On 11/2/2013 2:33 AM, DeveloperChris wrote: > I got to speak with my acquaintance about his experience. Sadly It was > as bad but not as quick as I was told. > > He told me within a three week period of setting up the tor exit node he > considered his entire internal network compromised as several of his > machines showed signs of being compromised. I didn't get to ask the > specifics of that. But knowing this person as I do when he says > compromised, it is not something you take lightly. > > He reformatted and rebuilt every machine from known good sources and > sworn off Tor. > > DC
I'm still inclined to believe any compromise was unrelated to Tor. If this was a Windows network, it is not unheard of for one machine to infect the rest. The infection could have started on any of the machines over the 3 weeks (or even beforehand). If it's a *nix network... having one machine compromised is plausible (however unlikely), but having an entire network compromise would suggest many serious mistakes were made. The fact that he reformatted suggests these were Windows boxes (it makes little sense to reformat a *nix box unless you've been rooted... and I can't imagine an entire *nix network being rooted unless someone has REALLY screwed up). I think if this conversation is to progress beyond "Tor got someone's network hacked" <-> "No, it probably it didn't", we'll need some specifics. Perhaps this associate should join the tor-talk list? Here's some specific information that would be relevant: * OS (Specific version): * Tor Version: * Specific evidence that Tor Exit was compromised (what was it doing, was there detected malware, what was the name of the malware, etc...): * Specific evidence that other network machines were infected (with same data as above... OS, running services, etc): * Specific evidence that the Tor Exit was the source of the compromise: I think until those facts are known, we're just spinning our wheels. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
