Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Scientists Detect Two Dozen Computers Trying To Sabotage Tor Privacy Network

Soulskill posted about 6 months ago | from the a-few-bad-onions-spoil-it-for-the-rest-of-us dept.

Privacy 94

New submitter fynbar writes "Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit (PDF). 'Two of the 25 servers appeared to redirect traffic when end users attempted to visit pornography sites, leading the researchers to suspect they were carrying out censorship regimes required by the countries in which they operated. A third server suffered from what researchers said was a configuration error in the OpenDNS server. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic. The servers did this by using the well-known sslstrip attack designed by researcher Moxie Marlinspike or another common MitM technique that converts unreadable HTTPS traffic into plaintext HTTP.'"

cancel ×

94 comments

Sorry! There are no comments related to the filter you selected.

Only 24? (4, Insightful)

Anonymous Coward | about 6 months ago | (#46033457)

If only 24 "bad" computers can cause that big of an issue then the TOR network clearly has bigger problems.
I'm surprised that there was so few detected doing it.

Who owns the "bad" servers ? (3)

Taco Cowboy (5327) | about 6 months ago | (#46033807)

Reading TFA (yes, I did) revealed next to nothing. Other than a brief mention of "From Russia with love" and that their IPs were assigned to Russia, I can't glean any useful info on who owns those servers.

US FEDS (0)

Anonymous Coward | about 6 months ago | (#46034783)

US feds own them, i know cause of the ip addresses its not common knowledge....only a fe wpeople on earth know the full extent of federal us ip range activity

Re:US FEDS (0)

Anonymous Coward | about 6 months ago | (#46035759)

Of all the things you can accuse the NSA of, censoring access to porn websites isn't one of them. They don't care, but they will happily log it to your dossier to use against you in the future. Censoring porn however, especially if you like gay porn is entirely consistent with Putin's latest fascist campaign for moral purity.

Re:Only 24? (4, Informative)

Anonymous Coward | about 6 months ago | (#46033875)

The "issue" is that an exit node can monitor or intercept outgoing connections.

This is inherent to the design, and probably can't be fixed at this level.
It's also a "feature" because it provides an incentive to run an exit node.

The solution is that end users need to be extra paranoid. TOR isn't magic security dust - it anonymizes traffic, but it also increases your exposure to attacks. It should only be used for encrypted connections, with authentication of the end point.
For "casual" users that means to always use https, always verify the certificate, and disable any root certificates you don't need.

Re:Only 24? (1)

Anonymous Coward | about 6 months ago | (#46035625)

It depends on the use case. Somebody browsing porn on Tor (porn isn't illegal in many cases, just restricted, think academic institutions, etc) doesn't care if you can see everything they are looking at because they are still anonymous. That might be a bad example. Lets use a better one. A user posting a video of police corruption (taken from afar) doesn't care if the middle-man can see what hes doing. He only cares that the middle-man can't identify him.

Re:Only 24? (0)

Anonymous Coward | about 6 months ago | (#46097297)

Bad exit nodes can tamper with un-secure/downgraded traffic and inject de-anonymizing exploits against you. (Freedom Hosting) Boom. You're identified. They can also do browser fingerprinting with techniques like Panopticlick. And it is not too hard for networks to track connections to Tor and then do crude correlation. (Harvard student allegedly caught using GuerillaMail to escape finals)

It does depend on the use case, but that is a real weakness. Rumour is that WikiLeaks got some initial documents with a sniffing exit node.

What is best practice for non-tor browsing? (1)

Marrow (195242) | about 6 months ago | (#46036937)

With regards to the SSL stuff? Should I disable all SSL certs in the browser and then enable only the ones that my https sites ask for? Or is it safe to leave them alone. Or will it break everything if I disable them since I won't know which to turn back on? And what about non-browser ssl traffic? Does the update service use ssl libraries too? Isnt there a separate certs list for ssl programs that are not browsers?

Re:Only 24? (1)

Big Hairy Ian (1155547) | about 6 months ago | (#46034663)

That's 24 + the 2000 or so TOR end points the NSA operates.

Re:Only 24? (0)

Anonymous Coward | about 6 months ago | (#46034989)

Oh, so it's a "privacy network" is it now fynbar ?
I thought it was the deep web, where the pedophiles hung out and how you got to silk road to order hits on your network admin. And bath salts turn you into a murderous, face-eating zombie.

