摸進俄羅斯的外包廠商,意外發現的專案:降低 Tor 匿名性的工具

俄羅斯政府的外包廠商 SyTech 被摸進去後,被發現裡面有些「有趣」的軟體:「Hackers breach FSB contractor, expose Tor deanonymization project and more」。

這次被放在標題的軟體叫做 Nautilus-S,透過被加過料的 Tor server 與 ISP traffic 交叉分析,試著找出俄羅斯內的 Tor 使用者:

Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.

這不是新東西,之前就有被提出來,但並沒有這次直接給整包軟體出來:

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

而且看起來有不少節點正在運行:

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

不知道 Tor 會不會有行動...

GitHub 的 Gist 要移除匿名發表的功能了...

GitHubGist 變成要註冊使用者才能貼了:「Deprecation notice: Removing anonymous gist creation」。主要的原因也還是因為太多 spam 之類的訊息:

In 30 days, we'll be deprecating anonymous gist creation—a decision we made after a lot of deliberation. Anonymous gists are a handy tool for quickly putting a code snippet online, but as the only way to create anonymous content on GitHub, they also see a large volume of spam. In addition, many people already have a combination of tools authenticated with GitHub that allow them to create gists they own.

預定是 3/19 關閉... 只好繼續貼 Pastebin 了... XD

OnionShare:透過 Tor 的 Hidden Service 分享檔案

OnionShare 官網上的說明是這樣寫:

OnionShare is an open source tool that lets you securely and anonymously share a file of any size.

Wiki 的說明比較清楚,實際上是在本機開一個 Hidden Service,而使用者必須透過 Tor Browser 這類的服務下載,這樣可以達成提供者與下載者都彼此匿名:

OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you.

用法的部份就更清楚了:

Open OnionShare, drag and drop files and folders you wish to share into it, and click Start Sharing. After a moment, it will show you a .onion URL such as http://asxmi4q6i7pajg2b.onion/egg-cain. This is the secret URL that can be used to download the file you're sharing.

如果下載者不是那麼在意匿名性的話,Tor2web 這類的服務應該也可以用...

感覺以現在提供的功能來看還是不夠便利,實驗性質居多 XD

VPN 的評價

文章的作者試了很多家 VPN 服務,然後文章的標題有點長,有種輕小說的感覺...:「I tested the most recommended VPN providers using my credit card to find the best ones — and which ones you should avoid.」。

不過這種文章有很多東西很主觀,大家心裡有個底就是了...

作者比較滿意的是 TunnelBearOVPN 這兩家,也許等手上 PIA 到期的時候再試看看要怎麼選好了,畢竟 PIA 還是目前最便宜的方案。

利用 CloudFlare 的 reCAPTCHA 反向找出真正的 Tor 使用者

Cryptome 這邊看到可能可以被拿來用的技巧:「Cloudflare reCAPTCHA De-anonymizes Tor Users」。

Tor 使用者連到 CloudFlare 上時,常常會出現 reCAPTCHA 的提示,要求你驗證,而這個驗證過程的 traffic pattern 太龐大而且很明顯,當情治單位同時可以監控 CloudFlare 的上游 (像是「Airtel is sniffing and censoring CloudFlare’s traffic in India and CloudFlare doesn’t even know it.」這篇提到的問題) 或是監控 Tor 的 exit node 的上游,再加上同時監測使用者可能的 ISP,就可以對照湊出使用者:

Each click on one of the images in the puzzle generates a total of about 50 packets between Tor user's computer and the Cloudflare's server (about half are requests and half are real-time responses from the server.) All this happens in less than a second, so eventual jitter introduced in onion mixing is immaterial. The packet group has predictable sizes and patterns, so all the adversary has to do is note the easily detectable signature of the "image click" event, and correlate it with the same on the Cloudflare side. Again, no decryption required.

短短的一秒鐘內會產生 50 個封包,而且 pattern 很清楚...

PHP 5.3 的 anonymous function

在看到 PHPConf Taiwan 2011 的議程介紹後,看到有人在推薦 Slim Framework,一連上去就看到包含 anonymous function 的 sample code:

<?php
require 'Slim/Slim.php';
$app = new Slim();
$app->get('/hello/:name', function ($name) {
    echo "Hello, $name!";
});
$app->run();
?>

然後回頭去翻 PHP 的說明:「Anonymous functions」,發現是從 PHP 5.3 開始支援。

於是在 JavaScript 上常用到的技巧就也可以在 PHP 上用了:(不影響到全域變數與函數空間的方式)

// JavaScript
(function(){
    // ...
})();

// PHP
call_user_func(function(){
    // ...
});

接下來是繼續測試 Slim Framework 了,看起來算是一個不錯的小東西... 之後拿來配合 Heroku 這類的 PasS 快速開發應該會很好用 :o