Traces left by Torpark, and other security discussion (was Re: TorPark)
coderman
coderman at gmail.com
Mon Nov 27 07:25:24 UTC 2006
On 11/26/06, Arrakistor <arrakistor at gmail.com> wrote:
> ...
> I will check out the claims about the registry. I performed a diff on
> it from running and after and found only the SSL seed value changed.
> Perhaps there are some other changes.
the exact keys may vary from win98/2k/xp, as they often do. (are you
using a fixed list of keys to look for, or is there a more in depth
search for particular key names/values? a static list will be
brittle)
> I am wondering if all of that is moot, since we are not actively
> destroying the data.
system restore, regsafe, and any number of other snapshot or backup
tools for the windows registry would make this ineffective. not to
mention remnants on disk but outside the file system view, though such
recovery does take special skill.
> ... The result there is that we may allow scripts to run, but I
> am sure we will be automatically adding an SSL certificate acceptance
> to the client so the user doesn't get annoying popups when the client
> tries to update.
do you mean adding your own CA cert, or just blindly accepting the
cert presented upon the first connect to the https server? or
something else?
why the focus on automatic updates? [we thought we'd need these at
one point, but really, it opened up more problems than it solved.
additional care before releases has proved sufficient]
> Regarding the swap, that really isn't my specialty, so you are right,
> the claim is overstated. I will try to figure out a solution. I spoke
> with a few developers about creating ram drives, but this requires
> system drivers and administrator access. It may be that we cannot do
> anything about it, or more to the point it may be moot because Tor
> creates many network signatures. I would sure be interested in
> everyone's input.
wiping swap is difficult in such a situation, and i'd be more
concerned about document fragments and other information than the
network signatures. (network signatures at least are gone once you
exit, but sensitive data on disk can live for arbitrary periods of
time)
a hard problem, i'd be interested in any potential resolutions you
discover. encrypting the swap is really the "right way" to solve
this, but again, requires administrator.
best regards,
More information about the tor-talk
mailing list