Slashdot Mirror
Spying On Tor
juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support.
Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."
You have to know what you're doing to have security. I know it's getting old, but plug-in security simply does not exist.
This is what happens in a knee-jerk-reaction-based society. You point out a security flaw, instantly identifying yourself as a security threat, get thrown into jail and while your very public trial is going on, the real bad guys are utilizing the very security flaws you found to do Bad Things(TM).
Good grief.
Badgers, we don't need no stinking badgers! - UHF
I've seen ssh MITM attempts myself with tor, but this can easily be avoided by ensuring you check your fingerprints. You do check your fingerprints, don't you?
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
> Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols.
Are they worried that the Chinese will intercept pictures of them dressed like this?
How does anyone expect anonymity? Traffic must somewhere go through ISPs, most of which rent their upstream from large providers like AT&T, who is surely not the only large corporation to get in bed with the government or anyone else who can pay. Enough of that information loaded into a database and compared will yield information about the suspect, even if it's too complex to explain to a "jury of your peers."
If you want anonymity, SSH through a string of compromised Eastern European servers to a comfortably log-agnostic Indonesian ISP, and do all your surfing through Lynx/Links. That's the only stab at anonymity you'll get, and they'll probably just install a keylogger anyway. Freedom is slavery.
technical writing / development
Old news is better than no news... i guess. /.ers have know that TOR exit notes where being sniffed for a while now and hackers certainly much longer than that.
Windows Vista Help Forum
Perhaps the problem is that using an anonymizer makes someone a more interesting target to authorities. Like the old adage of attacking the bank because "that's where the money is," perhaps some people are attacking Tor because "that's where the secrets are."
Two wrongs don't make a right, but three lefts do.
1. set up a data-laundering haven
2. advertise amongst the warez people and criminal element
3. let enough criminal traffic (drug trafficking info) go through to build up trust that the laundering 'really works'
4. Wait around for the stuff that is important (like nuclear codes or enemy state intel)
5. ???
6. Promoted to section chief at the invisible mansion! (Profit!)
I don't have one lick of proof to say that our friends in Maryland or their cousins in Langley set this thing up from the beginning, other than it's an obvious slam dunk for them. I don't think the NSA is monitoring certain ports, I think they own the whole thing.
davejenkins.com |
Huh? You make no sense. SSL is private-key encryption. Every browser I have ever touched does offer a solution for checking against MITM attacks, namely by warning if the certificate is self-signed or doesn't match the site that sent it.
Tor was never intended to SECURE traffic. It is an ANOMYMISER. It is designed to cope with compromised nodes and still provide military grade anonymity.
It's important to remember that security and anonymity are different things.
This is how the loudness war is killing music.
This is a little reminder that we need a lot more users and exit nodes before TOR is reasonably safe.
This is a little reminder to encrypt your data end-to-end rather than through another network; anonymity is not security.
This is a little reminder that you really do need to check your SSL certificates.
TOR's encryption fools some into thinking it is a security model. It is not. TOR facilitates anonymous transactions using encryption internally. It eliminates the possibility of people spying on you by name, but it does not stop them from spying on "the people" (which includes you). You still need another encrypted transaction between you and your endpoint for real security.
The more exit nodes there are, the less likely a snooping entity will get ahold of your data. The more users there are, the more data those snoops need to filter through to get something meaningful (caveat: statistical analysis. workaround: encrypt data past the TOR network).
This is a call-to-arms; everybody needs to use encryption and anonymization to enable the system to work, otherwise somebody can set up a few nets and read the whole network's content, even brute-force decrypt it due to its low volume. Take a look at what Zimmerman's justification for PGP:
Use my userscript to add story images to Slashdot. There's no going back.
I can't quite see how a SSL MITM attack works. Wouldn't the SSL certificate have to be registered for use with a specific domain? Could anyone explain how this would work?
Hi all. I'm one of the Tor authors.
We're trying very hard to get out the message that you should always use encrypted protocols over Tor, if you're doing anything even slightly sensitive.
Right now, we do this in our documentation, and in a list of warnings on our download page. But obviously, this isn't good enough, since some of the commenters here seem to be surprised at finding it out.
Does anybody have good ideas about how to get the word out better?
(As for the SSL MITM thing: we've run into situations like this one before. Usually, it turns out that the exit node isn't doing the MITM itself, but is getting MITMd itself by its upstream. This happens depressingly often in some countries, and in some dormitories. I've dropped a line to the directory authority operators Mike Perry (the guy who maintains the Torbutton firefox plugin) has been working on an automated detection tool for this stuff. It would be great if somebody with programming chops would step up and give him a hand.)
