The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.

Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".

Tor which stands for The Onion Router is an open-source public project that bounces its users' internet traffic through several other computers, which it calls "relays" or "nodes", to keep it anonymous and avoid online censorship tools.

It is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense which houses the NSA.

Despite Tor's importance to dissidents and human rights organizations, however, the NSA and its UK counterpart GCHQ have devoted considerable efforts to attacking the service, which law enforcement agencies say is also used by people engaged in terrorism, the trade of child abuse images, and online drug dealing.

Privacy and human rights groups have been concerned about the security of Tor following revelations in the Guardian, New York Times and ProPublica about widespread NSA efforts to undermine privacy and security software. A report by Brazilian newspaper Globo also contained hints that the agencies had capabilities against the network.

While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps.

One such technique is based on trying to spot patterns in the signals entering and leaving the Tor network, to try to de-anonymise its users. The effort was based on a long-discussed theoretical weakness of the network: that if one agency controlled a large number of the "exits" from the Tor network, they could identify a large amount of the traffic passing through it.

The proof-of-concept attack demonstrated in the documents would rely on the NSA's cable-tapping operation, and the agency secretly operating computers, or 'nodes', in the Tor system. However, one presentation stated that the success of this technique was "negligible" because the NSA has "access to very few nodes" and that it is "difficult to combine meaningfully with passive Sigint".

While the documents confirm the NSA does indeed operate and collect traffic from some nodes in the Tor network, they contain no detail as to how many, and there are no indications that the proposed de-anonymization technique was ever implemented.

Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled 'Tor: Overview of Existing Techniques', also refers to making efforts to "shape", or influence, the future development of Tor, in conjunction with GCHQ.

Another effort involves measuring the timings of messages going in and out of the network to try to identify users. A third attempts to degrade or disrupt the Tor service, forcing users to abandon the anonymity protection.

Such efforts to target or undermine Tor are likely to raise legal and policy concerns for the intelligence agencies.

Foremost among those concerns is whether the NSA has acted, deliberately or inadvertently, against internet users in the US when attacking Tor. One of the functions of the anonymity service is to hide the country of all of its users, meaning any attack could be hitting members of Tor's substantial US user base.

Several attacks result in implanting malicious code on the computer of Tor users who visit particular websites. The agencies say they are targeting terrorists or organized criminals visiting particular discussion boards, but these attacks could also hit journalists, researchers, or those who accidentally stumble upon a targeted site.

The efforts could also raise concerns in the State Department and other US government agencies that provide funding to increase Tor's security as part of the Obama administration's internet freedom agenda to help citizens of repressive regimes circumvent online restrictions.

Read the full article.

Arduino TRE, based on the Texas Instruments Sitara AM335x ARM Cortex-A8 processor is the "most powerful Arduino to date" and the first that will be able to run "full Linux."

Thanks to the 1-GHz Sitara AM335x processor, Arduino developers get up to 100 times more performance with the Sitara-processor-based TRE than they do on the Arduino Leonardo or Uno. This performance opens the doors to more advanced Linux-powered applications. The Sitara-processor-based Linux Arduino can run high-performance desktop applications, processing-intensive algorithms or high-speed communications.

The Arduino TRE is two Arduinos in one: the Sitara-processor-based Linux Arduino plus a full AVR-based Arduino, while leveraging the simplicity of the Arduino software experience. The integration of the AVR Arduino enables the Arduino TRE to use the existing shield ecosystem so that innovators can expand the Arduino TRE to develop a wide range of high-performance applications such as 3D printers, gateways for building automation and lighting automation, telemetry hubs that collect data from nearby sensors wirelessly, and other connected applications that require host control plus real-time operations.

In addition, the Arduino TRE is partially the result of a close collaboration between Arduino and the BeagleBoard.org foundation. These open hardware pioneers share a passion for expanding open source development and making technology accessible for artists, designers and hobbyists. The TRE design builds upon the experience of both Arduino and BeagleBoard, combining the benefits of both community based boards.

"By choosing TI's Sitara AM335x processor to power the Arduino TRE, we're enabling customers to leverage the capabilities of an exponentially faster processor running full Linux," said Massimo Banzi, co-founder, Arduino.

Source: http://blog.arduino.cc/2013/10/03/a-sneak-preview-of-arduino-tre/