Tor's famous for anonymizing your Internet activities and infamous for being a pain to use. Debuting at Black Hat, the Tortilla tool smooths out some of the global network's rough edges. Tortilla creator Jason Geffner answers an question from his audience about how Tortilla allows plug-ins when using Tor. (Credit: Seth Rosenblatt/CNET) LAS VEGAS -- The Onion Router's popularity as a Internet traffic anonymizing network that can be used just about anywhere belies some of its limitations. To combat those, one security researcher at Black Hat 2013 here figured out a way to make Tor more palatable. And to the consternation of people who hate food names and metaphors, it's called Tortilla (download). "People couldn't easily anonymize their Internet traffic," Jason Geffner, Tortilla's inventor, told CNET after his presentation. "This opens a whole realm of opportunities for them." Geffner developed the free, open-source, and Windows-only Tortilla with help from his colleagues at Crowdstrike, where he's a senior security researcher. It answers the question of how to wrap Tor securely around Internet traffic, Geffner told his audience. Related stories: Hackers to NSA chief: Read the Constitution BlackBerry 10 users: Update ate our text messages BlackBerry, Mozilla fighting bugs with 'Peach' Mid-2013 MacBook Air experiencing black screen bug ATM hacker Barnaby Jack dies It also addresses two of the biggest problems with Tor, Geffner said during his short, 25-minute-long "Lightning" session at the conference. It fixes what he termed "the Firefox problem" and untangles SOCKS server issues. SOCKS, at its simplest, is a way to transfer data securely through a firewall. The Firefox problem, Geffner said, is that the browser has had twice the number of discovered vulnerabilities in the past year than Internet Explorer. Tor is limited to Firefox use only, and Tor blocks plug-ins for security reasons. "If Firefox gets exploited, the malware could circumvent the Tor tunnel entirely," he said. The SOCKS server problem prevents TCP proxying via SOCKS in most cases, and in cases where the software supports it, DNS proxying isn't. Tortilla solves both of these issues and allows Tor to be used with virtual machines. This, Geffner said, makes it an excellent tool for security experts who want to visit or test attack Web sites, or blogs written by people who run attack Web sites, without leaving traceable tracks. "It acts on DHCP, ARP, DNS, and TCP packets, and drops everything else," Geffner said, in explaining what kinds of Internet traffic work with Tortilla. He added that Tortilla is failsafe, so that you can run it before or after you start your virtual machine or Tor itself. The benefits of Tortilla for security researchers are apparent, but there's nothing stopping people who are concerned with their online privacy from using it, either, Geffner said. "The fact that we're using Tor isn't a secret," when using Tortilla, he said, "but our identity is." Given that people are arguably more concerned with online privacy now than in the history of the Internet, it's hard to imagine people not clamoring for more tools like Tortilla.

Posted by : Unknown Wednesday, July 31, 2013

Tor's famous for anonymizing your Internet activities and infamous for being a pain to use. Debuting at Black Hat, the Tortilla tool smooths out some of the global network's rough edges.




Tortilla creator Jason Geffner answers an question from his audience about how Tortilla allows plug-ins when using Tor.


(Credit: Seth Rosenblatt/CNET)

LAS VEGAS -- The Onion Router's popularity as a Internet traffic anonymizing network that can be used just about anywhere belies some of its limitations. To combat those, one security researcher at Black Hat 2013 here figured out a way to make Tor more palatable.


And to the consternation of people who hate food names and metaphors, it's called Tortilla (download).


"People couldn't easily anonymize their Internet traffic," Jason Geffner, Tortilla's inventor, told CNET after his presentation. "This opens a whole realm of opportunities for them."


Geffner developed the free, open-source, and Windows-only Tortilla with help from his colleagues at Crowdstrike, where he's a senior security researcher. It answers the question of how to wrap Tor securely around Internet traffic, Geffner told his audience.



It also addresses two of the biggest problems with Tor, Geffner said during his short, 25-minute-long "Lightning" session at the conference. It fixes what he termed "the Firefox problem" and untangles SOCKS server issues. SOCKS, at its simplest, is a way to transfer data securely through a firewall.


The Firefox problem, Geffner said, is that the browser has had twice the number of discovered vulnerabilities in the past year than Internet Explorer. Tor is limited to Firefox use only, and Tor blocks plug-ins for security reasons.


"If Firefox gets exploited, the malware could circumvent the Tor tunnel entirely," he said.


The SOCKS server problem prevents TCP proxying via SOCKS in most cases, and in cases where the software supports it, DNS proxying isn't.


Tortilla solves both of these issues and allows Tor to be used with virtual machines. This, Geffner said, makes it an excellent tool for security experts who want to visit or test attack Web sites, or blogs written by people who run attack Web sites, without leaving traceable tracks.


"It acts on DHCP, ARP, DNS, and TCP packets, and drops everything else," Geffner said, in explaining what kinds of Internet traffic work with Tortilla. He added that Tortilla is failsafe, so that you can run it before or after you start your virtual machine or Tor itself.


The benefits of Tortilla for security researchers are apparent, but there's nothing stopping people who are concerned with their online privacy from using it, either, Geffner said. "The fact that we're using Tor isn't a secret," when using Tortilla, he said, "but our identity is."


Given that people are arguably more concerned with online privacy now than in the history of the Internet, it's hard to imagine people not clamoring for more tools like Tortilla.



Translate

Like fanpage

Popular Post

Blog Archive

Powered by Blogger.

- Copyright © News and design logo -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -