[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"



Chris <millions.of.stones@xxxxxxxxx> wrote:

> That paper also demonstrates how easy it is to create a bad exit node
> that can poison traffic passing through it with spam, malware,
> trojans, fake sites and 0-day exploits.

Which is nothing new.

I also think the title of the paper is intentionally misleading.
They aren't attacking Tor, but misconfigured applications
behind the Tor client.

The "surprising" result of their investigation seems to be that Tor
doesn't automatically fix all applications on the system it runs on.
Captain Obvious to the rescue.

> By joining the TOR network and becoming a server a rouge player
> instantly becomes a trusted ISP and can serve up anything they want
> and monitor everything passing through.

Tor's documentation stresses several times that
Tor isn't a replacement for application level security.

It's also a good idea not to trust any exit nodes,
except the ones you run yourself.

> I use firefox with noscript fully armed but every now and again I
> allow scripts for a certain site to access some functionality and
> then, no matter what site that is, if I am using tor I will be at more
> risk than if not using tor.

This may be true in some environments, but certainly not always.
If you have to assume that someone in your local network is trying
to spy on you or alter your traffic, using Tor makes that a lot
less likely

> What about people using IE on an
> unpatched machine.  TOR becomes a BOT army recruitment center where
> the new soldiers walk right in.  No need to advertise.

I assume the old way (having all bots try to infect some other
nodes randomly) is much more effective than to only target IE using
Tor users. You are also less likely to get caught that way.

Fabian
-- 
http://www.fabiankeil.de/

Attachment: signature.asc
Description: PGP signature