"Practical onion hacking: finding the real address of Tor clients"
Chris
millions.of.stones at gmail.com
Wed Oct 18 15:58:02 UTC 2006
That paper also demonstrates how easy it is to create a bad exit node
that can poison traffic passing through it with spam, malware,
trojans, fake sites and 0-day exploits.
By joining the TOR network and becoming a server a rouge player
instantly becomes a trusted ISP and can serve up anything they want
and monitor everything passing through.
I use firefox with noscript fully armed but every now and again I
allow scripts for a certain site to access some functionality and
then, no matter what site that is, if I am using tor I will be at more
risk than if not using tor. What about people using IE on an
unpatched machine. TOR becomes a BOT army recruitment center where
the new soldiers walk right in. No need to advertise.
I am new to this list so maybe this has already be discussed and
sorted and I'm over reacting but for a while now I have been very wary
about the way I use tor and the internet in general. I was using tor a
few weeks ago and a german exit node was altering my content so I have
seen this happen first hand.
Can the tor directory provider run a script every now and again that
checks the content of a site/image retrieved from outside of tor and
though each exit node and then look into any discrepancies. I know
anyone can try this and make a better test but this will eventualy
have to be done and acted upon by a trusted party.
On 18/10/06, Mike Perry <mikepery at fscked.org> wrote:
> Thus spake Jacob Appelbaum (jacob at appelbaum.net):
>
> > Hi *,
> >
> > Fortconsult wrote this and it may be of some interest to people on this
> > list:
> > http://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf
>
> Wow. I think the most telling statement is that most of the people
> they got were from China. Probably unfortunate side effect of most of
> the Tor docs being in English..
>
> Incidently, I tried out TorPark the other day, and I must say it is
> pretty magnificent. Having a well-configured browser like that for Tor
> usage solves nearly every one of these problems.
>
> Would be nice if NoScript defaulted to All-Off instead of All-On, and
> they used AdBlock Plus with some feeds instead of just AdBlock, but
> otherwise excellent for casual "only sometimes" Tor users who are
> likely to be tripped up by this sort of stuff.
>
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
>
More information about the tor-talk
mailing list