|
Home > Archive > Anonymous Servers > August 2005 > [Fwd] Critical bug in Tor *fixed*
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Fwd] Critical bug in Tor *fixed*
|
|
| Thomas J. Boschloo 2005-08-05, 7:46 am |
| Tor 0.1.0.13 fixes a CRITICAL bug in the security of our crypto
handshakes. All clients should upgrade IMMEDIATELY.
(We mean it. Really. Also, note that with this release we are abandoning
support for the old Tor 0.0.9.x tree. You should stop using it.)
http://tor.eff.org/download.html
o Bugfixes on 0.1.0.x:
- Fix a critical bug in the security of our crypto handshakes.
- Fix a size_t underflow in smartlist_join_strings2() that made
it do bad things when you hand it an empty smartlist.
- Fix Windows installer to ship Tor license (thanks to Aphex for
pointing out this oversight) and put a link to the doc directory
in the start menu.
- Explicitly set no-unaligned-access for sparc: it turns out the
new gcc's let you compile broken code, but that doesn't make it
not-broken.
| |
| Alfredo 2005-08-11, 2:48 am |
| I was wondering when they were going to find security flaws in TOR. It
was just a matter of time. Same thing happened with JAP, then they found
out it was giving the German Cops info. Personally, I don't think Tor
offers much protection.
Thomas J. Boschloo wrote:
> Tor 0.1.0.13 fixes a CRITICAL bug in the security of our crypto
> handshakes. All clients should upgrade IMMEDIATELY.
>
> (We mean it. Really. Also, note that with this release we are abandoning
> support for the old Tor 0.0.9.x tree. You should stop using it.)
>
> http://tor.eff.org/download.html
>
> o Bugfixes on 0.1.0.x:
> - Fix a critical bug in the security of our crypto handshakes.
> - Fix a size_t underflow in smartlist_join_strings2() that made
> it do bad things when you hand it an empty smartlist.
> - Fix Windows installer to ship Tor license (thanks to Aphex for
> pointing out this oversight) and put a link to the doc directory
> in the start menu.
> - Explicitly set no-unaligned-access for sparc: it turns out the
> new gcc's let you compile broken code, but that doesn't make it
> not-broken.
>
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Wed, 10 Aug 2005 18:48:00 -0700, Alfredo wrote in
Message-Id: <ddeaog$iqv$6@onion.ccit.arizona.edu>:
> I was wondering when they were going to find security flaws in TOR.
I think this was actually a problem with openssl
> It was just a matter of time. Same thing happened with JAP, then they
> found out it was giving the German Cops info.
The German authorities ordered Jap to introduce a backdoor.
> Personally, I don't think Tor offers much protection.
Roger would probably agree with you for certain types of adversary.
Then again the sort of adversary he is trying to beat is someone with
the capabilities to see large chunks of the network simultaneously. Tor
has over 200 servers now so that's a very powerful adversary indeed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBQvsdVWoLu9HNUqmMAQqqHwf+ILxo24wW
iIRdbcSIwilmmUx5JkClgtMB
jVgpCcnwEYfXDT+dGGvLmiS82ZKl48WnAfBEv0C1
MBveeIuViIbozaahte0jrCV2
tLWghq3li9MDUOKX67FBuqA4jtq3MPhrhj1fL4m+
sH6L5zkmAZNoIeBQlVLWH9lU
Q09zFsKt+sdlji7jMQbObVjW8fkN8/+T7hfQ9n2yxeRFyZk8Hk8Msy5xKL+b5h52
+vsG8MXD9xnmJYspQ5a9JxvDnBM6VAVAggdS6zMj
aQ6d+K62MCrCK6BTy+lHg2hV
MII2rLqlCF4lXgbqn5gDvtT0ONe2xR8SY4tLoyD5
hUNZaOJ5QhLnTQ==
=DYqu
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Tarapia Tapioco 2005-08-11, 5:48 pm |
| In article <ddf6gl$6a4$1@bananasplit.info>
Zax <fleegle@bananasplit.info> wrote:
>
> On Wed, 10 Aug 2005 18:48:00 -0700, Alfredo wrote in
> Message-Id: <ddeaog$iqv$6@onion.ccit.arizona.edu>:
>
> I think this was actually a problem with openssl
What were the ramifications of this bug? It never actually gave
any information about what the flaw would allow an attacker to
do. Crash the client? Impersonate an entry node that you thought
you were connecting to? Decrypt the entire chain of tor nodes?
