A bit of Tor / I2P / Tails / SORM-3

    So. Too much has happened in the last week and a half, so it will be in one post.


    BlackHat performance canceled

    Everyone will be able to hack Tor for $ 3000 (@MagisterLudi) - said the guys who were forbidden to speak at BlackHat. They wanted to speak on behalf of the Carnegie Mellon's Software Engineering Institute, which conducted the research, but were not given the right to publicly distribute this material. Details are not particularly known: the researchers reported the bug only to Tor Core Developers, but, it seems, everyone understood each other, and work is already underway to fix the bug.

    Torproject newsletter message ;
    Some information in PCWold ;
    On xaker.ru ;
    An earlier note on arstechnica.com .

    Sniper attack


    Finally, they laid out the details of the attack , which was reported on the Torproject blog in late January . This attack allowed, firstly, to consume memory on the exit-node until it was inoperative with very low use of resources on the side of the attacker, and secondly, it allowed anonymously deanonymizing the hidden service when attacking from 4 to 278 hours on it. The problem was incorrect work with TCP Window Size / Flow Control and the SENDME command. We decided to add some authentication on SENDME (in fact, just a little check). Bug fixed in version

    Note on Torproject

    Tails and I2P

    Tails 1.1 came out, sort of with a vulnerability

    The guys at Exodus Intel told the developers of the Tails distribution that it was vulnerable, right before the release of Tails 1.1. At first, they did not disclose any information about the vulnerability, but now they have made a video:

    What is going on in the video?
    0: 00: 00,000 -> 0: 00: 10,400: Demonstrating IP on listening server, Turning on listening server
    0: 00: 19,000 -> 0: 00: 25,400: Tails user visiting website icanhazip.com which shows the anonymized IP address
    0 : 00: 36,000 -> 0: 00: 49,400: Showing that we're indeed using the latest Tails build 1.1
    0: 00: 50,000 -> 0: 01: 03,400: I2P address being resolved, proof of concept malicious payload being delivered
    0 : 01: 30,000 -> 0: 01: 40,400: Listening server retrieves the Tails user's de-anonymized IP address (Austin RoadRunner ISP)

    It is not clear whether this is a vulnerability in the I2P router itself, its web interface, or in Tails. It's too early to judge, but judging by the video, it's something like XSS, although the guys talk about payload. It looks like nonsense, but Exodus is serious enough to make jokes like that (for example, they sell their DARPA exploits). We are waiting for the details.

    The Exodus Intel blog post , Thehackernews , is another .

    Tor and SORM-3

    As you may already know, the Russian Ministry of Internal Affairs has announced a contest whose goal is to “hack” TOR (@ Gordon01). I doubt that this competition was made up by competent people ( call ), but personally I believe that selective deanonymization of Tor users in the Russian Federation is quite possible, given that SORM-3 works exactly as it was described in press releases.

    Everything is quite simple: SORM-3 logs the actions of subscribers, and sites log the actions of users. Suppose we want to deanonymize a user who wrote a comment on a news resource. Due to the popularity of all exit-node IPs at a particular moment, people who have logs and a website whose user they want to deanonymize, and SORM-3, and the exit-node list at a specific point in time, can compare the time the comment appears and the time sending a data packet from the subscriber. The fewer Tor users in the Russian Federation, the more effective this method. So it goes.

    Also popular now: