|
|
Subscribe / Log in / New account

Security

Anonym.OS: providing internet anonymity

January 25, 2006

This article was contributed by Jake Edge.

Internet anonymity has started to become a mainstream issue, even covered by the New York Times (registration required) and a newly released project is specifically geared towards providing users with a safer, more anonymous, internet experience. Anonym.OS is an OpenBSD-based live CD that attempts to provide the average user with the same levels of privacy that are available to more technically savvy users.

Anonym.OS uses a variety of techniques to provide security and anonymity, starting with changing the TCP parameters to give the impression that it is running Windows XP in order to blend in. It provides very strong firewall protections, disallowing any inbound traffic and only allowing encrypted and/or anonymized traffic outbound.

Tor (aka The Onion Router) provides the underlying infrastructure for anonymity by routing TCP packets through random nodes in the Tor network, with separate encryption for each hop in the route. This routing makes it difficult to determine where a particular Tor client is connecting to (or from), though large adversaries who can monitor large sections of the net can still use statistical correlations of the packet timings to determine source and destination as described in the Tor FAQ.

Another component of Anonym.OS is Privoxy, which is a web proxy that provides a variety of privacy features such as cookie management, 'web bug' disabling, and bypassing various click-tracking scripts. Privoxy also provides DNS lookup anonymity to mask which domains a user is looking up.

After booting and configuring a root password, network parameters and the like, Anonym.OS presents a standard looking desktop with Firefox, Thunderbird and Gaim as icons. These applications will use Tor and have been configured to promote privacy, particularly in Firefox, by alerting about cookies and not saving passwords or form data.

The user experience is fairly slow, largely because of Tor, but loading programs from the CD also seems to take quite a while. Anonymity is not free nor particularly fast. Web pages take roughly 5-10 times as long to load and ssh sessions remind one of the glory days of 110 baud acoustic coupler modems. Tor is a work in progress and will likely get faster and find ways to make interactive (ssh) performance better but taking multiple hops through the network is always going to have a cost.

There are two Linux based projects with similar goals, and which also use Tor: Phantomix based on KNOPPIX, and ELE based on Damn Small Linux. Because of its vaunted "security by default", OpenBSD advocates would probably scoff at using Linux for a system of this sort, but the same software and techniques used by Anonym.OS are available for Linux.

Anonym.OS is clearly a boon for people with a strong need for anonymity on the internet and who either do not have the technical ability to set this up for themselves or who may use computers that are not under their control. Anonymous bloggers, folks who are worried that their government might get access to web logs from their favorite search engine, whistleblowers and others who might aggravate large, deep-pocketed organizations could certainly find a use for Anonym.OS. One does need a strong reason to do so, however, as using it can be very slow and painful.

Comments (3 posted)

New vulnerabilities

crawl: insecure program execution

Package(s):crawl CVE #(s):
Created:January 23, 2006 Updated:January 25, 2006
Description: Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges.
Alerts:
Debian DSA-949-1 crawl 2006-01-20

Comments (none posted)

flyspray: missing input sanitizing

Package(s):flyspray CVE #(s):CVE-2005-3334
Created:January 24, 2006 Updated:January 25, 2006
Description: Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitrary script code into the index page.
Alerts:
Debian DSA-953-1 flyspray 2006-01-24

Comments (none posted)

imagemagick: arbitrary command execution

Package(s):imagemagick CVE #(s):CVE-2005-4601 CVE-2006-0082
Created:January 24, 2006 Updated:March 24, 2006
Description: Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands (CVE-2005-4601). Daniel Kobras found a format string vulnerability in the SetImageInfo() function (CVE-2006-0082). By tricking a user into processing an image file with a specially crafted file name, these two vulnerabilities could be exploited to execute arbitrary commands with the user's privileges. These vulnerability become particularly critical if malicious images are sent as email attachments and the email client uses imagemagick to convert/display the images (e. g. Thunderbird and Gnus).
Alerts:
SuSE SUSE-SR:2006:006 imagemagick zoo 2006-03-17
Gentoo 200602-13 graphicsmagick 2006-02-26
Slackware SSA:2006-045-03 imagemagick 2006-02-15
Red Hat RHSA-2006:0178-01 ImageMagick 2006-02-14
Gentoo 200602-06 imagemagick 2006-02-13
Debian DSA-957-2 imagemagick 2006-01-31
Mandriva MDKSA-2006:024 ImageMagick 2006-01-26
Debian DSA-957-1 imagemagick 2006-01-26
Ubuntu USN-246-1 imagemagick 2006-01-24

