"Practical onion hacking: finding the real address of Tor clients"

Chris millions.of.stones at gmail.com
Wed Oct 18 15:58:02 UTC 2006 

That paper also demonstrates how easy it is to create a bad exit node
that can poison traffic passing through it with spam, malware,
trojans, fake sites and 0-day exploits.
By joining the TOR network and becoming a server a rouge player
instantly becomes a trusted ISP and can serve up anything they want
and monitor everything passing through.
I use firefox with noscript fully armed but every now and again I
allow scripts for a certain site to access some functionality and
then, no matter what site that is, if I am using tor I will be at more
risk than if not using tor.  What about people using IE on an
unpatched machine.  TOR becomes a BOT army recruitment center where
the new soldiers walk right in.  No need to advertise.

I am new to this list so maybe this has already be discussed and
sorted and I'm over reacting but for a while now I have been very wary
about the way I use tor and the internet in general. I was using tor a
few weeks ago and a german exit node was altering my content so I have
seen this happen first hand.

Can the tor directory provider run a script every now and again that
checks the content of a site/image retrieved from outside of tor and
though each exit node and then look into any discrepancies.  I know
anyone can try this and make a better test but this will eventualy
have to be done and acted upon by a trusted party.

On 18/10/06, Mike Perry <mikepery at fscked.org> wrote:
> Thus spake Jacob Appelbaum (jacob at appelbaum.net):
>
> > Hi *,
> >
> > Fortconsult wrote this and it may be of some interest to people on this
> > list:
> > http://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf
>
> Wow. I think the most telling statement is that most of the people
> they got were from China. Probably unfortunate side effect of most of
> the Tor docs being in English..
>
> Incidently, I tried out TorPark the other day, and I must say it is
> pretty magnificent. Having a well-configured browser like that for Tor
> usage solves nearly every one of these problems.
>
> Would be nice if NoScript defaulted to All-Off instead of All-On, and
> they used AdBlock Plus with some feeds instead of just AdBlock, but
> otherwise excellent for casual "only sometimes" Tor users who are
> likely to be tripped up by this sort of stuff.
>
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
>

More information about the tor-talk mailing list