Re:Only 24? (1)

Rich0 (548339) | about 6 months ago | (#46038727)

Well, you get the NSA endpoints whether you use TOR or not, so...

Re:Only 24? (0)

Anonymous Coward | about 6 months ago | (#46036769)

If only 24 "bad" computers can cause that big of an issue then the TOR network clearly has bigger problems. I'm surprised that there was so few detected doing it.

Consider that TOR was originally written by the United States Navy. Problems, you say?

How many is "almost two dozen" exactly? (5, Funny)

mikewilsonuk (1676196) | about 6 months ago | (#46033473)

"... almost two dozen computers that were actively...", "Two of the 25 servers... ".

Oh, they clear that up nicely - "Almost two dozen" is actually 25. Perhaps dozen is like gallon: different sizes in different countries.

Re:How many is "almost two dozen" exactly? (5, Informative)

Imrik (148191) | about 6 months ago | (#46033509)

Apparently the "almost two dozen" refers to the 22 that were doing MiTM attacks.

Re:How many is "almost two dozen" exactly? (0)

Anonymous Coward | about 6 months ago | (#46033899)

Saying "22" would have been more concise than "almost 2 dozen".

Just sayin'.

Re:How many is "almost two dozen" exactly? (1)

Deus.1.01 (946808) | about 6 months ago | (#46034019)

Pft...decimals...why to you hate accuracy...

Better solution is to start adding denominator to the ehm denomination.

Re:How many is "almost two dozen" exactly? (0)

Anonymous Coward | about 6 months ago | (#46033511)

It's ok... we don't expect you to actually READ the article in the link.

Re:How many is "almost two dozen" exactly? (1)

Anonymous Coward | about 6 months ago | (#46033737)

Well, it always is a good idea to read the complete text. Here's a bigger quote with all the relevant parts:

"[...] almost two dozen computers that were actively [...] by carrying out attacks that can degrade encrypted connections [...]",
"Two of the 25 servers [did something different]. A third server [was apparently misconfigured]. The remainder carried out so-called man-in-the-middle (MitM) attacks designed to degrade encrypted Web or SSH traffic to plaintext traffic."

So it was 22 servers which were "carrying out attacks that can degrade encrypted connections". I'd say 22 certainly qualifies as "almost two dozen".

Re:How many is "almost two dozen" exactly? (1)

Deus.1.01 (946808) | about 6 months ago | (#46033953)

Yeah...well...maybe /. sucks at LaTeX..

Ever think of that?

Re: How many is "almost two dozen" exactly? (0)

Anonymous Coward | about 6 months ago | (#46034223)

Well your wife sure doesn't...

Re:How many is "almost two dozen" exactly? (0)

Anonymous Coward | about 6 months ago | (#46033957)

Well, it is almost two baker's dozen.

Re: How many is "almost two dozen" exactly? (0)

Anonymous Coward | about 6 months ago | (#46034385)

Only almost 2 dozen ??? Pfffft.. wake me up when it's almost a bushel full of servers doing it over the course of a fortnight. Then my jimmies will be rustled.

Re:How many is "almost two dozen" exactly? (1)

Buz53 (2828481) | about 6 months ago | (#46034439)

It's exactly two of your average dozen...Bakers and regular

Re:How many is "almost two dozen" exactly? (1)

jrumney (197329) | about 6 months ago | (#46034471)

Since the results clearly show that Tor is a half-baked solution the story authors felt it appropriate to use 13 as the reference value for a dozen.

Re:How many is "almost two dozen" exactly? (0)

Anonymous Coward | about 6 months ago | (#46035079)

Maybe the authors are bakers?

HTTP/HTTPS Issues? (0)

Anonymous Coward | about 6 months ago | (#46033493)

We keep hearing about all these SSL/HTTPS issues where a user is accidentally tricked into using HTTP instead. Is there an addon for Firefox/Chrome that will only allow you to make HTTPS connections?

It would be nice if there was a mode like their 'private browsing' modes that you could enter and then only access secured sites.

