Spying On Tor 198
juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support.
Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."
Conclusion: (Score:3, Insightful)
Is this not what that swedish hacker said? (Score:4, Insightful)
This is what happens in a knee-jerk-reaction-based society. You point out a security flaw, instantly identifying yourself as a security threat, get thrown into jail and while your very public trial is going on, the real bad guys are utilizing the very security flaws you found to do Bad Things(TM).
Good grief.
No expectation of anonymity (Score:5, Insightful)
If you want anonymity, SSH through a string of compromised Eastern European servers to a comfortably log-agnostic Indonesian ISP, and do all your surfing through Lynx/Links. That's the only stab at anonymity you'll get, and they'll probably just install a keylogger anyway. Freedom is slavery.
Do fancy locks attract thieves? (Score:5, Insightful)
Not what tor was intended for! (Score:5, Insightful)
It's important to remember that security and anonymity are different things.
How does a SSL MITM attack work? (Score:4, Insightful)
Re:Is this not what that swedish hacker said? (Score:5, Insightful)
any idiot should realize it's a hostile network (Score:5, Insightful)
Is this not what that swedish hacker said?
Is this not what anyone with a basic understanding of the most basic network/TCP concepts (ports, IP addresses, connections, that sort of thing) should have realized, if they read anything about Tor? Is this not something that the Tor project should have explained in clear language for those who do NOT have a basic understanding of networking?
It's beyond "untrusted". It's a hostile network and blatantly so, if you bother to read even a basic description of it. You should assume that your traffic will be routed out a node where a person, organization, or government is passively monitoring or actively attacking your traffic.
All this (repeated) fuss demonstrates is how many incompetent network/sysadmin people there are in the world, and how few people in the press and "blogging" community understand networking. Any idiot who knows ALL of the reasons why ssh is better than telnet (ie, answers more than just "it's encrypted, so people can't see what you're typing") should be able to tell you why Tor is a hostile network...unless they're just parroting what they've read elsewhere.
Re:Not what tor was intended for! (Score:3, Insightful)
Re:Tor gives you anonymity (Score:3, Insightful)
Re:Tor gives you anonymity (Score:4, Insightful)
Above TS (Score:3, Insightful)
1. If you are not aware of any classified scheme above TS, then how will you know such information is actually classified if you come across it. Like if I were to stumble across a folder that had a classification stamp of "ULTRA SENSITIVE QUARANTINED" I would not have any qualms discussing the contents if I so chose because I would assume the documents to be fake or otherwise not associated with the gov since that is not an official gov classification scheme.
2. If I were indeed to disclose such information how would I be prosecuted? There are no laws against disclosing ULTRA SENSITIVE QUARANTINED information, so I don't see how a case could be made. Unless of course the laws themselves were secret and a court were to rule that you could be punished even though the law was unknowable to you. But lets not even go there.
Encrypted Traffic? (Score:3, Insightful)
FreeNet is more about hiding the data.
Re:Please help us improve our documentation. (Score:3, Insightful)
The only way to get users to do something with any reliability is to FORCE them to do it, and to make everything else impossible.
Now someone is going to scream that they really want the ability to do plain in the clear http over TOR. Fine, ship tor clients with two modes, "insecure" and "secure". Default to the latter which only uses the half of the tor network that blocks un-encrypted traffic, and force users to select "insecure" to be able to use the other half.
Re:How can ... (Score:3, Insightful)
It is perfectly possible to fake almost any element of an email, from faking the sender, the headers, up to and including the creation and registration of encryption keys with PKI servers that have nothing to do with the person the email claims to be from (as far as an email address can claim anything). However, this is where the trust element of PKI comes in. If I sign up with a commercial supplier of PKI related products then that supplier may well carry out a number of checks to ensure that I am who I say I am, if I use a random and badly configured server on the net, it will work just as well but will not have the same level of trust. Most importantly it would then be up to you to decide if you trust my PKI provider to identify me correctly.
However disregarding the positive identification of a sender to some degree, you can get round most of the problems by using a little common sense, if you received an email from me now, encrypted and signed, all you would know is that someone had sent you an email, claiming to be me. If I call you first and tell you I am about to email you something encrypted, you can be 99.99% certain that its from me (you still don't know for sure who I am, but you know the email came from the person claiming to have sent it). More importantly we only need to go through that once, after all if I signed the message you know who I am and can can now use my public key to send me encrypted communications and you can verify that my key doesn't change between mails (unless I tell you it will be) just as I can do for you. The only remaining risk is me losing my private key, but that's what revocation is for. The big thing with PKI and mail is less to do with positively identifying someone, and everything to do with knowing it is the same person sending the mail (however you verify their identity in the first instance) or being able to ensure that only the holder of a specific private key is able to read an email you send (a key that only they have, and one they never have to share).
You decide to trust the public key and the identity of the person you are communicating with, if you blindly trust an email because its signed and it turns out its someone else then that's tough, it would be the same as assuming the mails from NatWest and Barcleys Bank I get about my account being closed unless I update my security data are valid and responding. Emails, Signatures, Keys, Passports, Letters etc.. are only valid for identification to a certain level, a level defined by the trust of the person relying on them of the system used to procure them, and the certainty they purport to provide with regard to identification.
Sorry, this post isn't all that clear and I think I rambled.
Re:trust. (Score:1, Insightful)
Nobody verifies SSH host keys. (Score:3, Insightful)
On the other hand, SSH host keys are signed by nobody; there's no infrastructure in place to allow, for example, your sysadmin to sign SSH host keys using his own PGP mail keys, which you trust via the web-of-trust in place for that. No, you have to maintain your PGP keys and SSH keys separately, for no damned good reason, and we all just hope and pray that our SSH sessions aren't being jacked the first time we connect--and if we are jacked, we blame ourselves rather than the system that makes such stupidity practically mandatory. It's utter insanity, and it's amazing that we all put up with it.
(There was once a project to add GPG support to OpenSSH [red-bean.com], but it seems to be moribund.)