Tor Project infrastructure updates

by phobos | January 22, 2010

You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
https://www.torproject.org/easy-download.html.en

In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with
metrics.torproject.org, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.

We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.

Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way.

We've been very lucky the past few years regarding security. It still
seems this breach is unrelated to Tor itself. To be clear, it doesn't
seem that anyone specifically attacked our servers to get at Tor. It
seems we were attacked for the cpu capacity and bandwidth of the servers,
and the servers just happened to also carry out functions for Tor.

We've tried to address the most common questions below.

I read that Tor's encryption keys were compromised, is this true?

No. The operating systems were compromised, not tor. The tor source, and running Tor Directory Authorities were left untouched. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. We've generated new Directory Authority keys out of an abundance of caution.

Does this mean someone could have matched users up to their
destinations?

No. By design, Tor requires a majority of directory authorities (four
in this case) to generate a consensus; and like other relays in the
Tor network, directory authorities don't know enough to match a user
and traffic or destination.

Does this mean somebody could have changed the Tor source?

No, we've checked the source. It does mean you should upgrade so your
client knows about all the currently valid directory authorities.

Does this mean someone could have learned more about Tor than an
ordinary user?

Since our software and specifications are open, everyone already has
access to almost everything on these machines... except some old bridge
descriptors, which we give out only in small batches as entry points for
blocked clients.

Can I trust Tor's security?

We've taken steps to fix the weaknesses identified and to harden our
systems further. Tor has a track record of openness and transparency,
with its source code and specifications and also with its operations.
Moreover, we're disclosing breaches such as this so you can monitor our
status. You shouldn't assume those who don't disclose security breaches
never have any!

Comments

Please note that the comment area below has been archived.

January 22, 2010

Permalink

As of this posting, the link at the top has the 1.3.0 version of the Browser Bundle (which still has the 0.2.1.21 release of Tor)

What can TBB users do?

January 22, 2010

Permalink

Hmmm i noticed that torchat isn't connecting anymore for more than 24 hours now...

Maybe this could be in relationship with your messsage?

January 22, 2010

Permalink

re torchat still not connecting. It is true here too,

Note this line from torchat's torcc file:

## the following is a dirty workaround for the 15 minutes problem:

## hidden service descriptors are cached 15 minutes, so after

## a restart of tor we are not reachable for 15 minutes.

## Using always the same introduction points makes even old

## and stale descriptors still work. I am still searching

## for a better solution.

HiddenServiceNodes moria1,moria2,tor26

At least 2 of the 3 hidden service node above were compromised.
Are there new names for these servers and do they need to replace the 3 shown above? If so, where are these server names to be found?

PS The captchas required to post here are VERY difficult for a human to read. Please use something that is more legible and human friendly

January 23, 2010

Permalink

Hi guys!
This error appears every time since update. What's wrong? Does someone have the same problem?

Jan 23 13:01:33.166 [Notice] Tor v0.2.2.7-alpha (git-.......). This is experimental software. Do not rely on it for strong anonymity. (Running on Darwin i386)
Jan 23 13:01:33.167 [Notice] Initialized libevent version 1.4.13-stable using method kqueue. Good.
Jan 23 13:01:33.168 [Notice] Opening Socks listener on 127.0.0.1:9050
Jan 23 13:01:33.168 [Notice] Opening Control listener on 127.0.0.1:9051
Jan 23 13:01:35.206 [Notice] Bootstrapped 10%: Finishing handshake with directory server.
Jan 23 13:01:35.328 [Warning] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Jan 23 13:01:35.340 [Notice] No current certificate known for authority moria1; launching request.
Jan 23 13:01:35.340 [Notice] No current certificate known for authority tor26; launching request.
Jan 23 13:01:35.341 [Notice] No current certificate known for authority dizum; launching request.
Jan 23 13:01:35.341 [Notice] No current certificate known for authority ides; launching request.
Jan 23 13:01:35.341 [Notice] No current certificate known for authority gabelmoo; launching request.
Jan 23 13:01:35.342 [Notice] No current certificate known for authority dannenberg; launching request.
Jan 23 13:01:35.342 [Notice] No current certificate known for authority urras; launching request.
Jan 23 13:01:35.487 [Warning] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Jan 23 13:01:36.042 [Warning] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Jan 23 13:01:36.184 [Warning] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Jan 23 13:02:36.193 [Notice] No current certificate known for authority moria1; launching request.
Jan 23 13:02:36.226 [Notice] No current certificate known for authority tor26; launching request.
Jan 23 13:02:36.227 [Notice] No current certificate known for authority dizum; launching request.
Jan 23 13:02:36.227 [Notice] No current certificate known for authority ides; launching request.
Jan 23 13:02:36.228 [Notice] No current certificate known for authority gabelmoo; launching request.
Jan 23 13:02:36.228 [Notice] No current certificate known for authority dannenberg; launching request.
Jan 23 13:02:36.229 [Notice] No current certificate known for authority urras; launching request.
Jan 23 13:02:36.331 [Warning] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Jan 23 13:02:36.384 [Warning] TLS error: unexpected close while renegotiating (SSL_ST_OK)