Re:HTTP/HTTPS Issues? (2, Informative)

Anonymous Coward | about 6 months ago | (#46033519)

yes, EFF's HTTPS Everywhere

Re:HTTP/HTTPS Issues? (5, Informative)

Anonymous Coward | about 6 months ago | (#46033577)

HTTPS Everywhere doesn't stop you browsing HTTP sites it just tries to redirect you to the HTTPS version of a HTTP site if it's available. Not saying it's not useful (just not quite what the OP was suggesting). There is a spin off of HTTPS Everywhere - HTTP Nowhere that might get the job done for Firefox. Not sure what happens with embedded crap like flash etc. though and AFAIK it's a global thing - there is no 'secure only' browsing window or anything like that.

https://addons.mozilla.org/En-us/firefox/addon/http-nowhere/

Another option might be squid (or another transparent proxy) which is configured to only allow HTTPS?

Re:HTTP/HTTPS Issues? (0)

Anonymous Coward | about 6 months ago | (#46034631)

You realize that the attacks that were being performed in over 80% of cases mentioned in the article were using sslstrip, right? So having HTTPS Everywhere wouldn't have made any difference, being that the traffic was already being decrypted?

Oh, you can turn on the "SSL Observatory though," so that's nice. I wonder if the EFF forks over any of the information they glean from that little option to any federal agencies...

Re:HTTP/HTTPS Issues? (1)

tlhIngan (30335) | about 6 months ago | (#46036225)

yes, EFF's HTTPS Everywhere

Except said bad exit node already compromises HTTPS by doing a MITM attack. because it literally IS a MITM. Just like an exit node can compromise SSH as well.

Basically the exit nodes see that you're trying to establish an HTTPS connection and return you a self-signed cert to encrypt data with that they decrypt, and the re-encrypt with the real key to the site.

Your browser will detect the fault since the certificate doesn't have a path to a known root CA. The question is, will the user know, care or not bother?

Basically the paper isn't saying anything new - exit nodes are known to have the ability to spy on Tor users (and with enough spying, be able to identify them). It's just that some nodes are a bit more sophisticated and perform MITM attacks on otherwise-encrypted connections.

And heck, didn't the NSA run something like the largest crowd of exit nodes because of this?

Re:HTTP/HTTPS Issues? (0)

Anonymous Coward | about 6 months ago | (#46038033)

Shouldn't the traffic already be anonymous at the exit node? If it's not anonymous at any stage in the TOR network except at the exit then it's just a poor performance VPN or proxy server.

Re:HTTP/HTTPS Issues? (0)

Anonymous Coward | about 6 months ago | (#46040039)

Your browser will detect the fault since the certificate doesn't have a path to a known root CA. The question is, will the user know, care or not bother?

A user using tor would likely notice and investigate the red screen Mozilla or Chrome throw up when the CA is self signed.

If the user doesn't notice, the traffic is still anonymous (unless the user types Personally Identifiable Information into the form) or the MITM add tracking cookies. That said, if your using Tor, have the good sense to check certs and deny most/all cookies.

Re:HTTP/HTTPS Issues? (5, Informative)

Randle_Revar (229304) | about 6 months ago | (#46033559)

Not sure if joking...

http://noscript.net/features#o... [noscript.net]
https://www.eff.org/https-ever... [eff.org]

A lot of the sslstrip stuff is based off of people not noticing the page has changed to insecure, modern browsers try to address that by making it more visible than it was in the pre-FF3 era, e.g.:
https://support.mozilla.org/en... [mozilla.org]

Re:HTTP/HTTPS Issues? (0)

Anonymous Coward | about 6 months ago | (#46033605)

I wasn't aware of that option in NoScript, thank you.

Re:HTTP/HTTPS Issues? (0)

Anonymous Coward | about 6 months ago | (#46033633)

Just be aware that the NoScript option won't actually stop HTTP pages from loading - it'll just stop scripts from insecure pages. If you've been tricked into accessing an insecure version of a login page NoScript's option might not help you.

Re:HTTP/HTTPS Issues? (1)

Anonymous Coward | about 6 months ago | (#46033691)

Neither of these options will stop your browser from making a http connection!

HTTPS Everywhere does not force HTTPS, it tries to use it where it's available through URL rewriting rules.
The NoScript option prevents scripts from running on insecured sites, it does not stop your browser from loading the page in the first place.

Consider using a proxy that specifically blocks HTTP traffic or maybe a plugin like HTTP Nowhere mentioned in the post above.

Re:HTTP/HTTPS Issues? (2)

Anonymous Coward | about 6 months ago | (#46033765)

I guess another option would be to use FoxyProxy and configure a nonexistent proxy "running" on 127.0.0.1 for all http traffic. If you already use FoxyProxy for other purposes, it means you don't even need to install additional software/extensions.

