[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How are hackers breaking Tor and trojan users?

On Wednesday 11 June 2008 06:17:38 Roger Dingledine wrote:
> He may also be referring to attacks where a local application (like the
> browser, but it doesn't have to be) can be tricked into connecting to
> your local Tor control port, like Kyle's attack from last year:
> http://archives.seul.org/or/announce/Sep-2007/msg00000.html
> This was a great attack, but I think the latest versions of Torbutton
> and Vidalia make it a non-issue going forward. I would love to hear if
> you think otherwise.

On a default Tor installation from source, i.e. with no authentication mechanism 
enabled, it is still possible successfully to send commands to the controlport 
if the 'authenticate' command is not preceded by any garbage.

If someone were to develop a browser-based exploit that managed to get 
the 'authenticate', with no preceding bytes, to the controlport then they're in. 
I believe this is extremely difficult to do, and if such an attack was the 
subject of arrakis' and kyle's paper they would have much bigger fish to fry 
than just Tor.

One way of preventing such an attack, however unlikely, would be to mandate a 
conversation such as:

robert@darkstar:~$ telnet localhost 9051
Connected to localhost.
Escape character is '^]'.
Challenge is: 0a5f37d2edd284cb
250 OK
250 OK

In the above sequence the controller has had to inspect the challenge and parrot 
it back in order to be allowed issue an authenticate command.

As far as I'm aware this would defeat a html-form based attack of the sort 
released last year, since such attacks cannot process feedback from the port 
they're attacking. 

Attachment: signature.asc
Description: This is a digitally signed message part.