SoylentNews is people
SoylentNews
Josh Pitts of Leviathan Security Group has identified a Tor exit node that was actively adding malware to binary files dynamically. He ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. An article about this can also be found at Threat Post.
This discussion has been archived.
No new comments can be posted.
Researcher Finds Tor Exit Node Adding Malware to Binaries
|
Log In/Create an Account
| Top
| 18 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 2) by Runaway1956 on Sunday October 26 2014, @04:06PM
Why are people downloading executables via TOR? I'm not a typical computer user, but then, neither are TOR users - are they?
My operating system is configured to download updates from a trusted repository. Actually, Windows is too - Windows Update connects to Windows servers to find it's updates.
Whether you operate a Unix-like or an NT system, who browses and/or searches for executables over TOR? If I want to install the latest version of "Your Browser Belongs To Us" toolbar, I navigate over the open net to the toolbar's homesite, and download their updated toolbar. Fast, easy, and efficient.
Tor? Sure, it will carry your executable to you, but its rather slow and inefficient, isn't it? That's why you don't torrent on TOR.
This seems a strange mix of paranoia and careless stupidity. Of course, law enforcement seems to have made a number of busts based on similar strange mixes of paranoia and carelessness.
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Sunday October 26 2014, @05:41PM
> Why are people downloading executables via TOR?
Because those executables might be contraband or at least considered proof of criminal intent in certain countries?
The sites they are on may even be completely blocked from within their countries.
> This seems a strange mix of paranoia and careless stupidity.
You are exhibiting the problem with the authoritarian mindset -- that your personal experience is representative of the way everyone lives and that people who don't conform to your narrowly prescribed understanding of life are stupid.
(Score: 3, Insightful) by Fnord666 on Sunday October 26 2014, @06:15PM
People who don't want everyone to know which executables they are downloading or using. Say for example people who live in places where the possession of software that might avoid censorship is a crime.
(Score: 2) by frojack on Sunday October 26 2014, @08:29PM
Agreed, It might be more innocent than that.
There are some people who run their entire internet access over tor, usually by an external tor appliance between their network and the internet.
When that happens, machines protected by that appliance will check for updates via tor. All internet access will go via tor.
They specifically mention windows machines looking for windows updates.
No, you are mistaken. I've always had this sig.
(Score: 2) by urza9814 on Thursday October 30 2014, @06:30PM
Yup. My phone does this. So any apps that are updated are being updated through Tor. I actually did try limiting Tor to specific applications, but I found that didn't work very well, a lot of apps would claim they had no connection at all. But if you do transparent proxying of ALL traffic, they work perfectly.
(Score: 0) by Anonymous Coward on Sunday October 26 2014, @09:22PM
In some moslem countries you can be imprisoned just for downloading programs they do not approve of
(Score: 0) by Anonymous Coward on Sunday October 26 2014, @10:40PM
I didn't realize Japan was a moslem country. [bbc.co.uk]