"Security flaw in crypto handshakes" explains nothing 
| |
| roadburner - Tor Server 2005-08-11, 5:48 pm |
| On Thu, 11 Aug 2005 09:41:41 +0000 (UTC), Zax
<fleegle@bananasplit.info> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>On Wed, 10 Aug 2005 18:48:00 -0700, Alfredo wrote in
>Message-Id: <ddeaog$iqv$6@onion.ccit.arizona.edu>:
>
>I think this was actually a problem with openssl
>
>The German authorities ordered Jap to introduce a backdoor.
>
>Roger would probably agree with you for certain types of adversary.
>Then again the sort of adversary he is trying to beat is someone with
>the capabilities to see large chunks of the network simultaneously. Tor
>has over 200 servers now so that's a very powerful adversary indeed.
>
Probably a very fair statement. The primary reason I operate a sever
is to provide some measure of protection against corporations
profiling the folks that visit their sites. However, against a
determined adversary with the resources, I don't think I can offer
much help. Have a look at the following link. It is interesting.
http://www.aunty-spam.com/track-any...ew-fingerprint/
Regards,
Roadburner
| |
| speeder 2005-08-12, 2:46 am |
| On Thu, 11 Aug 2005 13:17:22 -0400, roadburner - Tor Server
<roadburner^at^comcast^dot^net> wrote:
>Have a look at the following link. It is interesting.
>
>http://www.aunty-spam.com/track-any...ew-fingerprint/
>
>Regards,
>Roadburner
Here is the relevant piece:
"(the techniques) exploit the fact that most modern TCP stacks
implement the TCP timestamps option from RFC 1323 whereby, for
performance purposes, each party in a TCP flow includes information
about its perception of time in each outgoing packet. A fingerprinter
can use the information contained within the TCP headers to estimate a
device's clock skew and thereby fingerprint a physical device."
I believe they are talking about two parties directly connecting to
each other. For example, a webserver could identify a returning
computer directly connecting to it, even though it might have changed
IP. I doubt it would work on the Tor network, though. I could be wrong
but just by using a proxy would defeat that attack. Besides, the same
article mentions that it is easy meddling with TCP packet timestamps
to defeat this method.
Thanks for the article though, it was interesting indeed.
| |
| roadburner 2005-08-12, 2:46 am |
| On Thu, 11 Aug 2005 23:52:13 -0300, speeder <no.spam@invalid.com> wrote:
>On Thu, 11 Aug 2005 13:17:22 -0400, roadburner - Tor Server
><roadburner^at^comcast^dot^net> wrote:
>
>
>Here is the relevant piece:
>"(the techniques) exploit the fact that most modern TCP stacks
>implement the TCP timestamps option from RFC 1323 whereby, for
>performance purposes, each party in a TCP flow includes information
>about its perception of time in each outgoing packet. A fingerprinter
>can use the information contained within the TCP headers to estimate a
>device's clock skew and thereby fingerprint a physical device."
>
>I believe they are talking about two parties directly connecting to
>each other. For example, a webserver could identify a returning
>computer directly connecting to it, even though it might have changed
>IP. I doubt it would work on the Tor network, though. I could be wrong
>but just by using a proxy would defeat that attack. Besides, the same
>article mentions that it is easy meddling with TCP packet timestamps
>to defeat this method.
>
>Thanks for the article though, it was interesting indeed.
As for the article, I found it quite amazing. Who would have thought?
I am far from an expert on anonymity. For all security questions on Tor,
Roger and Peter are the people I defer to. I figure as long as I take their
advice, I am in as safe a set of hands as I could be in. Tor has the
disclaimer that it still experimental software. I guess I take some small
measure of pride in helping the developers by being a test platform.
Normally I never post through Agent as I am doing now. In fact, this is
probably one of the first few times I can ever remember. Normally I post
anonymously or through one of my nyms.
