That paper also demonstrates how easy it is to create a bad exit node that can poison traffic passing through it with spam, malware, trojans, fake sites and 0-day exploits. By joining the TOR network and becoming a server a rouge player instantly becomes a trusted ISP and can serve up anything they want and monitor everything passing through. I use firefox with noscript fully armed but every now and again I allow scripts for a certain site to access some functionality and then, no matter what site that is, if I am using tor I will be at more risk than if not using tor. What about people using IE on an unpatched machine. TOR becomes a BOT army recruitment center where the new soldiers walk right in. No need to advertise.
I am new to this list so maybe this has already be discussed and sorted and I'm over reacting but for a while now I have been very wary about the way I use tor and the internet in general. I was using tor a few weeks ago and a german exit node was altering my content so I have seen this happen first hand.
Can the tor directory provider run a script every now and again that checks the content of a site/image retrieved from outside of tor and though each exit node and then look into any discrepancies. I know anyone can try this and make a better test but this will eventualy have to be done and acted upon by a trusted party.
Thus spake Jacob Appelbaum (jacob@xxxxxxxxxxxxx):
> Hi *, > > Fortconsult wrote this and it may be of some interest to people on this > list: > http://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf
Wow. I think the most telling statement is that most of the people they got were from China. Probably unfortunate side effect of most of the Tor docs being in English..
Incidently, I tried out TorPark the other day, and I must say it is pretty magnificent. Having a well-configured browser like that for Tor usage solves nearly every one of these problems.
Would be nice if NoScript defaulted to All-Off instead of All-On, and they used AdBlock Plus with some feeds instead of just AdBlock, but otherwise excellent for casual "only sometimes" Tor users who are likely to be tripped up by this sort of stuff.
-- Mike Perry Mad Computer Scientist fscked.org evil labs