[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18702 [Tor Browser]: Downloaded files integrity

Subject: [tor-bugs] #18702 [Tor Browser]: Downloaded files integrity
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 01 Apr 2016 09:30:19 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Apr 2016 05:30:28 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18702: Downloaded files integrity
-----------------------------+----------------------
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
-----------------------------+----------------------
 Malicious exit nodes can modify downloaded files in the way they will
 cause malicious activity. For example, they can add malware to executables
 or embed exploit into PDFs. Most of binaries in the Web are non-signed and
 downloaded via http. Even if they were signed, there is no way for a Tor
 user to know that they were signed prior malicious modification removing
 any trace of a signature.

 So we need a bot downloading different binaries via different exit nodes
 and non-torified connections, comparing the results and blacklisting
 malicious exit nodes.

 Naive implementation is vulnerable to the attack: a malicious website can
 give a randomized binary to victim exit nodes causing them to be
 blacklisted. Malicious CDNs or NSA hardware in main ISPs can be much more
 dangerous and stealthy.

 Maybe we should ship a db of hashes of popular binaries (programs, pdfs,
 etc) and check their integrity?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18702>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #18702 [Tor Browser]: Downloaded files integrity
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18702 [Tor Browser]: Downloaded files integrity
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18702 [Tor Browser]: Downloaded files integrity
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18702 [- Select a component]: Downloaded files integrity
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18697 [Wiki]: Update ListOfServicesBlockingTor and update my account level.
Next by Author: Re: [tor-bugs] #18702 [Tor Browser]: Downloaded files integrity
Previous by thread: Re: [tor-bugs] #13752 [Tor]: Extend TLS RSA link keys to 2048-bit
Next by thread: Re: [tor-bugs] #18702 [Tor Browser]: Downloaded files integrity
Index(es):
- Author
- Thread