Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Tor Exit Node Distributes Malware by encapsulating .executables with code
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Tor Exit Node Distributes Malware by encapsulating .executables with code

Comments

  • perennateperennate Member, Host Rep
    edited October 2014

    Using HTTPS solves these issues. Tor provides anonymity, not security or privacy; those attributes should be implemented in the application layer.

    Problem there are some Russian VPNs doing the same thing. And routers sometimes get hacked to distribute malware.

    Internet services should take these kinds of issues as proof that widespread adoption of secure protocols is critical.

    Thanked by 2rm_ tehdartherer
  • rm_rm_ IPv6 Advocate, Veteran
    edited October 2014

    Such amaze, you trusted someone so much that you downloaded an .EXE file through their sodding computer, and shockingly, they turned out not to be an upstanding gentlemen with unwavering dedication to high moral standards!

    In other news, people not knowing what a tool is, what it does, and how to properly use it, shoot themselves in the foot from a nail gun, emptying a full clip before noticing that anything is wrong. More at 11.

    Thanked by 3JahAGR Chuck ihatetonyy
  • OnraHostOnraHost Member
    edited October 2014

    @rm_ said

    Do I detect just a tiny tiny bit of sarcasm in your post? lol

  • I've occasionally tried to follow the logic of individuals advocating the use of Tor...

    rm_, can you define "how to properly use it"?

  • @perennate

    Tor forces SSL, but some exit nodes may run malware that strips the SSL. The only real defence against that (AFAIK) are people who report it.

  • rm_rm_ IPv6 Advocate, Veteran
    edited October 2014

    ricardo said: rm_, can you define "how to properly use it"?

    That has been answered already by @perennate. Use HTTPS. It provides assurance that the content you receive (doesn't matter through Tor, or otherwise) does indeed come from the website that you're connecting to, and has not been tampered with or intercepted by others in transit.

    If a site does not support HTTPS, do not log-in into it via Tor (or on open WiFi networks etc), and don't download any executable code to run on your computer.

  • One of the things that will help is if we all run more exit nodes without any funny encapsulation stuff on them.

    Thanked by 1vRozenSch00n
  • I agree. And "issue" is not real issue and not something new. But like all this days, they try to say something about TOR to take down even more reputation of this service.

    linuxthefish said: One of the things that will help is if we all run more exit nodes without any funny encapsulation stuff on them

    Thanked by 2vRozenSch00n rm_
  • perennateperennate Member, Host Rep
    edited October 2014

    linuxthefish said: One of the things that will help is if we all run more exit nodes without any funny encapsulation stuff on them.

    No, best way to help is to use secure application-level protocols. Here's the part of the only email on the tor-talk mailing list about this obviously minor incident:

    Thanks for the detailed analysis! We've now set the BadExit flag on
    this relay, so others won't accidentally run across it. We certainly do
    need more people thinking about more modules for the exitmap scanner. In
    general, it seems like a tough arms race to play:
    https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html
    and as you say, the better approach is to have applications not blindly
    trust unauthenticated bits they get from the Internet.

  • perennate said: No, best way to help is to use secure application-level protocols. Here's the part of the only email on the tor-talk mailing list about this obviously minor incident:

    I'm not a Tor developer and useless at coding, so I guess running a few exits is the best I can do :(

  • It just seems like the only morally sound reason for using such a thing is due to lack of freedom of speech in a particular jurisdiction, however it seems like the end-user has to be armed with a respectable amount of technical knowledge in order to use it safely, which makes it less than a great 'product'. I'm not familiar with the alternatives, or even used Tor, but it just seems like potentially more trouble than it's worth.

  • perennateperennate Member, Host Rep
    edited October 2014

    linuxthefish said: I'm not a Tor developer and useless at coding, so I guess running a few exits is the best I can do :(

    There is nothing in Tor software suite that can fully solve this issue; as I said Tor provides anonymity, not encryption/privacy (although if you are using hidden service then I think it does have end-to-end authentication/encryption). What I meant was, if you run any websites or mail servers you should make sure they use SSL/TLS, and encourage other website operators (e.g. @jbiloh) to do the same. The issue presented in OP is not Tor-specific, it applies to any situation where your traffic is routed through untrusted infrastructure (I guess most people trust their ISP to some extent, but still includes public VPN/wifi as @rm_ said).

  • Is someone here running an exit node?
    I wonder which provider would allow it.

  • linuxthefishlinuxthefish Member
    edited October 2014

    @tehdartherer said:
    Is someone here running an exit node?
    I wonder which provider would allow it.

    A while back an op in the online.net IRC channel said it was OK as long as it was legal and I resolved all abuse complaints. So far no abuse complaints on my 3 exits, although I have triggered the OVH anti hack on my Kimsufi with people trying to hack SSH and telnet boxes - I now only allow exiting on port 80 and 443 on OVH.

    OVH/Kimsufi TOS says public proxies/TOR is banned if they generate abuse, but no actual complaints have been had.

    Thanked by 1tehdartherer
  • MaouniqueMaounique Host Rep, Veteran
    edited October 2014

    linuxthefish said: A while back an op in the online.net IRC channel said it was OK as long as it was legal and I resolved all abuse complaints. So far no abuse complaints on my 3 exits, although I have triggered the OVH anti hack on my Kimsufi with people trying to hack SSH and telnet boxes - I now only allow exiting on port 80 and 443 on OVH.

    OVH/Kimsufi TOS says public proxies/TOR is banned if they generate abuse, but no actual complaints have been had.

    You will get complaints. 443 and 80 generate a lot of abuse reports. I had like 1 a week when running that, most idiotic, like an admin at an university threatening my provider with lawsuits because the credentials of his mailboxes have been leaked through other means and someone was sending spam over 443 using those stolen credentials over Tor. Other people complaining they are blocking some countries and those people still get in by using Tor, so, Tor is to be blamed. I mean, if you can block countries, you can block Tor. All exits are public.
    There are also the fraudsters which buy online over 443 from poor sad shops which do not block Tor and dont use maxminds or equivalent, etc.
    I allow only at home, only the following protocols: streaming (many), mail (pop3, imap), secure mail (465, 995, 993), chat protocols (excluding IRC), VoIP (sadly this does not work well over Tor, but it can be tweaked by experts), and that is about it. Due tot he nature of my dynamic IP the traffic is not big as the nodes are treated as unstable, but in good days I reach 300 GB a day, bad days (bad power and changes I make in the network knocking the nodes offline multiple times) it goes for like 50 GB or so. Only exit traffic.
    All the other nodes are relays only. I never hosted .onion sites, i believe a flog is better as freenet was designed with this in mind, not only to forward, but also store at least short term.
    For accessing content on the internet at large, such as media organizations blocked in china, iran or pakistan, for example, BBC, CNN, Twitter, Facebook, Youtube, you have to use Tor, as well as for email if you have to use gmail, for example, for publishing stuff, sharing with friends completely untraceable on darknets, you should use freenet and similar. If your friends dont know how, teach them.

Sign In or Register to comment.