Forgot your password?
typodupeerror
Privacy Security Upgrades

Tor Users Urged To Update After Security Breach 161

Posted by timothy
from the points-of-failure dept.
An anonymous reader writes "If you use Tor, you're cautioned to update now due to a security breach. In a message on the Tor mailing list dated Jan 20, 2010, Tor developer Roger Dingledine outlines the issue and why you should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha now: 'In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.' Tor users should visit the download page and update ASAP."
This discussion has been archived. No new comments can be posted.

Tor Users Urged To Update After Security Breach

Comments Filter:
  • by Anonymous Coward on Thursday January 21, 2010 @09:55PM (#30855722)

    Anyone else find it so funny that a news story about anonymity is suggested to slashdot by anonymous coward?

    I think it's the best form of joke... one with an epic amount of unexpected expectedness.

    • Anyone else find it so funny that a news story about anonymity is suggested to slashdot by anonymous coward?

      I think it's the best form of joke... one with an epic amount of unexpected expectedness.

      If you think that's funny, just think...

      Every Anonymous Coward posting about this article will be an Anonymous Coward posting about an Anonymous Coward's anonymity story. A story by an Anonymous Coward for Anonymous Cowards about Anonymous Cowards. Anonymous anonymous anonymous.

    • Re: (Score:2, Insightful)

      by DNS-and-BIND (461968)
      A joke? How, exactly, is it funny? I'm curious to know. Who cares who submits the stories, anyway? Half of them turn out to be fakes or misleading anyway.

      The real TOR way to do it would not be anonymously, but instead giving it to another person's slashdot account, who submits it for you. But go ahead with the "funny" "jokes".

    • Re: (Score:1, Funny)

      by Anonymous Coward

      I wonder if the intruder was using Tor when they broke in ?

  • Tor weaknesses (Score:5, Interesting)

    by girlintraining (1395911) on Thursday January 21, 2010 @10:04PM (#30855790)

    The problem with Tor is that there's no way to detect compromises -- every node on the network could be compromised and you'd never know. Authors of botnets have greater anonymity than we do -- ironically because it's run by a central authority. An illegal and immoral one, yes, but one that comes with a measure of anonymity. Few botnet authors are actually caught even with the most primitive security methods. They don't even use encryption and they often can't be found...

    • Re:Tor weaknesses (Score:5, Informative)

      by v1 (525388) on Thursday January 21, 2010 @10:11PM (#30855866) Homepage Journal

      They don't even use encryption and

      Oh but they do, and that's the key to the problem. Everyone and their dog knows where the C&C servers are, and can monitor the commands sent out. Problem is, the commands are cryptographically signed, usually with a hideously large key (last one I saw was 2048 BYTES) so you can't subvert their network. Improperly signed commands are merely ignored.

      The bot herders get their anonymity from any of a hundred ways to anonymously sign into the IRC C&C channel. I'd speculate that most of them use TOR to do so.

      • last one I saw was 2048 BYTES

        It may make more sense, as long as that reference to bytes (not bits) is accurate, to refer to this as a 16 kilobit key instead, as public key encryption is usually referenced in bits. While RSA of this length can be done (even using GPG, though you have to modify the source to bypass the compatibility restrictions), it's quite a bit of overkill. The other algorithms used (since RSA is almost always only used for signing/encrypting something smaller -- like signing an SHA256 hash or encrypting an AES key) w

        • by Anpheus (908711)

          I believe at the beginning of 2010 the NIST increased their recommendation for RSA to a minimum of 2048 bits due to security concerns of 1024 bit keys.

        • by iluvcapra (782887)

          It may make more sense, as long as that reference to bytes (not bits) is accurate, to refer to this as a 16 kilobit key instead, as public key encryption is usually referenced in bits.

          We could just quote the key size in terms of "cardinality of encodings of state of every atom in the universe," in which case I believe a 16 kilobit key would be about 200 universe-states. :)

      • Re: (Score:3, Interesting)

        by X0563511 (793323)

        The fun begins when they start noting illegal commands and retaliating. Fun.

        • by Rich0 (548339)

          Actually, that would be an unwise design - as it causes a node to take action when it gets an unauthenticated command. That basically gives anybody some level of control on your botnet.

          For example, I can spoof a fake command from some IP - now the botnet takes down a server of MY choosing. While it is busy doing that, it probably isn't taking down the server the botnet owner wants it to take down, or sending spam, or whatever.

          Nope - you design a node to treat an unauthenticated command as if it was never

    • Re:Tor weaknesses (Score:5, Insightful)

      by snowgirl (978879) on Thursday January 21, 2010 @10:12PM (#30855874) Journal

      The problem with Tor is that there's no way to detect compromises -- every node on the network could be compromised and you'd never know. Authors of botnets have greater anonymity than we do -- ironically because it's run by a central authority. An illegal and immoral one, yes, but one that comes with a measure of anonymity. Few botnet authors are actually caught even with the most primitive security methods. They don't even use encryption and they often can't be found...

