[Rack] Tor security in Noisebridge

James Sundquist sundquistjames at gmail.com
Sat Dec 15 03:23:33 UTC 2012

Hey everyone,

Thank you for sharing your thoughts on this!  My first questions are:

How easy is it to gain administrative access to Noisetor?How do you
guarantee Noisetor is not modifying, monitoring, or recording traffic?
 Trust is good, but I'd like to learn more specifics.
  This guy here[3] and here[4] mention simply using a tor node and
tshark or just a proxy to capture tons of information immediately.
How would you prevent someone from doing this?
How is the project managed?  Is there extensive documentation
somewhere of how Noisetor has been configured and maintained?  I found
some information that Andy posted in January 2012 [1], but couldn't
find anything else in the Noisetor mailing list archive.

What first got me thinking about this was an 07/2012 article from
BoingBoing[2] about a fake certificate used to spy on a resident of
Jordan.  It looks like the company, Cyberoam, used the same SSL
certificates in multiple services.  The light traffic on the tor
mailing list and general chaos of the 'bridge make me curious of
whether the online services are treated in a similar manner.  Thanks
for the info!

[1] https://www.noisebridge.net/pipermail/tor/2012-January/000127.html

On Fri, Nov 30, 2012 at 02:52:05PM -0800, James Sundquist wrote:

> > I've been reading up on Tor Exit Node man-in-the-middle attacks and was
> > wondering whether it has ever been addressed by the NoiseTor team.  I
> > understand that Tor is designed for anonymity (not security), but I'd
> love
> > to hear the thoughts of someone who has experience with NoiseTor.  Rack
> > seems like the correct list since it relates to Network Infrastructure.
> the tor@ is a better list, but whatever. :)
> Noisetor doesn't modify, monitor, or record traffic on our exit node.
> So we're not operating a MITM attack.
> There isn't much that Noisetor can do to prevent some other exit node
> from modifying, monitoring, or recording traffic.  Obviously the Tor
> admins can flag exits as BadExit or similar if a MTIM is noticed, and we
> support that, but it doesn't have very much to do with Noisetor.
> I'm not sure what else you're supposing we might do to address possible
> MITM attacks.  Anything else in particular you're thinking of?
> -andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/rack/attachments/20121214/f6d6fe15/attachment.html>

More information about the Rack mailing list