[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How are hackers breaking Tor and trojan users?



Being one of the JanusVM developers, I can answer these questions for you.

On Tue, Jun 10, 2008 at 2:38 AM, MadAtTorHackers <madathackers@xxxxxxxxx> wrote:
I read that hackers are breaking Tor and turning into a trojan/rootkit?  Is this possible?  How can they do this?

In post: http://www.wilderssecurity.com/showpost.php?p=1257878&postcount=722
says XeroBank:

I saw something about a Tor exploit talk being planned for Defcon. I'll assume that's where the s%*t is scheduled to hit the fan?
The one scheduled so far isn't going to be anything I don't think. I have serious doubts, considering the wording. Ours, if accepted, will truly unmask tor users and turn tor into a trojan/rootkit.
 
Is this XeroBank spreading fear to Tor without cause? 

No.  Are you spreading fear without cause.
 
Or did hackers break Tor and create it a Trojan / Rootkit?

Yes.  http://www.janusvm.com/goldy/vuln/tor-controlport.html
 

I see also JanusVM developer are working for XeroBank:
http://xerobank.com/team.php

Yes I am, because giving away free software doesn't pay the bills, and users maybe donate $50 (USD) a month, which is not enough to live on.
 

Is JanusVM not being maintained because of XeroBank taking over? 

Absolutely not!
 
It is dead since 2007.  They say download removed for Debian, but keep donations request and link to current Oct-19-2007:
http://www.janusvm.com/download.html

Re-read that URL please.  I said it has been removed because of the Debian OpenSSL vulnerability. 
Please try to refrain from taking the situation out of context. 

Yes, I haven't update JanusVM to use the newest version of Tor, yet.  Soon though. 
No, it has not been dead since 2007.  It's been down for a couple of weeks, tops.
Oct. 19, 2007 was the last time we updated JanusVM because it's fairly low maintenance and the security model is solid.
Even the ControlPort vulnerability from last year didn't affect JanusVM, and we had the ControlPort enabled just like everyone else.
 

How can Tor become Trojan / Rootkit, this seems not possible? 

Again, http://www.janusvm.com/goldy/vuln/tor-controlport.html
Now I know, this problem has been long solved.  BTW, I was the one who told the Tor developers how to fix it.
They listened and the problem was solved.

If some evil "hacker" gets your controlport, they could: 
- Revealing the clients true IP address (anonymity).
- Mapping hidden services to the clients own computer (security)
- Mapping hidden services to other computers in the clients local network (security)
- Mapping hidden services to other services on the Internet (security)
- Moving the client from the public Tor network to a privately controlled Tor network (privacy)
( http://blog.xerobank.com/2008/06/security-and-osi-model.html )
 
How are hackers allowed to break user computers and not be illegal? 

If the test are in a controlled environment on systems that the "hacker" owns, then there is nothing to worry about and nothing you can do about it.
It's called Research and Development.  Research vulnerabilities, and develop defenses to those vulnerabilities.
 
Why is JanusVM working for XeroBank? 

Because the world requires money to live a good life and I don't want to be like the homeless hacker.
Plus, I spent all of 2007 very poor while I worked on R&D.  I'm sick of being poor and now working my ass off at two jobs.

 
Is there a safe Tor Virtual Machine to use?

Yes.  Before you loose sleep over the issue, just disable Tor's ControlPort and you can worry a lot less.
Or use Firefox + TorButton 1.2.0 is you so choose.
 

I have many questions.  Thank you!

And I have many answers!

Thank you for your concern, but don't worry about it too much.