      There's a lot to be said for hiding in a crowd though. While it is true that every node in the network could be compromised, and we'd never know, collecting all that data together to target you individually becomes more and more difficult the more people use the network... and we're not talking about big-O of n, we're talking at least big-O n squared or so.

      As with all forms of security, there's nothing you can do to guarantee security, you simply raise the burden of breaching that security until the opportunity to breach you is not worth the cost to breach you.

      • There's a lot to be said for hiding in a crowd though.

        Not when the IP headers of every packet sent through every major peer exchange point on this continent is recorded by this government, and the governments that control the intercontinental links each have peering arrangements so that said data is available on a reciprocal basis with other intelligence agencies operating under their respective governments worldwide.

        Most TCP/IP sessions can be reconstructed for months after their original transmission, because the cost of storing said data is so low and there

        • When he talks about hiding in the crowd, he talks about hiding in the Tor crowd.

          When you talk about compressing packets, you probably aren't referring to encrypted packets. Including SSL. Which there's lots of.

          I ran a Tor node for a long time. And never used it myself. Others are welcome to "raise the noise floor" with such participation and/or licit uses.

          I think mix networks should work pretty well, but I wouldn't say that I have a complete grasp of the details. Nor do I expect you have, judging by yo

          • When he talks about hiding in the crowd, he talks about hiding in the Tor crowd.

            Let me rephrase this: Tor is not as resistant to traffic analysis as it is believed, because the Tor authors make assumptions about the state of surveillance on the network which are fundamentally flawed. Specifically, they believe that security is improved by obscuring the location of the node to peers. Because of this, routing paths between nodes are made longer, increasing the statistical likelihood that it will pass through a collection point.

            Tor has limited utility -- if you initiate a connection domes

    • by ShakaUVM (157947)

      >>They don't even use encryption and they often can't be found...

      Also, they used "123456" and "iloveyou" as the master password on 2 of the 7 nodes.

  • by Anonymous Coward on Thursday January 21, 2010 @10:08PM (#30855820)

    Roger's entries to date on the subject (excluding first page linked within /. summary):

    (this is for those who are too lazy to page through mailing list threads, this post is
    missing other individuals replies as well as future replies from Roger and others)

    http://archives.seul.org/or/talk/Jan-2010/msg00165.html [seul.org]

    Here are some more technical details about the potential impacts, for
    those who want to know more about Tor's innards:

    ----- #1: Directory authority keys

    Owning two out of seven directory authorities isn't enough to make a new
    networkstatus consensus (you need four for that), but it means you've
    only got two more to go. We've generated new v3 long-term identity keys
    for these two authorities.

    The old v3 long-term identity keys probably aren't compromised, since
    they weren't stored on the affected machines, but they signed v3 signing
    keys that are valid until 2010-04-12 in the case of moria1 and until
    2010-05-04 in the case of gabelmoo. That's still a pretty big window,
    so it's best to upgrade clients away from trusting those keys.

    You should upgrade to 0.2.1.22 or 0.2.2.7-alpha, which uses the new v3
    long-term identity keys (with a new set of signing keys).

    ----- #2: Relay identity keys

    We already have a way to cleanly migrate to a new v3 long-term identity
    key, because we needed one for the Debian weak RNG bug:
    http://archives.seul.org/or/announce/May-2008/msg00000.html [seul.org]

    But we don't have a way to cleanly migrate relay identity keys. An
    attacker who knows moria1's relay identity key can craft a new descriptor
    for it with a new onion key (or even a new IP address), and then
    man-in-the-middle traffic coming to the relay. They wouldn't be able to
    spoof directory statements, or break the encryption for further relays
    in the path, but it still removes one layer of the defense-in-depth.

    Normally there's nothing special about the relay identity key (if you
    lose yours, just generate another one), but relay identity keys for
    directory authorities are hard-coded in the Tor bundle so the client
    can detect man-in-the-middle attacks on bootstrapping.

    So we abandoned the old relay identity keys too. That means abandoning
    the old IP:port the authorities were listening on, or older clients will
    produce warn messages whenever they connect to the new authority. Older
    Tor clients can now take longer to bootstrap if they try the abandoned
    addresses first. (You should upgrade.)

    ----- #3: Infrastructure services

    Moria also hosted our git repository and svn repository. I took the
    services offline as soon as we learned of the breach -- in theory a clever
    attacker could give out altered files to people who check out the source,
    or even tailor his answers based on who's doing the git update. We're
    in pretty good shape for git though: the git tree is a set of hashes
    all the way back to the root, so when you update your git tree, it will
    automatically notice any tampering.