If you could help me, that would be great. :-) Thanks guys!

January 23, 2010

In reply to phobos

Permalink

well, I wouldn't say exactly that they 'broke' it...the fact is rather that the ssl protocol is broken.

Btw that captcha is f*ing unreadable

January 23, 2010

Permalink

After reading the bug reports I just wanted to add that this issue is not restricted to Snow Leopard (10.6). I experience it on Leopard 10.5.8 as well after application of Apple's latest security Update 2010-001.

January 24, 2010

Permalink

I also use OS X Snow Leopard 10.6.2 and I must say, I have the same problem.

I get these error message everytime, weather I start Vidalia (TOR)

TLS error: unexpected close while renegotiating

Hope it comes a solution quickly. I don't know what I could do

January 25, 2010

Permalink

My Torchat is essentially now broken by the recent changes to Tor. Upgrading to 19 Jan 2010 ver of Tor allows user to connect to himself but rarely with any others users even if they have upgraded to new Tor too.

Torchat uses Tor hidden services to communicate with others; something must still be broken in that respect.

PS Tor for surfing in FireFox works fine.

Any other clients that use Tor hidden services affected by these changes to Tor?

Tor/Firefox is fine. Torchat remains broken despite attempts to insert updated tor.exe and/or tor.resolve. Quite unfortunate. Torchat was an excellent resource. I suspect commie hackers are to blame, but that's just me.

January 26, 2010

Permalink

I am using MacOSX Snow Leopard 10.6. I updated to intelMac Tor Bundle 0.2.1.22 as advised. I now find I cannot access the Tor Network. The following messages (repeating) appear in the log:

Warning: TLS error: unexpected close while negotiating
Notice: No current certificate known for authority moria1

Same notice for authorities: moria1, tor26, ides, gabelmoo, dannenberg, urras.

I wish to use the previous bundle (0.2.1.19 for intelMac and PPC)
of Tor. I would be be grateful if someone could give me the address where previous versions of Tor bundles can be downloaded.

Thank you in advance.

January 28, 2010

Permalink

I'm getting the same "TLS" errors. I was also using an older version of Vidalia and just updated to the latest version to see if it would fix it, but no.
So is it just Intel-Mac users with Snow Leopard having problems? I have ver. 10.6.2
This sucks, Tor was working great a few days ago : (
Fucking hackers - find them and cut off their balls!

BTW, I realize the hackers had nothing to do with why Tor isn't working on Macs at the moment; I was just saying they were assholes. I realize Apple's latest security update screwed it up. Didn't want to be misread..

January 29, 2010

Permalink

To fix you need to replace the tor.exe and tor-resolve.exe in your TORchat folder.

DL the lastest TOR package and install what you need (min is TOR), then copy the new tor.exe (2110kb) and tor-resolve exe (118kb) into your TORchat bin/tor folder.

