[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Traces left by Torpark, and other security discussion (was Re: TorPark)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Traces left by Torpark, and other security discussion (was Re: TorPark)
From: coderman <coderman@xxxxxxxxx>
Date: Mon, 27 Nov 2006 02:03:44 -0800
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 27 Nov 2006 05:03:58 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=PCbb4y+JkJf8Wdq9JiK4QY8iyC7zFBR1Z0790YxkOBrIVcqz31ox+RiKgPIiwCG/cm5uLExW0cx/R4X03jiYxyTWCKo7J3Cl+qfakUnW0AbbxheAosZEqnhr1qAc5eXN9f9UCGi1r8C/iUuFBnnZvkq//U2g9EB6tKyqoYm2yCE=
In-reply-to: <4ef5fec60611262325j5f25aac4j6f66b14ab9c151d0@mail.gmail.com>
References: <1163340742.31578.275610646@webmail.messagingengine.com> <200611122214.09885.xiando@xiando.com> <1267042977.20061113094556@gmail.com> <20061113192000.GR13617@moria.seul.org> <398440735.20061113151731@gmail.com> <20061127010659.GA23909@cl.cam.ac.uk> <1037087329.20061126210233@gmail.com> <4ef5fec60611262325j5f25aac4j6f66b14ab9c151d0@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 11/26/06, coderman <coderman@xxxxxxxxx> wrote:

...
why the focus on automatic updates?  [we thought we'd need these at
one point, but really, it opened up more problems than it solved.
additional care before releases has proved sufficient]


i am referring to the developers of janusvm, NOT Tor, since this
paragraph is confusing.

the first few versions included an update check that used a hard coded
hostname in /etc/hosts (to prevent DNS latency/DoS) to retrieve via
http a file that contained an sha256 digest associated with the
current release or update.

each build included an sha256 id associated with the current version.
if the version stored on the vm file system at boot and the version
obtained online were different this was assumed to indicate a new
release was available.

a gpg public key used for signing updates was also bundled with the vm
image, and the update process would obtain two more files $id.tgz and
$id.tgz.asc which contained the patch and its signature, respectively.

the $id.tgz was digested and if the sha256 sum of the downloaded
update did not match the sum obtained in the current.id http request,
the update aborted with prejudice.

if the digests matched, gpg was then used to verify the $id.tgz.asc
signature associated with the downloaded update.  if this failed, also
abort.

if all validations passed, the update was applied to the vm file
system and the init process continued to start as expected, but now
with the updates applied.

---

in short, we thought this might be needed to push critical updates or
config changes for Tor or other applications / utils on the vm.  it
turned out this kind of urgent / critical update was never needed, and
various organizations who started blocking our update server IP
address ended up causing longer startup times due to the http timeout
required before continuing past the update check.

not to mention the scalability concerns of doing this for anything
more than a small number of clients.

best regards,

References:
- Win32.Trojan.Agent appear when close Torpark
  - From: Total Privacy
- Re: Win32.Trojan.Agent appear when close Torpark
  - From: xiando
- Re: Win32.Trojan.Agent appear when close Torpark
  - From: Arrakistor
- Re: TorPark (was Re: Win32.Trojan.Agent appear when close Torpark)
  - From: Roger Dingledine
- Re[2]: TorPark (was Re: Win32.Trojan.Agent appear when close Torpark)
  - From: Arrakistor
- Traces left by Torpark, and other security discussion (was Re: TorPark)
  - From: Steven Murdoch
- Re: Traces left by Torpark, and other security discussion (was Re: TorPark)
  - From: Arrakistor
- Re: Traces left by Torpark, and other security discussion (was Re: TorPark)
  - From: coderman

Prev by Author: Re: Traces left by Torpark, and other security discussion (was Re: TorPark)
Next by Author: Re: Relakks
Previous by thread: Re: Traces left by Torpark, and other security discussion (was Re: TorPark)
Next by thread: Re[2]: Traces left by Torpark, and other security discussion (was Re: TorPark)
Index(es):
- Author
- Thread