Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| Tor hack proposed to catch criminals
from
»www.securityfocus.com/news/11447
"...
The Tor network--a distributed system of computers that anonymizes the source of network traffic--has a slew of beneficial uses: Human-rights workers, the military and journalists all use the system. However, the anonymity of Tor has also attracted seedier elements as well: digital pirates, online criminals and, quite possibly, child pornographers.
Now, one security researcher aims to make the distributed network less of a haven for the shadier side of the Internet.
..."
on the other hand
"...
"Mr. Moore's solution will not solve the problem he is trying to solve, and in the process, he will hurt a lot of people that he should be helping," Nerad said.
..."
Cudni
--
Some are born to failure, others achieve it, all deserve it.Help yourself so God can help you.MVP, Microsoft Windows Security 2006 |
|
caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
 ·WebBand
| Bleh, anyone really wanting to hide uses the so-called "undernet", the world outside of normal DNS space.
Private DNS servers.
IP doesn't need DNS to work people. Humans need it, that's all. Onion routing is fun, but isn't true anon, as the server ops know all the IP's running through them.
It's a fancy proxy, nothing more.
This won't do anything but ruffle some feathers except for those who actually need things like Tor. And those who aren't savvy enough to know beter.
grok gopherspace, for example...most peeps have forgotten there's more the the 'net than the www.
Always was. Always will be.
IMO,
CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein |
|
aka Iceman
join:2007-02-11
| reply to Cudni
This guy has done nothing more than create a form of a "back door" in the TOR network that has absolutely no useful purpose other than to track Users.
IMO this tactic goes against the very grain of what TOR stood for an shatters TOR's usefullness for all USERS.
Online criminals have been around since the onset of computers an will be around long after most of us are gone.
If this guy dislikes any part of being a SERVER on the TOR network he should simply no longer provide a SERVER.......there are many others who will pick up the slack.
Let law enforcement do their job....thats why law enforcement was established. For this guy to take on the role of a vigalanti is an outragous attact on the TOR NETWORK.
USERS of the internet are subjected to numerous forms of criminal behavior every time they turn on their computers....be it trogans, viruses or scams.....we all do our best to protect ourselfs and our families as best we can...an do so without lowering ourselfs to using the same tactics that criminals use......in essence this guy has lowered himself to the level of criminals by tracking innocent USERS./
Work arounds to defeat such tracking really would not be so difficult. Experience Users are not so simple minded as this guy seems to imply. Criminals have existed since the dawn of Time......there are indeed very emotionally disturbed people roaming the streets of every city in the world as well as the internet.....an there is law enforcement that is at work 24 hours of each day doing their job........they are well trained and most follow guidelines provided by courts......an while we may never all agree on a workable solution.......we certainly can not return to the caveman ways or the wild west days an throw away the good "gains" we have made over the years.
There are many government agencies that use the TOR network that now may as well be tracked by this guy.....so where does his tracking stop....... |
|
Psicop
More human than human
Premium
join:2005-12-21
| reply to Cudni
Well, if they implemented that measure in this network is for a reason. The "wwww" should be monitored for illegal activities in order to stop cyber-criminals and sexual predators.
BTW, is this you in here?:
»www.usatoday.com/tech/news/compu···csp=N009
»https://cardersmarket.com/forum/forumdis···der=desc |
|
Kilroy
Premium,MVM
join:2002-11-21
Ann Arbor, MI
 ·WOW Internet and C..
| reply to Cudni
First off, I don't use TOR and don't have a reason to.
said by "SecurityFocus" :
The attack also relies on the attacker's ability to have its server become an exit node for the Tor network.
This is the key to any TOR attack.
Now the fact that this also:
said by "SecurityFocus" :
The piggybacked Javascript also loads an applet that attempts to determine the internal network address of the targeted machine and to send a raw UDP packet to the attacker's DNS server to identify the external Internet address of any router that--by using network address translation (NAT)--may be obfuscating the user's address.
Could lead to anyone using it being prosecuted for hacking into another person's computer.
--
How hard does DRM have to bite before business abandon it? |
|
aka Iceman
join:2007-02-11
| reply to Psicop
LOL....no, not me. In fact, I actually work for a living....have had my own business for 28 years.....an if you notice in my post I advocate law enforcement. You may also notice the "aka" in my nicname.....