Re:HTTP/HTTPS Issues? (5, Informative)

Melkman (82959) | about 6 months ago | (#46033745)

Sorry, but modern browsers don't really address that. The problem with the browser warnings is their definition of insecure. You only get warnings if there is something wrong with an encrypted https site like an invalid certificate. Using an unencrypted site is NOT seen as insecure as it would annoy users during most of their normal browsing sessions. The Blackhat presentation about sslstrip from Moxie explains very clearly what the problems are. You can view it at http://www.thoughtcrime.org/so... [thoughtcrime.org]

Re:HTTP/HTTPS Issues? (1)

Rich0 (548339) | about 6 months ago | (#46033797)

Sorry, but modern browsers don't really address that. The problem with the browser warnings is their definition of insecure. You only get warnings if there is something wrong with an encrypted https site like an invalid certificate. Using an unencrypted site is NOT seen as insecure as it would annoy users during most of their normal browsing sessions.

Indeed, it drives me nuts that a self-signed SSL cert makes users jump through about 47 hoops to bypass, but right now I'm posting this form on Slashdot without any authentication or encryption at all and the browser is just fine with that. I have no idea if this session is being intercepted or tampered with.

Re:HTTP/HTTPS Issues? (0)

Anonymous Coward | about 6 months ago | (#46046933)

^ this, upvote insightful.

Browsers should properly warn people every time http is used.

Re:HTTP/HTTPS Issues? (3, Informative)

PlusFiveTroll (754249) | about 6 months ago | (#46034813)

>Sorry, but modern browsers don't really address that.

Yes, they do, but so few servers use it yet that it's still a problem.

http://en.wikipedia.org/wiki/H... [wikipedia.org]

Re:HTTP/HTTPS Issues? (1)

Anonymous Coward | about 6 months ago | (#46033703)

Just set non-existant proxies, e.g 127.0.0.1:12345, for all non-HTTPS protocols.

Whoopdidodah! (-1)

Anonymous Coward | about 6 months ago | (#46033495)

Says the crowd. Is this another pickens story? Sounds likeit.

scientists? (-1)

Anonymous Coward | about 6 months ago | (#46033503)

You know, the other day I had a plugged up toilet but instead of calling a plumber I called water scientists. They identified almost two dozen used condoms around the u-bend. I didn't think this is what scientists do, but I guess I was wrong.

Re:scientists? (-1)

Anonymous Coward | about 6 months ago | (#46033547)

almost two dozen used condoms around the u-bend

Didn't your dad teach you not to flush those? Men are so useless these days.

Re:scientists? (4, Insightful)

alzoron (210577) | about 6 months ago | (#46033599)

Every time you see a headline in the form of "Scientists discover new foo" you can pretty much stop reading right there. The author is most likely the sort of person that confuses science with wizardry and isn't very likely to produce an article of any real substance. You could actually just replace every instance of scientist with wizard and impart the same level of information.

Re:scientists? (3, Funny)

SuricouRaven (1897204) | about 6 months ago | (#46033607)

Any sufficiently analysed magic is indistinguishable from technology.

Re:scientists? (0)

Anonymous Coward | about 6 months ago | (#46079201)

I suggest s/scientist/walrus/g

Computer scientists? (-1)

Anonymous Coward | about 6 months ago | (#46033505)

What's a computer scientist? Don't you mean IT guy? Go back to looking at Korean porn, IT guys. There's no suck thing as a computer scientist.

Re:Computer scientists? (0)

Anonymous Coward | about 6 months ago | (#46034325)

Go back to looking at Korean porn, IT guys. There's no suck thing as a computer scientist.

I think you may be the one into the porn given that Freudian slip there...

youtube goes https with useful end user inf. incl. (-1)

Anonymous Coward | about 6 months ago | (#46033521)

gives warnings etc... good response goo

North Korea or USA ? (-1)

Anonymous Coward | about 6 months ago | (#46033589)

Most active anti-people regimes. North Korea lacks resources so probably USA services financed by American oligarchs.

most boring passive population in history (-1)

Anonymous Coward | about 6 months ago | (#46033621)

all wrapped around the axle about someone watching us do almost nothing, because it sells

monkeys have more fun than us, share their bananas (0)

Anonymous Coward | about 6 months ago | (#46033641)

no hymens to fuss about.. fail to shoot each other still..... where did they go astray?

