Due to lack of time the coming months because of lots of client work I am looking for anybody interested in writing short quality articles on Tor. Subjects to write about may include:
You can contact me on my email address in my profile.
Links to technical and security related bits of information
Due to lack of time the coming months because of lots of client work I am looking for anybody interested in writing short quality articles on Tor. Subjects to write about may include:
Not a lot of people are aware of the weaknesses of TOR. I will try to give a short introduction into some of these weaknesses. The TOR faq explains some possible attacks and I will give two more examples.
The first example attack is using a vulnerability in the control port of a TOR client. The control port usually runs on port 9051 and can be used to control the TOR client. The client only listens to localhost so a firewall should be sufficient to shield this port from the outside....or not....what if you can serve the TOR user with a webpage and embed a link in the page connecting to localhost:9051. The browser of the user will interpret the request and connect to the control port of the localhost running the TOR client. The control port connection handling has a vulnerability (TOR client < 0.1.2.16) in how it handles requests. If a command in the request was unknown it would generate an error message but would not drop the connection. So sending some commands to the control port would be easy because it skips the commands which it can not interpret, e.g. http commands. It would be fairly easy to generate a webpage with some javascript to connect to a control port of a visiting TOR client. Through the control port it is a breeze to alter e.g. the torrc file and direct that user to a single tor node you control through the ExitNode option which specifies a preferred exitnode for the TOR client to use. Advisory is here
The second attack is against hidden services. A hidden service is e.g. a webserver running in the TOR network. People can request pages from this webserver but will not be able to locate them on the internet. An attack on these hidden services was described in this paper. It uses a technique to overload the CPU of the hidden service, creating different clock skews and thereby timestamps of network packets. By overloading the CPU the timestamp on network packets change. So if you overload an hidden service and at the same time connect to all TOR servers listed in the TOR directory you can identify the server the hidden service is running on.
As a special teaser there are some other scenarios thinkable related to browser based attacks. Check this paper for details.
TOR is great for protecting your anonimity but it is still not fool proof. The TOR client software is still in alpha stage and the TOR network is still being developed with new services and uses for the TOR protocol. Use TOR but know what you are using and how you are using it.
Apparently the German TOR server owner who was harassed and never charged by the German police is shutting down his TOR server. He can not cope with the harassment to him and his family anymore. He will stay involved in TOR development though
News article is here
The last few weeks some incidents regarding information leaked from the TOR network hit the news (see my MediaDefender and Swedish hacker posts). In this post I will explain how this can happen, how you can try it out yourself and how you can protect yourself against it.
A TOR server owner got arrested in Germany, read here.
The thing is that anybody who uses TOR is in essence a "TOR server owner/administrator". You use TOR to be anonymous but at the same time traffic is being routed through your TOR software to anonymize other people (that's how TOR works). In TOR you can choose to be a man-in-the-middle only or to be an exit node for other people to use. In the case of an exit node, your TOR software will request web pages (or whatever) for other people using your ip-address. I wonder how this is going to work out in other European countries, I think some law enforcement people will be watching this case closely.
A few weeks ago a Swedish hacker published about 100 POP3 login accounts of governments around the world. In the MediaDefender email leak you will notice a reference to a Swedish person who tried to login to one of the accounts.....is this a coincidence?
Read more about the Swedish TOR sniffer here:
Swedish hacker site
Media coverage
article 1
article 2
TOR overview
MediaDefender is an anti-piracy company with a focus on P2P networks. Lately lots of company email was out in the open, discussing operations and other sensitive issues of the company. A great look inside an anti-piracy company.
Wikipedia
Introduction article
All email in HTLM