Comments (none posted)

kdelibs: heap overflow

Package(s):kdelibs CVE #(s):CVE-2006-0019
Created:January 19, 2006 Updated:March 17, 2006
Description: Konqueror's kjs JavaScript interpreter engine has a heap overflow vulnerability. Specially crafted JavaScript code could be placed on a web site, leading to arbitrary code execution. Other kde applications are also subject to this vulnerability.
Alerts:
Fedora-Legacy FLSA:178606 kdelibs 2006-03-16
Slackware SSA:2006-045-05 kdelibs 2006-02-15
Gentoo 200601-11 KDE kjs 2006-01-22
Mandriva MDKSA-2006:019 kdelibs 2006-01-20
Fedora FEDORA-2006-050 kdelibs 2006-01-20
SuSE SUSE-SA:2006:003 kdelibs3 2006-01-20
Debian DSA-948-1 kdelibs 2005-01-20
Ubuntu USN-245-1 kdelibs 2006-01-20
Red Hat RHSA-2006:0184-01 kdelibs 2006-01-19

Comments (none posted)

kernel multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2005-3527 CVE-2005-3783 CVE-2005-3784 CVE-2005-3805 CVE-2005-3806 CVE-2005-3808
Created:January 20, 2006 Updated:April 18, 2006
Description: Here's another set of vulnerabilities in the Linux kernel:
  • A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527).
  • The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783).
  • The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784).
  • A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805).
  • The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806).
  • An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808).
Alerts:
Mandriva MDKSA-2006:072 kernel 2006-04-17
Debian DSA-1018-2 kernel-source-2.4.27 2006-04-05
Debian DSA-1018-1 kernel-source-2.4.27 2006-03-26
Debian DSA-1017-1 kernel-source-2.6.8 2006-03-23
Fedora-Legacy FLSA:157459-2 kernel 2006-03-16
Fedora-Legacy FLSA:157459-1 kernel 2006-03-16
Fedora-Legacy FLSA:157459-4 kernel 2006-03-16
Fedora-Legacy FLSA:157459-3 kernel 2006-03-16
SuSE SUSE-SA:2006:012 kernel 2006-02-27
Mandriva MDKSA-2006:044 kernel 2006-02-21
Red Hat RHSA-2006:0191-01 kernel 2006-02-01
Mandriva MDKSA-2006:018 kernel 2006-01-20

Comments (none posted)

OpenSSH: double shell expansion

Package(s):openssh CVE #(s):CVE-2006-0225
Created:January 23, 2006 Updated:July 20, 2006
Description: OpenSSH has a double shell expansion vulnerability in local to local and remote to remote copy with scp.
Alerts:
Red Hat RHSA-2006:0298-01 openssh 2006-07-20
Red Hat RHSA-2006:0044-01 openssh 2006-03-07
Ubuntu USN-255-1 openssh 2006-02-21
Gentoo 200602-11 openssh 2006-02-20
Fedora-Legacy FLSA:168935 openssh 2006-02-18
OpenPKG OpenPKG-SA-2006.003 openssh 2006-02-18
Slackware SSA:2006-045-06 openssh 2006-02-15
SuSE SUSE-SA:2006:008 openssh 2006-02-14
Mandriva MDKSA-2006:034 openssh 2006-02-06
Fedora FEDORA-2006-056 openssh 2006-01-23

Comments (none posted)

tetex: integer overflows

Package(s):tetex CVE #(s):CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
Created:January 19, 2006 Updated:May 23, 2006
Description: The teTeX PDF parsing library has an integer overflow vulnerability. A carefully crafted PDF file can be used by an attacker to crash teTeX and possibly execute arbitrary code.
Alerts:
Slackware SSA:2006-142-01 tetex 2006-05-23
Fedora-Legacy FLSA:152868 tetex 2006-05-12
Gentoo 200603-02 tetex 2006-03-04
Red Hat RHSA-2006:0160-01 tetex 2006-01-19

Comments (none posted)

trac: missing input sanitizing

Package(s):trac CVE #(s):CVE-2005-4065 CVE-2005-4644
Created:January 23, 2006 Updated:January 30, 2006
Description: Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. Due to missing input sanitizing it is possible to inject arbitrary SQL code into the SQL statements (CVE-2005-4065). A cross-site scripting vulnerability has been discovered that allows remote attackers to inject arbitrary web script or HTML (CVE-2005-4644).
Alerts:
Debian DSA-951-2 trac 2006-01-30
Debian DSA-951-1 trac 2006-01-23

Comments (2 posted)

Resources

Getting Started with Multi-Category Security (MCS)

James Morris has put up a look at multi-category security from an administrator's point of view. "In a corporate environment, categories could be used to identify documents confidential to specific departments, or being covered under certain NDAs. So, when jose prepares a report on payroll statistics for the month, he can label it as 'Payroll', which will not be accessible by lara, who only has access to the 'Finance' category."

Comments (12 posted)

Privacy for People Who Don't Show Their Navels (NY Times)

The New York Times (registration required) has published an article about privacy technologies, with a special mention of Tor. "'I get the feeling it's going up,' said Roger Dingledine, Tor's project leader. 'But one of the features I've been adding recently,' he said, enhances anonymity protection by making it harder to count downloads of the software. Still, the number of servers forming layers in the Tor network has risen to 300 from 50 in the last year, Mr. Dingledine added."

Comments (2 posted)

Page editor: Jonathan Corbet
Next page: Kernel development>>


Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds