[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How are hackers breaking Tor and trojan users?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: How are hackers breaking Tor and trojan users?
From: coderman <coderman@xxxxxxxxx>
Date: Wed, 11 Jun 2008 19:22:49 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 11 Jun 2008 22:22:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=CxrpDvqfYtrhIJI4ArA+gq4Rd28QD8U+KRuZUdqkzwk=; b=JcMspHUL73yLLjJKxHdlH1XpxgbijlkKsZwlQD5YakBi/KCMBVkDorqq17cIhSJXLp 7ZnRuSAF3p4jiMfc6HH2+A+4kzoFq2j/5nYg3hGQWfNf4V+n4ZXJzyDVk/skLmRNgVQz AzOF6/ns5nI4xRfRKqPEc2N9S5VBJFN3KshBw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=YiPoAUXHRa+YfTZhDsSjvHzGzzsHjkbCgmoZVLJY3Ti1sfqo3pOJA8cD/FUBb7lZTh Rl/GBeLyPbbxNjiwwXabgnLk3wGu2PV5dRsBvviDkD+KaX63ZoXIyxOUE8hxXvWzPrxa lfDrpji9r9Vc64Vos0C4zHYywcULCGTOmuSiM=
In-reply-to: <48506F5E.7010602@xxxxxxxxxx>
References: <f5b87330806100238s873e1ccld54cf3850ff8e7d5@xxxxxxxxxxxxxx> <484F501C.9000209@xxxxxxxxx> <20080611051738.GE15456@xxxxxxxxxxxxxx> <200806111948.51289.robert@xxxxxxxxxxxxxxx> <48506F5E.7010602@xxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Wed, Jun 11, 2008 at 5:35 PM, scar <scar@xxxxxxxxxx> wrote:
> ...
>> If someone were to develop a browser-based exploit that managed to get
>> the 'authenticate', with no preceding bytes, to the controlport...
>
> like this? http://www.janusvm.com/goldy/vuln/tor-controlport.html

that is a standard HTTP post and thus sends HTTP request headers
before the textarea form payload.

what Robert indicated is that he thinks it is highly unlikely that you
could use a browser to connect and send AUTHENTICATE before anything
else, like the request headers.

the challenge / response handshake he suggested is an interesting
option for authenticating to the control port; it would indeed
eliminate any blind injection attacks, while still making it trivial
to use the control port legitimately.

best regards,

References:
- How are hackers breaking Tor and trojan users?
  - From: MadAtTorHackers
- Re: How are hackers breaking Tor and trojan users?
  - From: Arrakis
- Re: How are hackers breaking Tor and trojan users?
  - From: Roger Dingledine
- Re: How are hackers breaking Tor and trojan users?
  - From: Robert Hogan
- Re: How are hackers breaking Tor and trojan users?
  - From: scar

Prev by Author: Re: How are hackers breaking Tor and trojan users?
Next by Author: Re: de-Tor-iorate Anonymity
Previous by thread: Re: How are hackers breaking Tor and trojan users?
Next by thread: Tor-ramdisk 20080606 released.
Index(es):
- Author
- Thread