Tor gives you pretty robust anonymity, it just doesn't provide privacy.
Is this not what that swedish hacker said?
Is this not what anyone with a basic understanding of the most basic network/TCP concepts (ports, IP addresses, connections, that sort of thing) should have realized, if they read anything about Tor? Is this not something that the Tor project should have explained in clear language for those who do NOT have a basic understanding of networking?
It's beyond "untrusted". It's a hostile network and blatantly so, if you bother to read even a basic description of it. You should assume that your traffic will be routed out a node where a person, organization, or government is passively monitoring or actively attacking your traffic.
All this (repeated) fuss demonstrates is how many incompetent network/sysadmin people there are in the world, and how few people in the press and "blogging" community understand networking. Any idiot who knows ALL of the reasons why ssh is better than telnet (ie, answers more than just "it's encrypted, so people can't see what you're typing") should be able to tell you why Tor is a hostile network...unless they're just parroting what they've read elsewhere.
Please help metamoderate.
Military grade anonymity?
What?
Sure, we all know - or think we know - what "military grade crypto" means[1], but now you're just making stuff up.
Military grade anonymity, indeed.
[1] Strong crypto managed in a Type 0 or Type 1, etc., system, where everything is kept secret, hardware and software are tightly controlled, and updates are distributed strictly out-of-band - think spies with briefcases handcuffed to their wrists.
Contrast with "commercial grade crypto", where everything but the secret/private keys themselves are known, well studied, well understood, etc., and updates are distributed in-band, though sometimes "boot strapped" using an OOB shared secret, etc.
There is the perception that "military grade" is somehow stronger than "commercial grade", but what is the basis for this perception? None of us can say, least not here.
To know - to really know - whether military grade crypto is actually any stronger than commercial grade crypto requires a degree of access which itself requires clearance at - or above - top secret, said clearance being predicated on the understanding that those with said access won't reveal what they know, on pain of prosecution.
So the people who do know cannot and will not tell.
You'll just have to take my word for it. :->
"Military grade anonymity" is nothing more than buzzspeak for "anonymity that we think is really, really OMG PONIES good, but we can't prove, what with there being a complete and total lack of mathematically sound anonymity analytics comparable to cryptanalysis, so there, nyah!"
I'm here EdgeKeep Inc.
It just goes to show that age does not necessarily bring enlightenment. Thanks for the heads up :).
Given the number of hijacked machines taking part in the Storm worm, for example, any popularity contest could be skewed by a maliciously motivated attacker.
The big issue with tor is that you're magnifying your exposure. By default you're vulnerable to sniffing by your ISP, and all the people they peer with till you get to your endpoint. With tor in the mix you're vulnerable to sniffing from your ISP, and any number of random people who've elected to host a tor node.
Sure you've bounced your connection around to essentially mask the source & destination from the end-point and your ISP - but you've introduce a whole load of untrusted hops as part of that.
If you care about security the idea of passing unencrypted traffic through even more random machines should scare you ..
As the article has repeated, if you're interested in security it seems you really ought to apply your own encryption on top of TOR.
However, even if you do that are you truly anonymous? Is there any way to determine both ends of a conversation (either email or sessions)?
There's no way to guarantee that your communications over TOR are anonymous, and they're pretty upfront about that in the documentation. It's pretty easy for a government (or just about anybody, really) to add enough nodes to TOR to have a reasonable likelihood of being all three nodes in your conversation (entrance, middle, and exit). The nodes need to be geographically distributed, but that's easy for governments and easier for hackers, who have access to botnets of machines all over the world. Once they've got enough nodes out there, it's pretty easy to tell who's sending all that traffic, and where it's going.
Again, adding encryption helps keep your data from being sniffed (as long as you know you're not hit by MITM, see other comments about PKI), but TOR doesn't protect your anonymity against a sophisticated (and reasonably well-funded) attacker.
Congratulations, you are only half wrong.
With "Joe Random"'s public key, you can indeed encrypt using it and only the owner of the matching private key can decrypt it. However, who is to say that you are really using Joe's public key?
And conversely, if you get something signed that can be decrypted using Joe's public key, how can you be sure that it was actually signed by Joe?
The answer is, you can't. Not unless Joe has a secure way of providing you his public key. Perhaps publishing it to a web site works, if the only part of your identity that is being proven is that you are "Joe of web site X". But that still doesn't prove much about Joe, does it?
