[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"

That paper also demonstrates how easy it is to create a bad exit node
that can poison traffic passing through it with spam, malware,
trojans, fake sites and 0-day exploits.
By joining the TOR network and becoming a server a rouge player
instantly becomes a trusted ISP and can serve up anything they want
and monitor everything passing through.
I use firefox with noscript fully armed but every now and again I
allow scripts for a certain site to access some functionality and
then, no matter what site that is, if I am using tor I will be at more
risk than if not using tor.  What about people using IE on an
unpatched machine.  TOR becomes a BOT army recruitment center where
the new soldiers walk right in.  No need to advertise.

I am new to this list so maybe this has already be discussed and
sorted and I'm over reacting but for a while now I have been very wary
about the way I use tor and the internet in general. I was using tor a
few weeks ago and a german exit node was altering my content so I have
seen this happen first hand.

Can the tor directory provider run a script every now and again that
checks the content of a site/image retrieved from outside of tor and
though each exit node and then look into any discrepancies.  I know
anyone can try this and make a better test but this will eventualy
have to be done and acted upon by a trusted party.

On 18/10/06, Mike Perry <mikepery@xxxxxxxxxx> wrote:
Thus spake Jacob Appelbaum (jacob@xxxxxxxxxxxxx):

> Hi *,
> Fortconsult wrote this and it may be of some interest to people on this
> list:
> http://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf

Wow. I think the most telling statement is that most of the people
they got were from China. Probably unfortunate side effect of most of
the Tor docs being in English..

Incidently, I tried out TorPark the other day, and I must say it is
pretty magnificent. Having a well-configured browser like that for Tor
usage solves nearly every one of these problems.

Would be nice if NoScript defaulted to All-Off instead of All-On, and
they used AdBlock Plus with some feeds instead of just AdBlock, but
otherwise excellent for casual "only sometimes" Tor users who are
likely to be tripped up by this sort of stuff.

Mike Perry
Mad Computer Scientist
fscked.org evil labs