PR exercise ? (1)

Anonymous Coward | about 6 months ago | (#46033629)

Repeated attempts to destroy Tor's image to deter troublesome future widepread-adoption of this privacy tool?

mrs. monkey usually in charge (-1)

Anonymous Coward | about 6 months ago | (#46033687)

get off me you big ape. you smell like monkey poop. go feed the chimps & get yourself licked off.... sheesh

just a thousand exit nodes (4, Interesting)

Anonymous Coward | about 6 months ago | (#46033675)

The mention in the article that there are only 1000 exit nodes generally available on TOR is kinda stunning.

That's 20 nodes per US state.

If that is it.... Then what is left of Freedom is in deep trouble.

Re:just a thousand exit nodes (2)

mSparks43 (757109) | about 6 months ago | (#46033767)

That was my first thought to. On further reflection it's not actually that bad.

Most tor traffic doesn't exit to the internet (it's being routed to .onion sites), and 1,000 - 25 nasty, unfiltered, uncensored exits is actually quite good e.g. there's only a few cables leaveing the UK, not sure exactly how many, but I'd guess it's a few hundred at most. However the number of "unfiltered, uncensored" exits leaving the UK is precisely zero.

Re:just a thousand exit nodes (3, Insightful)

AHuxley (892839) | about 6 months ago | (#46034817)

Yes the NSA, GCHQ and friends have to low count of optical from nation to nation to thank for their easy global surveillance.
Even if you get a great TOR connection, sent that message around the world, your message in and out can always be re joined no matter the entry or exit point.
The low count of all exit nodes per month as an average is telling, chilling and unexpected.

Re:just a thousand exit nodes (1)

mSparks43 (757109) | about 6 months ago | (#46034991)

how does it have any impact on the 99% of tor traffic which never touches an exit node?

Re:just a thousand exit nodes (0)

Anonymous Coward | about 6 months ago | (#46038647)

Where did you get the 99% number? From
https://metrics.torproject.org/network.html

it seems like b/w usage of exit nodes is approximately 50% of the guard usage.

Re:just a thousand exit nodes (1)

mSparks43 (757109) | about 6 months ago | (#46064789)

My arse of course, where else can you get figures like that from? But it was a rough guess based on most tor usage being to access hidden services (such as bitorrent clients) rather than using tor as a simple proxy to access the internet.

But guard/entry/exit node layout and number tells you nothing about the traffic flowing through the network, or the source/desitnation of that traffic - that's the whole point of tor.

Re:just a thousand exit nodes (1)

mSparks43 (757109) | about 6 months ago | (#46064843)

and from that link

Traffic history 3Gbps
exit traffic 100Mbps

Re:just a thousand exit nodes (0)

Anonymous Coward | about 6 months ago | (#46038591)

Well, we know of 25 *actively* malicious nodes. We have no idea how many passive malicious nodes there are....

Re:just a thousand exit nodes (0)

Anonymous Coward | about 6 months ago | (#46042023)

That was my first thought to. On further reflection it's not actually that bad.

Oh, are you sure? It sounds pretty bad to me.

Hint: what fraction of those exit nodes are likely to have been surreptitiously compromised by the NSA, or are being run directly by a government agency which would be happy to hand logs over to the NSA?

I'd be much happier if there were 100,000 exit nodes (or any number large enough to make it unlikely that the NSA could exert control over a significant fraction of them).

Re:just a thousand exit nodes (1)

mSparks43 (757109) | about 6 months ago | (#46064819)

Yes I'm sure.
Reading the data out of an exit node tells you nothing about the requester of that data, and nothing about traffic destined for hidden services.

And given they are sat watching the data coming out of every non tor service anyway, you can assume every tor exit node is already being passively monitered by the NSA...

Oh wait, no you can't, because only a tiny fraction all of those exit nodes are actually in the US.

Re:just a thousand exit nodes (1)

Anonymous Coward | about 6 months ago | (#46034443)

That's 20 nodes per US state.

Or 53 nodes per Finnish Region.

Re:just a thousand exit nodes (1)

Lazarian (906722) | about 6 months ago | (#46038567)

There seems to be less incentive to run an exit node when shit like thiscan happen to you...

Slashdot does this... (0)

Anonymous Coward | about 6 months ago | (#46033723)

Slashdot does this automatically, you don't even need to use Tor. Try typing 'https://slashdot.org' in your address bar and see what happens.