Not with that attitude
1. If you are not aware of any classified scheme above TS, then how will you know such information is actually classified if you come across it. Like if I were to stumble across a folder that had a classification stamp of "ULTRA SENSITIVE QUARANTINED" I would not have any qualms discussing the contents if I so chose because I would assume the documents to be fake or otherwise not associated with the gov since that is not an official gov classification scheme.
2. If I were indeed to disclose such information how would I be prosecuted? There are no laws against disclosing ULTRA SENSITIVE QUARANTINED information, so I don't see how a case could be made. Unless of course the laws themselves were secret and a court were to rule that you could be punished even though the law was unknowable to you. But lets not even go there.
I thought TOR was mostly to hide your identity, not the data.
FreeNet is more about hiding the data.
---- Booth was a patriot ----
Well the way I normally test to make sure a key is from who it claims to be from is to ask, or more likely because they have told me in advance using a medium that can be trusted (i.e. by phone, or any other communications method that you trust, for me to communicate with you securely getting in touch using the emails listed on /. would probably be sufficient because its not like you know who I am anyway, as long as you are talking to the person you expect to talk to it matters very little who I really am).
It is perfectly possible to fake almost any element of an email, from faking the sender, the headers, up to and including the creation and registration of encryption keys with PKI servers that have nothing to do with the person the email claims to be from (as far as an email address can claim anything). However, this is where the trust element of PKI comes in. If I sign up with a commercial supplier of PKI related products then that supplier may well carry out a number of checks to ensure that I am who I say I am, if I use a random and badly configured server on the net, it will work just as well but will not have the same level of trust. Most importantly it would then be up to you to decide if you trust my PKI provider to identify me correctly.
However disregarding the positive identification of a sender to some degree, you can get round most of the problems by using a little common sense, if you received an email from me now, encrypted and signed, all you would know is that someone had sent you an email, claiming to be me. If I call you first and tell you I am about to email you something encrypted, you can be 99.99% certain that its from me (you still don't know for sure who I am, but you know the email came from the person claiming to have sent it). More importantly we only need to go through that once, after all if I signed the message you know who I am and can can now use my public key to send me encrypted communications and you can verify that my key doesn't change between mails (unless I tell you it will be) just as I can do for you. The only remaining risk is me losing my private key, but that's what revocation is for. The big thing with PKI and mail is less to do with positively identifying someone, and everything to do with knowing it is the same person sending the mail (however you verify their identity in the first instance) or being able to ensure that only the holder of a specific private key is able to read an email you send (a key that only they have, and one they never have to share).
You decide to trust the public key and the identity of the person you are communicating with, if you blindly trust an email because its signed and it turns out its someone else then that's tough, it would be the same as assuming the mails from NatWest and Barcleys Bank I get about my account being closed unless I update my security data are valid and responding. Emails, Signatures, Keys, Passports, Letters etc.. are only valid for identification to a certain level, a level defined by the trust of the person relying on them of the system used to procure them, and the certainty they purport to provide with regard to identification.
Sorry, this post isn't all that clear and I think I rambled.
[1]Who said this was about e-commerce? [2]Under what conditions should online commerce be kept secret from the government? [3]Or by "single point of failure" are are implying that a CA will have its private key STOLEN by private crooks?? The latter would be a really stupid assumption to make, esp since they can revoke stolen keys.
(Numbers added by me)
1. E-commerce is the single most common use of SSL encryption.
2. Under any and all situations in which the government does not have a warrant.
3. No. By government crooks under the guise of national security.
Why would you even mention ssh here?
Because the person I originally replied to brought it up first, asking if you check your SSH fingerprints (as a way of avoiding MitM attacks). Do actually attempt to read the thread you're posting in.
At least the browser comes with built-in keys that allow you to reject any known crypto attack except for a compromised CA.
So does SSH. It's the server fingerprint. Much like a certificate, unless you have knowledge of what it should be prior to the connection, it's hard to know you're compromised. The problem is exacerbated by inexperienced users, but fundamentally it's the issue of trusting an unknown set of credentials.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Laws do not persuade just because they threaten. --Seneca
On the other hand, SSH host keys are signed by nobody; there's no infrastructure in place to allow, for example, your sysadmin to sign SSH host keys using his own PGP mail keys, which you trust via the web-of-trust in place for that. No, you have to maintain your PGP keys and SSH keys separately, for no damned good reason, and we all just hope and pray that our SSH sessions aren't being jacked the first time we connect--and if we are jacked, we blame ourselves rather than the system that makes such stupidity practically mandatory. It's utter insanity, and it's amazing that we all put up with it.
(There was once a project to add GPG support to OpenSSH, but it seems to be moribund.)
Laws do not persuade just because they threaten. --Seneca