Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source Tortilla For Tor To Be Released At Black Hat

Posted by samzenpus on from the comine-soon dept.

msm1267 writes "A researcher is expected to release Tortilla, an open source tool that anonymously routes TCP and DNS traffic through Tor, at the upcoming Black Hat conference. Tortilla provides a secure, anonymous means of routing traffic through Tor regardless of client software and without the need for a VPN or secure tunnel."

10 of 68 comments (clear)

  1. The real problem with Tor by i+kan+reed · · Score: 4, Insightful

    The real problem is that nefarious governments locate physical locations connecting to TOR by complicit ISPs and go after the people and hardware.

    1. Re: The real problem with Tor by Nutria · · Score: 2

      Exactly. Using Tor in a DPI world is waving a big red flag, and yelling, "I'm hiding something!!!"

      --
      "I don't know, therefore Aliens" Wafflebox1
    2. Re: The real problem with Tor by Gr8Apes · · Score: 4, Insightful

      That is true - you are hiding something - your traffic, your destinations, and your sources, because not much can be ascertained in any other way. There's nothing illegal about using TOR, and in fact, everyone should if they value privacy. That said, it's pointless to use TOR when hitting your email or posting to Twitter or Facebook, so the general usefulness of TOR as a percentage of traffic has actually dropped.

      --
      The cesspool just got a check and balance.
    3. Re: The real problem with Tor by Pseudonym+Authority · · Score: 3, Interesting
      So what your saying is that no relevant ISPs ban Tor. So it was a lie. You're a liar.

      If I were to run a Tor server, I'd filter it. (Actually, I'd first have to write my own so I could filter).I'd block all bittorrent usage,

      It's already blocked in the default configuration.

      and I'd throttle the traffic so people surfing porn (legal or illegal) would get frustrated.

      You going to crack AES to filter out all the hidden services, where all that nasty stuff is at, too?

      I was last time I ran a Tor exit node.

      Good thing you stopped, you don't seem to quite grasp how it works.

    4. Re:The real problem with Tor by Anonymous Coward · · Score: 5, Interesting

      Nefarious government hunt down Tor users.

      Smart governments, like the U.S., run Tor nodes. In fact, it's been conjectured by cryptographers and analysts--not just Bruce Schneiner, but other academics--that the U.S. government runs a plurality of all Tor nodes. We know for a fact that they use Tor to hide some of their own surveillance and exfiltration traffic, but undoubtedly they also log all traffic on their nodes for analysis so they can figure out who else is using it.

      Because Tor doesn't use constant-rate traffic padding, it's actually easy to trace Tor traffic if you can analyze a substantial number of Tor messages. Thus, the easiest way to defeat Tor if you have a decent budget is to just run as many Tor nodes as you can. (Because the NSA's taps into major exchanges, they're probably capable of doing it the hard way, too; specifically, by simply recording IPs and timing of traffic to and from all known Tor nodes.)

      When I ran a Tor exit node on a gigabit Cogent link, I was constantly inundated with DMCA takedown letters and other legal harassment, primarily because of bit torrent users*. The EFF actually provides legal support, but I can't believe that there are enough people willing to put up with the hassle of running long-term, high volume Tor exit nodes. Rather, it seems far more plausible that the government runs many or most of them because they're effectively immune to legal harassment, not just because they're the government and actually immune, but because they have a limitless number of lawyers to fight the challenges without necessarily revealing their identity.

      * You guys suck, BTW. Stop downloading all that crap. I hate you not because I believe in the legitimacy of copyright, but because you guys are being lazy about it and causing all kinds of other headaches, e.g. making it impossible to run a Tor exit node. Here's an idea--for every piece of media you download in contravention of copyright laws, why not at least send the money equivalent to the EFF, ACLU, and other organizations who will lobby to change the laws for the better, even if not perfectly.

    5. Re: The real problem with Tor by AlphaWolf_HK · · Score: 2

      That doesn't make any sense. In fact, it's just wrong. The tor exit node can see all of your plaintext traffic, so that just adds yet another potential source of eavesdropping.

      Staying inside of the tor network however basically guarantees anonymity. You think the DEA hasn't tried to shut down the silk road already? Or what about lolita city? Drugs and child pornography are the two biggest things the US government wants dead, and as of yet they've been completely unable to stop either of those, meanwhile both of them operate completely in the open inside of the tor network.

      --
      Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
  2. The meat is the payload. by HeckRuler · · Score: 3, Funny

    Alright people, we've got the tortillas and the onions, all we need are some bell peppers and some meat and we've got ourselves a fajita.

  3. Re:Whonix by Anonymous Coward · · Score: 2, Informative

    No, Whonix is a system

    Yes, it is an operating system.

    The link you gave has instructions on how to run Whonix in a virtual machine. It's still a Linux operating system. Like I said, if you can run Linux, then you've already got a ton of options to run Tor. (tsocks, iptables transparent proxy, manual proxy settings with filters for unconfigured programs, etc.)

    Tortilla claims to be the first program to transparently route your connections on Windows.

  4. FTFA it appears to be a tool for security research by Molochi · · Score: 2

    “The Tor client does all of the work,” Geffner said. “Tortialla(sic) redirects TCP and DNS traffic through Tor ensuring nothing else gets out. I wouldn’t call it a plug in; it does communicate with the Tor client over the SOCKS port Tor opens up, but it’s not a plug in.”

    It sounds like their intent is to prevent the target malware sites from knowing your IP address while allowing the full impact of its flash/java/js payload to attack your machine. The idea being that such malware sites identify and block addresses that are identified with security research, law enforcement, etc... while existing Tor networks interfere with receiving the full brunt of their attack.

    Anyways that's how I read it.

    --
    "The Adobe Updater must update itself before it can check for updates. Would you like to update the Adobe Updater now?"
  5. Not New by Afecks · · Score: 4, Interesting

    I wrote a tool like this ages ago called Torcap; http://freehaven.net/~aphex/torcap/ and it does all of that plus works on Windows and is open source.