I have been an privacy advocate for years.
A fine gentleman in Colorado walked me through the basics of PGP when it was
first released. We started with the very basics of making a key, signing it,
encrypting messages, etc. He taught me enough to be a competent user.
Then came the remailers. I started back with Private Idaho, and JBN when R
Process released it. I am still using the original JBN2 software from when it
was released so many years ago. When I get a new computer, I install JBN onto
the computer. Delete the new JBN folder and copy my backup folder of JBN back
onto the computer. So in effect, it is the exact code that I had gotten many
years ago. Besides, all of my nym books, settings, etc.are perfectly restored.
I well remember the Stray Cat and dearly miss him. I never missed one of his
posts. He was one of the nicest people I had ever met and provided me a lot of
personal help getting stated with JBN. If you were around then, all you had to
do was drop a message to AAM with the header Attn: Stray Cat if you wanted to
correspond with him privately.
I would have liked to have operated a remailer but my business consumes way
too much of my time. Operating a Tor server sounded easy and it is. At least I
can give a tiny bit back to all those that have so freely helped me.
My warmest regards,
Roadburner
| |
| Thomas J. Boschloo 2005-08-12, 5:47 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
roadburner wrote:
<s>
> I well remember the Stray Cat and dearly miss him. I never missed one of his
> posts. He was one of the nicest people I had ever met and provided me a lot of
> personal help getting stated with JBN. If you were around then, all you had to
> do was drop a message to AAM with the header Attn: Stray Cat if you wanted to
> correspond with him privately.
It was also Stray Cat that sucked me into APA-S. Because of him this
group made a very good first impression on me! (I started out in
alt.security.pgp after I read about PGP in a hacker magazine; hacktic).
The only downside to Stray Cat was that he always posted so fast that
there was nothing left for other regulars in the group to reply to ;-)
He seemed to be perpetually online here <g>
He came back here a couple of weeks ago, but didn't stay long :-( [18/07
- - 29/07] He didn't use X-No-Archive this time! But the trolls homed in
on him and forced him to sign with his old keys several times..
Thomas
- --
Life is like a videogame with no chance to win - ATR
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQvybPgEP2l8iXKAJAQGshQMfUfIPtMUK
G2hB6Z8HuBtW9kPsPlSRFTrN
CnateQY54KH8BFPMIKDTKaFeySY2gRLf1yQtMd3O
+tdgSrqbpsmJsQ17VB+jV/Jc
YoRsZoWWvOdL4aBeXV4ZTOrSvoItV5FJIaaoTg==
=VwKl
-----END PGP SIGNATURE-----
| |
| roadburner 2005-08-12, 5:47 pm |
| On Fri, 12 Aug 2005 14:51:10 +0200, "Thomas J. Boschloo" <nospam@hccnet.nl>
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>roadburner wrote:
><s>
>
>It was also Stray Cat that sucked me into APA-S. Because of him this
>group made a very good first impression on me! (I started out in
>alt.security.pgp after I read about PGP in a hacker magazine; hacktic).
>
>The only downside to Stray Cat was that he always posted so fast that
>there was nothing left for other regulars in the group to reply to ;-)
>He seemed to be perpetually online here <g>
>
Yes, I remember someone asking him about that. In his typical fashion he
relied:
"What can I say, I am an Internet junkie"
I'll never forget that reply. What a fine guy!!
Regards,
Roadburner
| |
| Anonymous via Panta Rhei 2005-08-13, 2:47 am |
| In article < 7ac5564036b31616d58a0970019287d6@firenze
.linux.it>
Tarapia Tapioco <comesefosse@ntani.firenze.linux.it> wrote:
>
> In article <ddf6gl$6a4$1@bananasplit.info>
> Zax <fleegle@bananasplit.info> wrote:
>
> What were the ramifications of this bug? It never actually gave
> any information about what the flaw would allow an attacker to
> do. Crash the client? Impersonate an entry node that you thought
> you were connecting to? Decrypt the entire chain of tor nodes?
>
> "Security flaw in crypto handshakes" explains nothing
http://archives.seul.org/or/announc...5/msg00002.html
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
|
|
|
|
|