It's been patched. Here's the Tor Project's take: https://blog.torproject.org/blog/new-tor-denial-service-atta...

Am I correct in assuming this is what was pulled from Black Hat?

EDIT: According to someone on reddit, it's been patched, and the Black Hat one sounded like it hadn't been. http://www.reddit.com/r/netsec/comments/2bf9fl/the_sniper_at...

Yeah, the tor blog is linked elsewhere in this thread. It had been patched for a while when it came out, and there was a push to upgrade any older relays.

If I had to guess what the blackhat talk was, it probably was more about a systemic vulnerability than a specific hack. I'm guessing it got killed over ECPA legal concerns.

Actually, it's the Wiretap Act (See 18 U.S.C.§2511), and the Pen Register and Trap and Trace Act (See 18 U.S.C. §3127) you have to ensure you follow when performing this type of research.

Here's an interesting analysis: http://spot.colorado.edu/~sicker/publications/issues.pdf

Equally interestingly, the same researchers who assisted with the paper on the legality of network monitoring for research purposes were later accused of wiretapping (although never charged) for monitoring Tor for research: http://www.cnet.com/news/researchers-could-face-legal-risks-...

On his blog it reads:

> 21st Symposium on Network and Distributed System Security (NDSS 2014)

So nothing to do with Black Hat which I thought it was until I saw the comments here. Misupvoted...