    As explained in the last mail, it appears the attackers didn't realize
    what they broke into. We had already been slowly migrating Tor services
    off of moria (it runs too many services for too many different projects),
    so we took this opportunity to speed up that plan. A friendly anonymous
    sponsor has provided a pile of new servers, and git and svn are now up
    in their new locations. The only remaining Tor infrastructure services on
    moria are the directory authority, the mailing lists, and a DNS secondary.

    ----- #4: Bridge descriptors

    The metrics server had an archive of bridge descriptors from 2009.
    We used the descriptors to create summary graphs of bridge count and
    bridge usage by country, like the ones you can see at
    http://metrics.torproject. [torproject.org]

    • by inviolet (797804) <slashdot AT ideasmatter DOT org> on Thursday January 21, 2010 @11:22PM (#30856266) Journal

      As explained in the last mail, it appears the attackers didn't realize what they broke into. We had already been slowly migrating Tor services off of moria (it runs too many services for too many different projects), so we took this opportunity to speed up that plan. A friendly anonymous sponsor has provided a pile of new servers, and git and svn are now up in their new locations.

      Mmmm, yes, free.

      And you will never, in a million years, detect the compromised hardware in those machines.

      The only way for tor (or wikileaks or other dangerous-to-the-authorities service) to buy hardware, is anonymously. If someone wants to donate servers, have them sell the servers and give you the cash.

      • by VortexCortex (1117377) <VortexCortex@Nos ... t-retrograde.com> on Friday January 22, 2010 @12:33AM (#30856644)

        Wait... Anyone can be a TOR node [torproject.org] and it's still secure.

        TOR data is very encrypted.

        It doesn't matter if the hardware or software is compromised, it's still secure because a TOR node is just one node in a chain of encrypted nodes. You encrypt your data 5 times if you're sending it through 5 nodes.

        Each node takes off one layer of encryption and forwards the still encrypted data to the next node. If any intermediate nodes (2 3 4 in our 5 node example) are compromised (in software or hardware), they can not see the message in plain text, or determine the originating IP or destination IP of the traffic.

        If the first node is compromised it can see your source IP, but not the destination IP or any part of the message (it's still encrypted.)

        If the exit node is compromised it can see the destination IP, and clear text message, but not the source IP.

        These multiple layers of encryption mean that if any one node is compromised the system is still very secure.

        Taking off a layer of encryption at each router is like peeling an onion... hence, "The Onion Router".

        (this is an oversimplified explanaion -- if you're talking compromised code repositories, viruses and trojans are usually not delivered as source code, the tampering would be evident.)

        • by Kjella (173770)

          Yes, but at the top is some form of directory service. If you compromise the majority of those servers you can create a new network consensus, and direct everyone to route through tor1,tor2...torX.nsa.gov. Or some suitable set of apparently random international network of nodes set up for the purpose. The layers don't work if the entire onion is rotten.

        • Re: (Score:3, Interesting)

          by wall0159 (881759)

          "A friendly anonymous sponsor has provided a pile of new servers, and git and svn are now up
          in their new locations"

          I read this to mean that tor are hosting git and svn on the new, anonymously-donated servers. I expect that if they were hardware-compromised, that could be used, in turn, to compromise the source-repositories. Please correct me if I'm wrong tho...

          Having said all that - I'd also expect a project like tor to be pretty careful with security! Also, it's quite possible that although the servers wer

        • by Aceticon (140883)

          You don't seem to have read the GGP post at all.

          It lists plenty of venues of attack for a suficiently willing and knowledgeable attacker which state agencies would be.

          I wouldn't so easilly dismiss attacks delivered via source code if I was you: the GP was talking about attacks by state security services - these guys usually employ full time some pretty clever people who can usually make their own code they're no just a bunch of script kiddies downloading tools from the Internet (although from the Google att

        • If the exit node is compromised it can see the destination IP, and clear text message, but not the source IP.

          So, collect enough packets at a compromised exit node and you can build a usage pattern with possibility of identification? Using Tor to check email or blog from oppressed nations just looked a little less appealing.

          • Using tor to transmit anything unencrypted is a very DUMB thing. You have to understand that between the exit node and the target server, all traffic is done in the same fashion it would be done between you and the target server if you didn't use tor. If there is no inherent encryption (like https or ssh), it will NOT be encrypted between the exit node and the server.

            In other words, it is trivial for someone who wants to sniff passwords to establish an exit node and just collect packets.

            tor is NOT an encryp

  • by creimer (824291) on Thursday January 21, 2010 @10:10PM (#30855854) Homepage
    How do you update a Tor SF paparback book?
    • by GaryOlson (737642)
      With a trilogy. The last two books add depth and detail to the initial book which was mostly inane and lacking in depth. The new details of course reinterpret all the facts, plot, and characters of the first book till the first book is almost unrecognizable.
    • How do you update a Tor SF paparback book?

