[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Project infrastructure updates in response to security breach



When you guys have finished the assessment will you be releasing details
of how the compromise happened?

Cheers,
Harry

On Wed, 2010-01-20 at 16:43 -0500, Roger Dingledine wrote:
> You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
> https://www.torproject.org/download.html.en
> 
> In early January we discovered that two of the seven directory
> authorities were compromised (moria1 and gabelmoo), along with
> metrics.torproject.org, a new server we'd recently set up to serve
> metrics data and graphs. The three servers have since been reinstalled
> with service migrated to other servers.
> 
> We made fresh identity keys for the two directory authorities, which is
> why you need to upgrade.
> 
> Moria also hosted our git repository and svn repository. We took the
> services offline as soon as we learned of the breach. It appears the
> attackers didn't realize what they broke into -- just that they had
> found some servers with lots of bandwidth. The attackers set up some ssh
> keys and proceeded to use the three servers for launching other attacks.
> We've done some preliminary comparisons, and it looks like git and svn
> were not touched in any way.
> 
> We've been very lucky the past few years regarding security. It still
> seems this breach is unrelated to Tor itself. To be clear, it doesn't
> seem that anyone specifically attacked our servers to get at Tor. It
> seems we were attacked for the cpu capacity and bandwidth of the servers,
> and the servers just happened to also carry out functions for Tor.
> 
> We've tried to address the most common questions below.
> 
> * Does this mean someone could have matched users up to their
> destinations?
> 
> No. By design, Tor requires a majority of directory authorities (four
> in this case) to generate a consensus; and like other relays in the
> Tor network, directory authorities don't know enough to match a user
> and traffic or destination.
> 
> * Does this mean somebody could have changed the Tor source?
> 
> No, we've checked the source. It does mean you should upgrade so your
> client knows about all the currently valid directory authorities.
> 
> * Does this mean someone could have learned more about Tor than an
> ordinary user?
> 
> Since our software and specifications are open, everyone already has
> access to almost everything on these machines... except some old bridge
> descriptors, which we give out only in small batches as entry points for
> blocked clients.
> 
> * Can I trust Tor's security?
> 
> We've taken steps to fix the weaknesses identified and to harden our
> systems further. Tor has a track record of openness and transparency,
> with its source code and specifications and also with its operations.
> Moreover, we're disclosing breaches such as this so you can monitor our
> status. You shouldn't assume those who don't disclose security breaches
> never have any!
> 
> --Roger
> 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/