Start torchat and off you go.

or it did for me

As noted in previous posting, I did exactly this with no improvement in Torchat performance. Torchat is running as I write this. The system has resolved only myself and one other user. It is as though at least half of the previous relays have been taken off-line. Perhaps someone can send an email to the Torchat developer and request a Torchat update to fix all issues. Would be much appreciated.

See fault report filed at torchat homepage: http://code.google.com/p/torchat/issues/detail?id=54 ----- And also see issue 53 there too, ---- Unfortunately, the developer of torchat has not released any fixes or improvements in a very long time. Too bad as it conceptually is an excellent software. ---- I suspect that if there are any other clients which use tor Hidden Services that they are affected too, Maybe somebody could report such clients here? ----Maybe this is not a torchat problem but a tor problem?

January 29, 2010

Permalink

Previous torchat folder did not contain a tor-resolve.exe. It contained only the tor.exe. On first attempt to fix, I did inport the new tor-resolve.exe into torchat and it had no effect over two days of testing. So I removed it, leaving just the updated tor.exe. I am able to see myself and (rarely) two other users of torchat only. The system is still crippled.

January 29, 2010

Permalink

Yes, torchat is still crippled as described above. ---

And this is true whether you are using the win or linux version. Replacing a previous tor version (and tor resolve if it is present, ie, win torchat portable) does NOT solve the problem. Clients who replace the relevant file(s) might be able to connect to each other for a short while but this restored facility quickly disappears and they are unable to connect to each other again. --- Tellingly, after the tor file update, a user CAN reliably connect every time to herself, but NOT to any other torchat user ----

We surmise this is a Hidden Services fault in tor. Why? Identifiers, keys or what ever else it might be is beyond our ken. One thing is for sure: this problem did not exist in torchat before the hack attacks and subsequent modifications to tor of Jan 2010.

January 31, 2010

Permalink

Easily, the article is in reality the sweetest on this valuable topic. I fit in with your conclusions and I think www.bestbootsale.com is a good topic. will thirstily look forward to your approaching updates. A simple thanks will not just be complete for the exceptional lucidity in your writing.

February 01, 2010

Permalink

hmmm it takes some time, but i can connect to other TC users with updated tor.exe.. and chatting for many hours.

running Linux or windows torchat? Please give details. Have tried it with both to no benefit. Of course it should not take hours to make connexion; it never did before Jan of 2010. This suggests recent necessary security changes to tor itself have inadvertently created this torchat problem.

I am running Windows XP.

One day it is working pretty good and i can chat for a long time, the other day tc needs almost an hour to connect to others.. The question is: what's the fuckin reason for that????

February 14, 2010

Permalink

torchat is fine but you have to get the new tor files. easiest: get the new tor
browser bundle and install it (just overwrite is fine, but backup if you like). then
get the /Tor Browser/App/tor.exe and tor-resolve.exe (new file with this release) and
overwrite/add them to torchat /bin/Tor directory. as long as you come on line within
a few minutes you're connected, though other people may be offline.

Torchat is still broken. even with the newest tor files. It takes days to connect with other torchat users even though we are all online 24/7. I can reliably connect to 'myself' very quickly but that's all.

==>Is this a problem with Rendezvous Server related code?

May 04, 2010

Permalink

i have two copies of torchat running on the same computer in client mode. they both turn "green" and connect to the outside with tor 0.2.1.22

and the two accounts won't talk to one another. both sees the other as offline.

i guess the torchat developers are MIA.

if someone could explain to me conceptually what is the problem then i would be happy to fix the torchat code.

November 18, 2010

Permalink

and connect to the outside with tor 0.2.1.22

and the two accounts won't talk to one another

December 01, 2010

Permalink

if someone could explain to me conceptually what is the problem then i would be happy to fix the torchat code.

December 02, 2010

Permalink

Perhaps someone can send an email to the Torchat developer and request a Torchat update to fix all issues. Would be much appreciated

September 02, 2011

Permalink

Just started as a relay. To check if it is working, should I be able to see myself on Tor Network Map..ie on the relay list?