Slashdot Mirror
Tor Users Urged To Update After Security Breach
An anonymous reader writes "If you use Tor, you're cautioned to update now due to a security breach. In a message on the Tor mailing list dated Jan 20, 2010, Tor developer Roger Dingledine outlines the issue and why you should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha now: 'In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.' Tor users should visit the download page and update ASAP."
Anyone else find it so funny that a news story about anonymity is suggested to slashdot by anonymous coward?
I think it's the best form of joke... one with an epic amount of unexpected expectedness.
The problem with Tor is that there's no way to detect compromises -- every node on the network could be compromised and you'd never know. Authors of botnets have greater anonymity than we do -- ironically because it's run by a central authority. An illegal and immoral one, yes, but one that comes with a measure of anonymity. Few botnet authors are actually caught even with the most primitive security methods. They don't even use encryption and they often can't be found...
#fuckbeta #iamslashdot #dicemustdie
Roger's entries to date on the subject (excluding first page linked within /. summary):
(this is for those who are too lazy to page through mailing list threads, this post is
missing other individuals replies as well as future replies from Roger and others)
http://archives.seul.org/or/talk/Jan-2010/msg00165.html
Here are some more technical details about the potential impacts, for
those who want to know more about Tor's innards:
----- #1: Directory authority keys
Owning two out of seven directory authorities isn't enough to make a new
networkstatus consensus (you need four for that), but it means you've
only got two more to go. We've generated new v3 long-term identity keys
for these two authorities.
The old v3 long-term identity keys probably aren't compromised, since
they weren't stored on the affected machines, but they signed v3 signing
keys that are valid until 2010-04-12 in the case of moria1 and until
2010-05-04 in the case of gabelmoo. That's still a pretty big window,
so it's best to upgrade clients away from trusting those keys.
You should upgrade to 0.2.1.22 or 0.2.2.7-alpha, which uses the new v3
long-term identity keys (with a new set of signing keys).
----- #2: Relay identity keys
We already have a way to cleanly migrate to a new v3 long-term identity
key, because we needed one for the Debian weak RNG bug:
http://archives.seul.org/or/announce/May-2008/msg00000.html
But we don't have a way to cleanly migrate relay identity keys. An
attacker who knows moria1's relay identity key can craft a new descriptor
for it with a new onion key (or even a new IP address), and then
man-in-the-middle traffic coming to the relay. They wouldn't be able to
spoof directory statements, or break the encryption for further relays
in the path, but it still removes one layer of the defense-in-depth.
Normally there's nothing special about the relay identity key (if you
lose yours, just generate another one), but relay identity keys for
directory authorities are hard-coded in the Tor bundle so the client
can detect man-in-the-middle attacks on bootstrapping.
So we abandoned the old relay identity keys too. That means abandoning
the old IP:port the authorities were listening on, or older clients will
produce warn messages whenever they connect to the new authority. Older
Tor clients can now take longer to bootstrap if they try the abandoned
addresses first. (You should upgrade.)
----- #3: Infrastructure services
Moria also hosted our git repository and svn repository. I took the
services offline as soon as we learned of the breach -- in theory a clever
attacker could give out altered files to people who check out the source,
or even tailor his answers based on who's doing the git update. We're
in pretty good shape for git though: the git tree is a set of hashes
all the way back to the root, so when you update your git tree, it will
automatically notice any tampering.
As explained in the last mail, it appears the attackers didn't realize
what they broke into. We had already been slowly migrating Tor services
off of moria (it runs too many services for too many different projects),
so we took this opportunity to speed up that plan. A friendly anonymous
sponsor has provided a pile of new servers, and git and svn are now up
in their new locations. The only remaining Tor infrastructure services on
moria are the directory authority, the mailing lists, and a DNS secondary.
----- #4: Bridge descriptors
The metrics server had an archive of bridge descriptors from 2009.
We used the descriptors to create summary graphs of bridge count and
bridge usage by country, like the ones you can see at
http://metrics.torproject.
