[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re[2]: Traces left by Torpark, and other security discussion (was Re: TorPark)



> the exact keys may vary from win98/2k/xp, as they often do.  (are you
> using a fixed list of keys to look for, or is there a more in depth
> search for particular key names/values?  a static list will be
> brittle)

I am supposing it will variable. I will naturally have to verify it.
And then again, all these points may be moot once we rewrite the whole
thing in python. But they aren't moot right now, so I will figure out
a way to actively search for changes and remove them.

> system restore, regsafe, and any number of other snapshot or backup
> tools for the windows registry would make this ineffective.  not to
> mention remnants on disk but outside the file system view, though such
> recovery does take special skill.

I will look into the method of how these registry issues cataloged
into system restore. There may be no ability to control it if the
computer is already running such a program to capture registry
changes. Naturally, the same thing can be said if the target computer
is running a keylogger.

> do you mean adding your own CA cert, or just blindly accepting the
> cert presented upon the first connect to the https server?  or
> something else?

I will import it as an accepted certificate directly into the client,
before distribution. I haven't decided on the specifics, I am hiring
someone much more knowledgeable than myself to handle this, and I will
of course have full disclosure of how it works.

> why the focus on automatic updates?  [we thought we'd need these at
> one point, but really, it opened up more problems than it solved.
> additional care before releases has proved sufficient]

Because components may need to be updated. For example, if we notice
some error setting in a preference file, or discover some other
vulnerability, we can correct the problem globally in all of our
clients. I don't think the software is mature enough to say "this is
rock solid". We are still finding bugs, and with any new code, you
introduce the possibility of new bugs. In specific, our users are not
the type that typically go looking for the latest security patch, so
we need the ability to securely push it to them. I want to give as
much care as possible but until I can make the whole thing an
open-source foundation and implement a cvs, that isn't going to
happen.

Additionally, as we grow in users, we get more feedback and discover
more problems like Win2k SP2 compatibility issues. With this, we will
be able to much more easily correct the problem.

> wiping swap is difficult in such a situation, and i'd be more
> concerned about document fragments and other information than the
> network signatures. (network signatures at least are gone once you
> exit, but sensitive data on disk can live for arbitrary periods of
> time)

> a hard problem, i'd be interested in any potential resolutions you
> discover.  encrypting the swap is really the "right way" to solve
> this, but again, requires administrator.

I will let everyone know what this requires, if such a solution can be
found.