[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode

Subject: Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 08 May 2015 00:43:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 May 2015 20:44:04 -0400
In-reply-to: <044.70dd797acf816c964fa438b75972b259@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.70dd797acf816c964fa438b75972b259@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15951: FairPretender: Pretend as any hidden service in passive mode
------------------------+-----------------------------------------
     Reporter:  twim    |      Owner:  twim
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor, hs, descriptor, tor-hs
Actual Points:          |  Parent ID:
       Points:          |
------------------------+-----------------------------------------
Changes (by yawning):

 * keywords:  tor, hs, descriptor => tor, hs, descriptor, tor-hs


Comment:

 So, while this should be fixed, I don't think this is major because fixing
 it doesn't solve the fundamental problem of "users clicking the bad".

 The basic (and IMO superior) version looks something like this:
 0. Figure out, which HS you want to mount an attack on. (Eg:
 examplehsabcdefg.onion)
 1. Throw CUDA cores at getting a look-alike HS address. (Eg;
 examplehsbcdefgh.onion)
 2. Run your HS.
 3. Spread your address as the real one.
 4. Optionally DDOS the original, depends on what you are after, and how
 many people fall for 3.

 This will work without using any protocol level trickery, and fixing the
 protocol level trickery doesn't prevent this.  In both the "attack"
 presented in the ticket and the one I illustrated, users falling for the
 impersonation is the root problem.

 As far as I am aware, there aren't good solutions to "users click on the
 bad" that don't involve things like the CA mafia (which is what
 "facebookcorewwwi.onion" does for example).

 My inclination here would be to make sure that 224 actually does fix this,
 and then lower the priority from "major", but I will defer to nickm et al
 on this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15951#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #15954 [Tor Browser]: Canvas permission and HTTP auth still use FQDN isolation
Next by Author: Re: [tor-bugs] #15933 [Tor Browser]: Relax domain isolation to use TLD instead of FQDN
Previous by thread: Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
Next by thread: Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
Index(es):
- Author
- Thread