TorChat is a security hazard (Answer)
prof7bit at googlemail.com
prof7bit at googlemail.com
Mon Dec 13 16:59:30 UTC 2010
On Dec 12, 2010 7:20pm, Michael Blizek
<michi1 at michaelblizek.twilightparadox.com> wrote:
> I meant that A will connect intentionally to B, eg A wants to talk to B. B
> can then send messages to C which seem to came from A. However, C will
> talk
> back directly to A and the manipulation will most likely be detected...
I have committed a patch that will explicitly check for your scenario
and immediately discard the wrong pong message. The result is that
this type of attack now shouldn't have any effect on the proper operation
of A and the connection between A and C anymore.
I also fixed a possible attack regarding the sending of pong (or other)
messages over the victim's outgoing connection. It will now only accept
file* messages on the outgoing connection (files are always sent on the
other conection to enable chatting during file transfer) and file transfer
requires a fully completed handshake anyways.
I don't have any windows build based on this yet, I'm still fighting with
py2exe and the Python-2.7 SxS-msvcr90-dll-manifest-hell (dll-hell v2.0).
Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20101213/5512a7c7/attachment.htm>
More information about the tor-talk
mailing list