[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Mon, 10 Feb 2020 01:48:09 -0700
Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJeOJZsBQkWkLQVAAoJEGINZVEXwuQ+fjYH/jRnSBHPPd2b MyFCxWI3xv8GAjcU0zgZpKpv9/rSxPdgzWu1gRIL0l0+5TqluYF01ZVLyU2LShIwBsUeCGqt aRWR/Gii+ve9Y+34D09cK2ZIR0vw+d6VhxYt7vj727fPceBnaJ/R64Xlf3gdb924ecwXc9Nz D1dLZzhJbCpubqX5GuDzRQRZPhz8gENCjsDLrphqfu/p7h4hXTG3IKstYoilnFZvVO4Js8LN W5hq76Ry9+YyVKXYymVFZ67ICsC+cK1GW7nJMrxstDXHYgiauOEHZpNDnWDaTDvkRJlo8I1T bNF/VkhrY3bs0nsf8DWqwyJVk9DRgGAKZHm6oH7Ryr/OwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCXjiWeAUJ FpC0IQAKCRBiDWVRF8LkPuouCAC6qFUXh9tyoUKDepuiImO0DBdKI+9Lb6iReFZOXwulJ5A2 AMyEL4UFPtGGGN01pOGZ7DdJbcZb8NAz7P9/FAp9rm3fDsSP0JL65y66GAjMl853FGOBDG1M 2Ew6rh5khp3SJRDWWZmA4prbwQuVwAB05AYQFt4P4LF0Ts4Yb9k/Ss6CcygurRrizIVeJrmr 7nI19AFUSUL2Bj2pYSHsAffYH5cVaXwBegBkyEE/vLRffv9/93stqdsNTbQeU3pYzJk9CKQZ wusWrW9wPondqAyS3QzEunM97DQu/nAGlE4ZRrHdHRnRHIoBXkz6s/Bfpu2nlbNHt18P9Eqv N0m+aPCo
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Feb 2020 03:48:31 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1581324493; bh=AuW1k0GrTeggeRta3CQBOkmQExRqBQBKY5ZYLg3za7I=; h=Subject:To:References:From:Date:In-Reply-To:From; b=eD0n6hSWxcTouFChd1LN7Urj6qGsZki/lMmGsQ4A8xz6L0VT1HsIyMpvQj0Mcq8QX 2bLyCaGoBs3VOuUlWLnW2x+q0V4X+IaohkBhJPnPWGaVP5DlPX1z4OAzYSrQLID/Gm 7cdU7BOb7oAjGyFHm7liQi6nByCRNTzFYclkLJ4c=
In-reply-to: <5E405B26.9000301@quantentunnel.de>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <CAD2Ti2_FEGDbYcEuPqgNvMddhYXGkj+B_zzPLR0Xq6HiOtWL-Q@mail.gmail.com> <5E405B26.9000301@quantentunnel.de>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 02/09/2020 12:19 PM, Felix wrote:
> Hi everybody
> 
> Am 2020-02-09 um 12:40 PM schrieb grarpamp:
>> Given the variety of known weaknesses, exploits, categories
>> of papers, and increasing research efforts against tor and
>> overlay networks in general, and the large number of these
>> "mystery gaps" type of articles (some court cases leaving hardly
>> any other conclusion with fishy case secrecy, dismissals, etc)...
>> the area of speculative brokeness and parallel construction
>> seems to deserve serious investigative fact finding project of
>> global case collation, interview, analysis to better characterize.
> ...
>> Early on August 2 or 3, 2013, some of the users noticed “unknown
>> Javascript” hidden in websites running on Freedom Hosting. Hours
>> later, as panicked chatter about the new code began to spread, the
>> sites all went down simultaneously. The code had attacked a Firefox
>> vulnerability that could target and unmask Tor users—even those using
>> it for legal purposes such as visiting Tor Mail—if they failed to
>> update their software fast enough.
>>
>> While in control of Freedom Hosting, the agency then used malware that
>> probably touched thousands of computers. The ACLU criticized the FBI
>> for indiscriminately using the code like a “grenade.”
>>
>> The FBI had found a way to break Tor’s anonymity protections, but the
>> technical details of how it happened remain a mystery.
> 
> https://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
> 
> A malicious route around Tor was/is solvable by keeping the system
> updated or by the use of techniques like Whonix or Tails.
> 
> -- 
> Cheers, Felix

That depends.

Whonix would protect users against malware that bypasses Tor browser.
Perhaps Tails would as well, given its iptables rules, but arguably not
as well as Whonix does. Because in Whonix, Tor client and apps are in
separate VMs, and there's no forwarding from the workstation VM, just
SocksPorts exposed to it on the gateway VM.

And onion services could also use Whonix, or at least the basic concept
of Whonix, implemented in KVM or VBox VMs on the server. Onion services
on Tails would be harder, but probably doable.

However, neither Whonix or Tails would protect users or onion services
against attacks that manipulate Tor clients into using malicious guards.
And once an adversary controls the guard, it knows the IP address of the
user or server. Tails might even be more vulnerable, because it picks
new guards at each boot.

As far as I know, there just two ways to defend against attacks via
malicious guards. One is using vanguards.[0,1] The other is simply
hiding the user's or server's IP address from the guard, using a VPN
service, or a nested VPN chain.

0) https://github.com/mikeperry-tor/vanguards/
1) https://lists.torproject.org/pipermail/tor-dev/2020-February/014156.html

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview
  - From: grarpamp
- Re: [tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto
  - From: Felix

Prev by Author: Re: [tor-talk] Tor and sources.list
Next by Author: [tor-talk] New alpha release: Tor 0.4.3.2-alpha
Previous by thread: Re: [tor-talk] Tor Speculated Broken by FBI Etc - Freedom Hosting, MITTechReview - Magneto
Next by thread: [tor-talk] TBB "Security Level" Question.
Index(es):
- Author
- Thread