[Rack] Tor security in Noisebridge

James Sundquist sundquistjames at gmail.com
Sat Dec 15 07:35:09 UTC 2012


Andy, thanks so much for your thorough response.  I honestly wouldn't
consider myself paranoid.  I'm just curious and appreciate knowing a more
about the network infrastructure at noisebridge.
-James

On Dec 14, 2012 9:43 PM, "Andy Isaacson" <adi at hexapodia.org> wrote:

On Fri, Dec 14, 2012 at 07:23:33PM -0800, James Sundquist wrote:
> How easy is it to gain administra...
Either trivial, or incredibly difficult.  The box has been hardened by a
few good hackers.  We believe its network threat surface is minimal.

Of course we have no way of knowing where the eth0 is plugged into.  For
all I know the FBI showed up with a NSL and told our hosters how it was
going to go down and now we have the special red cat5 going into an
inconspicuous black box.  Or men in black showed up and plugged an extra
special dongle onto a spare DIMM socket.  Or an Intel microcode backdoor
was inserted using the top secret radio hole in Nehalem.  Feel free to
make up your own hardware conspiracy theory to go here.

I don't think any of those physical compromise scenarios happened, but I
can't be sure.


> How do you
> guarantee Noisetor is not modifying, monitoring, or recording traffic?
I and a few others set it up.  We believe it's not modifying,
monitoring, or recording traffic.  The benefit to us of lying about it
are pretty small (and if I had evidence or even a good suspicion that
one of the others had done something bad, I'd say so.)


> Trust is good, but I'd like to learn more specifics.
> This guy here[3] and here[4] mention si...
Yep, it's incredibly easy to do so.  I can't present any evidence that
would convince a sufficiently paranoid auditor (you) that this specific
box hasn't been misused in this way.  I can say that I believe it hasn't
and I have an incentive to find out if it has and to publicize if I find
out.


> How would you prevent someone from doing this?
We have a limited list of people with access to the box.  We are pretty
sure the box can't be compromised without compromising one of the admin's
authentication methods, and we're pretty sure that hasn't been done.
Short of hiring an actual auditor to examine an image of the box, I'm
not sure what more proof you'd be interested in.


> How is the project managed? Is there extensive documentation
> somewhere of how Noisetor has bee...
We set out with grand plans to have the exit node extensively puppetted
and completely checked in to github, but we ended up hacking together
the configs for the box to get it running, and then ended up in the
classic situation of "well, it's working, but getting the configs
completely parameterized and checked in is more work than any of the
existing admins are willing to put in."  A fair bit of stuff is on the
github repo, but not all.


> What first got me thinking about this was an 07/2012 article from
> BoingBoing[2] about a fake ce...
Shrug.  If you trust a different Tor node operator more, feel free to
use them instead of Noisetor.  Personally I am certain that my machines
could be compromised by an even minimally competent black-bag team; I
don't have interest or wherewithal to defend against that threat, but
I'm fairly confident that it hasn't been done unless by a major
government agency, in which case I'm fucking screwed so I might as well
just pretend I haven't been.  I do my best to not get pwned and I think
I do a pretty good job.  I'm well aware of the weaknesses in my security
posture; sometimes I mitigate those, other times I don't bother.

HTH,
-andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/rack/attachments/20121214/ab8f310b/attachment-0001.html>


More information about the Rack mailing list