My guess would be that the internet is well monitored by law enforcement world wide.....unfortunately their hands are often tied by the very laws they are trying to enforce an thus their results are oftem nill....or just a "drop in the bucket"
As for sexual predators....hey, castrate them all
By the way...I use several nic names......an have been dabbing in computer security for 15 years......certainly I am not an expert by any means of the word...but I know enough to survive the internet....
I also advocate privacy......all one has to do is look at all the spyware floating on the internet an then ask oneself why are these scum bags being allowed to infect computers an get away with it.........it can not be be so onesided.....bad is bad....there is no middle ground....arrest all the bad guys an then something is being really achieved.....but who are the bad guys.....hell I gave up trying to sort them out......
Because you asked politely I offered this answer....an appreciate your politeness. |
|
aka Iceman
join:2007-02-11 | reply to Cudni
By the way....I do not use TOR... |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| Hmm seems some one mentioned this close to 18 months ago. Oh wait that was me. TOR is crap and always has been it offers only a flase sence of security. Well looks like my predictions came true now doesn't it? I said it was only a matter of time before tor was messed with in such a manner and now here it is being done.
The cracker sits there and waits for his tor server to be a exit node then starts gathering the data he wants via his own proxy server that the trafic goes through. Really you dont need any tools to do it just need a nice smooth wall with transperant proxy turned on.
To make mores idea work best youd want to break any connections that were not useing you as a exit node. Less log data to sift through that way.
Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc.
Proxies are dangerous things to mess with unless you are in control of them. Back in the day i had my own proxy server running here at my house i used while at work. I used it to make sure that no trojans keyloggers etc that found their way on to those comps would have a really hard time steeling my log ins. I had every thing filtered and used a pure white list set of fire wall rules. Basically nothing got through to its intended destination unless it matched those white list rules.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.
Instead only hate exists in those eyes. |
|
SpannerITWks
Premium
join:2005-04-22 | reply to Cudni
Torment, gotta love the name he chose for it ! It'll be interesting to see how this pans out.
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
spy1
Welcome to Amerika
Premium
join:2002-06-24
Charlotte, NC
| I thought Tor was pretty good at one time, too - anonymity-wise - even jumped through a bunch of hoops getting a Tor server set up here. ( »bugs.noreply.org/flyspray/index.···ls&id=98 )
When I found out that the bad guys were using it (»Booz, Allen & Hamilton, Inc. ), I quit using it (no need to help them out, I figured).
Live and learn.
My current philosophy is to forget anonymity, stand behind everything you post anywhere without flinching and be ready and able to deal with any consequences. Pete |
|
KCrimson
Premium
join:2001-02-25
Brooklyn, NY
·Optimum Online
 ·Verizon FIOS
| reply to aka Iceman
said by aka Iceman  : ...an if you notice in my post I advocate law enforcement. ...an have been dabbing in computer security for 15 years.. ... an then ask oneself why are these scum bags being allowed to infect c ... an then something is being really achieved... ..an appreciate your politeness. Can I buy you a 'd'?  |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| reply to novaflare
said by novaflare :Hmm seems some one mentioned this close to 18 months ago. Oh wait that was me. Based on the article, it now appears that someone can use their router to monitor and redirect traffic and content for the purpose of their choice.
novaflare , I think both of us were of the opinion that something like this could happen, and we participated in a friendly and well-discussed dispute on Tor's anonymity protection and opportunity for monitoring at
»Anonymnity: Introduction To The Tor Network .
My own observations;
»Re: Anonymnity: Introduction To The Tor Network
And on torpark;
»Re: Torpark - Anonymous, Portable Browser Released
The present mitigating factor appears to be the requirement for scripting to be enabled on the target user's system. That can be more easily accomplished through social engineering of users who consider Tor to be their silver bullet of anonymity and protection. I suspect there will be more sophisticated methods developed to enable the user's scripting capability, and other methods used to accomplish the same ends. After all, the TOR routers are unvetted volunteers with administrative privileges and unrestricted physical and logical access to their routing systems.
--
03:14:07 UTC Tuesday, Jan. 19, 2038 - a date that will live in infamy... |
|
Netbum
join:2002-04-08
Oakley, CA
| reply to aka Iceman
said by aka Iceman : .....they are well trained and most follow guidelines provided by courts...... Boy,I could drive a truck through that...  |
|
NoFactsAtAll
@plus.com
| reply to Cudni
novaflare:
"Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc."
