Jacob had to start his talk without slides due to technical difficulties, but he did alright.

First off he talks about some treats against our privacy. Political plans for nation wide key escrow and wide scale data retention are popping up all over the western world.

The Australian web filter against child pornography has proven that these kind of filters don’t work. Before it was deployed nation wide the filter already succeeded in creeping its scope by blocking a dentists web site.

Jacob, personally, specifically cares about cases where Tor is used to censor people.Censorship will never serve humanity and in fact humanity becomes a slave to the truth of its sensors.

If you want to stop child pornographers, you don’t do it by stopping them from publishing the pornography, but you let them publish the pictures and use traditional police work to track them down and help the victims and punish the wrong-doers.

So who really uses Tor:

• Bloggers and students
• Journalists and their audience members
• IT professionals
• Human rights activists and likely whistleblowers

So how can you help?

You can help by setting up a Tor node yourself. Go to http://www.torproject.org/ and download the software.  The documentation pages give you enough informatio to start your own Tor node.

Why should you help?

In Iran people who attended a demonstration and SMS-ed or email-ed from the demonstration get arrested one or two days after the demonstration. Providing a way to communicate privately and openly to people like these is really important.

Maybe the fact that I have been able to hide the fact that I visited a Wikipedia page about a heart disease in my family may help prevent that I won’t be able to get healthcare insurance in the future.

An additional danger of country wide filters is that these machines are often overloaded and use very old versions of Squid. Posing a risk to anybody using internet in those countries.

Tor is not a solution to the censoring problem, it’s just a tool to circumvent censorship. To ban out censorship a social change needs to happen.

Rsnake and Jabra demonstrated client site exploits that will defeat common proxy techniques such as classic HTTP proxies, CGI proxies, SOCKS proxies, and Tor.

The installation of client certificates also exposes users. If you decide to offer you certificate to a site, you basically identify yourself to that site. Client site certificates are good for normal use, but the cert will tell an evil server who we are. Also, certificate can be sniffed from the wire and they will thus also expose an identity.

There is a very well known attack against the Tor network; by setting up an evil Tor node, researches where able to obtain at least 100 embassy usernames and passwords. If you use a proxy you have to decide which proxy to trust.

RSnake demonstrated a new IE attack called smbenum. By using file:// urls from javascript he can enumerate files on the user computer. The attack is still limited, because the browser is only capable of reading certain files. Smbenum learns the computer’s name by using environment variables in the url, which will expand.

Theoretically the smbenum attack can obtain the username, by searching for well known pictures in the user directory (e.g. adobe installs certain pictures in the user directory), but this attack is brute force and incredibly slow. A slower attack called res timing can be used to get more granular details. Find the right directory with smbenum, find the right file with res timing.

Another concern is the safe browsing feature firefox and chrome. This function evaluates the sites you server, this means it does a call home. Rsnake tested and found that his browser did about 30 requests per hour. Since Google users a unique non exipering cookie for each computer all the data on where you have been is in Google’s datacenter. Even if Google’s “do no harm” hold true, there could be a situation where the can be force to give it up. Safe browsing can be turned off about:config

Google’s Chrome is even worse; “Chrome 0wns Us”. Chrome’s automatic updates happen about once every 5hours. Chrome send machineID and UserID in each update request, “this is a real concern”

Jabra finished with a new 0-day java based shell code that cannot be stopped by the browser yet.