      With new pieces of papar.

    • by ShaunC (203807)

      By visiting TORForge [macmillan.com], of course...

    • Online Editions, Kindle, .pdf and for backup you can go Hardback.
  • by presidenteloco (659168) on Thursday January 21, 2010 @10:29PM (#30855968)

    I mean. That's where I'd go fishing for people trying to communicate secrets,
    if I was them.

    Now I don't want to spread paranoia, but
    did you know that the patent on Onion Routing was filed by the US Department of the Navy?
    Look it up.

    Remember kiddies. Always use your own encryption layer.

    • by wiredlogic (135348) on Thursday January 21, 2010 @10:57PM (#30856126)

      They probably do more than just monitor. They almost certainly run their own exit nodes so they can log everything flowing through what they pwn.

      • They'd have to monitor/run more than just the exit nodes in order to figure out it was you though right? Isn't that the whole idea?

        Just a single un-compromised node on the path from you to the destination would mean you were still anonymous (assuming there was enough traffic on the network). Although, if there wasn't much traffic and they had your entry and exit node you might be in trouble?

    • IMHO sending a message inside a birthday card draws a LOT less attention than using obscure and suspicious looking encryption software. But thats just my opinion.

    • by noz (253073)

      This is because the US Navy are the initial authors of Tor. It was opened when they no longer withed to maintain it.

    • Re: (Score:2, Insightful)

      by BitZtream (692029)

      Yes, the government created it, this is well known. They created it so they could securely communicate by bouncing signals off of unsecured ships, like your random cruise ship or an allied warship.

      They were involved with its creation, of course the watch it. So do lots of other people.

      As a general rule, people hiding their activities DO HAVE SOMETHING TO HIDE. The minority use something like this for legitimate uses. However, our founding fathers had the opinion that until we know you're hiding somethin

      • Re: (Score:2, Interesting)

        by Mr.Bananas (851193)
        Have a read at this piece of work: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565 [ssrn.com] While hiding in plain sight has its value, not being able to hide anything can have plenty of harm to an innocent person, especially if they have no control of how their data is used or interpreted.
      • by djupedal (584558)
        >Hiding in plain site and blending in with the crowd makes you a lot less obviously a target than the person hiding things, regardless of what you are hiding.

        Comparing your anecdote about hiding inside a group of grocery store customers doesn't apply to the debate at hand. How does one 'hide' in the manner you propose when they elect to do it inside a (tor) group that is already flagged as being watch-worthy?

        If the group was looting the store, and you wanted to loot too, would there be any logic to
      • by b4dc0d3r (1268512)

        As a general rule, people hiding their activities DO HAVE SOMETHING TO HIDE

        Whether they are watching banned movies in your living room, or watching Shrek with your children, I bet most people close their curtains when it gets dark. What are they hiding?

        Let me guess, you're the cop who pulled me over on super bowl sunday and wanted to search my car because I blew 0.00 on your breathalyzer. I was speeding, so the pullover was valid. I have anxiety problems, and being pulled over at night by a single cop is

    • You better stop using the internet. Remember who invented it? Hint: It wasn't Al Gore.

  • TOR apologists, no fair modding down these comments just because you don't like them.

    I wish the holier than thous behind the Tor movement would stop with their outrageous and indefensible claims about the protections Tor allegedly provides.

    I tried to have this discussion with, among others, people who've made "names for themselves" traveling from conference to conference blustering about how Tor is making the Internet safe for unpopular opinions in places where an unpopular opinion can get you disappeared r

    • by u38cg (607297)
      The bigger problem is that Tor is hardly deniable. Your traffic might be secure, but in many circumstances the fact that you are sending secure traffic is far more interesting. Given the right circumstances, that enough is sufficient for the state to use rubber hose cryptanalysis...
      • Good point. Bang on.

        Now as we move to encrypted fragmented cloud storage and computing, that assumption will presumeably have to change, as it will become routine to encrypt both your stored content and its transmission. And I can see anonymization being offered as part of cloud services of the future, to prevent corporate espionage (shady forms of "business intelligence") etc.

        When encryption and anonymization of net communications becomes the norm, then who do you watch, and how?

    • by Hatta (162192)

      Fighting oppression has always gotten people killed. If Tor allows people to speak out with less risk, it's done it's job.

  • by master_p (608214) on Friday January 22, 2010 @06:05AM (#30857950)

    The links are not very informative about what allowed the breach to happen. Was a security model vulnerability? man-in-the-middle attack? buffer overflow?

The speed of anything depends on the flow of everything.

Working...