Where is your evidence?
Do you/have you monitor(ed) TOR Exit Nodes?
Fact is you don't have any "facts" at all.
I believe your statement is BS. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| said by NoFactsAtAll :
novaflare:
"Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc."
Where is your evidence?
Do you/have you monitor(ed) TOR Exit Nodes?
Fact is you don't have any "facts" at all.
I believe your statement is BS.
You could easily disprove novaflare's statement by providing authoritative evidence that proves the contrary, but I suspect you have "nofactsatall". So, his statement is as valid as yours. 
--
03:14:07 UTC Tuesday, Jan. 19, 2038 - a date that will live in infamy... |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to NoFactsAtAll
said by NoFactsAtAll :
novaflare:
"Fact is tor is mostly used by pirates and those downloading other illegal data. Sure its usefull to human rights people in other countries but fact is id bet they are the vast minority of connections on the tor network maybe 5 or 10% the rest is people downloading pirated soft ware movies etc off warez sites and bit torent child porn pedlers etc."
Where is your evidence?
Do you/have you monitor(ed) TOR Exit Nodes?
Fact is you don't have any "facts" at all.
I believe your statement is BS.
Well anonoumus thanks for backing my thoughts up. You by your very presence here as a anon and not providing any proof other wise proves my thoughts.
So fast to jump in and try to dispute my opinion and my guess at the percentage of legit users vs the illegal users. Tells me a couple things about you.
1 you use tor
2 you are on bittorent and other warez sites while useing the tor network.
and 3
Heres my thought on the popular uses of tor
ban dodging in irc. Facts to back this up instruction for tor clients on connecting to irc. One irc networks instructions were to turn it off while in irc others force you to register your nickname so that they can ban or delete your nick when you break the rules.
by passing bans on forums. To date i have ran in to no less than 10 forums where you must register to even read the forums. Reason given spammers who have been useing the tor net work to get around ip and isp bans. Many of these spam messages were from various bots.
I love the forum admins mentioning the bots useing tor as it backs me up really well. It shows with out doubt that tor is a great tool for illegal uses and that will be who uses it the most those who are the people breaking various laws. The least of wich is the trade of pirated music movies and software.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.
Instead only hate exists in those eyes. |
|
robo_mojo
join:2006-01-11
Ada, OK
| reply to Cudni
Another day, another piece of FUD.
The attack vectors detailed in the report are already well-documented and understood by the Tor community. Anyone with a properly configured system running Tor would not even be susceptible to such an attack (by piping DNS through Tor, disabling plugins, etc).
The attack just relies on the victim having a badly configured system. In this case, a good ol' RTFM would help fix the problem. |
|
Derwood
join:2003-01-21
Dayton, OH | reply to Cudni
I make it real simple for my own network.. I wrote a perl script that puts all Tor exit nodes into a BIND zone file which is used to block access to my web server and mail server. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| reply to robo_mojo
said by robo_mojo : ... The attack vectors detailed in the report are already well-documented and understood by the Tor community. Anyone with a properly configured system running Tor would not even be susceptible to such an attack (by piping DNS through Tor, disabling plugins, etc). The attack just relies on the victim having a badly configured system. In this case, a good ol' RTFM would help fix the problem. This sounds like you have a solution
Would you please post these "user level" instructions on how to configure his/her PC properly and still have available the common functions users expect when accessing the internet? I have a nontechnical friend who would be interested.
Thanks,
EG
--
03:14:07 UTC Tuesday, Jan. 19, 2038 - a date that will live in infamy... |
|
robo_mojo
join:2006-01-11
Ada, OK
| said by EGeezer :Would you please post these "user level" instructions on how to configure his/her PC properly and still have available the common functions users expect when accessing the internet? I have a nontechnical friend who would be interested. Read the warnings posted at the top of the download page for a start: »tor.eff.org/download.html.en
The warnings on the download page are a recent addition, to help make the information more accessible to new users who don't yet understand the ins and outs. The information itself has already been known and well-documented by the community for a very long time, and could be understood by reading through documentation and FAQs. The interested user should make himself familiar with the documentation, as he should with any other software. Tor's documentation is actually very well written and easy to read. |
|
