A bit of Tor / I2P / Tails / SORM-3
So. Too much has happened in the last week and a half, so it will be in one post.
Everyone can hack Tor for $ 3000 (@MagisterLudi) - said the guys who were forbidden to speak at BlackHat. They wanted to speak on behalf of the Carnegie Mellon's Software Engineering Institute, in which research was conducted, but they were not given the right to publicly distribute this material. The details are particularly unknown: the researchers reported only the Tor Core Developers bug, but, it seems, everyone understood each other, and work to eliminate the bug is already underway.
Post Torproject ;
Some information in PCWold ;
On xaker.ru ;
An earlier note on arstechnica.com .
')
Finally, they posted the details of the attack , which was reported on the Torproject blog in late January . This attack allowed, firstly, to eat memory at the exit-node to its inoperability with very low use of resources on the side of the attacker, and secondly, it allowed anonymously de-anonymize the hidden service when attacking from 4 to 278 hours to it. The problem was in incorrect work with TCP Window Size / Flow Control and the SENDME command. We decided to add some authentication on the SENDME (in fact, just a small check). The bug is fixed in version 0.2.4.14-alpha.
Note on Torproject
The guys from Exodus Intel told the developers of the Tails distribution that it was vulnerable, right before the release of the Tails 1.1 version. At first they did not disclose any information about the vulnerability, but now they have made a video:
What happens on the video?
It is not clear whether this is a vulnerability in the I2P router itself, its web interface, or in Tails. It's early to judge, but judging by the video, this is something like XSS, although the guys are talking about payload. It looks like nonsense, but Exodus is serious enough to joke like that (for example, they sell their DARPA exploits). We are waiting for the details.
Intel's Exodus blog entry, Thehackernews entry , another one .
As you may already know, the Ministry of Internal Affairs of the Russian Federation has announced a contest, the purpose of which is to “hack” TOR (@ Gordon01). I doubt that this contest was made by competent people (the bell ), but I personally believe that selective de-anonymization of Tor users in the Russian Federation is quite possible, given that SORM-3 works exactly as it was described in press releases.
It's pretty simple: SORM-3 logs the actions of subscribers, and sites log the actions of users. Suppose we want to de-anonymize the user who wrote the comment on the news resource. Due to the popularity of all the IP exit-node at a particular moment, people who have logs and a website whose user wants to de-anonymize, and SORM-3, and the exit-node list at a specific point in time can match the time of appearance of the comment and the time sending a data packet from the subscriber. The fewer Tor users in the Russian Federation, the more effective such a method. So it goes.
Tor
BlackHat performance canceled
Everyone can hack Tor for $ 3000 (@MagisterLudi) - said the guys who were forbidden to speak at BlackHat. They wanted to speak on behalf of the Carnegie Mellon's Software Engineering Institute, in which research was conducted, but they were not given the right to publicly distribute this material. The details are particularly unknown: the researchers reported only the Tor Core Developers bug, but, it seems, everyone understood each other, and work to eliminate the bug is already underway.
Post Torproject ;
Some information in PCWold ;
On xaker.ru ;
An earlier note on arstechnica.com .
')
Sniper attack
Finally, they posted the details of the attack , which was reported on the Torproject blog in late January . This attack allowed, firstly, to eat memory at the exit-node to its inoperability with very low use of resources on the side of the attacker, and secondly, it allowed anonymously de-anonymize the hidden service when attacking from 4 to 278 hours to it. The problem was in incorrect work with TCP Window Size / Flow Control and the SENDME command. We decided to add some authentication on the SENDME (in fact, just a small check). The bug is fixed in version 0.2.4.14-alpha.
Note on Torproject
Tails and I2P
Tails 1.1 came out, sort of like with a vulnerability
The guys from Exodus Intel told the developers of the Tails distribution that it was vulnerable, right before the release of the Tails 1.1 version. At first they did not disclose any information about the vulnerability, but now they have made a video:
What happens on the video?
0: 00: 00,000 -> 0: 00: 10,400: Demonstrating IP on the listening server, Turning on listening server
0: 00: 19,000 -> 0: 00: 25,400: Tails user visiting website icanhazip.com which shows the anonymized IP address
0: 00: 36,000 -> 0: 00: 49,400: Showing that we indeed using the Tails build 1.1
0: 00: 50,000 -> 0: 01: 03,400: I2P address being resolved
0: 01: 30,000 -> 0: 01: 40,400: Listening server retrieves your de-anonymized IP address (Austin RoadRunner ISP)
It is not clear whether this is a vulnerability in the I2P router itself, its web interface, or in Tails. It's early to judge, but judging by the video, this is something like XSS, although the guys are talking about payload. It looks like nonsense, but Exodus is serious enough to joke like that (for example, they sell their DARPA exploits). We are waiting for the details.
Intel's Exodus blog entry, Thehackernews entry , another one .
Tor and SORM-3
As you may already know, the Ministry of Internal Affairs of the Russian Federation has announced a contest, the purpose of which is to “hack” TOR (@ Gordon01). I doubt that this contest was made by competent people (the bell ), but I personally believe that selective de-anonymization of Tor users in the Russian Federation is quite possible, given that SORM-3 works exactly as it was described in press releases.
It's pretty simple: SORM-3 logs the actions of subscribers, and sites log the actions of users. Suppose we want to de-anonymize the user who wrote the comment on the news resource. Due to the popularity of all the IP exit-node at a particular moment, people who have logs and a website whose user wants to de-anonymize, and SORM-3, and the exit-node list at a specific point in time can match the time of appearance of the comment and the time sending a data packet from the subscriber. The fewer Tor users in the Russian Federation, the more effective such a method. So it goes.
Source: https://habr.com/ru/post/230961/
All Articles