Next week at DEFCON 17, I'll be presenting a talk entitled "Attacking Tor at the Application Layer". The talk is the culmination of several months of new research into application layer and web security issues affecting Tor and associated components.
The material will cover some of the past application attacks as well as current problems that may have an impact on anonymity. Also presented will be new approaches to identifying Tor web traffic, fingerprinting Mozilla Firefox web browser versions and installed applications and browser addons.
In some ways, the content feels like a web app security talk masquerading as a Tor presentation. Although the material is primarily focused on Firefox, a number of the items could have broader applicability to Internet security in general. The topics range from the highly esoteric to the predictably mundane. A few of these are those issues that everyone should know about, but either forgot or doesn't care to deal with.
Over the next few days, I'm going to be posting several items that probably aren't going to make the cut for my talk. Stay tuned.