Hi,
How did you collect your statistics when Tor is decentralized? Sure you could analyze the outbound traffic on a exit node but I doubt that this would be enough of a sampling to extrapolate a meaningful conclusion. Since you offer no supporting evidence your claim is irrelevant to the discussion.
I also do not think that the number of child molesters could be large enough to represent a "vast majority" because I doubt the original content producers would distribute a such a high risk material for free. It is much more likely that pedophiles are distributing the material to other pedophiles. I think that it is important to note the difference because while I find either appalling I'd rather have them fapping to "old child pornography" instead of creating a demand for new material and reducing the profit margins of the people that are actually doing these horrible things to children. The lesser of of two evils is still evil but we don't live in a idealistic world.
Unfortunately freedom has it's costs.
In short, people attracted to children will rape them? A bit like saying all men will rape women no? But that's not a perfect analogy, you can have sex with a man or woman without too much difficulty, whereas a pedophile can only masturbate. How about, would all slovenly, unattractive, misanthropes, who've zero chance of getting sex resort to rape? I rather doubt it, and even though pedophilia disturbs me, I don't think the sexual drive of that group is somehow stronger than your average male or female.
Mmmm, yes, free.
And you will never, in a million years, detect the compromised hardware in those machines.
The only way for tor (or wikileaks or other dangerous-to-the-authorities service) to buy hardware, is anonymously. If someone wants to donate servers, have them sell the servers and give you the cash.
FATMOUSE + YOU = FATMOUSE
Dear John & Cynthia.
Thank you for all your support this year, and I wish you all the best for the next.
Yours truly,
John and Sarah.
P.S., Attack at dawn.
I hate printers.
Duh!
Caveat Utilitor
Wait... Anyone can be a TOR node and it's still secure.
TOR data is very encrypted.
It doesn't matter if the hardware or software is compromised, it's still secure because a TOR node is just one node in a chain of encrypted nodes. You encrypt your data 5 times if you're sending it through 5 nodes.
Each node takes off one layer of encryption and forwards the still encrypted data to the next node. If any intermediate nodes (2 3 4 in our 5 node example) are compromised (in software or hardware), they can not see the message in plain text, or determine the originating IP or destination IP of the traffic.
If the first node is compromised it can see your source IP, but not the destination IP or any part of the message (it's still encrypted.)
If the exit node is compromised it can see the destination IP, and clear text message, but not the source IP.
These multiple layers of encryption mean that if any one node is compromised the system is still very secure.
Taking off a layer of encryption at each router is like peeling an onion... hence, "The Onion Router".
(this is an oversimplified explanaion -- if you're talking compromised code repositories, viruses and trojans are usually not delivered as source code, the tampering would be evident.)
The price of freedom isn't vigilance in this time and age, it's having to deal with unpopular content.
Is tor used by people who want to circumvent laws for whatever reason? Yes. Duh. Basically that's what it was created for. We deem it positive that tor allows dissidents to avoid their laws concerning the freedom of speech, but we don't deem it positive that it also allows the circumvention of our laws. That's very human, but also quite a bit of a double standard.
I hope /. is a bit above the killer arguments of "think of the children" (honestly, if you think of the children all the time, you're prolly a pedo yourself) and we're able to look at it from a bit of a detached position. Because that's what we have to deal with here. Basically swapping child porn in the US is, at least from a purely content point of view, not different from swapping anti-government ideas in China: Both is illegal, and both requires additional security to be done without prosecution. The question is now whether we're willing to accept the existance of the former to enable the latter. You will only get them together. Is the freedom of the Chinese people (and, given the recent development in the west, probably ours soon, too) worth it, knowing that this will also allow communication of pedophiles, terrorists, spies and maybe even worse? Or should we toss both? That's basically the options we have.
And before someone replies with "but tor doesn't allow chinese to discuss freely, isn't secure, etc": This isn't just about tor. That question affects all tools that allow free speech. The question is, is free speech worth dealing with the effects of free speech that you do not want to exist?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.