Tor exit node mashes malware into downloads A Tor exit node has been found slapping malware onto downloads as users exit the hidden network and enter the public web. Leviathan Security Group researcher Josh Pitts found the operator of the Russia-based node compromising binaries only a month after raising concerns of the possible attack. He created the Backdoor Factory …
Err....if I don't want the version from my distro I can add a PPA (or equivalent) and that is also cryptographically signed. Any change to those binaries in-flight is detected.
If one is downloading source, then one is an atypical user (probably a developer of some kind) and even then the source can be verified against a crypto signature in a very similar way to the package manager. It's just a bit more manual, which is no big deal to a developer.
If I choose to add an *unsigned* repository or download an compile source without verification...then no amount of security will help as I have chose to bypass it.
If one doesn't know about a topic, it's best to remain quiet and listen/read in order to learn.
Of course, if your dowloads are vulnerable to MITM over TOR, then they're equally vulnerable to it over 'regular' Internet, too.
The main difference is that on TOR, there is a somewhat higher chance that someone is attempting to actually attack your traffic at any given time.
The advantages of TOR come when you only use TOR. As soon as they exit onto the real internet, you are vulnerable.
The "multiple anonymous men-in-the-middle" shouldn't be able to see your traffic, as it is all encrypted until it reaches it's endpoint. If the endpoint is an exit node, you loose that protection as soon as you exit. If the endpoint is a TOR node, your data can only be seen by it's intended recipient.
Seems to me, if you run an exit node that talks solely to your internal network, you're safe from this particular problem. Of course, for anonymity you also need to run an ordinary (transit?) node so your traffic gets mixed in with the general flow.
And, of course, it doesn't protect you from an evil entry node, if vulnerable to the analogous problem. Hmmm, also problematic if you can't choose your exit node, or if that choice makes you identifiable. Could someone better informed on TOR internals comment?
Wouldn't this 'FixIt' program be signed too? (And if not, it would be trivial to do so).
Regardless, this MITM attack isn't exclusive to TOR, it's just as feasible to do with with regular internet.
Furthermore, I wasn't aware that you can mark exit nodes as "BadExit". That's a pretty cool feature; one that doesn't appear in the regular internet.
The story implies that TOR is dangerous - but as far as I can tell, it's actually safer than regular internet.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
