebenzi onobungozi, abacwaningi Bakwazile ukubona okungenani amaqembu ahlukene ayi-9 wezindawo zokuphuma ezinonya asebenze cishe izinyanga eziyi-7.
Abathuthukisi be-Tor bazamile ukuvimba ababungazi abanonya, kodwa abahlaseli bawuthola ngokushesha umsebenzi wabo. Njengamanje, inani lamasayithi amabi lehlile, kepha ngaphezulu kwe-10% yomgwaqo usadlula kuzo.
Kunezinyathelo eziphikisiwe, njengokulayishwa kuqala kwe-HSTS ne-HTTPS yonke indawo, kodwa empeleni, opharetha abaningi bewebhusayithi abazisebenzisi futhi bashiya abasebenzisi babo besengozini yalolu hlobo lokuhlaselwa.
Lolu hlobo lokuhlaselwa alucacisiwe kusiphequluli se-Tor. Ukudluliswa okunonya kusetshenziselwa kuphela ukufinyelela kuthrafikhi yomsebenzisi nokwenza ukutholwa kube nzima, ibhizinisi elibi alizange lihlasele wonke amawebhusayithi ngokulinganayo.
Kubonakala sengathi ikakhulukazi bafuna amawebhusayithi ahlobene ne-cryptocurrencyi.e. izinsizakalo eziningi zokuxuba i-bitcoin.
Bafake amakheli e-bitcoin kuthrafikhi ye-HTTP ukuqondisa kabusha ukuthengiselana kuzikhwama zabo zemali esikhundleni sekheli le-bitcoin elinikezwe umsebenzisi. Ukuhlaselwa kokubhala kabusha ikheli le-Bitcoin akuyona into entsha, kepha isikali semisebenzi yabo. Akunakwenzeka ukunquma ukuthi bahlanganyela yini kwezinye izinhlobo zokuhlaselwa.
Ukususwa okuhlosiwe kokuqondiswa kabusha okuhlukile kwesiza somsebenzi ongene kuma-node okuphuma okunobungozi kubonakala ekufinyeleleni kokuqala kusisetshenziswa esingabhalwanga ngaphezulu kwe-HTTP, okuvumela abahlaseli ukuthi bahlanganyele okuqukethwe kweseshini ngaphandle kokukhohlisa ukuhlaselwa kwe-TLS ("ukususwa kwe-SSL").
Indlela efanayo isebenza kubasebenzisi abathayipha ikheli lesayithi ngaphandle kokukhombisa ngokusobala i- "https: //" phambi kwesizinda futhi ngemuva kokuvula ikhasi bangagxili egameni leprotocol kubha yekheli le-Tor browser. Ukuvikela ukuvimba ukuqondiswa kabusha kokuya kumasayithi we-HTTPS, kunconywa ukuthi usebenzise ukulayisha kuqala kwe-HSTS.
Ngifinyelele kwezinye zezindawo ezaziwayo ezithintekile ze-bitcoin, ngakho-ke bangakunciphisa lokhu ezingeni lobuchwepheshe besebenzisa ukulayisha kuqala kwe-HSTS. Omunye umuntu uthumele imithetho ye-HTTPS-Yonke indawo yezizinda ezaziwayo ezithintekile (i-HTTPS Yonke indawo ifakwa ngokuzenzakalela kusiphequluli seTor). Ngeshwa, awekho kulawa masayithi abe ne-HSTS yokulayisha kuqala inikwe amandla ngaleso sikhathi. Okungenani iwebhusayithi eyodwa ethintekile yenze ukulayisha kuqala kwe-HSTS ngemuva kokufunda ngale micimbi.
Ngemuva kweposi lebhulogi likaDisemba 2019, IProject Tor ibinezinhlelo ezithile ezithembisayo zango-2020 nomuntu ozinikele ekuthuthukiseni ukushayela kule ndawo, kepha ngenxa yokudilizwa kwakamuva okuhlobene ne-COVID19, lowo muntu wabelwa kwenye indawo.
Ngaphezu kwalokho, iziphathimandla zemikhombandlela yeTor ngokusobala azisasusi ukudluliswa ababevame ukukukhipha amasonto ambalwa.
Akucaci ukuthi yini ebangele lokhu kuguqulwa kwenqubomgomo, kepha ngokusobala othile uyayithanda futhi ungeza amaqembu adlulisiwe angachazwanga.
Ekugcineni, uma ufuna ukwazi kabanzi ngayo, ungabheka imininingwane ku- isixhumanisi esilandelayo.