[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Traces left by Torpark, and other security discussion (was Re: TorPark)

On 11/26/06, Arrakistor <arrakistor@xxxxxxxxx> wrote:
I will check out the claims about the registry. I performed a diff on
it from running and after and found only the SSL seed value changed.
Perhaps there are some other changes.

the exact keys may vary from win98/2k/xp, as they often do. (are you using a fixed list of keys to look for, or is there a more in depth search for particular key names/values? a static list will be brittle)

I am wondering if all of that is moot, since we are not actively
destroying the data.

system restore, regsafe, and any number of other snapshot or backup tools for the windows registry would make this ineffective. not to mention remnants on disk but outside the file system view, though such recovery does take special skill.

... The result there is that we may allow scripts to run, but I
am sure we will be automatically adding an SSL certificate acceptance
to the client so the user doesn't get annoying popups when the client
tries to update.

do you mean adding your own CA cert, or just blindly accepting the cert presented upon the first connect to the https server? or something else?

why the focus on automatic updates?  [we thought we'd need these at
one point, but really, it opened up more problems than it solved.
additional care before releases has proved sufficient]

Regarding the swap, that really isn't my specialty, so you are right,
the claim is overstated. I will try to figure out a solution. I spoke
with a few developers about creating ram drives, but this requires
system drivers and administrator access. It may be that we cannot do
anything about it, or more to the point it may be moot because Tor
creates many network signatures. I would sure be interested in
everyone's input.

wiping swap is difficult in such a situation, and i'd be more concerned about document fragments and other information than the network signatures. (network signatures at least are gone once you exit, but sensitive data on disk can live for arbitrary periods of time)

a hard problem, i'd be interested in any potential resolutions you
discover.  encrypting the swap is really the "right way" to solve
this, but again, requires administrator.

best regards,