[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How are hackers breaking Tor and trojan users?

Hash: SHA256

Robert Hogan @ 2008/06/11 18:48:
> On Wednesday 11 June 2008 06:17:38 Roger Dingledine wrote:
> <snip>
>> He may also be referring to attacks where a local application (like the
>> browser, but it doesn't have to be) can be tricked into connecting to
>> your local Tor control port, like Kyle's attack from last year:
>> http://archives.seul.org/or/announce/Sep-2007/msg00000.html
>> This was a great attack, but I think the latest versions of Torbutton
>> and Vidalia make it a non-issue going forward. I would love to hear if
>> you think otherwise.
> On a default Tor installation from source, i.e. with no authentication mechanism 
> enabled, it is still possible successfully to send commands to the controlport 
> if the 'authenticate' command is not preceded by any garbage.
> If someone were to develop a browser-based exploit that managed to get 
> the 'authenticate', with no preceding bytes, to the controlport then they're in. 
> I believe this is extremely difficult to do, and if such an attack was the 
> subject of arrakis' and kyle's paper they would have much bigger fish to fry 
> than just Tor.

like this? http://www.janusvm.com/goldy/vuln/tor-controlport.html
(posted earlier in the thread by Kyle Williams)