It is not clear to what degree the researchers "compromised" the tor network. To make matters worse the news story seems to have some translation issues. I am not arma or nickm but from a quick reading it does not seem like a real threat.
"But there are also hidden nodes, the Tor Bridges, which
are provided by the system that in some cases. Researchers
have developed a script that, once again, to identify
them. They found 181. "We now have a complete picture of
the topography of Tor," said Eric Filiol."
The researchers found 181 of over one thousand bridges[1]? That hardly seems like a complete topography of the network. In order to get bridges all you need to do is submit a https request to https://bridges.torproject.org or send an email to bridges@torproject.org from a gmail address. So they scripted https gets and SMTP? The bridge distribution system is designed in such a way that an attacker can not easily flood the system with requests and learn all of the bridge addresses. I imagine this is why they only learned 1/5th of the bridges.
The majority of the research seems to indicate that if an attacker can control 1/3 of the relays in the tor network he can influence its operation and decrypt/associate/identify traffic streams. The tor threat model has always stated that an attacker with control over a significant
number of nodes could successfully compromise the security goals of the network. Furthermore the attack depends on users not utilizing trusted entry nodes. I do not think the attack would have any effect on a user who used a trusted entry node that the attacker did not control.
'The specific attack involves creating a virus and using it to
infect such vulnerable systems in a laboratory environment, and
thus decrypting traffic passing through them again via an unknown,
unmentioned mechanism. Finally, traffic is redirected towards
infected nodes by essentially performing a denial of service on
clean systems.
Researchers showed that one third of the nodes are vulnerable,
"sufficient in all cases so that we can easily infect and obtain
system privileges," says the director.'
While the theory of the network is pretty good, you still have to execute your normal bread & butter security practices. Sadly, the anonymization depends on others doing the same.
The majority of the research seems to indicate that if an attacker can control 1/3 of the relays in the tor network he can influence its operation and decrypt/associate/identify traffic streams. The tor threat model has always stated that an attacker with control over a significant number of nodes could successfully compromise the security goals of the network. Furthermore the attack depends on users not utilizing trusted entry nodes. I do not think the attack would have any effect on a user who used a trusted entry node that the attacker did not control.
[1] https://blog.torproject.org/blog/strategies-getting-more-bri...