Re:Slashdot does this... (4, Insightful)

Boltronics (180064) | about 6 months ago | (#46033851)

Slashdot does this automatically

$ echo QUIT | openssl s_client -connect slashdot.org:443 | openssl x509 -text

Yeah, that's just sad. You'd think a popular technology news website such as Slashdot, of all places, would be on the ball and at least support TLS traffic... but it's actually worse than that. They're not lazy (they have a GeoTrust wildcard certificate issued back in April last year) but deliberately don't want people securing their connections, hence the 302 redirection the have in place. :(

That's because they're busy with "beta" (1)

Anonymous Coward | about 6 months ago | (#46034007)

beta.slashdot.org, to improve our web experience and push interactive, rich client technology to the 21st century!

Wanking on useless bling instead of doing the important. Sigh.

how can I disable that beta without logging in? (0)

Anonymous Coward | about 6 months ago | (#46042045)

Its fucking horrible and one of my laptops at home REFUSES to show any version of slashdot except the beta. It redirects classic.slashdot.org to beta.slashdot.org.

I tell you right now, the day that becomes permanent is the day I never fucking visit this site ever again. Please fire those fools and leave the classic slashdot UI alone.

Re:Slashdot does this... (1)

Anonymous Coward | about 6 months ago | (#46034015)

X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:42:79:54:1B:61:CD:55:2B:3E:63:D5:3C:48:57:F5:9F:FB:45:CE:4A

X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:*.slashdot.org, DNS:slashdot.org

Re:Slashdot does this... (1)

dissy (172727) | about 6 months ago | (#46035387)

How does any of that help the fact HTTPS://slashdot.org/ returns a 302 redirection back to HTTP://slashdot.org/ ???

Setting up a special "secure" website with SSL certificate is pretty useless if you only redirect to a single non-encrypted URL.

Unless of course you are claiming HTTP(no S) is encrypted with magic or something, which seems to be what you are implying by pointing out the TLS server/client auth lines in that certificate that won't even apply.....

Re:Slashdot does this... (1)

gstoddart (321705) | about 6 months ago | (#46035427)

Unless of course you are claiming HTTP(no S) is encrypted with magic or something

Bah, it's double-ROT13, that should be secure enough for anybody, right?

Re:Slashdot does this... (1)

ftobin (48814) | about 6 months ago | (#46043239)

Subscribers get HTTPS.

life of giving (-1)

Anonymous Coward | about 6 months ago | (#46033727)

https://www.youtube.com/results?search_query=severn+suzuki decades of good intentions

Proof of Concept.... (1)

3seas (184403) | about 6 months ago | (#46033907)

.... if we make it, we can break it.

Ah c'mon (0)

Anonymous Coward | about 6 months ago | (#46033913)

Have anybody ever in here seen anyone using Tor for legal purposes?

Re: Ah c'mon (2, Interesting)

Anonymous Coward | about 6 months ago | (#46034313)

I've seen lots of people using Tor - I run a relay - but I have no idea what they're using it for, or how legal that use is in my or their jurisdiction. Which is kind of the point.

Re:Ah c'mon (0)

Anonymous Coward | about 6 months ago | (#46034485)

Yes, I use it for legal purposes all the time.

Re:Ah c'mon (2)

mysidia (191772) | about 6 months ago | (#46034713)

Have anybody ever in here seen anyone using Tor for legal purposes?

Yes, all the time.

People even visit Slashdot using Tor.

Some folks use it all the time -- so all their ordinary daily browsing activity might go through tor.

Ban Tor. (0)

Anonymous Coward | about 6 months ago | (#46033949)

The only people who use Tor are ones who have something to hide.

Re:Ban Tor. (0)

Anonymous Coward | about 6 months ago | (#46034057)

The only people who use Tor are ones who have something to hide.

And there's nothing wrong with having something to hide. Indeed, about all people have.

If you don't have anything to hide, then you surely are willing to provide me your online banking credentials ... ;-)

Re: Ban Tor. (0)

Anonymous Coward | about 6 months ago | (#46035579)

Also, if you have nothing to hide, please remove your bathroom door, and your window blinders, and keep the lights on in your apartment at night.

mod Down (-1)

Anonymous Coward | about 6 months ago | (#46034191)

over T4e same NetBSD user non nigger patrons we all know,

SSL Warning (1)

Danathar (267989) | about 6 months ago | (#46034741)

Even if this were to occur and you are on a bad exit node, wouldn't you still get a warning from the browser about the certificate being bad?

