Monday, 27 October 2014

tor-project-browser
Tor Blacklisted Russian Exit Node for Delivering Malware Through Binary Download




The Tor projects has blacklisted one of its Russian Server as the server threw Malware when the user were Downloading Files.

Tor is a Anonymous web browser which let you browse the internet anonymously by hiding your real IP. This piece of software let your request go through multiple security tunnel across the globe.

In this case, the effected server was a 'exit node' for Tor, more precisely it was the last server in the chain of the network which puts the user request in the final destination.

Roger Dingledine, Tor Project’s project leader and director, wrote the Russian server has been labeled a bad exit node, which should mean Tor clients will avoid using the server.

The Russian server was found by Josh Pitts, who does penetration testing and security assessments with Leviathan Security Group. He said in a post that he wanted to find out how common it was to find attackers modifying the binaries of legitimate code in order to deliver malware.

Big Software Companies puts Digital Signature in their Binaries so that they can use them to modify whether the code was modified later or not. But Pitts got shocked when he found that the binaries were not signed. Beside that, they did not even have TLS(  Transport Layer Security) during the downloading. As the SSL connection TLS also encrypts the connection between Client and server.

Till now Pitts only found one Tor exit node of such kind which only modified uncompressed portable executables. 

“This does not mean that other nodes on the Tor network are not patching binaries; I may not have caught them, or they may be waiting to patch only a small set of binaries,” Pitts said.

As a security reminder Pitts said that user should always download from the source where TLS/SSL is enabled. It still does not matter if  it is digitally signed.

Pitts added, All people, but especially those in countries hostile to ‘Internet freedom,’ as well as those using Tor anywhere, should be wary of downloading binaries hosted in the clear—and all users should have a way of checking hashes and signatures out of band prior to executing the binary,” 

0 comments:

Post a Comment