This sucks, big time. Not that I use tor, however, I guess this can also be used to tamper with Linux and OS X executables. Is this only limited to tor network ? Any thoughts ?
Tor exit node mashes malware into downloads
A Tor exit node has been found slapping malware onto downloads as users exit the hidden network and enter the public web. Leviathan Security Group researcher Josh Pitts found the operator of the Russia-based node compromising binaries only a month after raising concerns of the possible attack. He created the Backdoor Factory …
COMMENTS
-
-
-
-
Monday 27th October 2014 12:57 GMT Anonymous Coward
Err....if I don't want the version from my distro I can add a PPA (or equivalent) and that is also cryptographically signed. Any change to those binaries in-flight is detected.
If one is downloading source, then one is an atypical user (probably a developer of some kind) and even then the source can be verified against a crypto signature in a very similar way to the package manager. It's just a bit more manual, which is no big deal to a developer.
If I choose to add an *unsigned* repository or download an compile source without verification...then no amount of security will help as I have chose to bypass it.
If one doesn't know about a topic, it's best to remain quiet and listen/read in order to learn.
-
-
-
Monday 27th October 2014 08:29 GMT Pierson
Same vulnerability both on and off TOR
Of course, if your dowloads are vulnerable to MITM over TOR, then they're equally vulnerable to it over 'regular' Internet, too.
The main difference is that on TOR, there is a somewhat higher chance that someone is attempting to actually attack your traffic at any given time.
-
-
Monday 27th October 2014 13:53 GMT Dr. Mouse
Re: Never ever trusted TOR enough to use it
The advantages of TOR come when you only use TOR. As soon as they exit onto the real internet, you are vulnerable.
The "multiple anonymous men-in-the-middle" shouldn't be able to see your traffic, as it is all encrypted until it reaches it's endpoint. If the endpoint is an exit node, you loose that protection as soon as you exit. If the endpoint is a TOR node, your data can only be seen by it's intended recipient.
-
-
Monday 27th October 2014 22:28 GMT Terry Cloth
Doesn't this mean every TOR user should run her own exit node?
Seems to me, if you run an exit node that talks solely to your internal network, you're safe from this particular problem. Of course, for anonymity you also need to run an ordinary (transit?) node so your traffic gets mixed in with the general flow.
And, of course, it doesn't protect you from an evil entry node, if vulnerable to the analogous problem. Hmmm, also problematic if you can't choose your exit node, or if that choice makes you identifiable. Could someone better informed on TOR internals comment?
-
Monday 27th October 2014 23:50 GMT as2003
Uh, what?
Wouldn't this 'FixIt' program be signed too? (And if not, it would be trivial to do so).
Regardless, this MITM attack isn't exclusive to TOR, it's just as feasible to do with with regular internet.
Furthermore, I wasn't aware that you can mark exit nodes as "BadExit". That's a pretty cool feature; one that doesn't appear in the regular internet.
The story implies that TOR is dangerous - but as far as I can tell, it's actually safer than regular internet.