Re:SSL Warning (1)

Anonymous Coward | about 6 months ago | (#46036299)

sslstrip doesn't replace the certificate, it takes HTTPS traffic and turns it into HTTP at your end. It requires that you go to a HTTP page first, at which point it rewrites any HTTPS links or redirects to the corresponding HTTP ones. If you block your browser from using HTTP at all the attack doesn't work, but nobody does that.

It will just cause someone to work on one (0)

Anonymous Coward | about 6 months ago | (#46034839)

That cant be cracked.

End to End Encryption (0)

Anonymous Coward | about 6 months ago | (#46035027)

Full end-to-end encryption where the client and the server certificates are signed by the same solves this Tor-endnode problem.

Whenever an roque end node tries to run a sssltrip MitM, it will be detected at the client. And that can be reported to the Tor network.

It's called Eccentric Authentication.

See: http://eccentric-authenticatio... [eccentric-...cation.org]

Ummmm ... duh? (1)

gstoddart (321705) | about 6 months ago | (#46035343)

Isn't it kind of obvious that Tor would be a target to be attacked?

Between government agencies and other shady characters, I should think that as soon as you announce you've got something which provides anonymity, someone would be trying to break it.

Sure, they've identified some specific things, but did anybody actually believe Tor and things like it wouldn't be targets?

Online 'plausibility' tests (0)

Anonymous Coward | about 6 months ago | (#46038263)

So-called 'security' companies make vast profits selling abusive software systems to regimes and organised criminal gangs across the planet. Their software needs to be tested and proven before sale, so of course systems like Tor will be targeted by every kind of experimental attack. Each time an experiment proves that the software has some 'usefulness' under certain circumstances, this fact can be used to locate and convince buyers.

Part of Snowden's leaks PROVED that every script-kiddie and other form of hacker will gain profitable employment at the NSA if they develop ANY useful method of attack. Snowden listed in detail the extraordinary catalogue of hacking solutions deployed by the NSA- and some person or team had to create each of these. If you think the NSA gets such work done by simply hiring ordinary programmers from Uni, you are far stupider than I assumed the average Slashdot reader to be.

And again, I'll point out that hackers for intelligence operations and hackers for the cyber-crime gangs based in Israel and the Ukraine are from the exact same pool. The cyber-crime gangs exploit the same weaknesses and back-doors that Microsoft codes into all its products for the NSA.

The answer is to EXPECT the obvious forms of attack, and to learn the most troubling (to the NSA) forms of security protocol. Trust no security products from big companies, or specialist commercial security services. Learn how to delete your data properly (ie., overwrite with files of random data indistinguishable to the OS and storage device from 'real' data). Learn how to encrypt your data properly with Truecrypt. Learn what end-point encryption means, and assume any other form of encryption on line is as weak as no encryption.

Things like Tor cannot help but be a trap to those that most need the use of such a service. Human Rights activists that use services like Tor in Middle East dictatorships wholly maintained by the USA, UK and Israel will have their communication fully intercepted by the intelligence agencies of these three nations. As a consequence, activists calling for rights for women and gays- calling for free elections- calling for freedom of conscience- will be raided, tortured, and imprisoned when the NSA/GCHQ hands over complete details about these people to the religious extremist enforcers of Saudi Arabia, the UAE, etc.

Did you know that Britain actually has senior British police personnel, on secondment, operating in the UAE- and that they oversee the raids against activists, and their subsequent torture and conviction in kangaroo courts? The inhumanity of Team Blair and Team Obama has no equal in history.

Writing is on the wall: (1)

Burz (138833) | about 6 months ago | (#46039295)

People have to stop hanging their hopes for privacy on HTTPS/PKI and also a network (Tor) built on the premise of accessing an insecure web.

If there is going to be any real privacy on the Internet going forward, it will have to be based on a new layer like the Invisible Internet Project (I2P). [geti2p.net] People should start using it now in a P2P fashion -- securing emails, chats, torrents and such -- and in time there is a chance the momentum will attract larger and larger web services, too. Make a habbit of telling people you can be reached at your I2P address (in this sense, it becomes no more onerous than installing an app like Skype).

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>